Merge pull request #39 from alxy/docs/managed-identities

Improve docs on managed identities a bit
betr-io · Jun 7, 2022 · 9a2d23c · 9a2d23c
2 parents f8b6f0f + f6178fc
commit 9a2d23c
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/docs/resources/user.md b/docs/resources/user.md
@@ -4,6 +4,8 @@ The `mssql_user` resource creates and manages a user on a SQL Server database.
 
 ## Example Usage
 
+### Basic usage
+
 ```hcl
 resource "mssql_user" "example" {
   server {
@@ -19,6 +21,36 @@ resource "mssql_user" "example" {
 }
 ```
 
+### Using managed identities
+
+```hcl
+resource "azurerm_resource_group" "example" {
+  name     = "example-resources"
+  location = "West Europe"
+}
+
+resource "azurerm_user_assigned_identity" "example" {
+  resource_group_name = azurerm_resource_group.example.name
+  location            = azurerm_resource_group.example.location
+
+  name = "my-sql-identity"
+}
+
+resource "mssql_user" "example" {
+  server {
+    host = "example-sql-server.database.windows.net"
+    azure_login {
+    }
+  }
+
+  database  = "my-database"
+  username  = azurerm_user_assigned_identity.example.name
+  object_id = azurerm_user_assigned_identity.example.client_id
+
+  roles     = ["db_datareader"]
+}
+```
+
 > Note that in order to create an external user referencing an Azure AD entity (user, application), the Azure SQL Server needs to be a member of an Azure AD group assigned the Azure AD role `Directory Readers`. If it is not possible to give the Azure SQL Server this role (through the group), you can use the `object id` of the Azure AD entity instead.
 
 ## Argument Reference