Share via

Assign Entra ID user to CosmosDB PostgreSQL role using CLI/BICEP/Powershell

Ian Clarke 20 Reputation points
2024-09-30T14:17:32.2133333+00:00

Hi there,

We are using CosmosDB PostgreSQL Cluster and wish to use Entra ID authentication for all users. We build our environment completely via IaC using Bicep and CLI, but can't find how to create the roles for the Entra users.

https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/how-to-configure-authentication?tabs=portal#add-microsoft-entra-id-admins-to-azure-cosmos-db-for-postgresql-cluster

This document details how to create the user via the portal, but no mention of script options.

https://learn.microsoft.com/en-us/cli/azure/cosmosdb/postgres/role?view=azure-cli-latest#az-cosmosdb-postgres-role-create

The CLI command allows us to create a role, but doesn't show how to create an Entra ID role, just a native PostgreSQL user.

Is this possible? Has anyone successfully used scripting to create an Entra ID user within CosmosDB PostgreSQL cluster?

Cheers,

Ian

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,659 questions
Azure Database for PostgreSQL
Accepted answer
  1. Oury Ba-MSFT 19,426 Reputation points Microsoft Employee
    2024-10-02T16:30:37.7866667+00:00

    @Ian Clarke

    I verified this internally and seems like we haven’t updated REST APIs after Entra ID support was added to Azure Cosmos DB for PostgreSQL. It means that REST APIs, CLI, Azure SDKs, Terraform don’t have Entra ID support.

     ARM templates and Bicep don’t depend on the published REST APIs update though. Customers can use it by referring to 2023-03-02-preview version. Customers would need to figure out desired properties and their values though as all of the updated functionality is usually documented in the REST APIs update. They can do it by downloading ARM templates on a cluster where Entra ID authentication is enabled and some Entra ID accounts are added.

     

     resource resourceName 'Microsoft.DBforPostgreSQL/serverGroupsv2@2023-03-02-preview' = {         name: clusterName        

    location: location      

       tags: {}     

        properties: {        

                         ..                        

       }

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ian Clarke 20 Reputation points
    2024-10-03T07:50:02.6066667+00:00

    Thanks for looking into this, it is appreciated.

    Unfortunately the ARM template option doesn't help here as the console performs actions within Postgres itself (creates user).

    ~Thanks anyway

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.