Terraform-provider-azurerm: Feature Request: Virtual Network Rules for Postgresql

Created on 13 Jul 2018  ·  4Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.7

  • provider.azurerm v1.7.0

Affected Resource(s)

azurerm_sql_virtual_network_rule

Terraform Configuration Files

provider "azurerm" {
  version = "~> 1.7.0"
}

locals {
  environment    = "${var.environment}"
  mmc_region     = "${var.mmc_region}"
  location_short = "${var.location_short}"
  subnet_number  = "${var.subnet_number}"
}

resource "azurerm_postgresql_server" "postgresql" {
  administrator_login          = "${var.postresql_admin_username}"
  administrator_login_password = "${var.postresql_admin_password}"
  location                     = "${var.location}"
  name                         = "${var.postgresql_server_name}"
  resource_group_name         = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_rg"

  sku {
    name     = "${var.sku_name}"
    capacity = "${var.sku_capacity}"
    tier     = "${var.sku_tier}"
    family   = "${var.sku_family}"
  }

  storage_profile {
    storage_mb            = "${var.storage_mb}"
    backup_retention_days = "${var.storage_retention}"
    geo_redundant_backup  = "${var.storage_geo_redundant}"
  }

  administrator_login          = "${var.administrator_login}"
  administrator_login_password = "${var.administrator_password}"
  ssl_enforcement              = "${var.ssl_enforcement}"
  version                      = "${var.posgresql_version}"

  tags {}
}

resource "azurerm_postgresql_database" "postgresql" {
  name                = "${var.postgresql_database_name}"
  resource_group_name = "${azurerm_postgresql_server.postgresql.resource_group_name}"
  server_name         = "${azurerm_postgresql_server.postgresql.name}"
  charset             = "${var.postgresql_database_charset}"
  collation           = "${var.posgresql_database_collation}"
}

data "azurerm_subnet" "existing-subnet02" {
  # We need to pull the info for the already existing subnet so we can use it's properties later, and to add the service endpoint.
  name                 = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_vnet_${local.subnet_number}"
  resource_group_name  = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_rg"
  virtual_network_name = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_vnet"
}

resource "azurerm_subnet" "subnet02" {
  # Now we can add the endpoint. 
  name                 = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_vnet_${local.subnet_number}"
  resource_group_name  = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_rg"
  virtual_network_name = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_vnet"
  address_prefix       = "${data.azurerm_subnet.existing-subnet02.address_prefix}"
  service_endpoints    = ["Microsoft.Sql"]
}

data "azurerm_virtual_network" "existing-tier2-vnet" {
  name                = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_vnet"
  resource_group_name = "${local.environment}_${local.mmc_region}_${local.location_short}_tier2_rg"
}

resource "azurerm_sql_virtual_network_rule" "postgresql" {
  name                = "postgresql-vnet-rule"
  resource_group_name = "${data.azurerm_virtual_network.existing-tier2-vnet.resource_group_name}"
  server_name         = "postgresserver1234"
  subnet_id           = "${azurerm_subnet.subnet02.id}"
}

Debug Output

Error: Error applying plan:

1 error(s) occurred:

  • azurerm_sql_virtual_network_rule.postgresql: 1 error(s) occurred:

  • azurerm_sql_virtual_network_rule.postgresql: Error creating SQL Virtual Network Rule "postgresql-vnet-rule" (SQL Server: "postgresserver1234", Resource Group: "stawalk_postgres_ams_usw2_tier2_rg"): sql.VirtualNetworkRulesClient#CreateOrUpdate: Failure sending request: StatusCode=404 -- Original Error: Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'postgresserver1234' not found."

Expected Behavior

Add a network rule to the Postgres server

Actual Behavior

Got the error above

Steps to Reproduce

terraform init
terraform plan (no errors in plan)
terraform apply

Important Factoids

If I comment out "resource "azurerm_sql_virtual_network_rule" "postgresql"" then the rest of it works fine. My server and db were created in the right network, and the service endpoint is added to the subnet.

Im not sure why Terraform (or Azure) can't see the parent resource? I am able to go into the Azure portal and add the vnet rule manually to the postgres server with no problem.

Any help would be much appreciated. Thanks!

  • #0000
new-resource servicpostgresql
Source
picture spacekitty76
👍13

Most helpful comment

@lfshr

We're looking for this feature as well from our end. Do you want me to take a look at implementing it?

Sure, that'd be awesome - thanks :)

I've not yet attempted a new resource, are there any templates/documentation out there I should be aware of?

I'd suggest copy/pasting an existing resource is probably the easiest way to get started and modifying it as needed (this is a probably a good candidate since it's kinda related) [obviously you can also start from scratch, but this is probably easier imo].

Once the Resource exists it can then made available to Terraform by adding it to either the Data Sources list or the Resources list in the ./azurerm/provider.go file; at which point it should be usable both in Tests and from Terraform. At that point it should be possible to add acceptance tests (which need to be in a file suffixed with _test.go - we tend to use the same filename as the resource plus the suffix) and then add it to the website (by creating a file in ./website/docs/r/postgresql_virtual_network_rule.html.markdown) and finally adding it to the sidebar (./website/docs/azurerm.erb) - which should be all that's needed.

There is some documentation on the Terraform Website (e.g. Schema's / Testing) - but we're revamping it at the moment, my suggestion would be to refer to other resources within the Provider since Azure's slightly different to the other providers (due to the API/SDK). Feel free to reach out if you've got any specific questions and we'll be happy to help :)

Thanks!

picture tombuildsstuff on 14 Aug 2018
👍3

All 4 comments

hi @spacekitty76

Thanks for opening this issue :)

The azurerm_sql_virtual_network resource is used to attach a azurerm_sql_server to a Virtual Network; separate resources are needed for the same thing for MySQL and Postgresql due to the nature of the Azure API's. There's a Feature Request tracking support for Virtual Network Rules for MySQL here - however there isn't currently one for Postgresql resources, as such I'm going to update this issue to be a feature request for that.

Thanks!

tombuildsstuff picture tombuildsstuff on 15 Jul 2018
👍1

Hey @tombuildsstuff

We're looking for this feature as well from our end. Do you want me to take a look at implementing it?
I've not yet attempted a new resource, are there any templates/documentation out there I should be aware of?

lfshr picture lfshr on 14 Aug 2018

@lfshr

We're looking for this feature as well from our end. Do you want me to take a look at implementing it?

Sure, that'd be awesome - thanks :)

I've not yet attempted a new resource, are there any templates/documentation out there I should be aware of?

I'd suggest copy/pasting an existing resource is probably the easiest way to get started and modifying it as needed (this is a probably a good candidate since it's kinda related) [obviously you can also start from scratch, but this is probably easier imo].

Once the Resource exists it can then made available to Terraform by adding it to either the Data Sources list or the Resources list in the ./azurerm/provider.go file; at which point it should be usable both in Tests and from Terraform. At that point it should be possible to add acceptance tests (which need to be in a file suffixed with _test.go - we tend to use the same filename as the resource plus the suffix) and then add it to the website (by creating a file in ./website/docs/r/postgresql_virtual_network_rule.html.markdown) and finally adding it to the sidebar (./website/docs/azurerm.erb) - which should be all that's needed.

There is some documentation on the Terraform Website (e.g. Schema's / Testing) - but we're revamping it at the moment, my suggestion would be to refer to other resources within the Provider since Azure's slightly different to the other providers (due to the API/SDK). Feel free to reach out if you've got any specific questions and we'll be happy to help :)

Thanks!

tombuildsstuff picture tombuildsstuff on 14 Aug 2018
👍3

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 6 Mar 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Lachlan-White picture Lachlan-White  ·  3Comments
whytoe picture whytoe  ·  3Comments
hashibot picture hashibot  ·  3Comments
bentterp picture bentterp  ·  3Comments
akamalov picture akamalov  ·  3Comments