terraform azurerm_data_factory_linked_service_azure_sql_database how should I configure use_managed_identity and credential_name

I try to create a linked_service using this terraform command: azurerm_data_factory_linked_service_azure_sql_database.

The documentation says that we can use use_managed_identity (I use it as a boolean). I try to cobine it with credential_name which uses the outcome of this command azurerm_data_factory_credential_user_managed_identity

Imho documentation is quite poor and I couldn't find proper resources online.

In the same block i try to specify the connection string but I believe that I misconfigured it:

it looks like this:

resource "azurerm_data_factory_linked_service_azure_sql_database" "linked_service_for_xxxxx_database" {
  name                          = "linked_service_for_xxxxxx_database"
  data_factory_id               = var.azure_data_factory_id (I created an adf instance and it depends on it)
  use_managed_identity          = true (should be boolean?)
  credential_name               = var.user_assigned_managed_identity_id (output of: azurerm_data_factory_credential_user_managed_identity)
  integration_runtime_name      = var.integration_runtime_name (outpout of: azurerm_data_factory_integration_runtime_azure)

  connection_string = "data source=${var.xxxxx_sql_server_name (fully qualified domain name??)};Initial Catalog=${var.xxxx_sql_db_name};encrypt=True;connection timeout=30;"
}

I want the linked service to be of Authentication type: User-assigned managed Identity and use the credentials that I created above.

Fun fact: I have this configuration which does not give me errors during init & plan (I haven't run apply yet)

resource "azurerm_data_factory_linked_service_data_lake_storage_gen2" "linked_service_for_azure_data_lake_storage" {
  name                      = "linked_service_for_azure_data_lake_storage"
  data_factory_id           = var.azure_data_factory_id
  url                       = "https://${var.adls_account_name}.dfs.core.windows.net"
  use_managed_identity      = var.user_assigned_managed_identity_id (I was expecting it to be bool but ....)
  integration_runtime_name  = var.integration_runtime_name
}

I configure use_managed_identity and credential_name while provisioning azurerm_data_factory_linked_service_azure_sql_database using terraform

I can see two main issues in the configuration you shared, i.e., The credential_name attribute expects a credential name, but you are passing the ID of a user-assigned managed identity.

Secondly, The use_managed_identity field is a boolean, but you are passing a managed identity ID.

These are two fixes need to make in the configuration you shared. I tried a demo configuration with necessary changes as expected so that you will be able to reproduce this requirement you're looking for.

Demo configuration:

resource "azurerm_data_factory" "adf" {
  name                = "adf-demo-vksb"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  identity {
    type         = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.umi.id]  
  }
}

resource "azurerm_user_assigned_identity" "umi" {
  name                = "umi-adf"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
}

resource "azurerm_role_assignment" "sql_role" {
  scope                = azurerm_mssql_server.sql.id
  role_definition_name = "Contributor"
  principal_id         = azurerm_user_assigned_identity.umi.principal_id
}

resource "azurerm_mssql_server" "sql" {
  name                         = "sqlserver-demo-dev"
  resource_group_name          = azurerm_resource_group.rg.name
  location                     = azurerm_resource_group.rg.location
  administrator_login          = "adminuser"
  administrator_login_password = "SecurePassword123!"
  version                      = "12.0"
}

resource "azurerm_mssql_database" "db" {
  name                = "sqldb-demo"
  server_id          = azurerm_mssql_server.sql.id
  collation          = "SQL_Latin1_General_CP1_CI_AS"
  license_type       = "LicenseIncluded"
  max_size_gb        = 2
  sku_name           = "Basic"
}

resource "azurerm_data_factory_integration_runtime_azure" "runtime" {
  name            = "integration-runtime-demo"
  data_factory_id = azurerm_data_factory.adf.id
  location        = azurerm_resource_group.rg.location
}

resource "azurerm_data_factory_credential_user_managed_identity" "adf_credential" {
  name            = "adf-credential-mi"
  data_factory_id = azurerm_data_factory.adf.id
  identity_id     = azurerm_user_assigned_identity.umi.id
}

resource "azurerm_data_factory_linked_service_azure_sql_database" "linked_service" {
  name                          = "linked-service-sql"
  data_factory_id               = azurerm_data_factory.adf.id
  use_managed_identity          = true
  credential_name               = azurerm_data_factory_credential_user_managed_identity.adf_credential.name
  integration_runtime_name      = azurerm_data_factory_integration_runtime_azure.runtime.name

  connection_string = "Data Source=${azurerm_mssql_server.sql.fully_qualified_domain_name};Initial Catalog=${azurerm_mssql_database.db.name};Encrypt=True;Connection Timeout=30;"
}

resource "azurerm_data_factory_linked_service_data_lake_storage_gen2" "linked_service_adls" {
  name                      = "linked-service-adls"
  data_factory_id           = azurerm_data_factory.adf.id
  url                       = "https://${var.adls_account_name}.dfs.core.windows.net"
  use_managed_identity      = true
  integration_runtime_name  = azurerm_data_factory_integration_runtime_azure.runtime.name
}

Deployment:

Refer:

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_linked_service_azure_sql_database

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_credential_user_assigned_managed_identity