Skip to content

Commit

Permalink
mssql_server: add minimal_tls_version property (#8361)
Browse files Browse the repository at this point in the history
* mssql_server: add minimal_tls_version attribute

Co-authored-by: kt <[email protected]>
  • Loading branch information
manicminer and katbyte authored Oct 2, 2020
1 parent ac75ed8 commit ae3b60b
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 18 deletions.
42 changes: 29 additions & 13 deletions azurerm/internal/services/mssql/mssql_server_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
uuid "github.com/satori/go.uuid"

"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
Expand Down Expand Up @@ -136,6 +137,16 @@ func resourceArmMsSqlServer() *schema.Resource {
},
},

"minimum_tls_version": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice([]string{
"1.0",
"1.1",
"1.2",
}, false),
},

"public_network_access_enabled": {
Type: schema.TypeBool,
Optional: true,
Expand Down Expand Up @@ -183,7 +194,7 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
existing, err := client.Get(ctx, resGroup, name)
if err != nil {
if !utils.ResponseWasNotFound(existing.Response) {
return fmt.Errorf("Error checking for presence of existing SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
return fmt.Errorf("checking for presence of existing SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
}
}

Expand Down Expand Up @@ -216,22 +227,26 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
props.ServerProperties.AdministratorLoginPassword = utils.String(adminPassword)
}

if v := d.Get("minimum_tls_version"); v.(string) != "" {
props.ServerProperties.MinimalTLSVersion = utils.String(v.(string))
}

future, err := client.CreateOrUpdate(ctx, resGroup, name, props)
if err != nil {
return fmt.Errorf("Error issuing create/update request for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
return fmt.Errorf("issuing create/update request for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
}

if err = future.WaitForCompletionRef(ctx, client.Client); err != nil {
if response.WasConflict(future.Response()) {
return fmt.Errorf("SQL Server names need to be globally unique and %q is already in use.", name)
}

return fmt.Errorf("Error waiting on create/update future for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
return fmt.Errorf("waiting on create/update future for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
}

resp, err := client.Get(ctx, resGroup, name)
if err != nil {
return fmt.Errorf("Error issuing get request for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
return fmt.Errorf("issuing get request for SQL Server %q (Resource Group %q): %+v", name, resGroup, err)
}

d.SetId(*resp.ID)
Expand Down Expand Up @@ -264,7 +279,7 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
},
}
if _, err = connectionClient.CreateOrUpdate(ctx, resGroup, name, connection); err != nil {
return fmt.Errorf("Error issuing create/update request for SQL Server %q Connection Policy (Resource Group %q): %+v", name, resGroup, err)
return fmt.Errorf("issuing create/update request for SQL Server %q Connection Policy (Resource Group %q): %+v", name, resGroup, err)
}

auditingProps := sql.ExtendedServerBlobAuditingPolicy{
Expand All @@ -273,7 +288,7 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}

auditingFuture, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps)
if err != nil {
return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err)
return fmt.Errorf("issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err)
}

if err = auditingFuture.WaitForCompletionRef(ctx, auditingClient.Client); err != nil {
Expand Down Expand Up @@ -308,7 +323,7 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error
return nil
}

return fmt.Errorf("Error reading SQL Server %s: %v", name, err)
return fmt.Errorf("reading SQL Server %s: %v", name, err)
}

d.Set("name", name)
Expand All @@ -318,20 +333,21 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error
}

if err := d.Set("identity", flattenAzureRmSqlServerIdentity(resp.Identity)); err != nil {
return fmt.Errorf("Error setting `identity`: %+v", err)
return fmt.Errorf("setting `identity`: %+v", err)
}

if props := resp.ServerProperties; props != nil {
d.Set("version", props.Version)
d.Set("administrator_login", props.AdministratorLogin)
d.Set("fully_qualified_domain_name", props.FullyQualifiedDomainName)
d.Set("minimum_tls_version", props.MinimalTLSVersion)
d.Set("public_network_access_enabled", props.PublicNetworkAccess == sql.ServerPublicNetworkAccessEnabled)
}

adminResp, err := adminClient.Get(ctx, resGroup, name)
if err != nil {
if !utils.ResponseWasNotFound(adminResp.Response) {
return fmt.Errorf("Error reading SQL Server %s AAD admin: %v", name, err)
return fmt.Errorf("reading SQL Server %s AAD admin: %v", name, err)
}
} else {
if err := d.Set("azuread_administrator", flatternAzureRmMsSqlServerAdministrator(adminResp)); err != nil {
Expand All @@ -341,7 +357,7 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error

connection, err := connectionClient.Get(ctx, resGroup, name)
if err != nil {
return fmt.Errorf("Error reading SQL Server %s Blob Connection Policy: %v ", name, err)
return fmt.Errorf("reading SQL Server %s Blob Connection Policy: %v ", name, err)
}

if props := connection.ServerConnectionPolicyProperties; props != nil {
Expand All @@ -350,11 +366,11 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error

auditingResp, err := auditingClient.Get(ctx, resGroup, name)
if err != nil {
return fmt.Errorf("Error reading SQL Server %s Blob Auditing Policies: %v ", name, err)
return fmt.Errorf("reading SQL Server %s Blob Auditing Policies: %v ", name, err)
}

if err := d.Set("extended_auditing_policy", helper.FlattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)); err != nil {
return fmt.Errorf("Error setting `extended_auditing_policy`: %+v", err)
return fmt.Errorf("setting `extended_auditing_policy`: %+v", err)
}

restorableResp, err := restorableDroppedDatabasesClient.ListByServer(ctx, resGroup, name)
Expand Down Expand Up @@ -383,7 +399,7 @@ func resourceArmMsSqlServerDelete(d *schema.ResourceData, meta interface{}) erro

future, err := client.Delete(ctx, resGroup, name)
if err != nil {
return fmt.Errorf("Error deleting SQL Server %s: %+v", name, err)
return fmt.Errorf("deleting SQL Server %s: %+v", name, err)
}

return future.WaitForCompletionRef(ctx, client.Client)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,7 @@ resource "azurerm_mssql_server" "test" {
version = "12.0"
administrator_login = "missadministrator"
administrator_login_password = "thisIsKat11"
minimum_tls_version = "1.2"
public_network_access_enabled = true
Expand Down
13 changes: 8 additions & 5 deletions website/docs/r/mssql_server.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ resource "azurerm_mssql_server" "example" {
version = "12.0"
administrator_login = "missadministrator"
administrator_login_password = "thisIsKat11"
minimum_tls_version = "1.2"
azuread_administrator {
login_username = "AzureAD Admin"
Expand Down Expand Up @@ -65,9 +66,9 @@ The following arguments are supported:

* `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

* `version` - (Required) This servers MS SQL version. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server).
* `version` - (Required) The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server).

* `administrator_login` - (Required) The administrator's login name for the new server. Changing this forces a new resource to be created.
* `administrator_login` - (Required) The administrator login name for the new server. Changing this forces a new resource to be created.

* `administrator_login_password` - (Required) The password associated with the `administrator_login` user. Needs to comply with Azure's [Password Policy](https://msdn.microsoft.com/library/ms161959.aspx)

Expand All @@ -79,6 +80,8 @@ The following arguments are supported:

* `identity` - (Optional) An `identity` block as defined below.

* `minimum_tls_version` - (Optional) The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server. Valid values are: `1.0`, `1.1` and `1.2`.

* `public_network_access_enabled` - (Optional) Whether or not public network access is allowed for this server. Defaults to `true`.

* `tags` - (Optional) A mapping of tags to assign to the resource.
Expand Down Expand Up @@ -109,11 +112,11 @@ The following attributes are exported:

* `tenant_id` - The Tenant ID for the Service Principal associated with the Identity of this SQL Server.

-> You can access the Principal ID via `${azurerm_sql_server.example.identity.0.principal_id}` and the Tenant ID via `${azurerm_sql_server.example.identity.0.tenant_id}`
-> You can access the Principal ID via `azurerm_mssql_server.example.identity.0.principal_id` and the Tenant ID via `azurerm_mssql_server.example.identity.0.tenant_id`

---

A `azuread_administrator` block supports the following:
An `azuread_administrator` block supports the following:

* `login_username` - (Required) The login username of the Azure AD Administrator of this SQL Server.

Expand All @@ -123,7 +126,7 @@ A `azuread_administrator` block supports the following:

---

A `extended_auditing_policy` block supports the following:
An `extended_auditing_policy` block supports the following:

* `storage_account_access_key` - (Required) Specifies the access key to use for the auditing storage account.

Expand Down

0 comments on commit ae3b60b

Please sign in to comment.