Terraform-provider-azurerm: Support for publicNetworkAccess property on resource_arm_sql_server

Created on 7 Apr 2020  路  9Comments  路  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

This optional property allows setting the sql server to block public connections and only allow connections over private links.

New or Affected Resource(s)

  • data_source_sql_server
  • resource_arm_sql_server

Potential Terraform Configuration

resource "azurerm_sql_server" "example" {
  name                         = "mysqlserver"
  resource_group_name          = azurerm_resource_group.example.name
  location                     = azurerm_resource_group.example.location
  version                      = "12.0"
  administrator_login          = "mradministrator"
  administrator_login_password = "thisIsDog11"
  public_network_access = "Disabled"

  extended_auditing_policy {
    storage_endpoint                        = azurerm_storage_account.example.primary_blob_endpoint
    storage_account_access_key              = azurerm_storage_account.example.primary_access_key
    storage_account_access_key_is_secondary = true
    retention_in_days                       = 6
  }

  tags = {
    environment = "production"
  }
}

References

https://docs.microsoft.com/en-us/rest/api/sql/servers/createorupdate#serverpublicnetworkaccess

enhancement good first issue servicmssql
Source
picture gpduck
👍22

Most helpful comment

Are there any ETA on implementing this?

picture janegilring on 19 May 2020
👍3

All 9 comments

Are there any ETA on implementing this?

janegilring picture janegilring on 19 May 2020
👍3

Hi, Quick check on the plan to release this feature?

baoduy picture baoduy on 4 Jun 2020
👍2

@janegilring @baoduy - Per this comment, I don't think it is going to be added to the azurerm_sql_server. You will need to switch over to azurerm_mssql_server in the azurerm provider 2.11.0+.

I just did so and it was fairly straightforward 1-to-1 replacement, though I am now getting errors when trying to implement a corresponding azurerm_sql_firewall_rule entry, so I am working on diagnosing that.

BradAF picture BradAF on 9 Jun 2020

I did migrate to azurerm_mssql_server, so my scenario is unblocked 馃憤

janegilring picture janegilring on 9 Jun 2020

@janegilring @baoduy - Per this comment, I don't think it is going to be added to the azurerm_sql_server. You will need to switch over to azurerm_mssql_server in the azurerm provider 2.11.0+.

I just did so and it was fairly straightforward 1-to-1 replacement, though I am now getting errors when trying to implement a corresponding azurerm_sql_firewall_rule entry, so I am working on diagnosing that.

Hey @BradAF , did you resolve your FW rule issue? We are seeing issues adding FW rules as well when we disable public access.

mhaarbrink picture mhaarbrink on 16 Jun 2020

Hi @gpduck , would you mind migrate to azurerm_mssql_server, who has already supported this field public_network_access_enabled?

yupwei68 picture yupwei68 on 13 Jul 2020

I'll take a look at it and see if I can convert my scripts over. Does this mean that the azurerm_sql_server resource is considered deprecated?

gpduck picture gpduck on 16 Jul 2020

hi @gpduck , to some extents, you're right. azurerm_mssql_server is planned to cover all functions of azurerm_sql_server, and we don't add new features in azurerm_sql_server. The resource in mssql and 'sql' could be used in mix.

yupwei68 picture yupwei68 on 16 Jul 2020

@janegilring @baoduy - Per this comment, I don't think it is going to be added to the azurerm_sql_server. You will need to switch over to azurerm_mssql_server in the azurerm provider 2.11.0+.
I just did so and it was fairly straightforward 1-to-1 replacement, though I am now getting errors when trying to implement a corresponding azurerm_sql_firewall_rule entry, so I am working on diagnosing that.

Hey @BradAF , did you resolve your FW rule issue? We are seeing issues adding FW rules as well when we disable public access.

Sorry for the late reply! To answer your question: kind of... I set TF_LOG=TRACE and found that apparently Azure itself did not allow me to configure firewall rules while the public network interface for the server is disabled. I assume they intend for you to use NSG rules when using private IPs:

image

I only had the one rule enabling 'Allow all Azure IPs' so maybe it is different, but I would recommend enabling the trace and seeing what you get returned.

BradAF picture BradAF on 16 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bentterp picture bentterp  路  3Comments
Kanikamiglani31 picture Kanikamiglani31  路  3Comments
voyera picture voyera  路  3Comments
mikemorris picture mikemorris  路  3Comments
alant94 picture alant94  路  3Comments