Terraform-provider-azurerm: Support for Vulnerability Assessment and Security Alert Policy for Azure SQL Server

Created on 10 Jun 2020  ·  7Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Vulnerability assessment and security alert policy are only available for MSSQL Server currently.
https://www.terraform.io/docs/providers/azurerm/r/mssql_server_security_alert_policy.html
https://www.terraform.io/docs/providers/azurerm/r/mssql_server_vulnerability_assessment.html

Would it be possible for these both to be available for Azure SQL Server?
https://www.terraform.io/docs/providers/azurerm/r/sql_server.html

New or Affected Resource(s)

azurerm_sql_server_vulnerability_assessment
azurerm_sql_server_security_alert_policy

Potential Terraform Configuration

azurerm_sql_server_security_alert_policy:

resource "azurerm_sql_server_security_alert_policy" "example" {
  resource_group_name        = azurerm_resource_group.example.name
  server_name                       = azurerm_sql_server.example.name
  email_subscription_admins = true
  state                                    = "Enabled"
  retention_days = 20
}

azurerm_sql_server_vulnerability_assessment:

resource "azurerm_sql_server_security_alert_policy" "example" {
  resource_group_name     = azurerm_resource_group.example.name
  server_name                    = azurerm_sql_server.example.name
  state                                 = "Enabled"
}

resource "azurerm_sql_server_vulnerability_assessment" "example" {
  server_security_alert_policy_id   = azurerm_sql_server_security_alert_policy.example.id
  storage_endpoint                       = azurerm_storage_account.example.primary_blob_endpoint
  storage_account_access_key      = azurerm_storage_account.example.primary_access_key

  recurring_scans {
    enabled                   = true
    email_subscription_admins = true
    emails = [
      "[email protected]",
      "[email protected]"
    ]
  }
}

References

  • #0000
servicmssql
Source
picture eedwards36

Most helpful comment

Hi @AlexKeySmith There is no guidance on the differences between the two. But there are resource documents of the two: azurerm_sql_server and azurerm_mssql_server. Currently azurerm_mssql_server has covered all features of azurerm_sql_server.

picture yupwei68 on 11 Jun 2020
👍2

All 7 comments

Hi @eedwards36 , thanks for opening this issue. We are in process of deprecating azurerm_sql_server, so new features would not be supported in azurerm_sql_server. azurerm_mssql_server is a new version of azurem_sql_server with more supplementary functions. But you could still use azurerm_mssql_server_security_alert_policy and azurerm_mssql_server_vulnerability_assessment with dependency of azurerm_sql_server if you want to keep using azurerm_sql_server.

yupwei68 picture yupwei68 on 11 Jun 2020

Thanks for the insight @yupwei68 are there some release notes or guidance available on the differences between the two? Or are they at feature parity already?

AlexKeySmith picture AlexKeySmith on 11 Jun 2020

Hi @AlexKeySmith There is no guidance on the differences between the two. But there are resource documents of the two: azurerm_sql_server and azurerm_mssql_server. Currently azurerm_mssql_server has covered all features of azurerm_sql_server.

yupwei68 picture yupwei68 on 11 Jun 2020
👍2

Cool, thanks for the speedy response.

AlexKeySmith picture AlexKeySmith on 11 Jun 2020

Hi @yupwei68 how do you 'Allow all Azure Services' using azurerm_mssql_sever? There's doesn't appear to be any way to set firewall rules.

eedwards36 picture eedwards36 on 11 Jun 2020

Hi @eedwards36 , you can still use azurerm_sql_firewall_rule .
Normally azurerm_sql_* and azurerm_mssql_* can be used mixed. The reason of existence of azurerm_mssql_server and azurerm_sql_server is that the service api have breaking changes from 2017-03-01-preview to 2017-10-01-preview. For compatibility of the existing azurerm_sql_server, we created azurerm_mssql_server. So normally for the same resource, azurerm_mssql_* has more features than azurerm_sql_*.
Currently azurerm_sql_firewall_rule service api has no updates after 2017-03-01-preview. You could still use azurerm_sql_firewall_rule. In long term, we'll create azurerm_mssql_firewall_rule. But we don't have a timeline for it.

yupwei68 picture yupwei68 on 12 Jun 2020
👍1

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 12 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pdeva picture pdeva  ·  3Comments
rudolphjacksonm picture rudolphjacksonm  ·  3Comments
whytoe picture whytoe  ·  3Comments
steffencircle picture steffencircle  ·  3Comments
bentterp picture bentterp  ·  3Comments