From f21db0a9981fd51b8c73517f3e64549cdc8fa2b2 Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Thu, 30 Apr 2020 16:38:51 +0800 Subject: [PATCH 1/6] update --- .../internal/services/mssql/client/client.go | 6 ++ .../mssql/resource_arm_mssql_server.go | 72 +++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/azurerm/internal/services/mssql/client/client.go b/azurerm/internal/services/mssql/client/client.go index 7588bcdc51ee..2524a2372ac9 100644 --- a/azurerm/internal/services/mssql/client/client.go +++ b/azurerm/internal/services/mssql/client/client.go @@ -7,11 +7,13 @@ import ( ) type Client struct { + DatabasesClient *sql.DatabasesClient DatabaseExtendedBlobAuditingPoliciesClient *sql.ExtendedDatabaseBlobAuditingPoliciesClient DatabaseThreatDetectionPoliciesClient *sql.DatabaseThreatDetectionPoliciesClient ElasticPoolsClient *sql.ElasticPoolsClient DatabaseVulnerabilityAssessmentRuleBaselinesClient *sql.DatabaseVulnerabilityAssessmentRuleBaselinesClient + ServerAzureADAdministratorsClient *sql.ServerAzureADAdministratorsClient ServersClient *sql.ServersClient ServerExtendedBlobAuditingPoliciesClient *sql.ExtendedServerBlobAuditingPoliciesClient ServerConnectionPoliciesClient *sql.ServerConnectionPoliciesClient @@ -45,6 +47,9 @@ func NewClient(o *common.ClientOptions) *Client { serverVulnerabilityAssessmentsClient := sql.NewServerVulnerabilityAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&serverVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer) + serverAzureADAdministratorsClient := sql.NewServerAzureADAdministratorsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) + o.ConfigureClient(&serverAzureADAdministratorsClient.Client, o.ResourceManagerAuthorizer) + serversClient := sql.NewServersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&serversClient.Client, o.ResourceManagerAuthorizer) @@ -60,6 +65,7 @@ func NewClient(o *common.ClientOptions) *Client { DatabaseThreatDetectionPoliciesClient: &databaseThreatDetectionPoliciesClient, DatabaseVulnerabilityAssessmentRuleBaselinesClient: &databaseVulnerabilityAssessmentRuleBaselinesClient, ElasticPoolsClient: &elasticPoolsClient, + ServerAzureADAdministratorsClient: &serverAzureADAdministratorsClient, ServersClient: &serversClient, ServerExtendedBlobAuditingPoliciesClient: &serverExtendedBlobAuditingPoliciesClient, ServerConnectionPoliciesClient: &serverConnectionPoliciesClient, diff --git a/azurerm/internal/services/mssql/resource_arm_mssql_server.go b/azurerm/internal/services/mssql/resource_arm_mssql_server.go index 24f91f67a219..9705946f0dc3 100644 --- a/azurerm/internal/services/mssql/resource_arm_mssql_server.go +++ b/azurerm/internal/services/mssql/resource_arm_mssql_server.go @@ -71,6 +71,40 @@ func resourceArmMsSqlServer() *schema.Resource { Sensitive: true, }, + "azuread_administrator": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "login": { + Type: schema.TypeString, + Required: true, + ValidateFunc:validation.StringIsNotEmpty, + }, + "administrator_type": { + Type: schema.TypeString, + Required: true, + ValidateFunc:validation.StringIsNotEmpty, + }, + + "object_id": { + Type: schema.TypeString, + Required: true, + ValidateFunc:validation.StringIsNotEmpty, + }, + "tenant_id": { + Type: schema.TypeString, + Required: true, + ValidateFunc:validation.StringIsNotEmpty, + }, + "azuread_only_authentication": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "connection_policy": { Type: schema.TypeString, Optional: true, @@ -129,6 +163,7 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{} client := meta.(*clients.Client).MSSQL.ServersClient auditingClient := meta.(*clients.Client).MSSQL.ServerExtendedBlobAuditingPoliciesClient connectionClient := meta.(*clients.Client).MSSQL.ServerConnectionPoliciesClient + adminClient := meta.(*clients.Client).MSSQL.ServerAzureADAdministratorsClient ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -198,6 +233,28 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{} d.SetId(*resp.ID) + if d.HasChange("azuread_administrator"){ + admin := make(map[string]sql.ServerAzureADAdministrator) + for adminIterator,err := adminClient.ListByServerComplete(ctx,resGroup,name); adminIterator.NotDone(); err = adminIterator.NextWithContext(ctx){ + if err!=nil{ + return fmt.Errorf("") + } + admin[*adminIterator.Value().Name] = adminIterator.Value() + } + + adminsToCreate := expandAzureRmMsSqlServerAdministrator(d.Get("azuread_administrator").([]interface{})) + for n,v := range adminsToCreate{ + adminClient.CreateOrUpdate(ctx,resGroup,name,v) + if _,ok :=admin[n];ok{ + delete(admin,n) + } + } + for _,v := range admin{ + adminClient.Delete(ctx,resGroup,name) + } + + } + connection := sql.ServerConnectionPolicy{ ServerConnectionPolicyProperties: &sql.ServerConnectionPolicyProperties{ ConnectionType: sql.ServerConnectionType(d.Get("connection_policy").(string)), @@ -328,3 +385,18 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface return []interface{}{result} } + +func expandAzureRmMsSqlServerAdministrator(input []interface{}) *sql.ServerAzureADAdministrator { + if len(input) == 0 { + return &sql.ServerAzureADAdministrator{} + } + admin := input[0].(map[string]interface{}) + identityType := sql.IdentityType(identity["type"].(string)) + return &sql.ServerAzureADAdministrator{ + AdministratorType:, + Login:, + Sid:, + TenantID:, + AzureADOnlyAuthentication:, + } +} From 65876d5c69c681fb9fb94bfdbcdc36175353033d Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Wed, 6 May 2020 13:11:29 +0800 Subject: [PATCH 2/6] test pass --- .../internal/services/mssql/client/client.go | 1 - .../mssql/resource_arm_mssql_server.go | 135 +++++++---- .../tests/resource_arm_mssql_server_test.go | 223 ++++++++++++++++++ website/docs/r/mssql_server.html.markdown | 17 ++ 4 files changed, 332 insertions(+), 44 deletions(-) diff --git a/azurerm/internal/services/mssql/client/client.go b/azurerm/internal/services/mssql/client/client.go index 2524a2372ac9..9c3f834b3823 100644 --- a/azurerm/internal/services/mssql/client/client.go +++ b/azurerm/internal/services/mssql/client/client.go @@ -7,7 +7,6 @@ import ( ) type Client struct { - DatabasesClient *sql.DatabasesClient DatabaseExtendedBlobAuditingPoliciesClient *sql.ExtendedDatabaseBlobAuditingPoliciesClient DatabaseThreatDetectionPoliciesClient *sql.DatabaseThreatDetectionPoliciesClient diff --git a/azurerm/internal/services/mssql/resource_arm_mssql_server.go b/azurerm/internal/services/mssql/resource_arm_mssql_server.go index 9705946f0dc3..f95e3461e2d4 100644 --- a/azurerm/internal/services/mssql/resource_arm_mssql_server.go +++ b/azurerm/internal/services/mssql/resource_arm_mssql_server.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-azure-helpers/response" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" + uuid "github.com/satori/go.uuid" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" @@ -76,30 +77,23 @@ func resourceArmMsSqlServer() *schema.Resource { Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "login": { - Type: schema.TypeString, - Required: true, - ValidateFunc:validation.StringIsNotEmpty, - }, - "administrator_type": { - Type: schema.TypeString, - Required: true, - ValidateFunc:validation.StringIsNotEmpty, + "login_username": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringIsNotEmpty, }, "object_id": { - Type: schema.TypeString, - Required: true, - ValidateFunc:validation.StringIsNotEmpty, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.IsUUID, }, + "tenant_id": { - Type: schema.TypeString, - Required: true, - ValidateFunc:validation.StringIsNotEmpty, - }, - "azuread_only_authentication": { - Type: schema.TypeBool, - Required: true, + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.IsUUID, }, }, }, @@ -233,26 +227,30 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{} d.SetId(*resp.ID) - if d.HasChange("azuread_administrator"){ - admin := make(map[string]sql.ServerAzureADAdministrator) - for adminIterator,err := adminClient.ListByServerComplete(ctx,resGroup,name); adminIterator.NotDone(); err = adminIterator.NextWithContext(ctx){ - if err!=nil{ - return fmt.Errorf("") + if d.HasChange("azuread_administrator") { + adminDelFuture, err := adminClient.Delete(ctx, resGroup, name) + if err != nil { + if !response.WasNotFound(adminDelFuture.Response()) { + return fmt.Errorf("deleting SQL Server %q AAD admin (Resource Group %q): %+v", name, resGroup, err) } - admin[*adminIterator.Value().Name] = adminIterator.Value() } - adminsToCreate := expandAzureRmMsSqlServerAdministrator(d.Get("azuread_administrator").([]interface{})) - for n,v := range adminsToCreate{ - adminClient.CreateOrUpdate(ctx,resGroup,name,v) - if _,ok :=admin[n];ok{ - delete(admin,n) + if err = adminDelFuture.WaitForCompletionRef(ctx, adminClient.Client); err != nil { + if !response.WasNotFound(future.Response()) { + return fmt.Errorf("waiting for SQL Server %q AAD admin (Resource Group %q) to be deleted: %+v", name, resGroup, err) } } - for _,v := range admin{ - adminClient.Delete(ctx,resGroup,name) - } + if adminParams := expandAzureRmMsSqlServerAdministrator(d.Get("azuread_administrator").([]interface{})); adminParams != nil { + adminFuture, err := adminClient.CreateOrUpdate(ctx, resGroup, name, *adminParams) + if err != nil { + return fmt.Errorf("creating SQL Server %q AAD admin (Resource Group %q): %+v", name, resGroup, err) + } + + if err = adminFuture.WaitForCompletionRef(ctx, adminClient.Client); err != nil { + return fmt.Errorf("waiting for creation of SQL Server %q AAD admin (Resource Group %q): %+v", name, resGroup, err) + } + } } connection := sql.ServerConnectionPolicy{ @@ -267,10 +265,16 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{} auditingProps := sql.ExtendedServerBlobAuditingPolicy{ ExtendedServerBlobAuditingPolicyProperties: helper.ExpandAzureRmSqlServerBlobAuditingPolicies(d.Get("extended_auditing_policy").([]interface{})), } - if _, err = auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps); err != nil { + + auditingFuture, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps) + if err != nil { return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) } + if err = auditingFuture.WaitForCompletionRef(ctx, auditingClient.Client); err != nil { + return fmt.Errorf("waiting for creation of SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) + } + return resourceArmMsSqlServerRead(d, meta) } @@ -278,6 +282,7 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error client := meta.(*clients.Client).MSSQL.ServersClient auditingClient := meta.(*clients.Client).MSSQL.ServerExtendedBlobAuditingPoliciesClient connectionClient := meta.(*clients.Client).MSSQL.ServerConnectionPoliciesClient + adminClient := meta.(*clients.Client).MSSQL.ServerAzureADAdministratorsClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -317,6 +322,18 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error d.Set("public_network_access_enabled", props.PublicNetworkAccess == sql.ServerPublicNetworkAccessEnabled) } + adminResp, err := adminClient.Get(ctx, resGroup, name) + if err != nil { + if !utils.ResponseWasNotFound(adminResp.Response) { + return fmt.Errorf("Error reading SQL Server %s AAD admin: %v", name, err) + } + } else { + flattenAdmin := flatternAzureRmMsSqlServerAdministrator(adminResp) + if err := d.Set("azuread_administrator", flattenAdmin); err != nil { + return fmt.Errorf("setting `azuread_administrator`: %+v", err) + } + } + connection, err := connectionClient.Get(ctx, resGroup, name) if err != nil { return fmt.Errorf("Error reading SQL Server %s Blob Connection Policy: %v ", name, err) @@ -387,16 +404,48 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface } func expandAzureRmMsSqlServerAdministrator(input []interface{}) *sql.ServerAzureADAdministrator { - if len(input) == 0 { - return &sql.ServerAzureADAdministrator{} + if len(input) == 0 || input[0] == nil { + return nil } + admin := input[0].(map[string]interface{}) - identityType := sql.IdentityType(identity["type"].(string)) - return &sql.ServerAzureADAdministrator{ - AdministratorType:, - Login:, - Sid:, - TenantID:, - AzureADOnlyAuthentication:, + sid, _ := uuid.FromString(admin["object_id"].(string)) + + adminParams := sql.ServerAzureADAdministrator{ + AdministratorProperties: &sql.AdministratorProperties{ + AdministratorType: utils.String("ActiveDirectory"), + Login: utils.String(admin["login_username"].(string)), + Sid: &sid, + }, + } + + if v, ok := admin["tenant_id"]; ok && v != "" { + tid, _ := uuid.FromString(v.(string)) + adminParams.TenantID = &tid + } + + return &adminParams +} + +func flatternAzureRmMsSqlServerAdministrator(admin sql.ServerAzureADAdministrator) []interface{} { + var login, sid, tid string + if admin.Login != nil { + login = *admin.Login + } + + if admin.Sid != nil { + sid = admin.Sid.String() + } + + if admin.TenantID != nil { + tid = admin.TenantID.String() + } + + return []interface{}{ + map[string]interface{}{ + "login_username": login, + "object_id": sid, + "tenant_id": tid, + }, } } diff --git a/azurerm/internal/services/mssql/tests/resource_arm_mssql_server_test.go b/azurerm/internal/services/mssql/tests/resource_arm_mssql_server_test.go index 3c8c9bdc29ec..f9be715da2c9 100644 --- a/azurerm/internal/services/mssql/tests/resource_arm_mssql_server_test.go +++ b/azurerm/internal/services/mssql/tests/resource_arm_mssql_server_test.go @@ -2,6 +2,7 @@ package tests import ( "fmt" + "os" "testing" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" @@ -147,6 +148,79 @@ func TestAccAzureRMMsSqlServer_identity(t *testing.T) { }) } +func TestAccAzureRMMsSqlServer_azureadAdmin(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_mssql_server", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMMsSqlServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMMsSqlServer_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMMsSqlServerExists(data.ResourceName), + ), + }, + data.ImportStep("administrator_login_password"), + { + Config: testAccAzureRMMsSqlServer_azureadAdmin(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMMsSqlServerExists(data.ResourceName), + ), + }, + data.ImportStep("administrator_login_password"), + { + Config: testAccAzureRMMsSqlServer_azureadAdminUpdate(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMMsSqlServerExists(data.ResourceName), + ), + }, + data.ImportStep("administrator_login_password"), + { + Config: testAccAzureRMMsSqlServer_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMMsSqlServerExists(data.ResourceName), + ), + }, + data.ImportStep("administrator_login_password"), + }, + }) +} + +func TestAccAzureRMMsSqlServer_blobAuditingPolicies_withFirewall(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_mssql_server", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMMsSqlServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMMsSqlServer_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMMsSqlServerExists(data.ResourceName), + ), + }, + data.ImportStep("administrator_login_password", "extended_auditing_policy.0.storage_account_access_key"), + { + Config: testAccAzureRMMsSqlServer_blobAuditingPolicies_withFirewall(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMMsSqlServerExists(data.ResourceName), + ), + }, + data.ImportStep("administrator_login_password", "extended_auditing_policy.0.storage_account_access_key"), + { + Config: testAccAzureRMMsSqlServer_basic(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMMsSqlServerExists(data.ResourceName), + ), + }, + data.ImportStep("administrator_login_password", "extended_auditing_policy.0.storage_account_access_key"), + }, + }) +} + func testCheckAzureRMMsSqlServerExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { conn := acceptance.AzureProvider.Meta().(*clients.Client).Sql.ServersClient @@ -236,6 +310,11 @@ provider "azurerm" { resource "azurerm_resource_group" "test" { name = "acctestRG-mssql-%d" location = "%s" + lifecycle { + ignore_changes = [ + tags, + ] + } } resource "azurerm_mssql_server" "test" { @@ -376,3 +455,147 @@ resource "azurerm_mssql_server" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) } + +func testAccAzureRMMsSqlServer_azureadAdmin(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-mssql-%[1]d" + location = "%[2]s" + lifecycle { + ignore_changes = [ + tags, + ] + } +} + +data "azuread_service_principal" "test" { + application_id = "%[3]s" +} + +resource "azurerm_mssql_server" "test" { + name = "acctestsqlserver%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + version = "12.0" + administrator_login = "missadministrator" + administrator_login_password = "thisIsKat11" + + azuread_administrator { + login_username = "AzureAD Admin" + object_id = data.azuread_service_principal.test.id + } +} +`, data.RandomInteger, data.Locations.Primary, os.Getenv("ARM_CLIENT_ID")) +} + +func testAccAzureRMMsSqlServer_azureadAdminUpdate(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-mssql-%[1]d" + location = "%[2]s" + lifecycle { + ignore_changes = [ + tags, + ] + } +} + +data "azuread_service_principal" "test" { + application_id = "%[3]s" +} + +resource "azurerm_mssql_server" "test" { + name = "acctestsqlserver%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + version = "12.0" + administrator_login = "missadministrator" + administrator_login_password = "thisIsKat11" + + azuread_administrator { + login_username = "AzureAD Admin2" + object_id = data.azuread_service_principal.test.id + } +} +`, data.RandomInteger, data.Locations.Primary, os.Getenv("ARM_CLIENT_ID")) +} + +func testAccAzureRMMsSqlServer_blobAuditingPolicies_withFirewall(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-mssql-%[1]d" + location = "%[2]s" + lifecycle { + ignore_changes = [ + tags, + ] + } +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvirtnet%[1]d" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_subnet" "test" { + name = "acctestsubnet%[1]d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.2.0/24" + service_endpoints = ["Microsoft.Storage"] +} + +resource "azurerm_storage_account" "test" { + name = "unlikely23exst2acct%[3]s" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + account_tier = "Standard" + account_replication_type = "LRS" + + network_rules { + default_action = "Allow" + ip_rules = ["127.0.0.1"] + virtual_network_subnet_ids = [azurerm_subnet.test.id] + } +} + +data "azuread_service_principal" "test" { + application_id = "%[4]s" +} + +resource "azurerm_mssql_server" "test" { + name = "acctestsqlserver%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + version = "12.0" + administrator_login = "missadministrator" + administrator_login_password = "thisIsKat11" + + azuread_administrator { + login_username = "AzureAD Admin2" + object_id = data.azuread_service_principal.test.id + } + + extended_auditing_policy { + storage_account_access_key = azurerm_storage_account.test.primary_access_key + storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint + storage_account_access_key_is_secondary = true + retention_in_days = 6 + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString, os.Getenv("ARM_CLIENT_ID")) +} diff --git a/website/docs/r/mssql_server.html.markdown b/website/docs/r/mssql_server.html.markdown index 430a07f9ec40..74fce80e497d 100644 --- a/website/docs/r/mssql_server.html.markdown +++ b/website/docs/r/mssql_server.html.markdown @@ -38,6 +38,11 @@ resource "azurerm_mssql_server" "example" { administrator_login = "missadministrator" administrator_login_password = "thisIsKat11" + azuread_administrator { + login_username = "AzureAD Admin" + object_id = "00000000-0000-0000-0000-000000000000" + } + extended_auditing_policy { storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint storage_account_access_key = azurerm_storage_account.example.primary_access_key @@ -66,6 +71,8 @@ The following arguments are supported: * `administrator_login_password` - (Required) The password associated with the `administrator_login` user. Needs to comply with Azure's [Password Policy](https://msdn.microsoft.com/library/ms161959.aspx) +* `azuread_administrator` - (Optional) An `azuread_administrator` block as defined below. + * `connection_policy` - (Optional) The connection policy the server will use. Possible values are `Default`, `Proxy`, and `Redirect`. Defaults to `Default`. * `identity` - (Optional) An `identity` block as defined below. @@ -102,6 +109,16 @@ The following attributes are exported: --- +A `azuread_administrator` block supports the following: + +* `login_username` - (Required) The login username of the Azure AD Administrator of this SQL Server. + +* `object_id` - (Required) The object id of the Azure AD Administrator of this SQL Server. + +* `tenant_id` - (Optional) The tenant id of the Azure AD Administrator of this SQL Server. + +--- + A `extended_auditing_policy` block supports the following: * `storage_account_access_key` - (Required) Specifies the access key to use for the auditing storage account. From 3bbb42c48de4a0c17c56806414f5895b8243848c Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Wed, 6 May 2020 13:15:47 +0800 Subject: [PATCH 3/6] remove ignore changes --- .../tests/resource_arm_mssql_server_test.go | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/azurerm/internal/services/mssql/tests/resource_arm_mssql_server_test.go b/azurerm/internal/services/mssql/tests/resource_arm_mssql_server_test.go index f9be715da2c9..5b30efa30a29 100644 --- a/azurerm/internal/services/mssql/tests/resource_arm_mssql_server_test.go +++ b/azurerm/internal/services/mssql/tests/resource_arm_mssql_server_test.go @@ -310,11 +310,6 @@ provider "azurerm" { resource "azurerm_resource_group" "test" { name = "acctestRG-mssql-%d" location = "%s" - lifecycle { - ignore_changes = [ - tags, - ] - } } resource "azurerm_mssql_server" "test" { @@ -465,11 +460,6 @@ provider "azurerm" { resource "azurerm_resource_group" "test" { name = "acctestRG-mssql-%[1]d" location = "%[2]s" - lifecycle { - ignore_changes = [ - tags, - ] - } } data "azuread_service_principal" "test" { @@ -501,11 +491,6 @@ provider "azurerm" { resource "azurerm_resource_group" "test" { name = "acctestRG-mssql-%[1]d" location = "%[2]s" - lifecycle { - ignore_changes = [ - tags, - ] - } } data "azuread_service_principal" "test" { @@ -537,11 +522,6 @@ provider "azurerm" { resource "azurerm_resource_group" "test" { name = "acctestRG-mssql-%[1]d" location = "%[2]s" - lifecycle { - ignore_changes = [ - tags, - ] - } } resource "azurerm_virtual_network" "test" { From 00a167ea723c7bb7a735e73e623bc301bb2694b5 Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 7 May 2020 14:11:46 +0800 Subject: [PATCH 4/6] r1 --- .../services/mssql/resource_arm_mssql_server.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/azurerm/internal/services/mssql/resource_arm_mssql_server.go b/azurerm/internal/services/mssql/resource_arm_mssql_server.go index f95e3461e2d4..052bd2ab2c3d 100644 --- a/azurerm/internal/services/mssql/resource_arm_mssql_server.go +++ b/azurerm/internal/services/mssql/resource_arm_mssql_server.go @@ -75,6 +75,7 @@ func resourceArmMsSqlServer() *schema.Resource { "azuread_administrator": { Type: schema.TypeList, Optional: true, + MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "login_username": { @@ -230,15 +231,11 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{} if d.HasChange("azuread_administrator") { adminDelFuture, err := adminClient.Delete(ctx, resGroup, name) if err != nil { - if !response.WasNotFound(adminDelFuture.Response()) { - return fmt.Errorf("deleting SQL Server %q AAD admin (Resource Group %q): %+v", name, resGroup, err) - } + return fmt.Errorf("deleting SQL Server %q AAD admin (Resource Group %q): %+v", name, resGroup, err) } if err = adminDelFuture.WaitForCompletionRef(ctx, adminClient.Client); err != nil { - if !response.WasNotFound(future.Response()) { - return fmt.Errorf("waiting for SQL Server %q AAD admin (Resource Group %q) to be deleted: %+v", name, resGroup, err) - } + return fmt.Errorf("waiting for SQL Server %q AAD admin (Resource Group %q) to be deleted: %+v", name, resGroup, err) } if adminParams := expandAzureRmMsSqlServerAdministrator(d.Get("azuread_administrator").([]interface{})); adminParams != nil { @@ -328,8 +325,7 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error return fmt.Errorf("Error reading SQL Server %s AAD admin: %v", name, err) } } else { - flattenAdmin := flatternAzureRmMsSqlServerAdministrator(adminResp) - if err := d.Set("azuread_administrator", flattenAdmin); err != nil { + if err := d.Set("azuread_administrator", flatternAzureRmMsSqlServerAdministrator(adminResp)); err != nil { return fmt.Errorf("setting `azuread_administrator`: %+v", err) } } From d92b1856bfe835faf910ec56a3e9893115e42c7d Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Wed, 13 May 2020 16:20:37 +0800 Subject: [PATCH 5/6] apim subs key --- .../api_management_subscription_resource.go | 10 ++++++++-- .../tests/api_management_subscription_resource_test.go | 8 ++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/azurerm/internal/services/apimanagement/api_management_subscription_resource.go b/azurerm/internal/services/apimanagement/api_management_subscription_resource.go index d015a48241cd..cc34ace1572c 100644 --- a/azurerm/internal/services/apimanagement/api_management_subscription_resource.go +++ b/azurerm/internal/services/apimanagement/api_management_subscription_resource.go @@ -187,13 +187,19 @@ func resourceArmApiManagementSubscriptionRead(d *schema.ResourceData, meta inter if props := resp.SubscriptionContractProperties; props != nil { d.Set("display_name", props.DisplayName) - d.Set("primary_key", props.PrimaryKey) - d.Set("secondary_key", props.SecondaryKey) d.Set("state", string(props.State)) d.Set("product_id", props.Scope) d.Set("user_id", props.OwnerID) } + // Primary and secondary keys must be get from this additional api + keyResp, err := client.ListSecrets(ctx, resourceGroup, serviceName, subscriptionId) + if err != nil { + return fmt.Errorf("listing Subscription %q Primary and Secondary Keys (API Management Service %q / Resource Group %q): %+v", subscriptionId, serviceName, resourceGroup, err) + } + d.Set("primary_key", keyResp.PrimaryKey) + d.Set("secondary_key", keyResp.SecondaryKey) + return nil } diff --git a/azurerm/internal/services/apimanagement/tests/api_management_subscription_resource_test.go b/azurerm/internal/services/apimanagement/tests/api_management_subscription_resource_test.go index b9b029821e3e..a709f9c18c56 100644 --- a/azurerm/internal/services/apimanagement/tests/api_management_subscription_resource_test.go +++ b/azurerm/internal/services/apimanagement/tests/api_management_subscription_resource_test.go @@ -24,6 +24,8 @@ func TestAccAzureRMAPIManagementSubscription_basic(t *testing.T) { Check: resource.ComposeTestCheckFunc( testCheckAzureRMAPIManagementSubscriptionExists(data.ResourceName), resource.TestCheckResourceAttrSet(data.ResourceName, "subscription_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "primary_key"), + resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_key"), ), }, data.ImportStep(), @@ -44,6 +46,8 @@ func TestAccAzureRMAPIManagementSubscription_requiresImport(t *testing.T) { Check: resource.ComposeTestCheckFunc( testCheckAzureRMAPIManagementSubscriptionExists(data.ResourceName), resource.TestCheckResourceAttrSet(data.ResourceName, "subscription_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "primary_key"), + resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_key"), ), }, data.RequiresImportErrorStep(testAccAzureRMAPIManagementSubscription_requiresImport), @@ -65,6 +69,8 @@ func TestAccAzureRMAPIManagementSubscription_update(t *testing.T) { testCheckAzureRMAPIManagementSubscriptionExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "state", "submitted"), resource.TestCheckResourceAttrSet(data.ResourceName, "subscription_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "primary_key"), + resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_key"), ), }, { @@ -106,6 +112,8 @@ func TestAccAzureRMAPIManagementSubscription_complete(t *testing.T) { testCheckAzureRMAPIManagementSubscriptionExists(data.ResourceName), resource.TestCheckResourceAttr(data.ResourceName, "state", "active"), resource.TestCheckResourceAttrSet(data.ResourceName, "subscription_id"), + resource.TestCheckResourceAttrSet(data.ResourceName, "primary_key"), + resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_key"), ), }, data.ImportStep(), From 39b02007202966ec211b918fe3ed7ff4156b49bd Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Fri, 15 May 2020 10:31:46 +0800 Subject: [PATCH 6/6] update --- .../apimanagement/api_management_subscription_resource.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/internal/services/apimanagement/api_management_subscription_resource.go b/azurerm/internal/services/apimanagement/api_management_subscription_resource.go index cc34ace1572c..c2a4dd27dbeb 100644 --- a/azurerm/internal/services/apimanagement/api_management_subscription_resource.go +++ b/azurerm/internal/services/apimanagement/api_management_subscription_resource.go @@ -192,7 +192,7 @@ func resourceArmApiManagementSubscriptionRead(d *schema.ResourceData, meta inter d.Set("user_id", props.OwnerID) } - // Primary and secondary keys must be get from this additional api + // Primary and secondary keys must be got from this additional api keyResp, err := client.ListSecrets(ctx, resourceGroup, serviceName, subscriptionId) if err != nil { return fmt.Errorf("listing Subscription %q Primary and Secondary Keys (API Management Service %q / Resource Group %q): %+v", subscriptionId, serviceName, resourceGroup, err)