Manage Advanced Threat Protection for MySQL #5629
Comments
|
@katbyte I can confirm azurerm_advanced_threat_protection only supports CosmoDB and Storage account. That link is the best information I could find. I even tried bumping the API version to v3.0/security with no success. We need to go the route of Sound good? |
|
@katbyte @pearcec looks as though this functionality is actually supported out of the package for mysqlpostgres itself. Unfortunately the functionality is named poorly. In order to enable Advanced Threat Protection on The following code outlines something I have written internally to deal with this whilst there is no support within TF, essentially it will enable ATP on a given PG server: // UpdateATP will enable/disable ATP on a given PostgreSQL server
func UpdateATP(s *Session, group string, server string, state postgresql.ServerSecurityAlertPolicyState) {
client := postgresql.NewServerSecurityAlertPoliciesClient(s.SubscriptionID)
client.Authorizer = s.Authorizer
policy := postgresql.ServerSecurityAlertPolicy{
SecurityAlertPolicyProperties: &postgresql.SecurityAlertPolicyProperties{
State: postgresql.ServerSecurityAlertPolicyStateEnabled,
EmailAccountAdmins: to.BoolPtr(true),
},
}
future, err := client.CreateOrUpdate(s.Context, group, server, policy)
if err != nil {
log.Fatalf("unable to update ATP on server: %v", err)
}
duration, _ := future.GetPollingDelay()
if duration.Seconds() > 0 {
log.Printf("sleeping for %s", duration)
time.Sleep(duration)
}
result, err := future.Result(client)
if err != nil {
log.Fatalf("unable to retrieve result from future: %v", err)
}
log.Printf("ATP on '%s', within '%s' Resource Group, now has the following state: %s", server, group, result.SecurityAlertPolicyProperties.State)
}Given, it is not the most elegant code, but it does enable the functionality. I feel that a similar approach could be achieved via TF to enable ATP for a given PostgreSQL/MySQL server. |
- For hashicorp#5629 - Valid tests - Website documentation - Copy from PostgreSQL server
|
Thanks @BrendanThompson, @katbyte worked on a version of this via PostgreSQL. I copied it to get this into MySQL. |
Copy from PostgreSQL server Fixes #5629
|
This has been released in version 2.18.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.18.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked and limited conversation to collaborators
Reopening issue #5238 which was closed because a new resource was released in 1.40.0. But that resource doesn't work for servers, as shown below.
I upgraded to 1.43.0 this morning and attempted to use the new azurerm_advanced_threat_protection resource, but got the following error. Seems the new resource only supports the storage account, not mysql server.
The documentation for #4848 seems to be specific to storage accounts as well.
Also, the new provider only supports enabling it. The ability to specify an email address and to enable or disable the option to "Also send email notification to admins and subscription owners" is not available in the new provider.
Snippet of log below.
`
Error: Error updating Advanced Threat protection for resource "/subscriptions/****/resourceGroups/demo-group/providers/Microsoft.DBforMySQL/servers/demo-server": security.AdvancedThreatProtectionClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="Not Supported" Message="Atp settings are not supported on resources of type servers"
on ../../main.tf line 25, in resource "azurerm_advanced_threat_protection" "mysql_advanced_threat_protection":
25: resource "azurerm_advanced_threat_protection" "mysql_advanced_threat_protection" {
`
The text was updated successfully, but these errors were encountered: