I enabled Azure AD authentication on a Azure postgreSQL database with this code:
data "azurerm_client_config" "current" {}
resource "azurerm_postgresql_active_directory_administrator" "aadauth" {
server_name = azurerm_postgresql_server.database.name
resource_group_name = azurerm_resource_group.postgresaadauth.name
login = "aad-admin"
tenant_id = var.globals.tenant_id
object_id = data.azurerm_client_config.current.object_id
}
So that would mean that i can acces the database from the terraform pipeline because the azure subscription SPN that the pipeline runs under has acces to the database. But when i try to create a read only role in the DB i get this error:
Error: error detecting capabilities: error PostgreSQL version: dial tcp [::1]:5432: connect: connection refused
But the firewall is open and i’am able to connect with the normal provider with username and pass
I also tried to add the provider for aad auth without a pass (not sure if this is possible):
provider “postgresql” {
alias = “testdb”
host = “testdbmvh.postgres.database.azure.com”
username = “aad_admin@testdb”
database_username = “aad_admin”
superuser = false
}
Error: error detecting capabilities: error PostgreSQL version: pq: empty password returned by client
I’am running this under the latest version of the “cyrilgdn/postgresql” provider by the way
Would be great if someone can help me out here.
Kind regards, Marco