-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_function_app: Add support for user assigned identities #4687
azurerm_function_app: Add support for user assigned identities #4687
Conversation
Any chance to get this PR in before next provider release ? It's a very useful feature. |
identity {
type = "UserAssigned"
identity_ids = []
} Is this going to work like with multiple User managed MSIs like with virtual_machine for example? I'm assuming this would use the block style instead? identity {
type = "UserAssigned"
user_assigned_identity {
id = "${azurerm_user_assigned_identity.first.id}"
}
user_assigned_identity {
id = "${azurerm_user_assigned_identity.second.id}"
}
}
|
@JayDoubleu Exactly! resource "azurerm_user_assigned_identity" "first" {
location = "westus"
name = "first"
}
resource "azurerm_user_assigned_identity" "second" {
location = "westus"
name = "second"
}
resource "azurerm_function_app" "test" {
name = "functionapp"
location = "westus"
identity {
type = "UserAssigned"
user_assigned_identity {
id = "${azurerm_user_assigned_identity.first.id}"
}
user_assigned_identity {
id = "${azurerm_user_assigned_identity.second.id}"
}
}
} Then to access the computed principal id and client id: azurerm_function_app.test.user_assigned_identity.0.principal_id
azurerm_function_app.test.user_assigned_identity.0.client_id
azurerm_function_app.test.user_assigned_identity.1.principal_id
azurerm_function_app.test.user_assigned_identity.1.client_id |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey @joakimhellum
Thanks for this PR :)
Taking a look through this is looking good - if we can fix up the minor comments (and the tests pass) then this otherwise LGTM 👍
Thanks!
Is there any movement on this? I believe it already missed 2 releases. Is it likely to be merged for next one ? |
@JayDoubleu I think the team has a lot of things to do. @tombuildsstuff Is there anything else you need from me? As far as I can see, the PR is ready do be merged? |
@joakimhellum sorry for the delay on this - taking a look at this today 👍 |
Will this be included into version 1.41.0? Really need this feature a lot :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @joakimhew,
thank you for this PR, my main ask is to make this consistent with how we want identity blocks to become across the provider:
identity {
type = "UserAssigned"
identity_ids = [
azurerm_user_assigned_identity.test.id,
]
}
app service, app gateway and container group all do things the desired way. Thanks!
@@ -153,6 +155,27 @@ func resourceArmFunctionApp() *schema.Resource { | |||
Type: schema.TypeString, | |||
Computed: true, | |||
}, | |||
"user_assigned_identity": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are trying to make these identity blocks consistent. So like app service, app gateway and container group could we make this:
identity_ids = [
azurerm_user_assigned_identity.test.id,
]
and then we can reuse the principal ID property above
Co-authored-by: Joakim Hansson <[email protected]> Porting-over the work done by @joakimhew in #4687 before the refactor
hey @joakimhew I've taken a look into rebasing/fixing up this PR in order to to get this merged - however since these commits were made from prior to the refactor this is in a position where rebasing this is going to be impractical. As such I hope you don't mind but I'm going to close this in favour of #5676 which implements this functionality and lists you as a co-author (so you'll still get the credit for adding this functionality). Thanks! |
This has been released in version 1.44.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 1.44.0"
}
# ... other configuration ... |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
This PR fixes #4607 and allows users to add user assigned identities to the identities block.
User assigned identities are defined like so: