Support RBAC for backend state storage

[perbergland]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

With the RBAC support (in preview) for access to blobs in storage accounts, it's possible to move away from access keys and instead use AD (tokens).
It would be great if the backend for state storage could be updated accordingly.

Ideally, related to #502, if the AzureRM terraform provider could use the refresh token stored on disk by azure cli to generate the access token for storage (resource = "https://storage.azure.com/") then we wouldn't even need to set any credential property on the backend provider.

New or Affected Resource(s)

• backend/azurerm

Potential Terraform Configuration

backend "azurerm" {
# no need for access_key or arm_client_secret anymore
}

References

• Terraform loses access token and requires az login #502

[perbergland]

Closing this in favor of hashicorp/terraform#16763 because the code is not in the azurerm provider

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!