Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_synapse_workspace UserAssigned Identity #13752

Open
Official-James opened this issue Oct 15, 2021 · 3 comments
Open

azurerm_synapse_workspace UserAssigned Identity #13752

Official-James opened this issue Oct 15, 2021 · 3 comments
Labels
enhancement service/synapse

Comments

@Official-James
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

azurerm_synapse_workspace does not support UserAssigned type in the identity block

New or Affected Resource(s)

azurerm_synapse_workspace is affected when trying to use UserAssigned type rather than System Assigned

  • azurerm_synapse_workspace

Potential Terraform Configuration

  identity {
    type         = "UserAssigned"
    principal_id = azurerm_user_assigned_identity.NAME.principal_id
    tenant_id    = azurerm_user_assigned_identity.NAME.tenant_id
  }

Current Error when using UserAssigned

Can't configure a value for "identity": its value will be decided automatically based on the result of applying this configuration.
@Official-James Official-James changed the title azurerm_synapse_workspace UserAssigned Identntiy azurerm_synapse_workspace UserAssigned Identity Oct 15, 2021
This was referenced Mar 21, 2022
Closed
Open
@zhcli
Copy link
Contributor

zhcli commented Apr 13, 2022

hello @aristosvo , should we use this preview API https://github.com/Azure/azure-sdk-for-go/tree/main/services/preview/synapse/mgmt/2021-06-01-preview/synapse to enable the user assigned managed identity?

@zhcli zhcli mentioned this issue Apr 18, 2022
Closed
@caioqueirozkr
Copy link

I have the same issue, need to assign a UAI to the synapse workspace, once i will use this identity to be added to a AAD Group that have the Directory Readers role assigned, this role is needed to allow this identity to create LOGINS in Synapse from Azure Active Directory.

Once i am using IaC, i can't use System Assigned identity (because its created with a new ID everytime i recreate the synapse) and i will need to add this ID to the group everytime it is recreated.

@Matthew0x
Copy link

Matthew0x commented Sep 7, 2023
edited
Loading

I got the same issue in 2023. User-assigned Identity is a valid RBAC management model and is supported by e.g. Azure ML. Currently Terraform requires System-managed Identity, always.

The User-assigned Identity can be added to the System-managed Identity (in mixed mode), although providing duplicated RBAC permissions seems to be the case. Hence it's not optimal, especially in setups making use of complicated dependencies (chained TF deployments).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/synapse
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@stephybun @zhcli @Official-James @Matthew0x @caioqueirozkr