Skip to content

Commit

Permalink
Adding AD auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@jcrichlake
jcrichlake committed Dec 14, 2023
1 parent fff4adc commit f7abd5a
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions operations/template/db.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
data "azurerm_client_config" "current" {}

data "azuread_service_principal" "principal" {
object_id = data.azurerm_client_config.current.object_id
}

resource "azurerm_postgresql_flexible_server" "database" {
name = "cdcti-${var.environment}-database"
resource_group_name = data.azurerm_resource_group.group.name
Expand All @@ -10,6 +16,7 @@ resource "azurerm_postgresql_flexible_server" "database" {
authentication {
password_auth_enabled = "false"
active_directory_auth_enabled = "true"
tenant_id = data.azurerm_client_config.current.tenant_id
}

lifecycle {
Expand All @@ -19,3 +26,12 @@ resource "azurerm_postgresql_flexible_server" "database" {
]
}
}

resource "azurerm_postgresql_flexible_server_active_directory_administrator" "entra" {
server_name = azurerm_postgresql_flexible_server.database.name
resource_group_name = data.azurerm_resource_group.group.name
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azuread_service_principal.principal.object_id
principal_name = data.azuread_service_principal.principal.display_name
principal_type = "ServicePrincipal"
}

0 comments on commit f7abd5a

Please sign in to comment.