generated from Azure/terraform-verified-module
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathresources.sqlsvr.users.tf
64 lines (49 loc) · 2.55 KB
/
resources.sqlsvr.users.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
module "databases_users" {
for_each = try({ for user in local.databases_users : format("%s-%s", user.username, user.database) => user }, {})
source = "./modules/sql_db_users"
depends_on = [
azurerm_mssql_database.single_database,
azurerm_mssql_database.elastic_pool_database
]
administrator_login = var.administrator_login
administrator_password = var.administrator_password
sql_server_hostname = azurerm_mssql_server.primary_sql.fully_qualified_domain_name
database_name = each.value.database
user_name = each.key
user_roles = each.value.roles
}
module "custom_users" {
for_each = try({ for custom_user in var.custom_users : format("%s-%s", custom_user.name, custom_user.database) => custom_user }, {})
source = "./modules/sql_db_users"
depends_on = [
azurerm_mssql_database.single_database,
azurerm_mssql_database.elastic_pool_database
]
administrator_login = var.administrator_login
administrator_password = var.administrator_password
sql_server_hostname = azurerm_mssql_server.primary_sql.fully_qualified_domain_name
database_name = var.enable_elastic_pool ? azurerm_mssql_database.elastic_pool_database[each.value.database].name : azurerm_mssql_database.single_database[each.value.database].name
user_name = each.value.name
user_roles = each.value.roles
}
#-----------------------------------------------------------------------------------------------
# Adding AD Admin to SQL Server - Secondary server depend on Failover Group - Default is "false"
#-----------------------------------------------------------------------------------------------
resource "azurerm_sql_active_directory_administrator" "ad_user1" {
count = var.ad_admin_login_name != null ? 1 : 0
server_name = azurerm_mssql_server.primary_sql.name
resource_group_name = local.resource_group_name
login = var.ad_admin_login_name
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
}
resource "azurerm_sql_active_directory_administrator" "ad_user2" {
count = var.enable_failover_group && var.ad_admin_login_name != null ? 1 : 0
server_name = azurerm_mssql_server.secondary_sql.0.name
resource_group_name = local.resource_group_name
login = var.ad_admin_login_name
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
}