fancy-jelly-6109204/24/2020, 4:02 PM
). I've no idea how to finish the setup and add the AD Logins to the database (i.e.
) I created a custom SQL resource provider that allows executing the SQL, that is successful. I get the error
CREATE USER "Admin Group" FROM EXTERNAL PROVIDER;
From what I can tell (https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure?tabs=azure-powershell#create-contained-database-users-in-your-database-mapped-to-azure-ad-identities) I cannot use a Service Principal login (I was using access tokens to sign in to the SQL instance). That means I need a user, which stops it from being useful to be used in a CI environment for example (Azure DevOps). Has anybody found a workaround for this issue?
Principal 'Admin Group' could not be resolved. Error message: 'AADSTS65002: Consent between first party applications and resources must be configured via preauthorization. Visit <https://identitydocs.azurewebsites.net/static/aad/preauthorization.html> for details
colossal-room-1570804/25/2020, 1:01 AM
This is an Azure DevOps pipeline.
trigger: branches: include: - master paths: include: - infrastructure/sql/* stages: - stage: Alpha jobs: - job: CreateSqlUsersAlpha pool: vmImage: 'windows-2019' variables: - group: sqlvariables steps: - task: SqlAzureDacpacDeployment@1 displayName: Create SQL users AUE Primary env: aadSqlPassword: $(aadSqlPassword) inputs: azureSubscription: 'prod' AuthenticationType: aadAuthenticationPassword aadSqlUsername: $(aadSqlUserName) aadSqlPassword: $(aadSqlPassword) ServerName: <http://sqlsvrprimary.database.windows.net|sqlsvrprimary.database.windows.net> DatabaseName: 'dbname' deployType: SqlTask SqlFile: ./infrastructure/sql/sqlusers.sql IpDetectionMethod: 'AutoDetect'
fancy-jelly-6109204/26/2020, 8:56 AM
colossal-room-1570804/26/2020, 12:38 PM
fancy-jelly-6109204/28/2020, 1:28 PM