diff --git a/azurerm/internal/services/mysql/resource_arm_mysql_server.go b/azurerm/internal/services/mysql/resource_arm_mysql_server.go index 7dd5ba650553..54bab650e0f6 100644 --- a/azurerm/internal/services/mysql/resource_arm_mysql_server.go +++ b/azurerm/internal/services/mysql/resource_arm_mysql_server.go @@ -152,6 +152,12 @@ func resourceArmMySqlServer() *schema.Resource { DiffSuppressFunc: suppress.CaseDifference, }, + "public_network_access_enabled": { + Type: schema.TypeBool, + Optional: true, + Default: true, + }, + "fqdn": { Type: schema.TypeString, Computed: true, @@ -184,6 +190,11 @@ func resourceArmMySqlServerCreate(d *schema.ResourceData, meta interface{}) erro location := azure.NormalizeLocation(d.Get("location").(string)) resourceGroup := d.Get("resource_group_name").(string) + publicAccess := mysql.PublicNetworkAccessEnumEnabled + if v := d.Get("public_network_access_enabled").(bool); !v { + publicAccess = mysql.PublicNetworkAccessEnumDisabled + } + if features.ShouldResourcesBeImported() && d.IsNewResource() { existing, err := client.Get(ctx, resourceGroup, name) if err != nil { @@ -211,6 +222,7 @@ func resourceArmMySqlServerCreate(d *schema.ResourceData, meta interface{}) erro SslEnforcement: mysql.SslEnforcementEnum(d.Get("ssl_enforcement").(string)), StorageProfile: expandMySQLStorageProfile(d), CreateMode: mysql.CreateMode("Default"), + PublicNetworkAccess: publicAccess, }, Sku: sku, Tags: tags.Expand(d.Get("tags").(map[string]interface{})), @@ -254,12 +266,18 @@ func resourceArmMySqlServerUpdate(d *schema.ResourceData, meta interface{}) erro return fmt.Errorf("error expanding sku_name for MySQL Server %q (Resource Group %q): %v", name, resourceGroup, err) } + publicAccess := mysql.PublicNetworkAccessEnumEnabled + if v := d.Get("public_network_access_enabled").(bool); !v { + publicAccess = mysql.PublicNetworkAccessEnumDisabled + } + properties := mysql.ServerUpdateParameters{ ServerUpdateParametersProperties: &mysql.ServerUpdateParametersProperties{ StorageProfile: expandMySQLStorageProfile(d), AdministratorLoginPassword: utils.String(d.Get("administrator_login_password").(string)), Version: mysql.ServerVersion(d.Get("version").(string)), SslEnforcement: mysql.SslEnforcementEnum(d.Get("ssl_enforcement").(string)), + PublicNetworkAccess: publicAccess, }, Sku: sku, Tags: tags.Expand(d.Get("tags").(map[string]interface{})), @@ -324,6 +342,7 @@ func resourceArmMySqlServerRead(d *schema.ResourceData, meta interface{}) error d.Set("administrator_login", resp.AdministratorLogin) d.Set("version", string(resp.Version)) d.Set("ssl_enforcement", string(resp.SslEnforcement)) + d.Set("public_network_access_enabled", resp.PublicNetworkAccess != mysql.PublicNetworkAccessEnumDisabled) if err := d.Set("storage_profile", flattenMySQLStorageProfile(resp.StorageProfile)); err != nil { return fmt.Errorf("Error setting `storage_profile`: %+v", err) diff --git a/azurerm/internal/services/mysql/tests/resource_arm_mysql_server_test.go b/azurerm/internal/services/mysql/tests/resource_arm_mysql_server_test.go index d2f84e500487..d675e17d0347 100644 --- a/azurerm/internal/services/mysql/tests/resource_arm_mysql_server_test.go +++ b/azurerm/internal/services/mysql/tests/resource_arm_mysql_server_test.go @@ -31,6 +31,25 @@ func TestAccAzureRMMySQLServer_basicFiveSix(t *testing.T) { }) } +func TestAccAzureRMMySQLServer_disablePublicNetworkAccess(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_mysql_server", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMMySQLServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMMySQLServer_disablePublicNetworkAccess(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMMySQLServerExists(data.ResourceName), + ), + }, + data.ImportStep("administrator_login_password"), // not returned as sensitive + }, + }) +} + func TestAccAzureRMMySQLServer_requiresImport(t *testing.T) { if !features.ShouldResourcesBeImported() { t.Skip("Skipping since resources aren't required to be imported") @@ -297,6 +316,39 @@ resource "azurerm_mysql_server" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } +func testAccAzureRMMySQLServer_disablePublicNetworkAccess(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_mysql_server" "test" { + name = "acctestmysqlsvr-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + sku_name = "GP_Gen5_2" + + storage_profile { + storage_mb = 51200 + backup_retention_days = 7 + geo_redundant_backup = "Disabled" + } + + administrator_login = "acctestun" + administrator_login_password = "H@Sh1CoR3!" + version = "5.6" + ssl_enforcement = "Enabled" + public_network_access_enabled = false +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger) +} + func testAccAzureRMMySQLServer_basicFiveSeven(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { diff --git a/website/docs/r/mysql_server.html.markdown b/website/docs/r/mysql_server.html.markdown index 06e403ffe89f..725ee963c2c6 100644 --- a/website/docs/r/mysql_server.html.markdown +++ b/website/docs/r/mysql_server.html.markdown @@ -61,6 +61,8 @@ The following arguments are supported: * `ssl_enforcement` - (Required) Specifies if SSL should be enforced on connections. Possible values are `Enabled` and `Disabled`. +* `public_network_access_enabled` - (Optional) Should public network access be allowed for this server? Defaults to `true`. + * `tags` - (Optional) A mapping of tags to assign to the resource. ---