include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

For Typical identity blocks:

[source,terraform,diff-id=1,diff-type=noncompliant]
----
resource "azurerm_api_management" "example" { # Sensitive, the identity block is missing
  name           = "example"
  publisher_name = "company"     
}
----

For connections between Kusto Clusters and Azure Data Factory:

[source,terraform,diff-id=2,diff-type=noncompliant]
----
resource "azurerm_data_factory_linked_service_kusto" "example" {
  name                 = "example"
  use_managed_identity = false # Sensitive
}
----

== Compliant Solution

For Typical identity blocks:

[source,terraform,diff-id=1,diff-type=compliant]
----
resource "azurerm_api_management" "example" {
  name           = "example"
  publisher_name = "company" 

  identity {
    type = "SystemAssigned"
  }
}
----

For connections between Kusto Clusters and Azure Data Factory:

[source,terraform,diff-id=2,diff-type=compliant]
----
resource "azurerm_data_factory_linked_service_kusto" "example" {
  name                 = "example"
  use_managed_identity = true
}
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

Only for Azure Data Factory:

- Make sure that disabling Azure Managed Identities is safe here.


include::../highlighting.adoc[]

endif::env-github,rspecator-view[]