Terraform SP Fabric Deployment · Learn Microsoft Fabric

David Reger

May 28 • 🤓 Tech Chat

Terraform SP Fabric Deployment

Hey everyone,

I am currently developing a Terraform deployment with a Service Principal, deploying a Capacity and Fabric items.

My config looks like this:

resource "azurerm_resource_group" "this" {

name = "rg-${var.basename}"

location = var.location

}

resource "azapi_resource" "fabric_capacity" {

type = "Microsoft.Fabric/capacities@2023-11-01"

name = "fab${var.basename}"

parent_id = azurerm_resource_group.this.id

location = var.location

schema_validation_enabled = false

body = {

properties = {

administration = {

members = [

var.admin_email

]

}

sku = {

name = var.sku,

tier = "Fabric"

}

data "fabric_capacity" "example" {

display_name = "fab${var.basename}"

}

resource "fabric_workspace" "this" {

display_name = "tf_test_workspace"

description = "Example Workspace"

capacity_id = data.fabric_capacity.example.id

identity = {

type = "SystemAssigned"

}

The problem I get is, that the SP is not able to read the capacity (the data block fabric_capacity) as it's not the Admin nor the Contributor. I could assign the SP in the Azure portal as an admin but then I get something like a weird ID (different to the Client ID). And in Fabric I can only insert E-Mails into the Contributor/Admin section of the Capacity. I would like to have a way to do it in Terraform directly, but as I said it's not the client Id, and there is no Capacity contributor role in Azure.

2 comments