azurerm_function_app: Add support for user assigned identities #4687
Conversation
|
Any chance to get this PR in before next provider release ? It's a very useful feature. |
identity {
type = "UserAssigned"
identity_ids = []
}Is this going to work like with multiple User managed MSIs like with virtual_machine for example? I'm assuming this would use the block style instead? identity {
type = "UserAssigned"
user_assigned_identity {
id = "${azurerm_user_assigned_identity.first.id}"
}
user_assigned_identity {
id = "${azurerm_user_assigned_identity.second.id}"
}
}
|
@JayDoubleu Exactly! resource "azurerm_user_assigned_identity" "first" {
location = "westus"
name = "first"
}
resource "azurerm_user_assigned_identity" "second" {
location = "westus"
name = "second"
}
resource "azurerm_function_app" "test" {
name = "functionapp"
location = "westus"
identity {
type = "UserAssigned"
user_assigned_identity {
id = "${azurerm_user_assigned_identity.first.id}"
}
user_assigned_identity {
id = "${azurerm_user_assigned_identity.second.id}"
}
}
}Then to access the computed principal id and client id: azurerm_function_app.test.user_assigned_identity.0.principal_id
azurerm_function_app.test.user_assigned_identity.0.client_id
azurerm_function_app.test.user_assigned_identity.1.principal_id
azurerm_function_app.test.user_assigned_identity.1.client_id |
There was a problem hiding this comment.
hey @joakimhellum
Thanks for this PR :)
Taking a look through this is looking good - if we can fix up the minor comments (and the tests pass) then this otherwise LGTM 👍
Thanks!
|
Is there any movement on this? I believe it already missed 2 releases. Is it likely to be merged for next one ? |
|
@JayDoubleu I think the team has a lot of things to do. @tombuildsstuff Is there anything else you need from me? As far as I can see, the PR is ready do be merged? |
|
@joakimhellum sorry for the delay on this - taking a look at this today 👍 |
|
Will this be included into version 1.41.0? Really need this feature a lot :) |
There was a problem hiding this comment.
Hi @joakimhew,
thank you for this PR, my main ask is to make this consistent with how we want identity blocks to become across the provider:
identity {
type = "UserAssigned"
identity_ids = [
azurerm_user_assigned_identity.test.id,
]
}
app service, app gateway and container group all do things the desired way. Thanks!
| @@ -153,6 +155,27 @@ func resourceArmFunctionApp() *schema.Resource { | |||
| Type: schema.TypeString, | |||
| Computed: true, | |||
| }, | |||
| "user_assigned_identity": { | |||
There was a problem hiding this comment.
We are trying to make these identity blocks consistent. So like app service, app gateway and container group could we make this:
identity_ids = [
azurerm_user_assigned_identity.test.id,
]
and then we can reuse the principal ID property above
Co-authored-by: Joakim Hansson <[email protected]> Porting-over the work done by @joakimhew in #4687 before the refactor
|
hey @joakimhew I've taken a look into rebasing/fixing up this PR in order to to get this merged - however since these commits were made from prior to the refactor this is in a position where rebasing this is going to be impractical. As such I hope you don't mind but I'm going to close this in favour of #5676 which implements this functionality and lists you as a co-author (so you'll still get the credit for adding this functionality). Thanks! |
|
This has been released in version 1.44.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 1.44.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
This PR fixes #4607 and allows users to add user assigned identities to the identities block.
User assigned identities are defined like so: