New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_mssql_outbound_firewall_rule
- New resource
#14795
azurerm_mssql_outbound_firewall_rule
- New resource
#14795
Conversation
601e804
to
8afde02
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @aristosvo - looks like this is missing docs.. also shouldn't there be more properties for a firewall rule 🤔
@katbyte These are the options from the Portal: I'll add docs tonight! |
5a8d0b3
to
86dcbc5
Compare
Hmm, it seems like this is a per server setting - ie 1:1 for the resource, and just flips a boolean setting for that server? maybe this would be best as a |
It's two kind of settings:
My thinking was to mimic inbound firewall rules setup, which has:
Like this: # option 1
resource "azurerm_mssql_server" "test" {
name = "acctestsqlserver%[1]d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
version = "12.0"
administrator_login = "msincredible"
administrator_login_password = "P@55W0rD!!%[3]s"
outbound_network_restriction_enabled = true # new boolean to restrict outbound network
}
# Allows traffic to 'sql%[2]d.database.windows.net'
resource "azurerm_mssql_outbound_firewall_rule" "test" {
name = "sql%[2]d.database.windows.net"
server_id = azurerm_mssql_server.test.id
} I'll happily change it if necessary, I just mimicked the structure for inbound firewall rules. Your suggestion would result in this structure: resource "azurerm_mssql_server" "test" {
name = "acctestsqlserver%[1]d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
version = "12.0"
administrator_login = "msincredible"
administrator_login_password = "P@55W0rD!!%[3]s"
# option 2a
outbound_network_restriction {
enabled = true # new boolean to restrict outbound network, can be made implicit
fqdns_allowed = [ "sql%[2]d.database.windows.net", "test.example.com" ]
}
# or option 2b
# outbound_network_restriction_fqdn_exceptions = [ "sql%[2]d.database.windows.net", "test.example.com" ]
} Do you prefer the latter implementation (2a/2b)? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer 2b but given inbound already behaves this way so be it for consistency! thanks @aristosvo - LBTM 🚀
This functionality has been released in v2.97.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Fixes #14691
Acceptance Tests
To Do:
azurerm_mssql_outbound_firewall_rule
azurerm_mssql_server