From c1f442bb6bd06fa0ffa29c203355a31d2f3b9a83 Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Fri, 29 Nov 2019 14:14:40 +0800 Subject: [PATCH 01/26] sql server auditing --- azurerm/internal/services/sql/client.go | 42 ++++--- azurerm/resource_arm_sql_server.go | 146 ++++++++++++++++++++++++ azurerm/resource_arm_sql_server_test.go | 60 ++++++++++ 3 files changed, 232 insertions(+), 16 deletions(-) diff --git a/azurerm/internal/services/sql/client.go b/azurerm/internal/services/sql/client.go index 8d8441e1c3a3..6e0d16e6ed68 100644 --- a/azurerm/internal/services/sql/client.go +++ b/azurerm/internal/services/sql/client.go @@ -6,14 +6,16 @@ import ( ) type Client struct { - DatabasesClient *sql.DatabasesClient - DatabaseThreatDetectionPoliciesClient *sql.DatabaseThreatDetectionPoliciesClient - ElasticPoolsClient *sql.ElasticPoolsClient - FirewallRulesClient *sql.FirewallRulesClient - FailoverGroupsClient *sql.FailoverGroupsClient - ServersClient *sql.ServersClient - ServerAzureADAdministratorsClient *sql.ServerAzureADAdministratorsClient - VirtualNetworkRulesClient *sql.VirtualNetworkRulesClient + DatabasesClient *sql.DatabasesClient + DatabaseThreatDetectionPoliciesClient *sql.DatabaseThreatDetectionPoliciesClient + ElasticPoolsClient *sql.ElasticPoolsClient + FirewallRulesClient *sql.FirewallRulesClient + FailoverGroupsClient *sql.FailoverGroupsClient + ServersClient *sql.ServersClient + ServerAzureADAdministratorsClient *sql.ServerAzureADAdministratorsClient + VirtualNetworkRulesClient *sql.VirtualNetworkRulesClient + ServerBlobAuditingPoliciesClient *sql.ServerBlobAuditingPoliciesClient + ExtendedServerBlobAuditingPoliciesClient *sql.ExtendedServerBlobAuditingPoliciesClient } func BuildClient(o *common.ClientOptions) *Client { @@ -42,14 +44,22 @@ func BuildClient(o *common.ClientOptions) *Client { VirtualNetworkRulesClient := sql.NewVirtualNetworkRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&VirtualNetworkRulesClient.Client, o.ResourceManagerAuthorizer) + ServerBlobAuditingPoliciesClient := sql.NewServerBlobAuditingPoliciesClient(o.SubscriptionId) + o.ConfigureClient(&ServerBlobAuditingPoliciesClient.Client, o.ResourceManagerAuthorizer) + + ExtendedServerBlobAuditingPoliciesClient := sql.NewExtendedServerBlobAuditingPoliciesClient(o.SubscriptionId) + o.ConfigureClient(&ExtendedServerBlobAuditingPoliciesClient.Client, o.ResourceManagerAuthorizer) + return &Client{ - DatabasesClient: &DatabasesClient, - DatabaseThreatDetectionPoliciesClient: &DatabaseThreatDetectionPoliciesClient, - ElasticPoolsClient: &ElasticPoolsClient, - FailoverGroupsClient: &FailoverGroupsClient, - FirewallRulesClient: &FirewallRulesClient, - ServersClient: &ServersClient, - ServerAzureADAdministratorsClient: &ServerAzureADAdministratorsClient, - VirtualNetworkRulesClient: &VirtualNetworkRulesClient, + DatabasesClient: &DatabasesClient, + DatabaseThreatDetectionPoliciesClient: &DatabaseThreatDetectionPoliciesClient, + ElasticPoolsClient: &ElasticPoolsClient, + FailoverGroupsClient: &FailoverGroupsClient, + FirewallRulesClient: &FirewallRulesClient, + ServersClient: &ServersClient, + ServerAzureADAdministratorsClient: &ServerAzureADAdministratorsClient, + VirtualNetworkRulesClient: &VirtualNetworkRulesClient, + ServerBlobAuditingPoliciesClient: &ServerBlobAuditingPoliciesClient, + ExtendedServerBlobAuditingPoliciesClient: &ExtendedServerBlobAuditingPoliciesClient, } } diff --git a/azurerm/resource_arm_sql_server.go b/azurerm/resource_arm_sql_server.go index 97e87ead26e8..ade1db4a2f50 100644 --- a/azurerm/resource_arm_sql_server.go +++ b/azurerm/resource_arm_sql_server.go @@ -2,7 +2,9 @@ package azurerm import ( "fmt" + uuid "github.com/satori/go.uuid" "log" + "strings" "time" "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" @@ -99,6 +101,57 @@ func resourceArmSqlServer() *schema.Resource { }, }, + "blob_auditing_policies": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "state": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"Enabled", "Disabled"}, false), + }, + "storage_endpoint": { + Type: schema.TypeString, + Required: true, + }, + "storage_account_access_key": { + Type: schema.TypeString, + Required: true, + Sensitive: true, + }, + "retention_days": { + Type: schema.TypeInt, + Optional: true, + }, + "audit_actions_and_groups": { + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "storage_account_subscription_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + var _, err = uuid.FromString(v) + if err != nil { + errs = append(errs, fmt.Errorf("%q is not in correct format:%+v", key, err)) + } + return + }, + }, + "is_storage_secondary_key_in_use": { + Type: schema.TypeBool, + Optional: true, + }, + }, + }, + }, + "tags": tags.Schema(), }, } @@ -170,6 +223,26 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) d.SetId(*resp.ID) + if _, ok := d.GetOk("blob_auditing_policies"); ok { + auditingClient := meta.(*ArmClient).Sql.ServerBlobAuditingPoliciesClient + serverBlobAuditingPolicyProperties := expandAzureRmSqlServerBlobAuditingPolicies(d) + auditingParameters := sql.ServerBlobAuditingPolicy{ + ServerBlobAuditingPolicyProperties: serverBlobAuditingPolicyProperties, + } + future, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingParameters) + if err != nil { + return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) + } + + if err = future.WaitForCompletionRef(ctx, client.Client); err != nil { + if response.WasConflict(future.Response()) { + return fmt.Errorf("SQL Server names need to be globally unique and %q is already in use.", name) + } + + return fmt.Errorf("Error waiting on create/update future for SQL Server %q Blob Auditing Policies (Resource Group %q): %+v", name, resGroup, err) + } + } + return resourceArmSqlServerRead(d, meta) } @@ -213,6 +286,18 @@ func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error { d.Set("fully_qualified_domain_name", serverProperties.FullyQualifiedDomainName) } + auditingClient := meta.(*ArmClient).Sql.ServerBlobAuditingPoliciesClient + auditingResp, err := auditingClient.Get(ctx, resGroup, name) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[INFO] Error reading SQL Server %q Blob Auditing Policies - removing from state", d.Id()) + } + + return fmt.Errorf("Error reading SQL Server %s: %v Blob Auditing Policies", name, err) + } + + d.Set("blob_auditing_policies", flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp)) + return tags.FlattenAndSet(d, resp.Tags) } @@ -263,3 +348,64 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface return []interface{}{result} } +func expandAzureRmSqlServerBlobAuditingPolicies(d *schema.ResourceData) *sql.ServerBlobAuditingPolicyProperties { + serverBlobAuditingPoliciesList := d.Get("blob_auditing_policies").([]interface{}) + if len(serverBlobAuditingPoliciesList) == 0 { + return &sql.ServerBlobAuditingPolicyProperties{} + } + serverBlobAuditingPolicies := serverBlobAuditingPoliciesList[0].(map[string]interface{}) + state := sql.BlobAuditingPolicyState(serverBlobAuditingPolicies["state"].(string)) + storageEndpoint := serverBlobAuditingPolicies["storage_endpoint"].(string) + storageAccountAccessKey := serverBlobAuditingPolicies["storage_account_access_key"].(string) + + ServerBlobAuditingPolicyProperties := sql.ServerBlobAuditingPolicyProperties{ + State: state, + StorageEndpoint: &storageEndpoint, + StorageAccountAccessKey: &storageAccountAccessKey, + AuditActionsAndGroups : nil, + } + //retention_days + if retentionDays, ok := serverBlobAuditingPolicies["retention_days"]; ok { + retentionDays := int32(retentionDays.(int)) + ServerBlobAuditingPolicyProperties.RetentionDays = &retentionDays + } + //audit_actions_and_groups + if auditActionsAndGroups, ok := serverBlobAuditingPolicies["audit_actions_and_groups"]; ok { + auditActionsAndGroups := strings.Split(auditActionsAndGroups.(string), ",") + ServerBlobAuditingPolicyProperties.AuditActionsAndGroups = &auditActionsAndGroups + } + //storage_account_subscription_id + if storageAccountSubscriptionID, ok := serverBlobAuditingPolicies["storage_account_subscription_id"]; ok { + storageAccountSubscriptionID, _ := uuid.FromString(storageAccountSubscriptionID.(string)) + ServerBlobAuditingPolicyProperties.StorageAccountSubscriptionID = &storageAccountSubscriptionID + } + //is_storage_secondary_key_in_use + if isStorageSecondaryKeyInUse, ok := serverBlobAuditingPolicies["is_storage_secondary_key_in_use"]; ok { + isStorageSecondaryKeyInUse := isStorageSecondaryKeyInUse.(bool) + ServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = &isStorageSecondaryKeyInUse + } + return &ServerBlobAuditingPolicyProperties +} +func flattenAzureRmSqlServerBlobAuditingPolicies(serverBlobAuditingPolicy *sql.ServerBlobAuditingPolicy) []interface{} { + if serverBlobAuditingPolicy == nil { + return []interface{}{} + } + result := make(map[string]interface{}) + + result["state"] = serverBlobAuditingPolicy.State + result["is_storage_secondary_key_in_use"] = serverBlobAuditingPolicy.IsStorageSecondaryKeyInUse + if auditActionsAndGroups := serverBlobAuditingPolicy.AuditActionsAndGroups; auditActionsAndGroups != nil { + result["audit_actions_and_groups"] = strings.Join(*auditActionsAndGroups, ",") + } + if RetentionDays := serverBlobAuditingPolicy.RetentionDays; RetentionDays != nil { + result["retention_days"] = RetentionDays + } + if StorageAccountSubscriptionID := serverBlobAuditingPolicy.StorageAccountSubscriptionID; StorageAccountSubscriptionID != nil { + result["storage_account_subscription_id"] = StorageAccountSubscriptionID.String() + } + if StorageEndpoint := serverBlobAuditingPolicy.StorageEndpoint; StorageEndpoint != nil { + result["storage_endpoint"] = StorageEndpoint + } + + return []interface{}{result} +} diff --git a/azurerm/resource_arm_sql_server_test.go b/azurerm/resource_arm_sql_server_test.go index a6a6f5308c2d..37a12ffb7889 100644 --- a/azurerm/resource_arm_sql_server_test.go +++ b/azurerm/resource_arm_sql_server_test.go @@ -183,6 +183,33 @@ func TestAccAzureRMSqlServer_updateWithIdentityAdded(t *testing.T) { }) } +func TestAccAzureRMSqlServer_withBlobAuditingPolices(t *testing.T) { + resourceName := "azurerm_sql_server.test" + ri := tf.AccRandTimeInt() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMSqlServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSqlServer_withBlobAuditingPolices(ri, testLocation()), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSqlServerExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "identity.0.type", "SystemAssigned"), + resource.TestCheckResourceAttr(resourceName, "blob_auditing_policies.state", "Enabled"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"administrator_login_password"}, + }, + }, + }) +} + func testCheckAzureRMSqlServerExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { // Ensure we have enough information in state to look up in API @@ -361,3 +388,36 @@ resource "azurerm_sql_server" "test" { } `, rInt, location, rInt) } + +func testAccAzureRMSqlServer_withBlobAuditingPolices(rInt int, location string) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_storage_account" "test" { + name = "accstr%d" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + account_tier = "Standard" + account_replication_type = "GRS" +} + +resource "azurerm_sql_server" "test" { + name = "acctestsqlserver%d" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + version = "12.0" + administrator_login = "mradministrator" + administrator_login_password = "thisIsDog11" + + blob_auditing_policies { + state = "Enabled" + storage_endpoint = "${azurerm_storage_account.test.primary_blob_endpoint}" + storage_account_access_key = "${azurerm_storage_account.test.primary_access_key}" + + } +} +`, rInt, location, rInt, rInt) +} From 084a7609f04c4877908cd07e455ddcbf1e51dc83 Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Fri, 29 Nov 2019 16:58:39 +0800 Subject: [PATCH 02/26] sql server audit --- azurerm/resource_arm_sql_server.go | 4 ++-- azurerm/resource_arm_sql_server_test.go | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/azurerm/resource_arm_sql_server.go b/azurerm/resource_arm_sql_server.go index ade1db4a2f50..1958d4c581c1 100644 --- a/azurerm/resource_arm_sql_server.go +++ b/azurerm/resource_arm_sql_server.go @@ -370,12 +370,12 @@ func expandAzureRmSqlServerBlobAuditingPolicies(d *schema.ResourceData) *sql.Ser ServerBlobAuditingPolicyProperties.RetentionDays = &retentionDays } //audit_actions_and_groups - if auditActionsAndGroups, ok := serverBlobAuditingPolicies["audit_actions_and_groups"]; ok { + if auditActionsAndGroups, ok := serverBlobAuditingPolicies["audit_actions_and_groups"] ; ok && auditActionsAndGroups!=""{ auditActionsAndGroups := strings.Split(auditActionsAndGroups.(string), ",") ServerBlobAuditingPolicyProperties.AuditActionsAndGroups = &auditActionsAndGroups } //storage_account_subscription_id - if storageAccountSubscriptionID, ok := serverBlobAuditingPolicies["storage_account_subscription_id"]; ok { + if storageAccountSubscriptionID, ok := serverBlobAuditingPolicies["storage_account_subscription_id"]; ok && storageAccountSubscriptionID!=""{ storageAccountSubscriptionID, _ := uuid.FromString(storageAccountSubscriptionID.(string)) ServerBlobAuditingPolicyProperties.StorageAccountSubscriptionID = &storageAccountSubscriptionID } diff --git a/azurerm/resource_arm_sql_server_test.go b/azurerm/resource_arm_sql_server_test.go index 37a12ffb7889..1b2e8725fe9e 100644 --- a/azurerm/resource_arm_sql_server_test.go +++ b/azurerm/resource_arm_sql_server_test.go @@ -196,7 +196,6 @@ func TestAccAzureRMSqlServer_withBlobAuditingPolices(t *testing.T) { Config: testAccAzureRMSqlServer_withBlobAuditingPolices(ri, testLocation()), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSqlServerExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "identity.0.type", "SystemAssigned"), resource.TestCheckResourceAttr(resourceName, "blob_auditing_policies.state", "Enabled"), ), }, From a6a026c4c5f1a8bb8ddef71526bbd8d11d7a0759 Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Fri, 29 Nov 2019 17:19:10 +0800 Subject: [PATCH 03/26] sql server audit --- azurerm/resource_arm_sql_server_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurerm/resource_arm_sql_server_test.go b/azurerm/resource_arm_sql_server_test.go index 1b2e8725fe9e..30e07cd1d772 100644 --- a/azurerm/resource_arm_sql_server_test.go +++ b/azurerm/resource_arm_sql_server_test.go @@ -196,7 +196,7 @@ func TestAccAzureRMSqlServer_withBlobAuditingPolices(t *testing.T) { Config: testAccAzureRMSqlServer_withBlobAuditingPolices(ri, testLocation()), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSqlServerExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "blob_auditing_policies.state", "Enabled"), + resource.TestCheckResourceAttr(resourceName, "blob_auditing_policies.0.state", "Enabled"), ), }, { From 9220c3c00aa8e8dd9f708f0f1577c7e9a3cfa29a Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Mon, 2 Dec 2019 15:28:55 +0800 Subject: [PATCH 04/26] add sql server audit --- azurerm/internal/services/sql/client.go | 5 - azurerm/internal/services/sql/validate.go | 16 +++ azurerm/resource_arm_sql_server.go | 130 +++++++++++++--------- azurerm/resource_arm_sql_server_test.go | 33 +++++- 4 files changed, 124 insertions(+), 60 deletions(-) create mode 100644 azurerm/internal/services/sql/validate.go diff --git a/azurerm/internal/services/sql/client.go b/azurerm/internal/services/sql/client.go index 6e0d16e6ed68..040f83a1ce4e 100644 --- a/azurerm/internal/services/sql/client.go +++ b/azurerm/internal/services/sql/client.go @@ -14,7 +14,6 @@ type Client struct { ServersClient *sql.ServersClient ServerAzureADAdministratorsClient *sql.ServerAzureADAdministratorsClient VirtualNetworkRulesClient *sql.VirtualNetworkRulesClient - ServerBlobAuditingPoliciesClient *sql.ServerBlobAuditingPoliciesClient ExtendedServerBlobAuditingPoliciesClient *sql.ExtendedServerBlobAuditingPoliciesClient } @@ -44,9 +43,6 @@ func BuildClient(o *common.ClientOptions) *Client { VirtualNetworkRulesClient := sql.NewVirtualNetworkRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId) o.ConfigureClient(&VirtualNetworkRulesClient.Client, o.ResourceManagerAuthorizer) - ServerBlobAuditingPoliciesClient := sql.NewServerBlobAuditingPoliciesClient(o.SubscriptionId) - o.ConfigureClient(&ServerBlobAuditingPoliciesClient.Client, o.ResourceManagerAuthorizer) - ExtendedServerBlobAuditingPoliciesClient := sql.NewExtendedServerBlobAuditingPoliciesClient(o.SubscriptionId) o.ConfigureClient(&ExtendedServerBlobAuditingPoliciesClient.Client, o.ResourceManagerAuthorizer) @@ -59,7 +55,6 @@ func BuildClient(o *common.ClientOptions) *Client { ServersClient: &ServersClient, ServerAzureADAdministratorsClient: &ServerAzureADAdministratorsClient, VirtualNetworkRulesClient: &VirtualNetworkRulesClient, - ServerBlobAuditingPoliciesClient: &ServerBlobAuditingPoliciesClient, ExtendedServerBlobAuditingPoliciesClient: &ExtendedServerBlobAuditingPoliciesClient, } } diff --git a/azurerm/internal/services/sql/validate.go b/azurerm/internal/services/sql/validate.go new file mode 100644 index 000000000000..d95e0e554d48 --- /dev/null +++ b/azurerm/internal/services/sql/validate.go @@ -0,0 +1,16 @@ +package sql + +import ( + "fmt" + + uuid "github.com/satori/go.uuid" +) + +func ValidateUUIdString(val interface{}, key string) (warnings []string, errors []error) { + v := val.(string) + var _, err = uuid.FromString(v) + if err != nil { + errors = append(errors, fmt.Errorf("%q is not in correct format:%+v", key, err)) + } + return +} diff --git a/azurerm/resource_arm_sql_server.go b/azurerm/resource_arm_sql_server.go index 1958d4c581c1..bb18685c3742 100644 --- a/azurerm/resource_arm_sql_server.go +++ b/azurerm/resource_arm_sql_server.go @@ -2,11 +2,14 @@ package azurerm import ( "fmt" - uuid "github.com/satori/go.uuid" "log" - "strings" "time" + uuid "github.com/satori/go.uuid" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/set" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" + azsql "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sql" + "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" @@ -101,7 +104,7 @@ func resourceArmSqlServer() *schema.Resource { }, }, - "blob_auditing_policies": { + "blob_extended_auditing_policy": { Type: schema.TypeList, Optional: true, Computed: true, @@ -114,40 +117,44 @@ func resourceArmSqlServer() *schema.Resource { ValidateFunc: validation.StringInSlice([]string{"Enabled", "Disabled"}, false), }, "storage_endpoint": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validate.NoEmptyStrings, }, "storage_account_access_key": { - Type: schema.TypeString, - Required: true, - Sensitive: true, + Type: schema.TypeString, + Required: true, + Sensitive: true, + ValidateFunc: validate.NoEmptyStrings, }, "retention_days": { Type: schema.TypeInt, Optional: true, }, "audit_actions_and_groups": { - Type: schema.TypeString, + Type: schema.TypeSet, Optional: true, Computed: true, + Set: schema.HashString, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, }, "storage_account_subscription_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { - v := val.(string) - var _, err = uuid.FromString(v) - if err != nil { - errs = append(errs, fmt.Errorf("%q is not in correct format:%+v", key, err)) - } - return - }, + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: azsql.ValidateUUIdString, }, "is_storage_secondary_key_in_use": { Type: schema.TypeBool, Optional: true, }, + "predicate_expression": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validate.NoEmptyStrings, + }, }, }, }, @@ -223,23 +230,23 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) d.SetId(*resp.ID) - if _, ok := d.GetOk("blob_auditing_policies"); ok { - auditingClient := meta.(*ArmClient).Sql.ServerBlobAuditingPoliciesClient - serverBlobAuditingPolicyProperties := expandAzureRmSqlServerBlobAuditingPolicies(d) - auditingParameters := sql.ServerBlobAuditingPolicy{ - ServerBlobAuditingPolicyProperties: serverBlobAuditingPolicyProperties, + if _, ok := d.GetOk("blob_extended_auditing_policy"); ok { + auditingClient := meta.(*ArmClient).Sql.ExtendedServerBlobAuditingPoliciesClient + extendedServerBlobAuditingPolicyProperties := expandAzureRmSqlServerBlobAuditingPolicies(d) + auditingParameters := sql.ExtendedServerBlobAuditingPolicy{ + ExtendedServerBlobAuditingPolicyProperties: extendedServerBlobAuditingPolicyProperties, } future, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingParameters) if err != nil { return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) } - if err = future.WaitForCompletionRef(ctx, client.Client); err != nil { + if err = future.WaitForCompletionRef(ctx, auditingClient.Client); err != nil { if response.WasConflict(future.Response()) { return fmt.Errorf("SQL Server names need to be globally unique and %q is already in use.", name) } - return fmt.Errorf("Error waiting on create/update future for SQL Server %q Blob Auditing Policies (Resource Group %q): %+v", name, resGroup, err) + return fmt.Errorf("Error waiting on create/update future for SQL Server %q Blob Extended Auditing Policies (Resource Group %q): %+v", name, resGroup, err) } } @@ -286,7 +293,7 @@ func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error { d.Set("fully_qualified_domain_name", serverProperties.FullyQualifiedDomainName) } - auditingClient := meta.(*ArmClient).Sql.ServerBlobAuditingPoliciesClient + auditingClient := meta.(*ArmClient).Sql.ExtendedServerBlobAuditingPoliciesClient auditingResp, err := auditingClient.Get(ctx, resGroup, name) if err != nil { if utils.ResponseWasNotFound(resp.Response) { @@ -296,7 +303,7 @@ func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error reading SQL Server %s: %v Blob Auditing Policies", name, err) } - d.Set("blob_auditing_policies", flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp)) + d.Set("blob_extended_auditing_policy", flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)) return tags.FlattenAndSet(d, resp.Tags) } @@ -348,64 +355,85 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface return []interface{}{result} } -func expandAzureRmSqlServerBlobAuditingPolicies(d *schema.ResourceData) *sql.ServerBlobAuditingPolicyProperties { - serverBlobAuditingPoliciesList := d.Get("blob_auditing_policies").([]interface{}) +func expandAzureRmSqlServerBlobAuditingPolicies(d *schema.ResourceData) *sql.ExtendedServerBlobAuditingPolicyProperties { + serverBlobAuditingPoliciesList := d.Get("blob_extended_auditing_policy").([]interface{}) if len(serverBlobAuditingPoliciesList) == 0 { - return &sql.ServerBlobAuditingPolicyProperties{} + return &sql.ExtendedServerBlobAuditingPolicyProperties{} } serverBlobAuditingPolicies := serverBlobAuditingPoliciesList[0].(map[string]interface{}) state := sql.BlobAuditingPolicyState(serverBlobAuditingPolicies["state"].(string)) storageEndpoint := serverBlobAuditingPolicies["storage_endpoint"].(string) storageAccountAccessKey := serverBlobAuditingPolicies["storage_account_access_key"].(string) - ServerBlobAuditingPolicyProperties := sql.ServerBlobAuditingPolicyProperties{ + ExtendedServerBlobAuditingPolicyProperties := sql.ExtendedServerBlobAuditingPolicyProperties{ State: state, StorageEndpoint: &storageEndpoint, StorageAccountAccessKey: &storageAccountAccessKey, - AuditActionsAndGroups : nil, } //retention_days if retentionDays, ok := serverBlobAuditingPolicies["retention_days"]; ok { retentionDays := int32(retentionDays.(int)) - ServerBlobAuditingPolicyProperties.RetentionDays = &retentionDays + ExtendedServerBlobAuditingPolicyProperties.RetentionDays = &retentionDays } //audit_actions_and_groups - if auditActionsAndGroups, ok := serverBlobAuditingPolicies["audit_actions_and_groups"] ; ok && auditActionsAndGroups!=""{ - auditActionsAndGroups := strings.Split(auditActionsAndGroups.(string), ",") - ServerBlobAuditingPolicyProperties.AuditActionsAndGroups = &auditActionsAndGroups + if r, ok := d.Get("audit_actions_and_groups").(*schema.Set); ok && r.Len() > 0 { + var auditActionsAndGroups []string + for _, v := range r.List() { + s := v.(string) + auditActionsAndGroups = append(auditActionsAndGroups, s) + } + + ExtendedServerBlobAuditingPolicyProperties.AuditActionsAndGroups = &auditActionsAndGroups } //storage_account_subscription_id - if storageAccountSubscriptionID, ok := serverBlobAuditingPolicies["storage_account_subscription_id"]; ok && storageAccountSubscriptionID!=""{ + if storageAccountSubscriptionID, ok := serverBlobAuditingPolicies["storage_account_subscription_id"]; ok && storageAccountSubscriptionID != "" { storageAccountSubscriptionID, _ := uuid.FromString(storageAccountSubscriptionID.(string)) - ServerBlobAuditingPolicyProperties.StorageAccountSubscriptionID = &storageAccountSubscriptionID + ExtendedServerBlobAuditingPolicyProperties.StorageAccountSubscriptionID = &storageAccountSubscriptionID } //is_storage_secondary_key_in_use if isStorageSecondaryKeyInUse, ok := serverBlobAuditingPolicies["is_storage_secondary_key_in_use"]; ok { isStorageSecondaryKeyInUse := isStorageSecondaryKeyInUse.(bool) - ServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = &isStorageSecondaryKeyInUse + ExtendedServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = &isStorageSecondaryKeyInUse } - return &ServerBlobAuditingPolicyProperties + return &ExtendedServerBlobAuditingPolicyProperties } -func flattenAzureRmSqlServerBlobAuditingPolicies(serverBlobAuditingPolicy *sql.ServerBlobAuditingPolicy) []interface{} { - if serverBlobAuditingPolicy == nil { +func flattenAzureRmSqlServerBlobAuditingPolicies(extendedServerBlobAuditingPolicy *sql.ExtendedServerBlobAuditingPolicy, d *schema.ResourceData) []interface{} { + if extendedServerBlobAuditingPolicy == nil { return []interface{}{} } result := make(map[string]interface{}) - result["state"] = serverBlobAuditingPolicy.State - result["is_storage_secondary_key_in_use"] = serverBlobAuditingPolicy.IsStorageSecondaryKeyInUse - if auditActionsAndGroups := serverBlobAuditingPolicy.AuditActionsAndGroups; auditActionsAndGroups != nil { - result["audit_actions_and_groups"] = strings.Join(*auditActionsAndGroups, ",") + result["state"] = extendedServerBlobAuditingPolicy.State + result["is_storage_secondary_key_in_use"] = extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse + if auditActionsAndGroups := extendedServerBlobAuditingPolicy.AuditActionsAndGroups; auditActionsAndGroups != nil { + result["audit_actions_and_groups"] = set.FromStringSlice(*auditActionsAndGroups) } - if RetentionDays := serverBlobAuditingPolicy.RetentionDays; RetentionDays != nil { + if RetentionDays := extendedServerBlobAuditingPolicy.RetentionDays; RetentionDays != nil { result["retention_days"] = RetentionDays } - if StorageAccountSubscriptionID := serverBlobAuditingPolicy.StorageAccountSubscriptionID; StorageAccountSubscriptionID != nil { + if StorageAccountSubscriptionID := extendedServerBlobAuditingPolicy.StorageAccountSubscriptionID; StorageAccountSubscriptionID != nil { result["storage_account_subscription_id"] = StorageAccountSubscriptionID.String() } - if StorageEndpoint := serverBlobAuditingPolicy.StorageEndpoint; StorageEndpoint != nil { + if StorageEndpoint := extendedServerBlobAuditingPolicy.StorageEndpoint; StorageEndpoint != nil { result["storage_endpoint"] = StorageEndpoint } + // storage_account_access_key will not be returned, so we transfer the schema value + if blobExtendedAuditing, ok := d.GetOk("blob_extended_auditing_policy"); ok { + var val []interface{} + + // prior to 1.34 this was a *schema.Set, now it's a List - try both + if v, ok := blobExtendedAuditing.([]interface{}); ok { + val = v + } else if v, ok := blobExtendedAuditing.(*schema.Set); ok { + val = v.List() + } + + if len(val) > 0 && val[0] != nil { + raw := val[0].(map[string]interface{}) + result["storage_account_access_key"] = raw["storage_account_access_key"].(string) + } + } + return []interface{}{result} } diff --git a/azurerm/resource_arm_sql_server_test.go b/azurerm/resource_arm_sql_server_test.go index 30e07cd1d772..42f670cd2915 100644 --- a/azurerm/resource_arm_sql_server_test.go +++ b/azurerm/resource_arm_sql_server_test.go @@ -196,14 +196,40 @@ func TestAccAzureRMSqlServer_withBlobAuditingPolices(t *testing.T) { Config: testAccAzureRMSqlServer_withBlobAuditingPolices(ri, testLocation()), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSqlServerExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "blob_auditing_policies.0.state", "Enabled"), + resource.TestCheckResourceAttr(resourceName, "blob_extended_auditing_policy.0.state", "Enabled"), ), }, { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"administrator_login_password"}, + ImportStateVerifyIgnore: []string{"administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"}, + }, + }, + }) +} + +func TestAccAzureRMSqlServer_withoutBlobAuditingPolices(t *testing.T) { + resourceName := "azurerm_sql_server.test" + ri := tf.AccRandTimeInt() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMSqlServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMSqlServer_basic(ri, testLocation()), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSqlServerExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "blob_extended_auditing_policy.0.state", "Disabled"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"}, }, }, }) @@ -411,11 +437,10 @@ resource "azurerm_sql_server" "test" { administrator_login = "mradministrator" administrator_login_password = "thisIsDog11" - blob_auditing_policies { + blob_extended_auditing_policy { state = "Enabled" storage_endpoint = "${azurerm_storage_account.test.primary_blob_endpoint}" storage_account_access_key = "${azurerm_storage_account.test.primary_access_key}" - } } `, rInt, location, rInt, rInt) From aa46c91b96c713a350788477f71c72d051f28bda Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Mon, 2 Dec 2019 16:53:35 +0800 Subject: [PATCH 05/26] add documents --- website/docs/d/sql_server.html.markdown | 24 +++++++++++++++ website/docs/r/sql_server.html.markdown | 41 +++++++++++++++++++++++++ 2 files changed, 65 insertions(+) diff --git a/website/docs/d/sql_server.html.markdown b/website/docs/d/sql_server.html.markdown index 1b7967044451..c99fd5a50225 100644 --- a/website/docs/d/sql_server.html.markdown +++ b/website/docs/d/sql_server.html.markdown @@ -42,6 +42,8 @@ output "sql_server_id" { * `identity` - An `identity` block as defined below. +* `blob_extended_auditing_policy` - An `blob_extended_auditing_policy` block as defined below. + * `tags` - A mapping of tags assigned to the resource. --- @@ -53,3 +55,25 @@ An `identity` block exports the following: * `tenant_id` - The ID of the Azure Active Directory Tenant. * `type` - The identity type of the SQL Server. + +--- + +An `blob_extended_auditing_policy` block exports the following: + +* `state` - Specifies the state of the policy. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' + +* `storage_endpoint` - Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required. + +* `storage_account_access_key` - Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, storageAccountAccessKey is required. + +* `retention_days` - Specifies the number of days to keep in the audit logs in the storage account. + +* `storage_account_subscription_id` - Specifies the blob storage subscription Id. + +* `is_storage_secondary_key_in_use` - Specifies whether storageAccountAccessKey value is the storage's secondary key. + +* `audit_actions_and_groups` - Specifies the Actions-Groups and Actions to audit.For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions). + +* `is_azure_monitor_target_enabled` - Specifies whether audit events are sent to Azure Monitor.For more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207) or [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043). + +* `predicate_expression` - Specifies condition of where clause when creating an audit. \ No newline at end of file diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index bcdb454c22c0..ae2d4e8ba042 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -23,6 +23,15 @@ resource "azurerm_resource_group" "example" { location = "West US" } +resource "azurerm_storage_account" "example" { + name = "accstr" + resource_group_name = "${azurerm_resource_group.example.name}" + location = "${azurerm_resource_group.example.location}" + account_tier = "Standard" + account_replication_type = "GRS" +} + + resource "azurerm_sql_server" "example" { name = "mysqlserver" resource_group_name = "${azurerm_resource_group.example.name}" @@ -30,6 +39,13 @@ resource "azurerm_sql_server" "example" { version = "12.0" administrator_login = "mradministrator" administrator_login_password = "thisIsDog11" + + blob_extended_auditing_policy { + state = "Enabled" + storage_endpoint = "${azurerm_storage_account.example.primary_blob_endpoint}" + storage_account_access_key = "${azurerm_storage_account.example.primary_access_key}" + } + tags = { environment = "production" @@ -54,6 +70,8 @@ The following arguments are supported: * `identity` - (Optional) An `identity` block as defined below. +* `blob_extended_auditing_policy` - (Optional) An `blob_extended_auditing_policy` block as defined below. + * `tags` - (Optional) A mapping of tags to assign to the resource. --- @@ -81,6 +99,29 @@ The following attributes are exported: -> You can access the Principal ID via `${azurerm_sql_server.example.identity.0.principal_id}` and the Tenant ID via `${azurerm_sql_server.example.identity.0.tenant_id}` +--- + +An `blob_extended_auditing_policy` block supports the following: + +* `state` - (Required) Specifies the state of the policy. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' + +* `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required. + +* `storage_account_access_key` - (Required)Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, storageAccountAccessKey is required. + +* `retention_days` - Specifies the number of days to keep in the audit logs in the storage account. + +* `storage_account_subscription_id` - Specifies the blob storage subscription Id. + +* `is_storage_secondary_key_in_use` - Specifies whether storageAccountAccessKey value is the storage's secondary key. + +* `audit_actions_and_groups` - Specifies the Actions-Groups and Actions to audit.For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions). + +* `is_azure_monitor_target_enabled` - Specifies whether audit events are sent to Azure Monitor.For more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207) or [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043). + +* `predicate_expression` - Specifies condition of where clause when creating an audit. + + ## Import SQL Servers can be imported using the `resource id`, e.g. From 8b3a0f214c383d73b6ab6db0d9bab70ecf5c1e9a Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Mon, 2 Dec 2019 17:05:01 +0800 Subject: [PATCH 06/26] update doc --- website/docs/d/sql_server.html.markdown | 2 -- website/docs/r/sql_server.html.markdown | 2 -- 2 files changed, 4 deletions(-) diff --git a/website/docs/d/sql_server.html.markdown b/website/docs/d/sql_server.html.markdown index c99fd5a50225..a8f9dbd0005b 100644 --- a/website/docs/d/sql_server.html.markdown +++ b/website/docs/d/sql_server.html.markdown @@ -74,6 +74,4 @@ An `blob_extended_auditing_policy` block exports the following: * `audit_actions_and_groups` - Specifies the Actions-Groups and Actions to audit.For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions). -* `is_azure_monitor_target_enabled` - Specifies whether audit events are sent to Azure Monitor.For more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207) or [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043). - * `predicate_expression` - Specifies condition of where clause when creating an audit. \ No newline at end of file diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index ae2d4e8ba042..81c7c9e3a43b 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -117,8 +117,6 @@ An `blob_extended_auditing_policy` block supports the following: * `audit_actions_and_groups` - Specifies the Actions-Groups and Actions to audit.For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions). -* `is_azure_monitor_target_enabled` - Specifies whether audit events are sent to Azure Monitor.For more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207) or [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043). - * `predicate_expression` - Specifies condition of where clause when creating an audit. From f9b592689f64786c03a64d2d6893325df13a65ac Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Tue, 3 Dec 2019 10:14:57 +0800 Subject: [PATCH 07/26] datasource added --- azurerm/data_source_sql_server.go | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/azurerm/data_source_sql_server.go b/azurerm/data_source_sql_server.go index c5e28b9ecd49..91e6ef376371 100644 --- a/azurerm/data_source_sql_server.go +++ b/azurerm/data_source_sql_server.go @@ -2,6 +2,7 @@ package azurerm import ( "fmt" + "log" "time" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" @@ -68,6 +69,48 @@ func dataSourceSqlServer() *schema.Resource { }, }, + "blob_extended_auditing_policy": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "state": { + Type: schema.TypeString, + Computed: true, + }, + "storage_endpoint": { + Type: schema.TypeString, + Computed: true, + }, + "retention_days": { + Type: schema.TypeInt, + Computed: true, + }, + "audit_actions_and_groups": { + Type: schema.TypeSet, + Computed: true, + Set: schema.HashString, + Elem: &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + }, + "storage_account_subscription_id": { + Type: schema.TypeString, + Computed: true, + }, + "is_storage_secondary_key_in_use": { + Type: schema.TypeBool, + Computed: true, + }, + "predicate_expression": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "tags": tags.SchemaDataSource(), }, } @@ -108,5 +151,17 @@ func dataSourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error return fmt.Errorf("Error setting `identity`: %+v", err) } + auditingClient := meta.(*ArmClient).Sql.ExtendedServerBlobAuditingPoliciesClient + auditingResp, err := auditingClient.Get(ctx, resourceGroup, name) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[INFO] Error reading SQL Server %q Blob Auditing Policies - removing from state", d.Id()) + } + + return fmt.Errorf("Error reading SQL Server %s: %v Blob Auditing Policies", name, err) + } + + d.Set("blob_extended_auditing_policy", flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)) + return tags.FlattenAndSet(d, resp.Tags) } From aca11cc88b40cb2c9af703dc986446939f034dfc Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Tue, 3 Dec 2019 10:26:29 +0800 Subject: [PATCH 08/26] datasource added --- azurerm/data_source_sql_server.go | 3 +-- azurerm/data_source_sql_server_test.go | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/azurerm/data_source_sql_server.go b/azurerm/data_source_sql_server.go index 91e6ef376371..15f290d53286 100644 --- a/azurerm/data_source_sql_server.go +++ b/azurerm/data_source_sql_server.go @@ -91,8 +91,7 @@ func dataSourceSqlServer() *schema.Resource { Computed: true, Set: schema.HashString, Elem: &schema.Schema{ - Type: schema.TypeString, - Computed: true, + Type: schema.TypeString, }, }, "storage_account_subscription_id": { diff --git a/azurerm/data_source_sql_server_test.go b/azurerm/data_source_sql_server_test.go index a416e761d052..ef1be419b7b4 100644 --- a/azurerm/data_source_sql_server_test.go +++ b/azurerm/data_source_sql_server_test.go @@ -27,6 +27,7 @@ func TestAccDataSourceAzureRMSqlServer_basic(t *testing.T) { resource.TestCheckResourceAttrSet(dataSourceName, "version"), resource.TestCheckResourceAttrSet(dataSourceName, "administrator_login"), resource.TestCheckResourceAttr(dataSourceName, "tags.%", "0"), + resource.TestCheckResourceAttr(dataSourceName, "blob_extended_auditing_policy.0.state", "Disabled"), ), }, }, From 5e96621dd6e3770d81c647edc49b7de17f298c45 Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Tue, 3 Dec 2019 11:23:22 +0800 Subject: [PATCH 09/26] remove future client response treatment --- azurerm/resource_arm_sql_server.go | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/azurerm/resource_arm_sql_server.go b/azurerm/resource_arm_sql_server.go index bb18685c3742..304928735dfa 100644 --- a/azurerm/resource_arm_sql_server.go +++ b/azurerm/resource_arm_sql_server.go @@ -236,18 +236,10 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) auditingParameters := sql.ExtendedServerBlobAuditingPolicy{ ExtendedServerBlobAuditingPolicyProperties: extendedServerBlobAuditingPolicyProperties, } - future, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingParameters) + _, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingParameters) if err != nil { return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) } - - if err = future.WaitForCompletionRef(ctx, auditingClient.Client); err != nil { - if response.WasConflict(future.Response()) { - return fmt.Errorf("SQL Server names need to be globally unique and %q is already in use.", name) - } - - return fmt.Errorf("Error waiting on create/update future for SQL Server %q Blob Extended Auditing Policies (Resource Group %q): %+v", name, resGroup, err) - } } return resourceArmSqlServerRead(d, meta) From 23d20f9f233220f462a1a707e67389f851a16f13 Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Tue, 14 Jan 2020 14:26:49 +0800 Subject: [PATCH 10/26] update --- .../services/sql/data_source_sql_server.go | 13 ++++ .../services/sql/resource_arm_sql_server.go | 66 +++++-------------- .../sql/tests/data_source_sql_server_test.go | 32 +++++++++ .../sql/tests/resource_arm_sql_server_test.go | 42 ++---------- website/docs/d/sql_server.html.markdown | 2 +- website/docs/r/sql_server.html.markdown | 20 +++--- 6 files changed, 80 insertions(+), 95 deletions(-) diff --git a/azurerm/internal/services/sql/data_source_sql_server.go b/azurerm/internal/services/sql/data_source_sql_server.go index dbb5a14ca0ab..a1128f5e28c1 100644 --- a/azurerm/internal/services/sql/data_source_sql_server.go +++ b/azurerm/internal/services/sql/data_source_sql_server.go @@ -2,6 +2,7 @@ package sql import ( "fmt" + "log" "time" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" @@ -150,5 +151,17 @@ func dataSourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error return fmt.Errorf("Error setting `identity`: %+v", err) } + auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient + auditingResp, err := auditingClient.Get(ctx, resourceGroup, name) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[INFO] Error reading SQL Server %q Blob Auditing Policies - removing from state", d.Id()) + } + + return fmt.Errorf("Error reading SQL Server %s: %v Blob Auditing Policies", name, err) + } + + d.Set("blob_extended_auditing_policy", flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)) + return tags.FlattenAndSet(d, resp.Tags) } diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index 65411b1b6284..5a550235dd81 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -119,7 +119,7 @@ func resourceArmSqlServer() *schema.Resource { "storage_endpoint": { Type: schema.TypeString, Required: true, - ValidateFunc: validate.NoEmptyStrings, + ValidateFunc: validate.URLIsHTTPS, }, "storage_account_access_key": { Type: schema.TypeString, @@ -128,8 +128,9 @@ func resourceArmSqlServer() *schema.Resource { ValidateFunc: validate.NoEmptyStrings, }, "retention_days": { - Type: schema.TypeInt, - Optional: true, + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntBetween(0, 3285), }, "audit_actions_and_groups": { Type: schema.TypeSet, @@ -141,17 +142,10 @@ func resourceArmSqlServer() *schema.Resource { }, }, "storage_account_subscription_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { - v := val.(string) - _, err := uuid.FromString(v) - if err != nil { - errs = append(errs, fmt.Errorf("%q is not in correct format:%+v", key, err)) - } - return - }, + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validate.UUID, }, "is_storage_secondary_key_in_use": { Type: schema.TypeBool, @@ -239,9 +233,8 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) if _, ok := d.GetOk("blob_extended_auditing_policy"); ok { auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient - extendedServerBlobAuditingPolicyProperties := expandAzureRmSqlServerBlobAuditingPolicies(d) auditingParameters := sql.ExtendedServerBlobAuditingPolicy{ - ExtendedServerBlobAuditingPolicyProperties: extendedServerBlobAuditingPolicyProperties, + ExtendedServerBlobAuditingPolicyProperties: expandAzureRmSqlServerBlobAuditingPolicies(d), } _, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingParameters) if err != nil { @@ -360,29 +353,19 @@ func expandAzureRmSqlServerBlobAuditingPolicies(d *schema.ResourceData) *sql.Ext return &sql.ExtendedServerBlobAuditingPolicyProperties{} } serverBlobAuditingPolicies := serverBlobAuditingPoliciesList[0].(map[string]interface{}) - state := sql.BlobAuditingPolicyState(serverBlobAuditingPolicies["state"].(string)) - storageEndpoint := serverBlobAuditingPolicies["storage_endpoint"].(string) - storageAccountAccessKey := serverBlobAuditingPolicies["storage_account_access_key"].(string) ExtendedServerBlobAuditingPolicyProperties := sql.ExtendedServerBlobAuditingPolicyProperties{ - State: state, - StorageEndpoint: &storageEndpoint, - StorageAccountAccessKey: &storageAccountAccessKey, + State: sql.BlobAuditingPolicyState(serverBlobAuditingPolicies["state"].(string)), + StorageEndpoint: utils.String(serverBlobAuditingPolicies["storage_endpoint"].(string)), + StorageAccountAccessKey: utils.String(serverBlobAuditingPolicies["storage_account_access_key"].(string)), } //retention_days if retentionDays, ok := serverBlobAuditingPolicies["retention_days"]; ok { - retentionDays := int32(retentionDays.(int)) - ExtendedServerBlobAuditingPolicyProperties.RetentionDays = &retentionDays + ExtendedServerBlobAuditingPolicyProperties.RetentionDays = utils.Int32(int32(retentionDays.(int))) } //audit_actions_and_groups - if r, ok := d.Get("audit_actions_and_groups").(*schema.Set); ok && r.Len() > 0 { - var auditActionsAndGroups []string - for _, v := range r.List() { - s := v.(string) - auditActionsAndGroups = append(auditActionsAndGroups, s) - } - - ExtendedServerBlobAuditingPolicyProperties.AuditActionsAndGroups = &auditActionsAndGroups + if r, ok := d.GetOk("audit_actions_and_groups"); ok { + ExtendedServerBlobAuditingPolicyProperties.AuditActionsAndGroups = utils.ExpandStringSlice(r.([]interface{})) } //storage_account_subscription_id if storageAccountSubscriptionID, ok := serverBlobAuditingPolicies["storage_account_subscription_id"]; ok && storageAccountSubscriptionID != "" { @@ -391,8 +374,7 @@ func expandAzureRmSqlServerBlobAuditingPolicies(d *schema.ResourceData) *sql.Ext } //is_storage_secondary_key_in_use if isStorageSecondaryKeyInUse, ok := serverBlobAuditingPolicies["is_storage_secondary_key_in_use"]; ok { - isStorageSecondaryKeyInUse := isStorageSecondaryKeyInUse.(bool) - ExtendedServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = &isStorageSecondaryKeyInUse + ExtendedServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = utils.Bool(isStorageSecondaryKeyInUse.(bool)) } return &ExtendedServerBlobAuditingPolicyProperties } @@ -418,20 +400,8 @@ func flattenAzureRmSqlServerBlobAuditingPolicies(extendedServerBlobAuditingPolic } // storage_account_access_key will not be returned, so we transfer the schema value - if blobExtendedAuditing, ok := d.GetOk("blob_extended_auditing_policy"); ok { - var val []interface{} - - // prior to 1.34 this was a *schema.Set, now it's a List - try both - if v, ok := blobExtendedAuditing.([]interface{}); ok { - val = v - } else if v, ok := blobExtendedAuditing.(*schema.Set); ok { - val = v.List() - } - - if len(val) > 0 && val[0] != nil { - raw := val[0].(map[string]interface{}) - result["storage_account_access_key"] = raw["storage_account_access_key"].(string) - } + if v, ok := d.GetOk("blob_extended_auditing_policy.0.storage_account_access_key"); ok { + result["storage_account_access_key"] = v.(string) } return []interface{}{result} diff --git a/azurerm/internal/services/sql/tests/data_source_sql_server_test.go b/azurerm/internal/services/sql/tests/data_source_sql_server_test.go index c7cb9893a098..7d489b1d6d0d 100644 --- a/azurerm/internal/services/sql/tests/data_source_sql_server_test.go +++ b/azurerm/internal/services/sql/tests/data_source_sql_server_test.go @@ -32,6 +32,26 @@ func TestAccDataSourceAzureRMSqlServer_basic(t *testing.T) { }) } +func TestAccDataSourceAzureRMSqlServer_withBlobAuditing(t *testing.T) { + data := acceptance.BuildTestData(t, "data.azurerm_sql_server", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMSqlServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceAzureRMSqlServer_withBlobAuditing(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSqlServerExists(data.ResourceName), + resource.TestCheckResourceAttrSet(data.ResourceName, "blob_extended_auditing_policy.0.state"), + resource.TestCheckResourceAttrSet(data.ResourceName, "blob_extended_auditing_policy.0.retention_days"), + ), + }, + }, + }) +} + func testAccDataSourceAzureRMSqlServer_basic(data acceptance.TestData) string { template := testAccAzureRMSqlServer_basic(data) return fmt.Sprintf(` @@ -43,3 +63,15 @@ data "azurerm_sql_server" "test" { } `, template) } + +func testAccDataSourceAzureRMSqlServer_withBlobAuditing(data acceptance.TestData) string { + template := testAccAzureRMSqlServer_withBlobAuditingPolices(data) + return fmt.Sprintf(` +%s + +data "azurerm_sql_server" "test" { + name = "${azurerm_sql_server.test.name}" + resource_group_name = "${azurerm_resource_group.test.name}" +} +`, template) +} diff --git a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go index 8d269b9262aa..8829c7db36a3 100644 --- a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go +++ b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go @@ -189,37 +189,7 @@ func TestAccAzureRMSqlServer_withBlobAuditingPolices(t *testing.T) { resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.state", "Enabled"), ), }, - { - ResourceName: data.ResourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"}, - }, - }, - }) -} - -func TestAccAzureRMSqlServer_withoutBlobAuditingPolices(t *testing.T) { - data := acceptance.BuildTestData(t, "azurerm_sql_server", "test") - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acceptance.PreCheck(t) }, - Providers: acceptance.SupportedProviders, - CheckDestroy: testCheckAzureRMSqlServerDestroy, - Steps: []resource.TestStep{ - { - Config: testAccAzureRMSqlServer_basic(data), - Check: resource.ComposeTestCheckFunc( - testCheckAzureRMSqlServerExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.state", "Disabled"), - ), - }, - { - ResourceName: data.ResourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"}, - }, + data.ImportStep("administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"), }, }) } @@ -406,12 +376,12 @@ resource "azurerm_sql_server" "test" { func testAccAzureRMSqlServer_withBlobAuditingPolices(data acceptance.TestData) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { - name = "acctestRG-%d" - location = "%s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "accstr%d" + name = "accstr%[1]d" resource_group_name = "${azurerm_resource_group.test.name}" location = "${azurerm_resource_group.test.location}" account_tier = "Standard" @@ -419,7 +389,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_sql_server" "test" { - name = "acctestsqlserver%d" + name = "acctestsqlserver%[1]d" resource_group_name = "${azurerm_resource_group.test.name}" location = "${azurerm_resource_group.test.location}" version = "12.0" @@ -432,5 +402,5 @@ resource "azurerm_sql_server" "test" { storage_account_access_key = "${azurerm_storage_account.test.primary_access_key}" } } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary) } diff --git a/website/docs/d/sql_server.html.markdown b/website/docs/d/sql_server.html.markdown index d56186ce1ccc..884a53a9933a 100644 --- a/website/docs/d/sql_server.html.markdown +++ b/website/docs/d/sql_server.html.markdown @@ -74,4 +74,4 @@ An `blob_extended_auditing_policy` block exports the following: * `audit_actions_and_groups` - Specifies the Actions-Groups and Actions to audit.For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions). -* `predicate_expression` - Specifies condition of where clause when creating an audit. \ No newline at end of file +* `predicate_expression` - Specifies condition of where clause when creating an audit. diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index 81c7c9e3a43b..2ae3e16ea234 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -24,11 +24,11 @@ resource "azurerm_resource_group" "example" { } resource "azurerm_storage_account" "example" { - name = "accstr" - resource_group_name = "${azurerm_resource_group.example.name}" - location = "${azurerm_resource_group.example.location}" - account_tier = "Standard" - account_replication_type = "GRS" + name = "accstr" + resource_group_name = "${azurerm_resource_group.example.name}" + location = "${azurerm_resource_group.example.location}" + account_tier = "Standard" + account_replication_type = "GRS" } @@ -39,12 +39,12 @@ resource "azurerm_sql_server" "example" { version = "12.0" administrator_login = "mradministrator" administrator_login_password = "thisIsDog11" - + blob_extended_auditing_policy { - state = "Enabled" - storage_endpoint = "${azurerm_storage_account.example.primary_blob_endpoint}" - storage_account_access_key = "${azurerm_storage_account.example.primary_access_key}" - } + state = "Enabled" + storage_endpoint = "${azurerm_storage_account.example.primary_blob_endpoint}" + storage_account_access_key = "${azurerm_storage_account.example.primary_access_key}" + } tags = { From 30cf7ab26d4be5374c889ed966421d50f2273a56 Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Wed, 22 Jan 2020 11:30:12 +0800 Subject: [PATCH 11/26] remove useless fields --- .../services/sql/data_source_sql_server.go | 54 -------- .../services/sql/resource_arm_sql_server.go | 119 +++++++----------- .../sql/tests/data_source_sql_server_test.go | 33 ----- .../sql/tests/resource_arm_sql_server_test.go | 106 ++++++++++++---- website/docs/r/sql_server.html.markdown | 20 +-- 5 files changed, 134 insertions(+), 198 deletions(-) diff --git a/azurerm/internal/services/sql/data_source_sql_server.go b/azurerm/internal/services/sql/data_source_sql_server.go index a1128f5e28c1..56b19d8b491d 100644 --- a/azurerm/internal/services/sql/data_source_sql_server.go +++ b/azurerm/internal/services/sql/data_source_sql_server.go @@ -2,7 +2,6 @@ package sql import ( "fmt" - "log" "time" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" @@ -70,47 +69,6 @@ func dataSourceSqlServer() *schema.Resource { }, }, - "blob_extended_auditing_policy": { - Type: schema.TypeList, - Computed: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "state": { - Type: schema.TypeString, - Computed: true, - }, - "storage_endpoint": { - Type: schema.TypeString, - Computed: true, - }, - "retention_days": { - Type: schema.TypeInt, - Computed: true, - }, - "audit_actions_and_groups": { - Type: schema.TypeSet, - Computed: true, - Set: schema.HashString, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "storage_account_subscription_id": { - Type: schema.TypeString, - Computed: true, - }, - "is_storage_secondary_key_in_use": { - Type: schema.TypeBool, - Computed: true, - }, - "predicate_expression": { - Type: schema.TypeString, - Computed: true, - }, - }, - }, - }, - "tags": tags.SchemaDataSource(), }, } @@ -151,17 +109,5 @@ func dataSourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error return fmt.Errorf("Error setting `identity`: %+v", err) } - auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient - auditingResp, err := auditingClient.Get(ctx, resourceGroup, name) - if err != nil { - if utils.ResponseWasNotFound(resp.Response) { - log.Printf("[INFO] Error reading SQL Server %q Blob Auditing Policies - removing from state", d.Id()) - } - - return fmt.Errorf("Error reading SQL Server %s: %v Blob Auditing Policies", name, err) - } - - d.Set("blob_extended_auditing_policy", flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)) - return tags.FlattenAndSet(d, resp.Tags) } diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index 5a550235dd81..3901276f3f2b 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -5,8 +5,6 @@ import ( "log" "time" - uuid "github.com/satori/go.uuid" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/set" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" @@ -107,54 +105,28 @@ func resourceArmSqlServer() *schema.Resource { "blob_extended_auditing_policy": { Type: schema.TypeList, Optional: true, - Computed: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "state": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validation.StringInSlice([]string{"Enabled", "Disabled"}, false), - }, - "storage_endpoint": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validate.URLIsHTTPS, - }, "storage_account_access_key": { Type: schema.TypeString, Required: true, Sensitive: true, ValidateFunc: validate.NoEmptyStrings, }, - "retention_days": { - Type: schema.TypeInt, - Optional: true, - ValidateFunc: validation.IntBetween(0, 3285), - }, - "audit_actions_and_groups": { - Type: schema.TypeSet, - Optional: true, - Computed: true, - Set: schema.HashString, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "storage_account_subscription_id": { + "storage_endpoint": { Type: schema.TypeString, - Optional: true, - Computed: true, - ValidateFunc: validate.UUID, + Required: true, + ValidateFunc: validate.URLIsHTTPS, }, "is_storage_secondary_key_in_use": { Type: schema.TypeBool, Optional: true, }, - "predicate_expression": { - Type: schema.TypeString, + "retention_days": { + Type: schema.TypeInt, Optional: true, - ValidateFunc: validate.NoEmptyStrings, + ValidateFunc: validation.IntBetween(0, 3285), }, }, }, @@ -234,7 +206,7 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) if _, ok := d.GetOk("blob_extended_auditing_policy"); ok { auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient auditingParameters := sql.ExtendedServerBlobAuditingPolicy{ - ExtendedServerBlobAuditingPolicyProperties: expandAzureRmSqlServerBlobAuditingPolicies(d), + ExtendedServerBlobAuditingPolicyProperties: expandAzureRmSqlServerBlobAuditingPolicies(d.Get("blob_extended_auditing_policy").([]interface{})), } _, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingParameters) if err != nil { @@ -295,7 +267,10 @@ func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error reading SQL Server %s: %v Blob Auditing Policies", name, err) } - d.Set("blob_extended_auditing_policy", flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)) + flattenBlobAuditing := flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d) + if err := d.Set("blob_extended_auditing_policy", flattenBlobAuditing); err != nil { + return fmt.Errorf("Error setting `blob_extended_auditing_policy`: %+v", err) + } return tags.FlattenAndSet(d, resp.Tags) } @@ -347,62 +322,56 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface return []interface{}{result} } -func expandAzureRmSqlServerBlobAuditingPolicies(d *schema.ResourceData) *sql.ExtendedServerBlobAuditingPolicyProperties { - serverBlobAuditingPoliciesList := d.Get("blob_extended_auditing_policy").([]interface{}) - if len(serverBlobAuditingPoliciesList) == 0 { - return &sql.ExtendedServerBlobAuditingPolicyProperties{} + +func expandAzureRmSqlServerBlobAuditingPolicies(input []interface{}) *sql.ExtendedServerBlobAuditingPolicyProperties { + if len(input) == 0 { + return nil } - serverBlobAuditingPolicies := serverBlobAuditingPoliciesList[0].(map[string]interface{}) + serverBlobAuditingPolicies := input[0].(map[string]interface{}) ExtendedServerBlobAuditingPolicyProperties := sql.ExtendedServerBlobAuditingPolicyProperties{ - State: sql.BlobAuditingPolicyState(serverBlobAuditingPolicies["state"].(string)), - StorageEndpoint: utils.String(serverBlobAuditingPolicies["storage_endpoint"].(string)), + State: sql.BlobAuditingPolicyStateEnabled, StorageAccountAccessKey: utils.String(serverBlobAuditingPolicies["storage_account_access_key"].(string)), + StorageEndpoint: utils.String(serverBlobAuditingPolicies["storage_endpoint"].(string)), } - //retention_days - if retentionDays, ok := serverBlobAuditingPolicies["retention_days"]; ok { - ExtendedServerBlobAuditingPolicyProperties.RetentionDays = utils.Int32(int32(retentionDays.(int))) - } - //audit_actions_and_groups - if r, ok := d.GetOk("audit_actions_and_groups"); ok { - ExtendedServerBlobAuditingPolicyProperties.AuditActionsAndGroups = utils.ExpandStringSlice(r.([]interface{})) - } - //storage_account_subscription_id - if storageAccountSubscriptionID, ok := serverBlobAuditingPolicies["storage_account_subscription_id"]; ok && storageAccountSubscriptionID != "" { - storageAccountSubscriptionID, _ := uuid.FromString(storageAccountSubscriptionID.(string)) - ExtendedServerBlobAuditingPolicyProperties.StorageAccountSubscriptionID = &storageAccountSubscriptionID - } - //is_storage_secondary_key_in_use if isStorageSecondaryKeyInUse, ok := serverBlobAuditingPolicies["is_storage_secondary_key_in_use"]; ok { ExtendedServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = utils.Bool(isStorageSecondaryKeyInUse.(bool)) } + if retentionDays, ok := serverBlobAuditingPolicies["retention_days"]; ok { + ExtendedServerBlobAuditingPolicyProperties.RetentionDays = utils.Int32(int32(retentionDays.(int))) + } + return &ExtendedServerBlobAuditingPolicyProperties } + func flattenAzureRmSqlServerBlobAuditingPolicies(extendedServerBlobAuditingPolicy *sql.ExtendedServerBlobAuditingPolicy, d *schema.ResourceData) []interface{} { - if extendedServerBlobAuditingPolicy == nil { + if extendedServerBlobAuditingPolicy == nil || extendedServerBlobAuditingPolicy.State == sql.BlobAuditingPolicyStateDisabled { return []interface{}{} } - result := make(map[string]interface{}) - - result["state"] = extendedServerBlobAuditingPolicy.State - result["is_storage_secondary_key_in_use"] = extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse - if auditActionsAndGroups := extendedServerBlobAuditingPolicy.AuditActionsAndGroups; auditActionsAndGroups != nil { - result["audit_actions_and_groups"] = set.FromStringSlice(*auditActionsAndGroups) + var storageEndpoint, storageAccessKey string + // storage_account_access_key will not be returned, so we transfer the schema value + if v, ok := d.GetOk("blob_extended_auditing_policy.0.storage_account_access_key"); ok { + storageAccessKey = v.(string) } - if RetentionDays := extendedServerBlobAuditingPolicy.RetentionDays; RetentionDays != nil { - result["retention_days"] = RetentionDays + if extendedServerBlobAuditingPolicy.StorageEndpoint != nil { + storageEndpoint = *extendedServerBlobAuditingPolicy.StorageEndpoint } - if StorageAccountSubscriptionID := extendedServerBlobAuditingPolicy.StorageAccountSubscriptionID; StorageAccountSubscriptionID != nil { - result["storage_account_subscription_id"] = StorageAccountSubscriptionID.String() + + var secondKeyInUse bool + if extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse != nil { + secondKeyInUse = *extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse } - if StorageEndpoint := extendedServerBlobAuditingPolicy.StorageEndpoint; StorageEndpoint != nil { - result["storage_endpoint"] = StorageEndpoint + var retentionDays int32 + if extendedServerBlobAuditingPolicy.RetentionDays != nil { + retentionDays = *extendedServerBlobAuditingPolicy.RetentionDays } - // storage_account_access_key will not be returned, so we transfer the schema value - if v, ok := d.GetOk("blob_extended_auditing_policy.0.storage_account_access_key"); ok { - result["storage_account_access_key"] = v.(string) + return []interface{}{ + map[string]interface{}{ + "storage_account_access_key": storageAccessKey, + "storage_endpoint": storageEndpoint, + "is_storage_secondary_key_in_use": secondKeyInUse, + "retention_days": retentionDays, + }, } - - return []interface{}{result} } diff --git a/azurerm/internal/services/sql/tests/data_source_sql_server_test.go b/azurerm/internal/services/sql/tests/data_source_sql_server_test.go index 7d489b1d6d0d..d472b9203511 100644 --- a/azurerm/internal/services/sql/tests/data_source_sql_server_test.go +++ b/azurerm/internal/services/sql/tests/data_source_sql_server_test.go @@ -25,27 +25,6 @@ func TestAccDataSourceAzureRMSqlServer_basic(t *testing.T) { resource.TestCheckResourceAttrSet(data.ResourceName, "version"), resource.TestCheckResourceAttrSet(data.ResourceName, "administrator_login"), resource.TestCheckResourceAttr(data.ResourceName, "tags.%", "0"), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.state", "Disabled"), - ), - }, - }, - }) -} - -func TestAccDataSourceAzureRMSqlServer_withBlobAuditing(t *testing.T) { - data := acceptance.BuildTestData(t, "data.azurerm_sql_server", "test") - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acceptance.PreCheck(t) }, - Providers: acceptance.SupportedProviders, - CheckDestroy: testCheckAzureRMSqlServerDestroy, - Steps: []resource.TestStep{ - { - Config: testAccDataSourceAzureRMSqlServer_withBlobAuditing(data), - Check: resource.ComposeTestCheckFunc( - testCheckAzureRMSqlServerExists(data.ResourceName), - resource.TestCheckResourceAttrSet(data.ResourceName, "blob_extended_auditing_policy.0.state"), - resource.TestCheckResourceAttrSet(data.ResourceName, "blob_extended_auditing_policy.0.retention_days"), ), }, }, @@ -63,15 +42,3 @@ data "azurerm_sql_server" "test" { } `, template) } - -func testAccDataSourceAzureRMSqlServer_withBlobAuditing(data acceptance.TestData) string { - template := testAccAzureRMSqlServer_withBlobAuditingPolices(data) - return fmt.Sprintf(` -%s - -data "azurerm_sql_server" "test" { - name = "${azurerm_sql_server.test.name}" - resource_group_name = "${azurerm_resource_group.test.name}" -} -`, template) -} diff --git a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go index 8e6f4cfe5afa..91fda6ed8e30 100644 --- a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go +++ b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go @@ -171,7 +171,7 @@ func TestAccAzureRMSqlServer_updateWithIdentityAdded(t *testing.T) { }) } -func TestAccAzureRMSqlServer_withBlobAuditingPolices(t *testing.T) { +func TestAccAzureRMSqlServer_updateWithBlobAuditingPolices(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_sql_server", "test") resource.ParallelTest(t, resource.TestCase{ @@ -183,7 +183,17 @@ func TestAccAzureRMSqlServer_withBlobAuditingPolices(t *testing.T) { Config: testAccAzureRMSqlServer_withBlobAuditingPolices(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSqlServerExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.state", "Enabled"), + resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.is_storage_secondary_key_in_use", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.retention_days", "6"), + ), + }, + data.ImportStep("administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"), + { + Config: testAccAzureRMSqlServer_withBlobAuditingPolicesUpdated(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMSqlServerExists(data.ResourceName), + resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.is_storage_secondary_key_in_use", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.retention_days", "11"), ), }, data.ImportStep("administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"), @@ -374,31 +384,83 @@ resource "azurerm_sql_server" "test" { func testAccAzureRMSqlServer_withBlobAuditingPolices(data acceptance.TestData) string { return fmt.Sprintf(` resource "azurerm_resource_group" "test" { - name = "acctestRG-%[1]d" - location = "%[2]s" + name = "acctestRG-%[1]d" + location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "accstr%[1]d" - resource_group_name = "${azurerm_resource_group.test.name}" - location = "${azurerm_resource_group.test.location}" - account_tier = "Standard" - account_replication_type = "GRS" + name = "str%[1]d" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_storage_account" "test2" { + name = "str2%[1]d" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + account_tier = "Standard" + account_replication_type = "LRS" } resource "azurerm_sql_server" "test" { - name = "acctestsqlserver%[1]d" - resource_group_name = "${azurerm_resource_group.test.name}" - location = "${azurerm_resource_group.test.location}" - version = "12.0" - administrator_login = "mradministrator" - administrator_login_password = "thisIsDog11" - - blob_extended_auditing_policy { - state = "Enabled" - storage_endpoint = "${azurerm_storage_account.test.primary_blob_endpoint}" - storage_account_access_key = "${azurerm_storage_account.test.primary_access_key}" - } -} + name = "acctestsqlserver%[1]d" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + version = "12.0" + administrator_login = "mradministrator" + administrator_login_password = "thisIsDog11" + + blob_extended_auditing_policy { + storage_account_access_key = azurerm_storage_account.test.primary_access_key + storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint + is_storage_secondary_key_in_use = true + retention_days = 6 + + } +} +`, data.RandomInteger, data.Locations.Primary) +} + +func testAccAzureRMSqlServer_withBlobAuditingPolicesUpdated(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%[1]d" + location = "%[2]s" +} + +resource "azurerm_storage_account" "test" { + name = "str%[1]d" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_storage_account" "test2" { + name = "str2%[1]d" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_sql_server" "test" { + name = "acctestsqlserver%[1]d" + resource_group_name = "${azurerm_resource_group.test.name}" + location = "${azurerm_resource_group.test.location}" + version = "12.0" + administrator_login = "mradministrator" + administrator_login_password = "thisIsDog11" + + blob_extended_auditing_policy { + storage_account_access_key = azurerm_storage_account.test2.primary_access_key + storage_endpoint = azurerm_storage_account.test2.primary_blob_endpoint + is_storage_secondary_key_in_use = false + retention_days = 11 + + } +} `, data.RandomInteger, data.Locations.Primary) } diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index a44dc0623a98..b13fe22bd3de 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -40,9 +40,10 @@ resource "azurerm_sql_server" "example" { administrator_login_password = "thisIsDog11" blob_extended_auditing_policy { - state = "Enabled" - storage_endpoint = "${azurerm_storage_account.example.primary_blob_endpoint}" - storage_account_access_key = "${azurerm_storage_account.example.primary_access_key}" + storage_endpoint = "${azurerm_storage_account.example.primary_blob_endpoint}" + storage_account_access_key = "${azurerm_storage_account.example.primary_access_key}" + is_storage_secondary_key_in_use = true + retention_days = 6 } @@ -102,22 +103,13 @@ The following attributes are exported: An `blob_extended_auditing_policy` block supports the following: -* `state` - (Required) Specifies the state of the policy. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' - -* `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required. - * `storage_account_access_key` - (Required)Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, storageAccountAccessKey is required. -* `retention_days` - Specifies the number of days to keep in the audit logs in the storage account. - -* `storage_account_subscription_id` - Specifies the blob storage subscription Id. +* `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required. * `is_storage_secondary_key_in_use` - Specifies whether storageAccountAccessKey value is the storage's secondary key. -* `audit_actions_and_groups` - Specifies the Actions-Groups and Actions to audit.For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions). - -* `predicate_expression` - Specifies condition of where clause when creating an audit. - +* `retention_days` - Specifies the number of days to keep in the audit logs in the storage account. ## Import From 807523760d13a88d588c99f1e64dd52ac62ac40c Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Wed, 22 Jan 2020 12:42:59 +0800 Subject: [PATCH 12/26] revise docs --- website/docs/r/sql_server.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index b13fe22bd3de..6865a77175ac 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -103,9 +103,9 @@ The following attributes are exported: An `blob_extended_auditing_policy` block supports the following: -* `storage_account_access_key` - (Required)Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, storageAccountAccessKey is required. +* `storage_account_access_key` - (Required)Specifies the identifier key of the auditing storage account. -* `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required. +* `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). * `is_storage_secondary_key_in_use` - Specifies whether storageAccountAccessKey value is the storage's secondary key. From fa623e26e673c7de672c39ad7639945b02b98c87 Mon Sep 17 00:00:00 2001 From: yupwei68 Date: Wed, 22 Jan 2020 13:47:07 +0800 Subject: [PATCH 13/26] remove useless code --- azurerm/internal/services/sql/validate.go | 16 ---------------- website/docs/d/sql_server.html.markdown | 22 ---------------------- website/docs/r/sql_server.html.markdown | 4 +--- 3 files changed, 1 insertion(+), 41 deletions(-) delete mode 100644 azurerm/internal/services/sql/validate.go diff --git a/azurerm/internal/services/sql/validate.go b/azurerm/internal/services/sql/validate.go deleted file mode 100644 index d95e0e554d48..000000000000 --- a/azurerm/internal/services/sql/validate.go +++ /dev/null @@ -1,16 +0,0 @@ -package sql - -import ( - "fmt" - - uuid "github.com/satori/go.uuid" -) - -func ValidateUUIdString(val interface{}, key string) (warnings []string, errors []error) { - v := val.(string) - var _, err = uuid.FromString(v) - if err != nil { - errors = append(errors, fmt.Errorf("%q is not in correct format:%+v", key, err)) - } - return -} diff --git a/website/docs/d/sql_server.html.markdown b/website/docs/d/sql_server.html.markdown index 040a9aac9f0a..f085bab9c876 100644 --- a/website/docs/d/sql_server.html.markdown +++ b/website/docs/d/sql_server.html.markdown @@ -41,8 +41,6 @@ output "sql_server_id" { * `identity` - An `identity` block as defined below. -* `blob_extended_auditing_policy` - An `blob_extended_auditing_policy` block as defined below. - * `tags` - A mapping of tags assigned to the resource. --- @@ -54,23 +52,3 @@ An `identity` block exports the following: * `tenant_id` - The ID of the Azure Active Directory Tenant. * `type` - The identity type of the SQL Server. - ---- - -An `blob_extended_auditing_policy` block exports the following: - -* `state` - Specifies the state of the policy. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' - -* `storage_endpoint` - Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required. - -* `storage_account_access_key` - Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, storageAccountAccessKey is required. - -* `retention_days` - Specifies the number of days to keep in the audit logs in the storage account. - -* `storage_account_subscription_id` - Specifies the blob storage subscription Id. - -* `is_storage_secondary_key_in_use` - Specifies whether storageAccountAccessKey value is the storage's secondary key. - -* `audit_actions_and_groups` - Specifies the Actions-Groups and Actions to audit.For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions). - -* `predicate_expression` - Specifies condition of where clause when creating an audit. diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index 6865a77175ac..838c69ec0bbd 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -27,10 +27,9 @@ resource "azurerm_storage_account" "example" { resource_group_name = "${azurerm_resource_group.example.name}" location = "${azurerm_resource_group.example.location}" account_tier = "Standard" - account_replication_type = "GRS" + account_replication_type = "LRS" } - resource "azurerm_sql_server" "example" { name = "mysqlserver" resource_group_name = "${azurerm_resource_group.example.name}" @@ -46,7 +45,6 @@ resource "azurerm_sql_server" "example" { retention_days = 6 } - tags = { environment = "production" } From 988ea11dd9733cfa9f5985672b565ae91d885760 Mon Sep 17 00:00:00 2001 From: Yuping Wei Date: Thu, 6 Feb 2020 10:21:08 +0800 Subject: [PATCH 14/26] update expand --- .../services/sql/resource_arm_sql_server.go | 27 +++++++++---------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index 3901276f3f2b..9c58656e61a1 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -203,17 +203,16 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) d.SetId(*resp.ID) - if _, ok := d.GetOk("blob_extended_auditing_policy"); ok { - auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient - auditingParameters := sql.ExtendedServerBlobAuditingPolicy{ - ExtendedServerBlobAuditingPolicyProperties: expandAzureRmSqlServerBlobAuditingPolicies(d.Get("blob_extended_auditing_policy").([]interface{})), - } - _, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingParameters) - if err != nil { - return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) - } + auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient + auditingProps := sql.ExtendedServerBlobAuditingPolicy{ + ExtendedServerBlobAuditingPolicyProperties: expandAzureRmSqlServerBlobAuditingPolicies(d.Get("blob_extended_auditing_policy").([]interface{})), + } + _, err = auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps) + if err != nil { + return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) } + return resourceArmSqlServerRead(d, meta) } @@ -260,11 +259,7 @@ func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error { auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient auditingResp, err := auditingClient.Get(ctx, resGroup, name) if err != nil { - if utils.ResponseWasNotFound(resp.Response) { - log.Printf("[INFO] Error reading SQL Server %q Blob Auditing Policies - removing from state", d.Id()) - } - - return fmt.Errorf("Error reading SQL Server %s: %v Blob Auditing Policies", name, err) + return fmt.Errorf("Error reading SQL Server %s Blob Auditing Policies: %v ", name, err) } flattenBlobAuditing := flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d) @@ -325,7 +320,9 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface func expandAzureRmSqlServerBlobAuditingPolicies(input []interface{}) *sql.ExtendedServerBlobAuditingPolicyProperties { if len(input) == 0 { - return nil + return &sql.ExtendedServerBlobAuditingPolicyProperties{ + State: sql.BlobAuditingPolicyStateDisabled, + } } serverBlobAuditingPolicies := input[0].(map[string]interface{}) From 23a06f16f903983ca0d7d924d032754a4ad14235 Mon Sep 17 00:00:00 2001 From: Yuping Wei Date: Thu, 6 Feb 2020 10:27:09 +0800 Subject: [PATCH 15/26] fmt --- azurerm/internal/services/sql/resource_arm_sql_server.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index 9c58656e61a1..0454e2a5d290 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -212,7 +212,6 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) } - return resourceArmSqlServerRead(d, meta) } @@ -321,7 +320,7 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface func expandAzureRmSqlServerBlobAuditingPolicies(input []interface{}) *sql.ExtendedServerBlobAuditingPolicyProperties { if len(input) == 0 { return &sql.ExtendedServerBlobAuditingPolicyProperties{ - State: sql.BlobAuditingPolicyStateDisabled, + State: sql.BlobAuditingPolicyStateDisabled, } } serverBlobAuditingPolicies := input[0].(map[string]interface{}) From d67e92ff511c8d7b264357d851abfa8c9c6bf84b Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 6 Feb 2020 11:33:20 +0800 Subject: [PATCH 16/26] reduce space --- website/docs/r/sql_server.html.markdown | 1 - 1 file changed, 1 deletion(-) diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index 5c1c8a894b4b..e9fce567c04f 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -120,7 +120,6 @@ The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/d * `read` - (Defaults to 5 minutes) Used when retrieving the SQL Server. * `delete` - (Defaults to 60 minutes) Used when deleting the SQL Server. - ## Import SQL Servers can be imported using the `resource id`, e.g. From 3f12e17ae43b7e2f3ad6d5c8b51f5f30282836c8 Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 6 Feb 2020 11:35:10 +0800 Subject: [PATCH 17/26] reduce space --- azurerm/internal/services/sql/resource_arm_sql_server.go | 1 - 1 file changed, 1 deletion(-) diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index 0454e2a5d290..1c9113e88eba 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -6,7 +6,6 @@ import ( "time" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" - "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" "github.com/hashicorp/go-azure-helpers/response" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" From 50a4695229ac177f79fb098fedb81839f9122689 Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 6 Feb 2020 12:37:58 +0800 Subject: [PATCH 18/26] fmt --- azurerm/internal/services/sql/resource_arm_sql_server.go | 2 +- go.mod | 1 + go.sum | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index 1c9113e88eba..25ff538ccc6c 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -5,13 +5,13 @@ import ( "log" "time" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" "github.com/hashicorp/go-azure-helpers/response" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags" diff --git a/go.mod b/go.mod index cc9e7a162028..0863f056d982 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( github.com/tombuildsstuff/giovanni v0.7.1 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 golang.org/x/net v0.0.0-20191009170851-d66e71096ffb + golang.org/x/tools v0.0.0-20200206010605-531cc8856e55 // indirect gopkg.in/yaml.v2 v2.2.2 ) diff --git a/go.sum b/go.sum index e9d9fd7f47e2..30b2a9952406 100644 --- a/go.sum +++ b/go.sum @@ -332,6 +332,7 @@ golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 h1:7KByu05hhLed2MO29w7p1XfZvZ13m8mub3shuVftRs0= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -343,6 +344,7 @@ golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -418,7 +420,11 @@ golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0 h1:Dh6fw+p6FyRl5x/FvNswO1ji0lIGzm3KP8Y9VkS9PTE= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20200206010605-531cc8856e55 h1:kDk+lF3Oi/w2ujHLfJ8PCevhlfj7GFgH9A0dpxaJvYA= +golang.org/x/tools v0.0.0-20200206010605-531cc8856e55/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.4.0 h1:KKgc1aqhV8wDPbDzlDtpvyjZFY3vjz85FP7p4wcQUyI= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= From 60008dae67a5c08283a4d66f927e6ec5aaebb735 Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 6 Feb 2020 13:23:27 +0800 Subject: [PATCH 19/26] fmt --- go.mod | 1 - go.sum | 5 ----- 2 files changed, 6 deletions(-) diff --git a/go.mod b/go.mod index 0863f056d982..cc9e7a162028 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,6 @@ require ( github.com/tombuildsstuff/giovanni v0.7.1 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 golang.org/x/net v0.0.0-20191009170851-d66e71096ffb - golang.org/x/tools v0.0.0-20200206010605-531cc8856e55 // indirect gopkg.in/yaml.v2 v2.2.2 ) diff --git a/go.sum b/go.sum index 30b2a9952406..ab1c9f1eb0ea 100644 --- a/go.sum +++ b/go.sum @@ -332,7 +332,6 @@ golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 h1:7KByu05hhLed2MO29w7p1XfZvZ13m8mub3shuVftRs0= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -344,7 +343,6 @@ golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -422,9 +420,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0 h1:Dh6fw+p6FyRl5x/FvNswO1ji0lIGzm3KP8Y9VkS9PTE= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20200206010605-531cc8856e55 h1:kDk+lF3Oi/w2ujHLfJ8PCevhlfj7GFgH9A0dpxaJvYA= -golang.org/x/tools v0.0.0-20200206010605-531cc8856e55/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.4.0 h1:KKgc1aqhV8wDPbDzlDtpvyjZFY3vjz85FP7p4wcQUyI= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= From 3b832585a2dbf104e4fba72f712c50428813fb4c Mon Sep 17 00:00:00 2001 From: yupwei Date: Fri, 7 Feb 2020 16:46:15 +0800 Subject: [PATCH 20/26] update doc --- .../services/sql/tests/resource_arm_sql_server_test.go | 2 -- website/docs/r/sql_server.html.markdown | 10 +++++----- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go index 91fda6ed8e30..90e00b010a71 100644 --- a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go +++ b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go @@ -417,7 +417,6 @@ resource "azurerm_sql_server" "test" { storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint is_storage_secondary_key_in_use = true retention_days = 6 - } } `, data.RandomInteger, data.Locations.Primary) @@ -459,7 +458,6 @@ resource "azurerm_sql_server" "test" { storage_endpoint = azurerm_storage_account.test2.primary_blob_endpoint is_storage_secondary_key_in_use = false retention_days = 11 - } } `, data.RandomInteger, data.Locations.Primary) diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index e9fce567c04f..cf642b3e1e7b 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -68,7 +68,7 @@ The following arguments are supported: * `identity` - (Optional) An `identity` block as defined below. -* `blob_extended_auditing_policy` - (Optional) An `blob_extended_auditing_policy` block as defined below. +* `blob_extended_auditing_policy` - (Optional) A `blob_extended_auditing_policy` block as defined below. * `tags` - (Optional) A mapping of tags to assign to the resource. @@ -99,15 +99,15 @@ The following attributes are exported: --- -An `blob_extended_auditing_policy` block supports the following: +A `blob_extended_auditing_policy` block supports the following: -* `storage_account_access_key` - (Required)Specifies the identifier key of the auditing storage account. +* `storage_account_access_key` - (Required) Specifies the identifier key of the auditing storage account. * `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). -* `is_storage_secondary_key_in_use` - Specifies whether storageAccountAccessKey value is the storage's secondary key. +* `is_storage_secondary_key_in_use` - (Optional) Specifies whether storageAccountAccessKey value is the storage's secondary key. -* `retention_days` - Specifies the number of days to keep in the audit logs in the storage account. +* `retention_days` - (Optional) Specifies the number of days to keep in the audit logs in the storage account. ### Timeouts From 0faba14d8a2edb258718a5105b79748ceb2a89d5 Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 5 Mar 2020 10:19:23 +0800 Subject: [PATCH 21/26] kt's review --- .../sql/helper/sqlExtendedAuditing.go | 103 ++++++++++++++++++ .../services/sql/resource_arm_sql_database.go | 4 +- .../services/sql/resource_arm_sql_server.go | 99 ++--------------- .../sql/tests/resource_arm_sql_server_test.go | 48 ++++---- website/docs/r/sql_server.html.markdown | 16 +-- 5 files changed, 148 insertions(+), 122 deletions(-) create mode 100644 azurerm/internal/services/sql/helper/sqlExtendedAuditing.go diff --git a/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go b/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go new file mode 100644 index 000000000000..3f045cd93661 --- /dev/null +++ b/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go @@ -0,0 +1,103 @@ +package helper + +import ( + "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/helper/validation" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func BlobExtendedAuditingSchemaFrom(s map[string]*schema.Schema) map[string]*schema.Schema { + blobAuditing := map[string]*schema.Schema{ + "blob_extended_auditing_policy": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "storage_account_access_key": { + Type: schema.TypeString, + Required: true, + Sensitive: true, + ValidateFunc: validate.NoEmptyStrings, + }, + + "storage_endpoint": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validate.URLIsHTTPS, + }, + + "storage_secondary_key_enabled": { + Type: schema.TypeBool, + Optional: true, + }, + + "retention_in_days": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntBetween(0, 3285), + }, + }, + }, + }, + } + return azure.MergeSchema(s, blobAuditing) +} + +func ExpandAzureRmSqlServerBlobAuditingPolicies(input []interface{}) *sql.ExtendedServerBlobAuditingPolicyProperties { + if len(input) == 0 { + return &sql.ExtendedServerBlobAuditingPolicyProperties{ + State: sql.BlobAuditingPolicyStateDisabled, + } + } + serverBlobAuditingPolicies := input[0].(map[string]interface{}) + + ExtendedServerBlobAuditingPolicyProperties := sql.ExtendedServerBlobAuditingPolicyProperties{ + State: sql.BlobAuditingPolicyStateEnabled, + StorageAccountAccessKey: utils.String(serverBlobAuditingPolicies["storage_account_access_key"].(string)), + StorageEndpoint: utils.String(serverBlobAuditingPolicies["storage_endpoint"].(string)), + } + if v, ok := serverBlobAuditingPolicies["storage_secondary_key_enabled"]; ok { + ExtendedServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = utils.Bool(v.(bool)) + } + if v, ok := serverBlobAuditingPolicies["retention_in_days"]; ok { + ExtendedServerBlobAuditingPolicyProperties.RetentionDays = utils.Int32(int32(v.(int))) + } + + return &ExtendedServerBlobAuditingPolicyProperties +} + +func FlattenAzureRmSqlServerBlobAuditingPolicies(extendedServerBlobAuditingPolicy *sql.ExtendedServerBlobAuditingPolicy, d *schema.ResourceData) []interface{} { + if extendedServerBlobAuditingPolicy == nil || extendedServerBlobAuditingPolicy.State == sql.BlobAuditingPolicyStateDisabled { + return []interface{}{} + } + var storageEndpoint, storageAccessKey string + // storage_account_access_key will not be returned, so we transfer the schema value + if v, ok := d.GetOk("blob_extended_auditing_policy.0.storage_account_access_key"); ok { + storageAccessKey = v.(string) + } + if extendedServerBlobAuditingPolicy.StorageEndpoint != nil { + storageEndpoint = *extendedServerBlobAuditingPolicy.StorageEndpoint + } + + var secondKeyInUse bool + if extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse != nil { + secondKeyInUse = *extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse + } + var retentionDays int32 + if extendedServerBlobAuditingPolicy.RetentionDays != nil { + retentionDays = *extendedServerBlobAuditingPolicy.RetentionDays + } + + return []interface{}{ + map[string]interface{}{ + "storage_account_access_key": storageAccessKey, + "storage_endpoint": storageEndpoint, + "storage_secondary_key_enabled": secondKeyInUse, + "retention_in_days": retentionDays, + }, + } +} diff --git a/azurerm/internal/services/sql/resource_arm_sql_database.go b/azurerm/internal/services/sql/resource_arm_sql_database.go index d8e3b5b73c1e..c3b9defb668a 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_database.go +++ b/azurerm/internal/services/sql/resource_arm_sql_database.go @@ -273,7 +273,7 @@ func resourceArmSqlDatabase() *schema.Resource { Set: schema.HashString, }, - "retention_days": { + "sretention_in_days": { Type: schema.TypeInt, Optional: true, ValidateFunc: validation.IntAtLeast(0), @@ -667,7 +667,7 @@ func flattenArmSqlServerThreatDetectionPolicy(d *schema.ResourceData, policy sql threatDetectionPolicy["storage_endpoint"] = *properties.StorageEndpoint } if properties.RetentionDays != nil { - threatDetectionPolicy["retention_days"] = int(*properties.RetentionDays) + threatDetectionPolicy["sretention_in_days"] = int(*properties.RetentionDays) } // If storage account access key is in state read it to the new state, as the API does not return it for security reasons diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index b0077dedfb62..bf3fb63e178b 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -5,13 +5,14 @@ import ( "log" "time" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sql/helper" + "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" "github.com/hashicorp/go-azure-helpers/response" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags" @@ -37,7 +38,7 @@ func resourceArmSqlServer() *schema.Resource { Delete: schema.DefaultTimeout(60 * time.Minute), }, - Schema: map[string]*schema.Schema{ + Schema: helper.BlobExtendedAuditingSchemaFrom(map[string]*schema.Schema{ "name": { Type: schema.TypeString, Required: true, @@ -101,38 +102,8 @@ func resourceArmSqlServer() *schema.Resource { }, }, - "blob_extended_auditing_policy": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "storage_account_access_key": { - Type: schema.TypeString, - Required: true, - Sensitive: true, - ValidateFunc: validate.NoEmptyStrings, - }, - "storage_endpoint": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validate.URLIsHTTPS, - }, - "is_storage_secondary_key_in_use": { - Type: schema.TypeBool, - Optional: true, - }, - "retention_days": { - Type: schema.TypeInt, - Optional: true, - ValidateFunc: validation.IntBetween(0, 3285), - }, - }, - }, - }, - "tags": tags.Schema(), - }, + }), } } @@ -204,10 +175,9 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient auditingProps := sql.ExtendedServerBlobAuditingPolicy{ - ExtendedServerBlobAuditingPolicyProperties: expandAzureRmSqlServerBlobAuditingPolicies(d.Get("blob_extended_auditing_policy").([]interface{})), + ExtendedServerBlobAuditingPolicyProperties: helper.ExpandAzureRmSqlServerBlobAuditingPolicies(d.Get("blob_extended_auditing_policy").([]interface{})), } - _, err = auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps) - if err != nil { + if _, err = auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps); err != nil { return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) } @@ -260,7 +230,7 @@ func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error reading SQL Server %s Blob Auditing Policies: %v ", name, err) } - flattenBlobAuditing := flattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d) + flattenBlobAuditing := helper.FlattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d) if err := d.Set("blob_extended_auditing_policy", flattenBlobAuditing); err != nil { return fmt.Errorf("Error setting `blob_extended_auditing_policy`: %+v", err) } @@ -315,58 +285,3 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface return []interface{}{result} } - -func expandAzureRmSqlServerBlobAuditingPolicies(input []interface{}) *sql.ExtendedServerBlobAuditingPolicyProperties { - if len(input) == 0 { - return &sql.ExtendedServerBlobAuditingPolicyProperties{ - State: sql.BlobAuditingPolicyStateDisabled, - } - } - serverBlobAuditingPolicies := input[0].(map[string]interface{}) - - ExtendedServerBlobAuditingPolicyProperties := sql.ExtendedServerBlobAuditingPolicyProperties{ - State: sql.BlobAuditingPolicyStateEnabled, - StorageAccountAccessKey: utils.String(serverBlobAuditingPolicies["storage_account_access_key"].(string)), - StorageEndpoint: utils.String(serverBlobAuditingPolicies["storage_endpoint"].(string)), - } - if v, ok := serverBlobAuditingPolicies["is_storage_secondary_key_in_use"]; ok { - ExtendedServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = utils.Bool(v.(bool)) - } - if v, ok := serverBlobAuditingPolicies["retention_days"]; ok { - ExtendedServerBlobAuditingPolicyProperties.RetentionDays = utils.Int32(int32(v.(int))) - } - - return &ExtendedServerBlobAuditingPolicyProperties -} - -func flattenAzureRmSqlServerBlobAuditingPolicies(extendedServerBlobAuditingPolicy *sql.ExtendedServerBlobAuditingPolicy, d *schema.ResourceData) []interface{} { - if extendedServerBlobAuditingPolicy == nil || extendedServerBlobAuditingPolicy.State == sql.BlobAuditingPolicyStateDisabled { - return []interface{}{} - } - var storageEndpoint, storageAccessKey string - // storage_account_access_key will not be returned, so we transfer the schema value - if v, ok := d.GetOk("blob_extended_auditing_policy.0.storage_account_access_key"); ok { - storageAccessKey = v.(string) - } - if extendedServerBlobAuditingPolicy.StorageEndpoint != nil { - storageEndpoint = *extendedServerBlobAuditingPolicy.StorageEndpoint - } - - var secondKeyInUse bool - if extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse != nil { - secondKeyInUse = *extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse - } - var retentionDays int32 - if extendedServerBlobAuditingPolicy.RetentionDays != nil { - retentionDays = *extendedServerBlobAuditingPolicy.RetentionDays - } - - return []interface{}{ - map[string]interface{}{ - "storage_account_access_key": storageAccessKey, - "storage_endpoint": storageEndpoint, - "is_storage_secondary_key_in_use": secondKeyInUse, - "retention_days": retentionDays, - }, - } -} diff --git a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go index 10c00de7f9be..90a340ba37bc 100644 --- a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go +++ b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go @@ -183,8 +183,8 @@ func TestAccAzureRMSqlServer_updateWithBlobAuditingPolices(t *testing.T) { Config: testAccAzureRMSqlServer_withBlobAuditingPolices(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSqlServerExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.is_storage_secondary_key_in_use", "true"), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.retention_days", "6"), + resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.storage_secondary_key_enabled", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.retention_in_days", "6"), ), }, data.ImportStep("administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"), @@ -192,8 +192,8 @@ func TestAccAzureRMSqlServer_updateWithBlobAuditingPolices(t *testing.T) { Config: testAccAzureRMSqlServer_withBlobAuditingPolicesUpdated(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSqlServerExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.is_storage_secondary_key_in_use", "false"), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.retention_days", "11"), + resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.storage_secondary_key_enabled", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.retention_in_days", "11"), ), }, data.ImportStep("administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"), @@ -399,13 +399,17 @@ resource "azurerm_sql_server" "test" { func testAccAzureRMSqlServer_withBlobAuditingPolices(data acceptance.TestData) string { return fmt.Sprintf(` +provider "azurerm" { + features {} +} + resource "azurerm_resource_group" "test" { - name = "acctestRG-%[1]d" + name = "acctestRG-sql-%[1]d" location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "str%[1]d" + name = "acctest%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -413,7 +417,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_storage_account" "test2" { - name = "str2%[1]d" + name = "acctest2%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -429,24 +433,28 @@ resource "azurerm_sql_server" "test" { administrator_login_password = "thisIsDog11" blob_extended_auditing_policy { - storage_account_access_key = azurerm_storage_account.test.primary_access_key - storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint - is_storage_secondary_key_in_use = true - retention_days = 6 + storage_account_access_key = azurerm_storage_account.test.primary_access_key + storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint + storage_secondary_key_enabled = true + retention_in_days = 6 } } -`, data.RandomInteger, data.Locations.Primary) +`, data.RandomIntOfLength(15), data.Locations.Primary) } func testAccAzureRMSqlServer_withBlobAuditingPolicesUpdated(data acceptance.TestData) string { return fmt.Sprintf(` +provider "azurerm" { + features {} +} + resource "azurerm_resource_group" "test" { - name = "acctestRG-%[1]d" + name = "acctestRG-sql-%[1]d" location = "%[2]s" } resource "azurerm_storage_account" "test" { - name = "str%[1]d" + name = "acctest%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -454,7 +462,7 @@ resource "azurerm_storage_account" "test" { } resource "azurerm_storage_account" "test2" { - name = "str2%[1]d" + name = "acctest2%[1]d" resource_group_name = azurerm_resource_group.test.name location = azurerm_resource_group.test.location account_tier = "Standard" @@ -470,11 +478,11 @@ resource "azurerm_sql_server" "test" { administrator_login_password = "thisIsDog11" blob_extended_auditing_policy { - storage_account_access_key = azurerm_storage_account.test2.primary_access_key - storage_endpoint = azurerm_storage_account.test2.primary_blob_endpoint - is_storage_secondary_key_in_use = false - retention_days = 11 + storage_account_access_key = azurerm_storage_account.test2.primary_access_key + storage_endpoint = azurerm_storage_account.test2.primary_blob_endpoint + storage_secondary_key_enabled = false + retention_in_days = 11 } } -`, data.RandomInteger, data.Locations.Primary) +`, data.RandomIntOfLength(15), data.Locations.Primary) } diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index 85a5d5f71324..6926b588c2cd 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -23,7 +23,7 @@ resource "azurerm_resource_group" "example" { } resource "azurerm_storage_account" "example" { - name = "accstr" + name = "examplesa" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location account_tier = "Standard" @@ -39,10 +39,10 @@ resource "azurerm_sql_server" "example" { administrator_login_password = "thisIsDog11" blob_extended_auditing_policy { - storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint - storage_account_access_key = azurerm_storage_account.example.primary_access_key - is_storage_secondary_key_in_use = true - retention_days = 6 + storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint + storage_account_access_key = azurerm_storage_account.example.primary_access_key + storage_secondary_key_enabled = true + retention_in_days = 6 } tags = { @@ -101,13 +101,13 @@ The following attributes are exported: A `blob_extended_auditing_policy` block supports the following: -* `storage_account_access_key` - (Required) Specifies the identifier key of the auditing storage account. +* `storage_account_access_key` - (Required) Specifies the access key to use for the auditing storage account. * `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). -* `is_storage_secondary_key_in_use` - (Optional) Specifies whether storageAccountAccessKey value is the storage's secondary key. +* `storage_secondary_key_enabled` - (Optional) Specifies whether `storage_account_access_key` value is the storage's secondary key. -* `retention_days` - (Optional) Specifies the number of days to keep in the audit logs in the storage account. +* `retention_in_days` - (Optional) Specifies the number of days to retain logs for in the storage account. ### Timeouts From b2130dc262af5a9ed665f32f9e0ce84ef8b88d96 Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 5 Mar 2020 10:23:43 +0800 Subject: [PATCH 22/26] remove incorrect changes --- azurerm/internal/services/sql/resource_arm_sql_database.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azurerm/internal/services/sql/resource_arm_sql_database.go b/azurerm/internal/services/sql/resource_arm_sql_database.go index c3b9defb668a..d8e3b5b73c1e 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_database.go +++ b/azurerm/internal/services/sql/resource_arm_sql_database.go @@ -273,7 +273,7 @@ func resourceArmSqlDatabase() *schema.Resource { Set: schema.HashString, }, - "sretention_in_days": { + "retention_days": { Type: schema.TypeInt, Optional: true, ValidateFunc: validation.IntAtLeast(0), @@ -667,7 +667,7 @@ func flattenArmSqlServerThreatDetectionPolicy(d *schema.ResourceData, policy sql threatDetectionPolicy["storage_endpoint"] = *properties.StorageEndpoint } if properties.RetentionDays != nil { - threatDetectionPolicy["sretention_in_days"] = int(*properties.RetentionDays) + threatDetectionPolicy["retention_days"] = int(*properties.RetentionDays) } // If storage account access key is in state read it to the new state, as the API does not return it for security reasons From 5d2b0d6c31877dc2b4299f0cf9c7836913abdcd0 Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 5 Mar 2020 15:27:48 +0800 Subject: [PATCH 23/26] update review --- .../sql/helper/sqlExtendedAuditing.go | 68 +++++++++---------- .../services/sql/resource_arm_sql_server.go | 12 ++-- .../sql/tests/resource_arm_sql_server_test.go | 32 ++++----- website/docs/r/sql_server.html.markdown | 16 ++--- 4 files changed, 63 insertions(+), 65 deletions(-) diff --git a/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go b/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go index 3f045cd93661..ba9ce2c60055 100644 --- a/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go +++ b/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go @@ -4,47 +4,43 @@ import ( "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) -func BlobExtendedAuditingSchemaFrom(s map[string]*schema.Schema) map[string]*schema.Schema { - blobAuditing := map[string]*schema.Schema{ - "blob_extended_auditing_policy": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "storage_account_access_key": { - Type: schema.TypeString, - Required: true, - Sensitive: true, - ValidateFunc: validate.NoEmptyStrings, - }, +func ExtendedAuditingSchema() *schema.Schema { + return &schema.Schema{ + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "storage_account_access_key": { + Type: schema.TypeString, + Required: true, + Sensitive: true, + ValidateFunc: validate.NoEmptyStrings, + }, - "storage_endpoint": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validate.URLIsHTTPS, - }, + "storage_endpoint": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validate.URLIsHTTPS, + }, - "storage_secondary_key_enabled": { - Type: schema.TypeBool, - Optional: true, - }, + "storage_account_access_key_is_secondary": { + Type: schema.TypeBool, + Optional: true, + }, - "retention_in_days": { - Type: schema.TypeInt, - Optional: true, - ValidateFunc: validation.IntBetween(0, 3285), - }, + "retention_in_days": { + Type: schema.TypeInt, + Optional: true, + ValidateFunc: validation.IntBetween(0, 3285), }, }, }, } - return azure.MergeSchema(s, blobAuditing) } func ExpandAzureRmSqlServerBlobAuditingPolicies(input []interface{}) *sql.ExtendedServerBlobAuditingPolicyProperties { @@ -60,7 +56,7 @@ func ExpandAzureRmSqlServerBlobAuditingPolicies(input []interface{}) *sql.Extend StorageAccountAccessKey: utils.String(serverBlobAuditingPolicies["storage_account_access_key"].(string)), StorageEndpoint: utils.String(serverBlobAuditingPolicies["storage_endpoint"].(string)), } - if v, ok := serverBlobAuditingPolicies["storage_secondary_key_enabled"]; ok { + if v, ok := serverBlobAuditingPolicies["storage_account_access_key_is_secondary"]; ok { ExtendedServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = utils.Bool(v.(bool)) } if v, ok := serverBlobAuditingPolicies["retention_in_days"]; ok { @@ -76,7 +72,7 @@ func FlattenAzureRmSqlServerBlobAuditingPolicies(extendedServerBlobAuditingPolic } var storageEndpoint, storageAccessKey string // storage_account_access_key will not be returned, so we transfer the schema value - if v, ok := d.GetOk("blob_extended_auditing_policy.0.storage_account_access_key"); ok { + if v, ok := d.GetOk("extended_auditing_policy.0.storage_account_access_key"); ok { storageAccessKey = v.(string) } if extendedServerBlobAuditingPolicy.StorageEndpoint != nil { @@ -94,10 +90,10 @@ func FlattenAzureRmSqlServerBlobAuditingPolicies(extendedServerBlobAuditingPolic return []interface{}{ map[string]interface{}{ - "storage_account_access_key": storageAccessKey, - "storage_endpoint": storageEndpoint, - "storage_secondary_key_enabled": secondKeyInUse, - "retention_in_days": retentionDays, + "storage_account_access_key": storageAccessKey, + "storage_endpoint": storageEndpoint, + "storage_account_access_key_is_secondary": secondKeyInUse, + "retention_in_days": retentionDays, }, } } diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index bf3fb63e178b..2e4cceb0e74e 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -38,7 +38,7 @@ func resourceArmSqlServer() *schema.Resource { Delete: schema.DefaultTimeout(60 * time.Minute), }, - Schema: helper.BlobExtendedAuditingSchemaFrom(map[string]*schema.Schema{ + Schema: map[string]*schema.Schema{ "name": { Type: schema.TypeString, Required: true, @@ -102,8 +102,10 @@ func resourceArmSqlServer() *schema.Resource { }, }, + "extended_auditing_policy": helper.ExtendedAuditingSchema(), + "tags": tags.Schema(), - }), + }, } } @@ -175,7 +177,7 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient auditingProps := sql.ExtendedServerBlobAuditingPolicy{ - ExtendedServerBlobAuditingPolicyProperties: helper.ExpandAzureRmSqlServerBlobAuditingPolicies(d.Get("blob_extended_auditing_policy").([]interface{})), + ExtendedServerBlobAuditingPolicyProperties: helper.ExpandAzureRmSqlServerBlobAuditingPolicies(d.Get("extended_auditing_policy").([]interface{})), } if _, err = auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps); err != nil { return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err) @@ -231,8 +233,8 @@ func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error { } flattenBlobAuditing := helper.FlattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d) - if err := d.Set("blob_extended_auditing_policy", flattenBlobAuditing); err != nil { - return fmt.Errorf("Error setting `blob_extended_auditing_policy`: %+v", err) + if err := d.Set("extended_auditing_policy", flattenBlobAuditing); err != nil { + return fmt.Errorf("Error setting `extended_auditing_policy`: %+v", err) } return tags.FlattenAndSet(d, resp.Tags) diff --git a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go index 90a340ba37bc..fce99e68a152 100644 --- a/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go +++ b/azurerm/internal/services/sql/tests/resource_arm_sql_server_test.go @@ -183,20 +183,20 @@ func TestAccAzureRMSqlServer_updateWithBlobAuditingPolices(t *testing.T) { Config: testAccAzureRMSqlServer_withBlobAuditingPolices(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSqlServerExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.storage_secondary_key_enabled", "true"), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.retention_in_days", "6"), + resource.TestCheckResourceAttr(data.ResourceName, "extended_auditing_policy.0.storage_account_access_key_is_secondary", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "extended_auditing_policy.0.retention_in_days", "6"), ), }, - data.ImportStep("administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"), + data.ImportStep("administrator_login_password", "extended_auditing_policy.0.storage_account_access_key"), { Config: testAccAzureRMSqlServer_withBlobAuditingPolicesUpdated(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMSqlServerExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.storage_secondary_key_enabled", "false"), - resource.TestCheckResourceAttr(data.ResourceName, "blob_extended_auditing_policy.0.retention_in_days", "11"), + resource.TestCheckResourceAttr(data.ResourceName, "extended_auditing_policy.0.storage_account_access_key_is_secondary", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "extended_auditing_policy.0.retention_in_days", "11"), ), }, - data.ImportStep("administrator_login_password", "blob_extended_auditing_policy.0.storage_account_access_key"), + data.ImportStep("administrator_login_password", "extended_auditing_policy.0.storage_account_access_key"), }, }) } @@ -432,11 +432,11 @@ resource "azurerm_sql_server" "test" { administrator_login = "mradministrator" administrator_login_password = "thisIsDog11" - blob_extended_auditing_policy { - storage_account_access_key = azurerm_storage_account.test.primary_access_key - storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint - storage_secondary_key_enabled = true - retention_in_days = 6 + extended_auditing_policy { + storage_account_access_key = azurerm_storage_account.test.primary_access_key + storage_endpoint = azurerm_storage_account.test.primary_blob_endpoint + storage_account_access_key_is_secondary = true + retention_in_days = 6 } } `, data.RandomIntOfLength(15), data.Locations.Primary) @@ -477,11 +477,11 @@ resource "azurerm_sql_server" "test" { administrator_login = "mradministrator" administrator_login_password = "thisIsDog11" - blob_extended_auditing_policy { - storage_account_access_key = azurerm_storage_account.test2.primary_access_key - storage_endpoint = azurerm_storage_account.test2.primary_blob_endpoint - storage_secondary_key_enabled = false - retention_in_days = 11 + extended_auditing_policy { + storage_account_access_key = azurerm_storage_account.test2.primary_access_key + storage_endpoint = azurerm_storage_account.test2.primary_blob_endpoint + storage_account_access_key_is_secondary = false + retention_in_days = 11 } } `, data.RandomIntOfLength(15), data.Locations.Primary) diff --git a/website/docs/r/sql_server.html.markdown b/website/docs/r/sql_server.html.markdown index 6926b588c2cd..3e41f9cbdc69 100644 --- a/website/docs/r/sql_server.html.markdown +++ b/website/docs/r/sql_server.html.markdown @@ -38,11 +38,11 @@ resource "azurerm_sql_server" "example" { administrator_login = "mradministrator" administrator_login_password = "thisIsDog11" - blob_extended_auditing_policy { - storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint - storage_account_access_key = azurerm_storage_account.example.primary_access_key - storage_secondary_key_enabled = true - retention_in_days = 6 + extended_auditing_policy { + storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint + storage_account_access_key = azurerm_storage_account.example.primary_access_key + storage_account_access_key_is_secondary = true + retention_in_days = 6 } tags = { @@ -68,7 +68,7 @@ The following arguments are supported: * `identity` - (Optional) An `identity` block as defined below. -* `blob_extended_auditing_policy` - (Optional) A `blob_extended_auditing_policy` block as defined below. +* `extended_auditing_policy` - (Optional) A `extended_auditing_policy` block as defined below. * `tags` - (Optional) A mapping of tags to assign to the resource. @@ -99,13 +99,13 @@ The following attributes are exported: --- -A `blob_extended_auditing_policy` block supports the following: +A `extended_auditing_policy` block supports the following: * `storage_account_access_key` - (Required) Specifies the access key to use for the auditing storage account. * `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). -* `storage_secondary_key_enabled` - (Optional) Specifies whether `storage_account_access_key` value is the storage's secondary key. +* `storage_account_access_key_is_secondary` - (Optional) Specifies whether `storage_account_access_key` value is the storage's secondary key. * `retention_in_days` - (Optional) Specifies the number of days to retain logs for in the storage account. From 81f8e4ecba58cdd43e6101ae176ab9103521d2fa Mon Sep 17 00:00:00 2001 From: yupwei Date: Thu, 5 Mar 2020 15:29:55 +0800 Subject: [PATCH 24/26] update --- azurerm/internal/services/sql/resource_arm_sql_server.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/azurerm/internal/services/sql/resource_arm_sql_server.go b/azurerm/internal/services/sql/resource_arm_sql_server.go index 2e4cceb0e74e..93ba4d02b7ef 100644 --- a/azurerm/internal/services/sql/resource_arm_sql_server.go +++ b/azurerm/internal/services/sql/resource_arm_sql_server.go @@ -5,8 +5,6 @@ import ( "log" "time" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sql/helper" - "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" "github.com/hashicorp/go-azure-helpers/response" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" @@ -15,6 +13,7 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sql/helper" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tags" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" From b599f0d1fe370b79b662a23b34b16e3c8d2555c9 Mon Sep 17 00:00:00 2001 From: yupwei Date: Mon, 9 Mar 2020 09:39:33 +0800 Subject: [PATCH 25/26] clean go.sum --- go.sum | 1 - 1 file changed, 1 deletion(-) diff --git a/go.sum b/go.sum index ab1c9f1eb0ea..e9d9fd7f47e2 100644 --- a/go.sum +++ b/go.sum @@ -418,7 +418,6 @@ golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0 h1:Dh6fw+p6FyRl5x/FvNswO1ji0lIGzm3KP8Y9VkS9PTE= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= google.golang.org/api v0.4.0 h1:KKgc1aqhV8wDPbDzlDtpvyjZFY3vjz85FP7p4wcQUyI= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= From c299556a3c45615f7bbcca6aeb753916c1665beb Mon Sep 17 00:00:00 2001 From: yupwei Date: Mon, 9 Mar 2020 17:18:10 +0800 Subject: [PATCH 26/26] replace validate with validation --- azurerm/internal/services/sql/helper/sqlExtendedAuditing.go | 5 ++--- go.sum | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go b/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go index ba9ce2c60055..b7129a628f9e 100644 --- a/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go +++ b/azurerm/internal/services/sql/helper/sqlExtendedAuditing.go @@ -4,7 +4,6 @@ import ( "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/helper/validation" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) @@ -19,13 +18,13 @@ func ExtendedAuditingSchema() *schema.Schema { Type: schema.TypeString, Required: true, Sensitive: true, - ValidateFunc: validate.NoEmptyStrings, + ValidateFunc: validation.StringIsNotEmpty, }, "storage_endpoint": { Type: schema.TypeString, Required: true, - ValidateFunc: validate.URLIsHTTPS, + ValidateFunc: validation.IsURLWithHTTPS, }, "storage_account_access_key_is_secondary": { diff --git a/go.sum b/go.sum index e9d9fd7f47e2..96d963fc8f0f 100644 --- a/go.sum +++ b/go.sum @@ -463,4 +463,4 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= \ No newline at end of file