From f7abd5a3e53b452ab7d88e5609a3fd3af7bf1a40 Mon Sep 17 00:00:00 2001
From: Jeff Crichlake <jcrichlake@gmail.com>
Date: Thu, 14 Dec 2023 15:10:05 -0500
Subject: [PATCH] Adding AD auth

---
 operations/template/db.tf | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/operations/template/db.tf b/operations/template/db.tf
index d0cfb666a..76a35f3a5 100644
--- a/operations/template/db.tf
+++ b/operations/template/db.tf
@@ -1,3 +1,9 @@
+data "azurerm_client_config" "current" {}
+
+data "azuread_service_principal" "principal" {
+  object_id = data.azurerm_client_config.current.object_id
+}
+
 resource "azurerm_postgresql_flexible_server" "database" {
   name                = "cdcti-${var.environment}-database"
   resource_group_name = data.azurerm_resource_group.group.name
@@ -10,6 +16,7 @@ resource "azurerm_postgresql_flexible_server" "database" {
   authentication {
     password_auth_enabled = "false"
     active_directory_auth_enabled = "true"
+    tenant_id = data.azurerm_client_config.current.tenant_id
   }
 
   lifecycle {
@@ -19,3 +26,12 @@ resource "azurerm_postgresql_flexible_server" "database" {
     ]
   }
 }
+
+resource "azurerm_postgresql_flexible_server_active_directory_administrator" "entra" {
+  server_name         = azurerm_postgresql_flexible_server.database.name
+  resource_group_name = data.azurerm_resource_group.group.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  object_id           = data.azuread_service_principal.principal.object_id
+  principal_name      = data.azuread_service_principal.principal.display_name
+  principal_type      = "ServicePrincipal"
+}