azurerm_mssql_managed_instance : support new property `azure_active…

…_directory_administrator` (#24801)

* support new property azuread_administrator

* fix comments

* fix comments

* fix conflicts

* fix comments

* update code

* fix test

internal/services/mssqlmanagedinstance/mssql_managed_instance_active_directory_administrator_resource.go

@@ -276,9 +276,17 @@ func (r MsSqlManagedInstanceActiveDirectoryAdministratorResource) Delete() sdk.R
 
 			managedInstanceId := commonids.NewSqlManagedInstanceID(id.SubscriptionId, id.ResourceGroup, id.ManagedInstanceName)
 
-			err = aadAuthOnlyClient.DeleteThenPoll(ctx, managedInstanceId)
+			// Before deleting an AAD admin, it is necessary to disable `AzureADOnlyAuthentication` first, as deleting an AAD admin when `AzureADOnlyAuthentication` feature is enabled is not supported.
+			// Use `CreateOrUpdateThenPoll` instead of `DeleteThenPoll`, because the actual deletion behavior of the API is not to really delete the record, but to update `AzureADOnlyAuthentication` to false. Therefore, using `DeleteThenPoll` will cause pull till done to never end until it times out.
+			aadAuthOnlyParams := managedinstanceazureadonlyauthentications.ManagedInstanceAzureADOnlyAuthentication{
+				Properties: &managedinstanceazureadonlyauthentications.ManagedInstanceAzureADOnlyAuthProperties{
+					AzureADOnlyAuthentication: false,
+				},
+			}
+
+			err = aadAuthOnlyClient.CreateOrUpdateThenPoll(ctx, managedInstanceId, aadAuthOnlyParams)
 			if err != nil {
-				return fmt.Errorf("removing `azuread_authentication_only` for %s: %+v", managedInstanceId, err)
+				return fmt.Errorf("disabling `azuread_authentication_only` for %s: %+v", id, err)
 			}
 
 			err = client.DeleteThenPoll(ctx, managedInstanceId)

internal/services/mssqlmanagedinstance/mssql_managed_instance_active_directory_administrator_resource_test.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"testing"
+	"time"
 
 	"github.com/hashicorp/go-azure-helpers/lang/response"
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonids"
@@ -25,9 +26,6 @@ func TestAccMsSqlManagedInstanceActiveDirectoryAdministrator_basic(t *testing.T)
 	r := MsSqlManagedInstanceActiveDirectoryAdministratorResource{}
 
 	data.ResourceTest(t, r, []acceptance.TestStep{
-		{
-			Config: r.template(data),
-		},
 		{
 			Config: r.basic(data, true),
 			Check: acceptance.ComposeTestCheckFunc(
@@ -36,7 +34,8 @@ func TestAccMsSqlManagedInstanceActiveDirectoryAdministrator_basic(t *testing.T)
 		},
 		data.ImportStep("administrator_login_password"),
 		{
-			Config: r.basic(data, false),
+			PreConfig: func() { time.Sleep(5 * time.Minute) },
+			Config:    r.basic(data, false),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
 			),
@@ -66,8 +65,49 @@ func (r MsSqlManagedInstanceActiveDirectoryAdministratorResource) Exists(ctx con
 
 func (r MsSqlManagedInstanceActiveDirectoryAdministratorResource) template(data acceptance.TestData) string {
 	return fmt.Sprintf(`
+provider "azurerm" {
+  features {
+    resource_group {
+      /* Due to the creation of unmanaged Microsoft.Network/networkIntentPolicies in this service,
+      prevent_deletion_if_contains_resources has been added here to allow the test resources to be
+       deleted until this can be properly investigated
+      */
+      prevent_deletion_if_contains_resources = false
+    }
+  }
+}
+
 %[1]s
 
+resource "azurerm_mssql_managed_instance" "test" {
+  name                = "acctestsqlserver%[2]d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+
+  license_type       = "BasePrice"
+  sku_name           = "GP_Gen5"
+  storage_size_in_gb = 32
+  subnet_id          = azurerm_subnet.test.id
+  vcores             = 4
+
+  administrator_login          = "missadministrator"
+  administrator_login_password = "NCC-1701-D"
+
+  depends_on = [
+    azurerm_subnet_network_security_group_association.test,
+    azurerm_subnet_route_table_association.test,
+  ]
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  tags = {
+    environment = "staging"
+    database    = "test"
+  }
+}
+
 data "azuread_client_config" "test" {}
 
 resource "azuread_application" "test" {
@@ -87,7 +127,7 @@ resource "azuread_directory_role_member" "test" {
   role_object_id   = azuread_directory_role.reader.object_id
   member_object_id = azurerm_mssql_managed_instance.test.identity.0.principal_id
 }
-`, MsSqlManagedInstanceResource{}.identity(data), data.RandomInteger)
+`, MsSqlManagedInstanceResource{}.template(data, data.Locations.Primary), data.RandomInteger)
 }
 
 func (r MsSqlManagedInstanceActiveDirectoryAdministratorResource) basic(data acceptance.TestData, aadOnly bool) string {

internal/services/mssqlmanagedinstance/mssql_managed_instance_failover_group_resource_test.go

@@ -24,13 +24,6 @@ func TestAccMsSqlManagedInstanceFailoverGroup_update(t *testing.T) {
 	r := MsSqlManagedInstanceFailoverGroupResource{}
 
 	data.ResourceTest(t, r, []acceptance.TestStep{
-		{
-			Config: MsSqlManagedInstanceResource{}.dnsZonePartner(data),
-		},
-		{
-			// It speeds up deletion to remove the explicit dependency between the instances
-			Config: MsSqlManagedInstanceResource{}.emptyDnsZonePartner(data),
-		},
 		{
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
@@ -45,10 +38,6 @@ func TestAccMsSqlManagedInstanceFailoverGroup_update(t *testing.T) {
 			),
 		},
 		data.ImportStep(),
-		{
-			// disconnect
-			Config: MsSqlManagedInstanceResource{}.emptyDnsZonePartner(data),
-		},
 	})
 }
 
@@ -136,6 +125,7 @@ resource "azurerm_public_ip" "test" {
   location            = azurerm_resource_group.test.location
   resource_group_name = azurerm_resource_group.test.name
   allocation_method   = "Dynamic"
+  sku                 = "Basic"
 }
 
 resource "azurerm_virtual_network_gateway" "test" {
@@ -179,6 +169,7 @@ resource "azurerm_public_ip" "secondary" {
   location            = azurerm_resource_group.secondary.location
   resource_group_name = azurerm_resource_group.secondary.name
   allocation_method   = "Dynamic"
+  sku                 = "Basic"
 }
 
 resource "azurerm_virtual_network_gateway" "secondary" {
@@ -209,5 +200,5 @@ resource "azurerm_virtual_network_gateway_connection" "secondary" {
 
   shared_key = var.shared_key
 }
-`, MsSqlManagedInstanceResource{}.emptyDnsZonePartner(data), data.RandomInteger)
+`, MsSqlManagedInstanceResource{}.dnsZonePartner(data), data.RandomInteger)
 }