Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for configuring public access for mysql_flexible_server #24641

Closed
1 task done
JBodkin-Amphora opened this issue Jan 25, 2024 · 8 comments · Fixed by #25812
Closed
1 task done

Support for configuring public access for mysql_flexible_server #24641

JBodkin-Amphora opened this issue Jan 25, 2024 · 8 comments · Fixed by #25812
Labels
enhancement service/mysql
Milestone
v3.105.0

Comments

@JBodkin-Amphora
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Currently public_network_access_enabled is set to computed, hence the value cannot be configured. This value can be configured when using public access connectivity method, to disable public access and use private link instead.

I think these are the required changes but I can't run the acceptance tests to check.
JBodkin-Amphora@41bc37d

image

New or Affected Resource(s)/Data Source(s)

azurerm_mysql_flexible_server

Potential Terraform Configuration

resource "mysql_flexible_server" "this" {
  public_network_access_enabled = false
}

References

No response
@serbezki
Copy link

Also facing this problem. And I also can't find a workaround? We have to manually go and disable that.

@JoshHester
Copy link

@serbezki Hello! 🙋‍♂️ This is certainly not ideal, but a quick work-around I've been using while figuring out this resource is using a null_resource{} with a local-exec provisioner to just run the Azure CLI command needed to toggle this setting.

For example, at the end of my main.tf, I have a block that looks like this:

resource "null_resource" "disable_public_access" {
  depends_on = [azurerm_mysql_flexible_server.mysql_server]

  provisioner "local-exec" {
    command = "az mysql flexible-server update --name ${azurerm_mysql_flexible_server.mysql_server.name} --resource-group ${azurerm_mysql_flexible_server.mysql_server.resource_group_name} --public-access Disabled"
  }

When it all gets done running, the Flexible server is there, and Public Access is disabled as expected.

I understand that doing any local-exec stuff isn't usually recommended for security and other reasons, but my configuration is pretty simple and low-stakes presently; so, it's fine for now. 🤷‍♂️

Hopefully they'll get this baked into the module proper, but until then, hopefully this helps!

@kingsleyadam kingsleyadam mentioned this issue Apr 5, 2024
Closed
1 task
@clowa clowa mentioned this issue Apr 24, 2024
Closed
@clowa
Copy link
Contributor

clowa commented Apr 24, 2024

+1

There are ways to set the checkbox of Allow public access from any Azure service within Azure to this server via azurerm_mysql_flexible_server_firewall_rule (see #21832). However, there is no known option to disable Allow public access to this resource through the internet using a public IP address checkbox.

@clowa
Copy link
Contributor

clowa commented Apr 25, 2024

@JBodkin-Amphora I found a method by using the Azure/azapi provider, that could help as a temporary workaround as long as the azurerm provider doesn't support this directly.

resource "azapi_resource_action" "allow_public_network_access" {
  type        = "Microsoft.DBforMySQL/flexibleServers@2023-06-30"
  resource_id = azurerm_mysql_flexible_server.this.id
  method      = "PATCH"

  body = {
    properties = {
      network = {
        publicNetworkAccess = var.allow_public_network_access ? "Enabled" : "Disabled"
      }
    }
  }
}

@JBodkin-Amphora
Copy link
Author

We have a Azure Policy (from caf-enterprise-scale) in-place to prevent the creation of resources with public access, hence why I would like the ability to configure this in azurerm_mysql_flexible_server. At the moment, we temporarily disable the policy whilst setting up the resource for the first time.

@katbyte katbyte mentioned this issue May 10, 2024
Merged
14 tasks
@github-actions github-actions bot added this to the v3.105.0 milestone May 24, 2024
@github-actions GitHub Actions
Copy link

This functionality has been released in v3.105.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@kingsleyadam
Copy link

Fyi @tombuildsstuff, this doesn't seem to be completed. This seems to have been added to azurerm_postgresql_flexible_server but not azurerm_mysql_flexible_server, can this be re-opened?

@kingsleyadam kingsleyadam mentioned this issue May 30, 2024
Open
1 task
@kingsleyadam
Copy link

Reopened with new issue #26156

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/mysql
Projects
None yet
Milestone
v3.105.0
6 participants
@kingsleyadam @serbezki @clowa @JoshHester @JBodkin-Amphora @rcskosir