Knowing the principal type for AZURE_PRINCIPAL_ID

[mcollier]

I’d like to propose the introduction of a new automatically provided AZD environment variable, AZURE_PRINCIPAL_TYPE. The AZURE_PRINCIPAL_TYPE would be related to the existing AZURE_PRINCIPAL_ID.

Currently, the type of AZURE_PRINCIPAL_ID may vary depending on how and where it is used. For example, when running AZD locally and the user is authenticated with their local identity, the AZURE_PRINCPAL_ID is a “User” principal type. If AZD is run via a GitHub workflow, AZURE_PRINCIPAL_ID may be a “ServicePrincipal” principal type.

If using the AZURE_PRINCIPAL_ID value in a Bicep file to set associated RBAC permissions, it is necessary to set the principal type, either “User” or “ServicePrincipal”. A user needs to add logic to the deployment process to determine (or otherwise “know”) the principal type based on the execution context, thereby making the deployment steps slightly more complicated.

An automatically populated AZURE_PRINCIPAL_TYPE could ease this burden, allowing a Bicep template to accept a “principalType” input parameter (similar to “principalId”), which is populated with the value of AZURE_PRINCPAL_TYPE.

[HarlowBurgess]

Might as well include AZURE_PRINCIPAL_NAME while you are at it. This is currently required for configuring the Entra ID (ActiveDirectory) Admin for Azure SQL Database, which I use for subsequent automated database deployment (I currently set this in a PowerShell script from the azure.yaml preup hook).

https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/administrators?pivots=deployment-language-bicep#administratorproperties