https://github.com/libre-devops/terraform-azurerm-mssql-server
A module used to deploy a MSSQL server 📅
https://github.com/libre-devops/terraform-azurerm-mssql-server
Last synced: 2 months ago
JSON representation
A module used to deploy a MSSQL server 📅
- Host: GitHub
- URL: https://github.com/libre-devops/terraform-azurerm-mssql-server
- Owner: libre-devops
- License: mit
- Created: 2025-01-15T15:47:33.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2025-01-15T19:18:05.000Z (3 months ago)
- Last Synced: 2025-01-15T19:52:50.380Z (3 months ago)
- Language: PowerShell
- Size: 36.1 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
```hcl
resource "azurerm_mssql_server" "this" {
for_each = { for server in var.mssql_servers : server.name => server }
location = each.value.location
name = each.value.name
resource_group_name = each.value.rg_name
version = each.value.version
administrator_login = each.value.administrator_login
administrator_login_password = each.value.administrator_login_password
connection_policy = each.value.connection_policy
transparent_data_encryption_key_vault_key_id = each.value.transparent_data_encryption_key_vault_key_id
minimum_tls_version = each.value.minimum_tls_version
public_network_access_enabled = each.value.public_network_access_enabled
outbound_network_restriction_enabled = each.value.outbound_network_restriction_enabled
primary_user_assigned_identity_id = each.value.primary_user_assigned_identity_id
dynamic "azuread_administrator" {
for_each = each.value.azuread_administrator != null ? [each.value.azuread_administrator] : []
content {
login_username = azuread_administrator.value.login_username
azuread_authentication_only = azuread_administrator.value.azuread_authentication_only
object_id = azuread_administrator.value.object_id
tenant_id = azuread_administrator.value.tenant_id
}
}
dynamic "identity" {
for_each = each.value.identity_type == "SystemAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
}
}
dynamic "identity" {
for_each = each.value.identity_type == "SystemAssigned, UserAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
identity_ids = try(each.value.identity_ids, [])
}
}
dynamic "identity" {
for_each = each.value.identity_type == "UserAssigned" ? [each.value.identity_type] : []
content {
type = each.value.identity_type
identity_ids = length(try(each.value.identity_ids, [])) > 0 ? each.value.identity_ids : []
}
}
}
locals {
combined_firewall_rules = flatten([
for s in var.mssql_servers : [
for fw in(s.firewall_rules != null ? s.firewall_rules : []) : {
server_name = s.name
rule = fw
}
]
])
combined_vnet_rules = flatten([
for s in var.mssql_servers : [
for vnr in(s.vnet_rules != null ? s.vnet_rules : []) : {
server_name = s.name
vnet_rule = vnr
}
]
])
}
resource "azurerm_mssql_firewall_rule" "firewall_rules" {
# Each item in local.combined_firewall_rules becomes a resource
for_each = {
for fr in local.combined_firewall_rules :
"${fr.server_name}-${fr.rule.name}" => fr
}
name = each.value.rule.name
server_id = azurerm_mssql_server.this[each.value.server_name].id
start_ip_address = each.value.rule.start_ip_address
end_ip_address = each.value.rule.end_ip_address
}
resource "azurerm_mssql_virtual_network_rule" "vnet_rules" {
for_each = {
for vr in local.combined_vnet_rules :
"${vr.server_name}-${vr.vnet_rule.name}" => vr
}
name = each.value.vnet_rule.name
server_id = azurerm_mssql_server.this[each.value.server_name].id
subnet_id = each.value.vnet_rule.subnet_id
}
resource "azurerm_mssql_server_extended_auditing_policy" "extended_auditing_policies" {
for_each = {
for server in var.mssql_servers :
server.name => server.extended_auditing_policy
if server.extended_auditing_policy != null
}
server_id = azurerm_mssql_server.this[each.key].id
storage_endpoint = try(each.value.storage_endpoint, null)
retention_in_days = try(each.value.retention_in_days, 0)
storage_account_access_key = try(each.value.storage_account_access_key, null)
storage_account_access_key_is_secondary = try(each.value.storage_account_access_key_is_secondary, false)
log_monitoring_enabled = try(each.value.log_monitoring_enabled, false)
predicate_expression = try(each.value.predicate_expression, null)
storage_account_subscription_id = try(each.value.storage_account_subscription_id, null)
audit_actions_and_groups = try(each.value.audit_actions_and_groups, ["BATCH_COMPLETED_GROUP"])
}
```
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [azurerm](#provider\_azurerm) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_mssql_firewall_rule.firewall_rules](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_firewall_rule) | resource |
| [azurerm_mssql_server.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server) | resource |
| [azurerm_mssql_server_extended_auditing_policy.extended_auditing_policies](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_extended_auditing_policy) | resource |
| [azurerm_mssql_virtual_network_rule.vnet_rules](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_virtual_network_rule) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [mssql\_servers](#input\_mssql\_servers) | List to deploy mssql servers |
list(object({
rg_name = string
location = optional(string, "uksouth")
tags = map(string)
name = string
version = optional(string, "12.0")
administrator_login = optional(string)
administrator_login_password = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
connection_policy = optional(string, "Default")
transparent_data_encryption_key_vault_key_id = optional(string)
minimum_tls_version = optional(string, "1.2")
public_network_access_enabled = optional(bool, false)
outbound_network_restriction_enabled = optional(bool, false)
primary_user_assigned_identity_id = optional(string)
azuread_administrator = optional(object({
login_username = string
object_id = string
tenant_id = optional(string)
azuread_authentication_only = optional(bool)
}))
firewall_rules = optional(list(object({
name = string
start_ip_address = string
end_ip_address = string
})))
vnet_rules = optional(list(object({
name = string
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
extended_auditing_policy = optional(object({
enabled = optional(bool, true)
storage_endpoint = optional(string)
retention_in_days = optional(number, 0)
storage_account_access_key = optional(string)
storage_account_access_key_is_secondary = optional(bool)
log_monitoring_enabled = optional(bool, true)
storage_account_subscription_id = optional(string)
predicate_expression = optional(string)
audit_actions_and_groups = optional(list(string), ["BATCH_COMPLETED_GROUP"])
}))
})) | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [mssql\_firewall\_rule\_ids](#output\_mssql\_firewall\_rule\_ids) | A map of MSSQL Firewall Rule IDs, keyed by -. |
| [mssql\_restorable\_dropped\_database\_ids](#output\_mssql\_restorable\_dropped\_database\_ids) | The ID of the restorable dropped database. |
| [mssql\_server\_fully\_qualified\_domain\_name](#output\_mssql\_server\_fully\_qualified\_domain\_name) | The fully qualified domain name of the mssql server. |
| [mssql\_server\_id](#output\_mssql\_server\_id) | The ID of the mssql server. |
| [mssql\_server\_identity](#output\_mssql\_server\_identity) | The identity of the mssql server. |
| [mssql\_server\_name](#output\_mssql\_server\_name) | The name of the mssql server. |
| [mssql\_vnet\_rule\_ids](#output\_mssql\_vnet\_rule\_ids) | A map of MSSQL VNet Rule IDs, keyed by -. |