Support credentials objects for user-assigned Managed Identities #156
Comments
NowinskiK
changed the title
|
Currently, Credentials are not supported by |
NowinskiK
added
the
blocked
|
Hi are there any updates on this? do we know when DataFactory module will include credentials and userAssignedIdentites? |
|
Hi,
|
|
Hi. Same issue here. Can I help to fix it? Trying to understand... Should we only add 'credential' to $AllowedTypes in private\AdfObject.class.ps1 file to make it work or is there something else to change? |
|
No, |
|
Ok. Thanks. While waiting for an update on the Azure side, would it be possible to add an exception in the module to skip the credentials deployment? We deploy them at creation of the DataFactory with Terraform : |
|
We have added the following line in the code to skip credentials objets : -and $node.PSobject.Properties.Name -contains 'type')
{
[string] $type = $node.type
if ($type.Equals('CredentialReference')) { $script:ind--; return }
if ($type.EndsWith('Reference')) {
$type = $type.Substring(0, $type.Length-9)
#Write-Verbose "$type.$($node.referenceName)"So that the module won't stop anymore on ADFT0029: Unknown object type: Credential error. |
|
Hi @Viguro79, can you share some insights on how you manage credentials with Terraform? There doesn't seem to be a TF resource for the credentials object yet either. We are in a similar situation but unfortunately not in a position where we can make changes to the Powershell module, so this issue is currently blocking us from deploying ADF objects. If it were possible to do it with Terraform I could work with the |
|
Sorry guys for the delay. This gonna be implemented today. |
…files), but the deployment is skipped and not supported yet. #156
|
Currently deployed on preview version: |
We are using an ARM template to deploy it : This is the arm template we use : {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"factoryName": {
"type": "string",
"metadata": "Data Factory name"
},
"identId": {
"type": "string",
"metadata": "the managed identiry id"
},
"credName": {
"type": "string",
"metadata": "Credential name"
}
},
"variables": {
"factoryId": "[concat('Microsoft.DataFactory/factories/', parameters('factoryName'))]"
},
"resources": [
{
"name": "[concat(parameters('factoryName'), '/',parameters('credName'))]",
"type": "Microsoft.DataFactory/factories/credentials",
"apiVersion": "2018-06-01",
"properties": {
"type": "ManagedIdentity",
"typeProperties": {
"resourceId": "[parameters('identId')]"
}
},
"dependsOn": []
}
]
}And the terraform we use to deploy it in live mode : resource "azurerm_resource_group_template_deployment" "rgp_cred" {
name = "Credential_RGP"
resource_group_name = var.rgp_name
deployment_mode = "Incremental"
template_content = file("${var.MODULE_FACTORY_DIR}/modules/datafactory/cred_arm-template/arm_template.json")
# template_content = file("../datafactory/cred_arm-template/arm_template.json")
parameters_content = jsonencode ({
factoryName = {value = azurerm_data_factory.current.name}
identId = {value = var.mgd_id_rgp}
credName = {value = "cred-prod"}
})
depends_on = [azurerm_data_factory.current]
} |
Better. But still an issue there : |
#156 Added new type into 2 other places
|
This one is working as excepted. |
The module accepts **Credentials** type of object (when loading from files), but the deployment is skipped and not supported yet. #156
|
Released in ver.0.99 |
NowinskiK
removed
the
blocked
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
We were trying to use the new support that was added recently by microsoft to allow to use user-assigned managed identities for credentials for some data factory objects such as linked services for example, but when we tried to deploy that version that contained an autogenerated credential folder containing the related user assigned identity, the cmdlet threw an error inside the AdfObject.class.ps1 ADFT0029: Unknown object type: Credential.
Basically our linked service had a credential property inside its TypeProperties using a type CredentialReference
Describe the solution you'd like
A clear and concise description of what you want to happen.
It would be nice if that could be supported somehow.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
For now because of this restriction we were planning on still using plain connection strings with user and password for now, which we already handle through the csv substitution.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: