I am running a terraform script to create azure resources with Terraform Cloud using a Service Principal with Federated authentication as documented here.
https://registry.terraform.io/providers/hashicorp/Azurerm/latest/docs/guides/service_principal_oidc
Creating the resources works great.
Next I would like to create a SQL User within an Azure SQL database using powershell.
the script below should work but Get-AzAccessToken gives me an error that I have to authenticate with Connect-AzAccount first, how can I do this using the Service Principal that terraform is already running under instead of passing new credentials to it and potentially exposing secrets?
resource "null_resource" "create_app2_sql_user" {
provisioner "local-exec" {
command = <<EOT
Install-Module -Name Az -Scope CurrentUser -AllowClobber -Force
Install-Module -Name SqlServer -Scope CurrentUser -AllowClobber -Force
Import-Module Az
Import-Module SqlServer
$token = (Get-AzAccessToken -ResourceUrl https://database.windows.net).Token
Invoke-SqlCmd -ServerInstance ${var.sql_server.fully_qualified_domain_name} -Database ${azurerm_mssql_database.example_database.name} -AccessToken $token -Query "CREATE USER [${azurerm_linux_web_app.app2.identity[0].principal_id}] FROM EXTERNAL PROVIDER;"
EOT
interpreter = ["pwsh", "-Command"]
}
}