New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azurerm_sql_server
- support for the extended_auditing_policy
property
#5036
Changes from 30 commits
c1f442b
084a760
a6a026c
9220c3c
aa46c91
8b3a0f2
1e1951d
f9b5926
aca11cc
5e96621
8e035e2
4d45c5c
23d20f9
948598b
30cf7ab
8075237
fa623e2
988ea11
23a06f1
aee83c9
d67e92f
3f12e17
50a4695
60008da
3b83258
b2ebc6f
0faba14
b2130dc
5d2b0d6
81f8e4e
b599f0d
c299556
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
package helper | ||
|
||
import ( | ||
"github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/validation" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" | ||
) | ||
|
||
func ExtendedAuditingSchema() *schema.Schema { | ||
return &schema.Schema{ | ||
Type: schema.TypeList, | ||
Optional: true, | ||
MaxItems: 1, | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
"storage_account_access_key": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
Sensitive: true, | ||
ValidateFunc: validate.NoEmptyStrings, | ||
}, | ||
|
||
"storage_endpoint": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validate.URLIsHTTPS, | ||
}, | ||
|
||
"storage_account_access_key_is_secondary": { | ||
Type: schema.TypeBool, | ||
Optional: true, | ||
}, | ||
|
||
"retention_in_days": { | ||
Type: schema.TypeInt, | ||
Optional: true, | ||
ValidateFunc: validation.IntBetween(0, 3285), | ||
}, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func ExpandAzureRmSqlServerBlobAuditingPolicies(input []interface{}) *sql.ExtendedServerBlobAuditingPolicyProperties { | ||
if len(input) == 0 { | ||
return &sql.ExtendedServerBlobAuditingPolicyProperties{ | ||
State: sql.BlobAuditingPolicyStateDisabled, | ||
} | ||
} | ||
serverBlobAuditingPolicies := input[0].(map[string]interface{}) | ||
|
||
ExtendedServerBlobAuditingPolicyProperties := sql.ExtendedServerBlobAuditingPolicyProperties{ | ||
State: sql.BlobAuditingPolicyStateEnabled, | ||
StorageAccountAccessKey: utils.String(serverBlobAuditingPolicies["storage_account_access_key"].(string)), | ||
StorageEndpoint: utils.String(serverBlobAuditingPolicies["storage_endpoint"].(string)), | ||
} | ||
if v, ok := serverBlobAuditingPolicies["storage_account_access_key_is_secondary"]; ok { | ||
ExtendedServerBlobAuditingPolicyProperties.IsStorageSecondaryKeyInUse = utils.Bool(v.(bool)) | ||
} | ||
if v, ok := serverBlobAuditingPolicies["retention_in_days"]; ok { | ||
ExtendedServerBlobAuditingPolicyProperties.RetentionDays = utils.Int32(int32(v.(int))) | ||
} | ||
|
||
return &ExtendedServerBlobAuditingPolicyProperties | ||
} | ||
|
||
func FlattenAzureRmSqlServerBlobAuditingPolicies(extendedServerBlobAuditingPolicy *sql.ExtendedServerBlobAuditingPolicy, d *schema.ResourceData) []interface{} { | ||
if extendedServerBlobAuditingPolicy == nil || extendedServerBlobAuditingPolicy.State == sql.BlobAuditingPolicyStateDisabled { | ||
return []interface{}{} | ||
} | ||
var storageEndpoint, storageAccessKey string | ||
// storage_account_access_key will not be returned, so we transfer the schema value | ||
if v, ok := d.GetOk("extended_auditing_policy.0.storage_account_access_key"); ok { | ||
storageAccessKey = v.(string) | ||
} | ||
if extendedServerBlobAuditingPolicy.StorageEndpoint != nil { | ||
storageEndpoint = *extendedServerBlobAuditingPolicy.StorageEndpoint | ||
} | ||
|
||
var secondKeyInUse bool | ||
if extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse != nil { | ||
secondKeyInUse = *extendedServerBlobAuditingPolicy.IsStorageSecondaryKeyInUse | ||
} | ||
var retentionDays int32 | ||
if extendedServerBlobAuditingPolicy.RetentionDays != nil { | ||
retentionDays = *extendedServerBlobAuditingPolicy.RetentionDays | ||
} | ||
|
||
return []interface{}{ | ||
map[string]interface{}{ | ||
"storage_account_access_key": storageAccessKey, | ||
"storage_endpoint": storageEndpoint, | ||
"storage_account_access_key_is_secondary": secondKeyInUse, | ||
"retention_in_days": retentionDays, | ||
}, | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,6 +22,14 @@ resource "azurerm_resource_group" "example" { | |
location = "West US" | ||
} | ||
|
||
resource "azurerm_storage_account" "example" { | ||
name = "examplesa" | ||
resource_group_name = azurerm_resource_group.example.name | ||
location = azurerm_resource_group.example.location | ||
account_tier = "Standard" | ||
account_replication_type = "LRS" | ||
} | ||
|
||
resource "azurerm_sql_server" "example" { | ||
name = "mysqlserver" | ||
resource_group_name = azurerm_resource_group.example.name | ||
|
@@ -30,6 +38,13 @@ resource "azurerm_sql_server" "example" { | |
administrator_login = "mradministrator" | ||
administrator_login_password = "thisIsDog11" | ||
|
||
extended_auditing_policy { | ||
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint | ||
storage_account_access_key = azurerm_storage_account.example.primary_access_key | ||
storage_account_access_key_is_secondary = true | ||
retention_in_days = 6 | ||
} | ||
|
||
tags = { | ||
environment = "production" | ||
} | ||
|
@@ -53,6 +68,8 @@ The following arguments are supported: | |
|
||
* `identity` - (Optional) An `identity` block as defined below. | ||
|
||
* `extended_auditing_policy` - (Optional) A `extended_auditing_policy` block as defined below. | ||
|
||
* `tags` - (Optional) A mapping of tags to assign to the resource. | ||
|
||
--- | ||
|
@@ -80,7 +97,19 @@ The following attributes are exported: | |
|
||
-> You can access the Principal ID via `${azurerm_sql_server.example.identity.0.principal_id}` and the Tenant ID via `${azurerm_sql_server.example.identity.0.tenant_id}` | ||
|
||
## Timeouts | ||
--- | ||
|
||
A `extended_auditing_policy` block supports the following: | ||
|
||
* `storage_account_access_key` - (Required) Specifies the access key to use for the auditing storage account. | ||
|
||
* `storage_endpoint` - (Required) Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). | ||
|
||
* `storage_account_access_key_is_secondary` - (Optional) Specifies whether `storage_account_access_key` value is the storage's secondary key. | ||
Comment on lines
+106
to
+108
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. could we order these alphabetically? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So we don't need to put There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. WHoops missed the optional, yes typically alphabetically, but sometimes i'll order for aesthetics ie |
||
|
||
* `retention_in_days` - (Optional) Specifies the number of days to retain logs for in the storage account. | ||
|
||
### Timeouts | ||
|
||
The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could we order these alphabetically
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same concern. So we don't need to put required fields in advance? We just order all required and optional fields alphabetically, right?