azurerm_mssql_job_target_group - remove validation that made job_target.job_credential_id required

internal/services/mssql/mssql_job_target_group_resource.go

@@ -113,13 +113,6 @@ func (r MsSqlJobTargetGroupResource) CustomizeDiff() sdk.ResourceFunc {
 				if v.DatabaseName != "" && v.ElasticPoolName != "" {
 					return fmt.Errorf("`database_name` and `elastic_pool_name` are mutually exclusive")
 				}
-
-				targetType := determineJobTargetType(v)
-				if isCredentialRequired(jobtargetgroups.JobTargetGroupMembershipType(v.MembershipType), targetType) {
-					if v.JobCredentialId == "" {
-						return fmt.Errorf("`job_credential_id` is required when `membership_type` is `%s` and `type` is `%s`", jobtargetgroups.JobTargetGroupMembershipTypeInclude, targetType)
-					}
-				}
 			}
 
 			return nil
@@ -298,7 +291,7 @@ func expandJobTargets(input []MsSqlJobTarget) []jobtargetgroups.JobTarget {
 		targetType := determineJobTargetType(v)
 		t.Type = targetType
 
-		if isCredentialRequired(jobtargetgroups.JobTargetGroupMembershipType(v.MembershipType), targetType) {
+		if v.JobCredentialId != "" {
 			t.RefreshCredential = pointer.To(v.JobCredentialId)
 		}
 
@@ -348,7 +341,3 @@ func determineJobTargetType(input MsSqlJobTarget) jobtargetgroups.JobTargetType
 		return jobtargetgroups.JobTargetTypeSqlServer
 	}
 }
-
-func isCredentialRequired(membershipType jobtargetgroups.JobTargetGroupMembershipType, targetType jobtargetgroups.JobTargetType) bool {
-	return membershipType == jobtargetgroups.JobTargetGroupMembershipTypeInclude && targetType != jobtargetgroups.JobTargetTypeSqlDatabase
-}

internal/services/mssql/mssql_job_target_group_resource_test.go

@@ -115,6 +115,35 @@ func TestAccMsSqlJobTargetGroupTest_withElasticPool(t *testing.T) {
 	})
 }
 
+func TestAccMsSqlJobTargetGroupTest_withoutJobCredential(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_mssql_job_target_group", "test")
+	r := MsSqlJobTargetGroupResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.complete(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+		{
+			Config: r.withoutJobCredential(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+		{
+			Config: r.complete(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (MsSqlJobTargetGroupResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := jobtargetgroups.ParseTargetGroupID(state.ID)
 	if err != nil {
@@ -228,6 +257,22 @@ resource "azurerm_mssql_job_target_group" "test" {
 `, r.template(data), data.RandomInteger)
 }
 
+func (r MsSqlJobTargetGroupResource) withoutJobCredential(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_mssql_job_target_group" "test" {
+  name         = "acctest-target-group-%[2]d"
+  job_agent_id = azurerm_mssql_job_agent.test.id
+
+  job_target {
+    membership_type = "Include"
+    server_name     = azurerm_mssql_server.test.name
+  }
+}
+`, r.template(data), data.RandomInteger)
+}
+
 func (MsSqlJobTargetGroupResource) template(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
@@ -239,13 +284,40 @@ resource "azurerm_resource_group" "test" {
   location = "%[2]s"
 }
 
+resource "azurerm_user_assigned_identity" "test" {
+  name                = "acctestuai-%[1]d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+}
+
 resource "azurerm_mssql_server" "test" {
   name                         = "acctest-server-%[1]d"
   location                     = azurerm_resource_group.test.location
   resource_group_name          = azurerm_resource_group.test.name
   version                      = "12.0"
   administrator_login          = "4dm1n157r470r"
   administrator_login_password = "4-v3ry-53cr37-p455w0rd"
+
+  azuread_administrator {
+    login_username = "aadAdmin"
+    object_id      = azurerm_user_assigned_identity.test.client_id
+  }
+
+  primary_user_assigned_identity_id = azurerm_user_assigned_identity.test.id
+
+  identity {
+    type = "UserAssigned"
+    identity_ids = [
+      azurerm_user_assigned_identity.test.id
+    ]
+  }
+}
+
+resource "azurerm_mssql_firewall_rule" "test" {
+  name             = "acctest-fw-rule-%[1]d"
+  server_id        = azurerm_mssql_server.test.id
+  start_ip_address = "0.0.0.0"
+  end_ip_address   = "0.0.0.0"
 }
 
 resource "azurerm_mssql_database" "test" {
@@ -259,6 +331,13 @@ resource "azurerm_mssql_job_agent" "test" {
   name        = "acctest-job-agent-%[1]d"
   location    = azurerm_resource_group.test.location
   database_id = azurerm_mssql_database.test.id
+
+  identity {
+    type = "UserAssigned"
+    identity_ids = [
+      azurerm_user_assigned_identity.test.id
+    ]
+  }
 }
 
 resource "azurerm_mssql_job_credential" "test" {

website/docs/r/mssql_job_target_group.html.markdown

@@ -86,7 +86,7 @@ A `job_target` block supports the following:
 
 * `job_credential_id` - (Optional) The ID of the job credential to use during execution of jobs.
 
-~> **Note:** This is required when `membership_type` is `Include`, unless `database_name` is set.
+~> **Note:** This is required when `membership_type` is `Include`, unless `database_name` is set or the target resource is configured to use a managed identity for authentication.
 
 * `membership_type` - (Optional) The membership type for this job target. Possible values are `Include` and `Exclude`. Defaults to `Include`.