azurerm_sql_server - support for connection_policy property

azurerm/internal/services/sql/client/client.go

@@ -9,57 +9,62 @@ type Client struct {
  DatabasesClient *sql.DatabasesClient
  DatabaseThreatDetectionPoliciesClient *sql.DatabaseThreatDetectionPoliciesClient
  ElasticPoolsClient *sql.ElasticPoolsClient
+ DatabaseExtendedBlobAuditingPoliciesClient *sql.ExtendedDatabaseBlobAuditingPoliciesClient
  FirewallRulesClient *sql.FirewallRulesClient
  FailoverGroupsClient *sql.FailoverGroupsClient
  ServersClient *sql.ServersClient
+ ServerExtendedBlobAuditingPoliciesClient *sql.ExtendedServerBlobAuditingPoliciesClient
+ ServerConnectionPoliciesClient *sql.ServerConnectionPoliciesClient
  ServerAzureADAdministratorsClient *sql.ServerAzureADAdministratorsClient
  VirtualNetworkRulesClient *sql.VirtualNetworkRulesClient
- ExtendedDatabaseBlobAuditingPoliciesClient *sql.ExtendedDatabaseBlobAuditingPoliciesClient
- ExtendedServerBlobAuditingPoliciesClient *sql.ExtendedServerBlobAuditingPoliciesClient
 }
 
 func NewClient(o *common.ClientOptions) *Client {
  // SQL Azure
- DatabasesClient := sql.NewDatabasesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&DatabasesClient.Client, o.ResourceManagerAuthorizer)
+ databasesClient := sql.NewDatabasesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&databasesClient.Client, o.ResourceManagerAuthorizer)
 
- DatabaseThreatDetectionPoliciesClient := sql.NewDatabaseThreatDetectionPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&DatabaseThreatDetectionPoliciesClient.Client, o.ResourceManagerAuthorizer)
+ databaseExtendedBlobAuditingPoliciesClient := sql.NewExtendedDatabaseBlobAuditingPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&databaseExtendedBlobAuditingPoliciesClient.Client, o.ResourceManagerAuthorizer)
 
- ElasticPoolsClient := sql.NewElasticPoolsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&ElasticPoolsClient.Client, o.ResourceManagerAuthorizer)
+ databaseThreatDetectionPoliciesClient := sql.NewDatabaseThreatDetectionPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&databaseThreatDetectionPoliciesClient.Client, o.ResourceManagerAuthorizer)
 
- FailoverGroupsClient := sql.NewFailoverGroupsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&FailoverGroupsClient.Client, o.ResourceManagerAuthorizer)
+ elasticPoolsClient := sql.NewElasticPoolsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&elasticPoolsClient.Client, o.ResourceManagerAuthorizer)
 
- FirewallRulesClient := sql.NewFirewallRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&FirewallRulesClient.Client, o.ResourceManagerAuthorizer)
+ failoverGroupsClient := sql.NewFailoverGroupsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&failoverGroupsClient.Client, o.ResourceManagerAuthorizer)
 
- ServersClient := sql.NewServersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&ServersClient.Client, o.ResourceManagerAuthorizer)
+ firewallRulesClient := sql.NewFirewallRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&firewallRulesClient.Client, o.ResourceManagerAuthorizer)
 
- ServerAzureADAdministratorsClient := sql.NewServerAzureADAdministratorsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&ServerAzureADAdministratorsClient.Client, o.ResourceManagerAuthorizer)
+ serversClient := sql.NewServersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&serversClient.Client, o.ResourceManagerAuthorizer)
 
- VirtualNetworkRulesClient := sql.NewVirtualNetworkRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&VirtualNetworkRulesClient.Client, o.ResourceManagerAuthorizer)
+ serverConnectionPoliciesClient := sql.NewServerConnectionPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&serverConnectionPoliciesClient.Client, o.ResourceManagerAuthorizer)
 
- ExtendedDatabaseBlobAuditingPoliciesClient := sql.NewExtendedDatabaseBlobAuditingPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&ExtendedDatabaseBlobAuditingPoliciesClient.Client, o.ResourceManagerAuthorizer)
+ serverAzureADAdministratorsClient := sql.NewServerAzureADAdministratorsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&serverAzureADAdministratorsClient.Client, o.ResourceManagerAuthorizer)
 
- ExtendedServerBlobAuditingPoliciesClient := sql.NewExtendedServerBlobAuditingPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
- o.ConfigureClient(&ExtendedServerBlobAuditingPoliciesClient.Client, o.ResourceManagerAuthorizer)
+ virtualNetworkRulesClient := sql.NewVirtualNetworkRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&virtualNetworkRulesClient.Client, o.ResourceManagerAuthorizer)
+
+ serverExtendedBlobAuditingPoliciesClient := sql.NewExtendedServerBlobAuditingPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+ o.ConfigureClient(&serverExtendedBlobAuditingPoliciesClient.Client, o.ResourceManagerAuthorizer)
 
  return &Client{
- DatabasesClient: &DatabasesClient,
- DatabaseThreatDetectionPoliciesClient: &DatabaseThreatDetectionPoliciesClient,
- ElasticPoolsClient: &ElasticPoolsClient,
- FailoverGroupsClient: &FailoverGroupsClient,
- FirewallRulesClient: &FirewallRulesClient,
- ServersClient: &ServersClient,
- ServerAzureADAdministratorsClient: &ServerAzureADAdministratorsClient,
- VirtualNetworkRulesClient: &VirtualNetworkRulesClient,
- ExtendedDatabaseBlobAuditingPoliciesClient: &ExtendedDatabaseBlobAuditingPoliciesClient,
- ExtendedServerBlobAuditingPoliciesClient: &ExtendedServerBlobAuditingPoliciesClient,
+ DatabasesClient: &databasesClient,
+ DatabaseExtendedBlobAuditingPoliciesClient: &databaseExtendedBlobAuditingPoliciesClient,
+ DatabaseThreatDetectionPoliciesClient: &databaseThreatDetectionPoliciesClient,
+ ElasticPoolsClient: &elasticPoolsClient,
+ FailoverGroupsClient: &failoverGroupsClient,
+ FirewallRulesClient: &firewallRulesClient,
+ ServersClient: &serversClient,
+ ServerAzureADAdministratorsClient: &serverAzureADAdministratorsClient,
+ ServerConnectionPoliciesClient: &serverConnectionPoliciesClient,
+ ServerExtendedBlobAuditingPoliciesClient: &serverExtendedBlobAuditingPoliciesClient,
+ VirtualNetworkRulesClient: &virtualNetworkRulesClient,
  }
 }

azurerm/internal/services/sql/resource_arm_sql_database.go

@@ -356,6 +356,7 @@ func resourceArmSqlDatabase() *schema.Resource {
 
 func resourceArmSqlDatabaseCreateUpdate(d *schema.ResourceData, meta interface{}) error {
  client := meta.(*clients.Client).Sql.DatabasesClient
+ threatClient := meta.(*clients.Client).Sql.DatabaseThreatDetectionPoliciesClient
  ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
  defer cancel()
 
@@ -380,8 +381,6 @@ func resourceArmSqlDatabaseCreateUpdate(d *schema.ResourceData, meta interface{}
  }
  }
 
- threatDetection := expandArmSqlServerThreatDetectionPolicy(d, location)
-
  properties := sql.Database{
  Location: utils.String(location),
  DatabaseProperties: &sql.DatabaseProperties{
@@ -497,12 +496,11 @@ func resourceArmSqlDatabaseCreateUpdate(d *schema.ResourceData, meta interface{}
 
  d.SetId(*resp.ID)
 
- threatDetectionClient := meta.(*clients.Client).Sql.DatabaseThreatDetectionPoliciesClient
- if _, err = threatDetectionClient.CreateOrUpdate(ctx, resourceGroup, serverName, name, *threatDetection); err != nil {
+ if _, err = threatClient.CreateOrUpdate(ctx, resourceGroup, serverName, name, *expandArmSqlServerThreatDetectionPolicy(d, location)); err != nil {
  return fmt.Errorf("Error setting database threat detection policy: %+v", err)
  }
 
- auditingClient := meta.(*clients.Client).Sql.ExtendedDatabaseBlobAuditingPoliciesClient
+ auditingClient := meta.(*clients.Client).Sql.DatabaseExtendedBlobAuditingPoliciesClient
  auditingProps := sql.ExtendedDatabaseBlobAuditingPolicy{
  ExtendedDatabaseBlobAuditingPolicyProperties: helper.ExpandAzureRmSqlDBBlobAuditingPolicies(d.Get("extended_auditing_policy").([]interface{})),
  }
@@ -538,11 +536,10 @@ func resourceArmSqlDatabaseRead(d *schema.ResourceData, meta interface{}) error
  return fmt.Errorf("Error making Read request on Sql Database %s: %+v", name, err)
  }
 
- threatDetectionClient := meta.(*clients.Client).Sql.DatabaseThreatDetectionPoliciesClient
- threatDetection, err := threatDetectionClient.Get(ctx, resourceGroup, serverName, name)
+ threatClient := meta.(*clients.Client).Sql.DatabaseThreatDetectionPoliciesClient
+ threat, err := threatClient.Get(ctx, resourceGroup, serverName, name)
  if err == nil {
- flattenedThreatDetection := flattenArmSqlServerThreatDetectionPolicy(d, threatDetection)
- if err := d.Set("threat_detection_policy", flattenedThreatDetection); err != nil {
+ if err := d.Set("threat_detection_policy", flattenArmSqlServerThreatDetectionPolicy(d, threat)); err != nil {
  return fmt.Errorf("Error setting `threat_detection_policy`: %+v", err)
  }
  }
@@ -594,7 +591,7 @@ func resourceArmSqlDatabaseRead(d *schema.ResourceData, meta interface{}) error
  d.Set("zone_redundant", props.ZoneRedundant)
  }
 
- auditingClient := meta.(*clients.Client).Sql.ExtendedDatabaseBlobAuditingPoliciesClient
+ auditingClient := meta.(*clients.Client).Sql.DatabaseExtendedBlobAuditingPoliciesClient
  auditingResp, err := auditingClient.Get(ctx, resourceGroup, serverName, name)
  if err != nil {
  return fmt.Errorf("Error reading SQL Database %q: %v Blob Auditing Policies", name, err)

azurerm/internal/services/sql/resource_arm_sql_server.go

@@ -71,9 +71,15 @@ func resourceArmSqlServer() *schema.Resource {
  Sensitive: true,
  },
 
- "fully_qualified_domain_name": {
+ "connection_policy": {
  Type: schema.TypeString,
- Computed: true,
+ Optional: true,
+ Default: string(sql.ServerConnectionTypeDefault),
+ ValidateFunc: validation.StringInSlice([]string{
+ string(sql.ServerConnectionTypeDefault),
+ string(sql.ServerConnectionTypeProxy),
+ string(sql.ServerConnectionTypeRedirect),
+ }, false),
  },
 
  "identity": {
@@ -103,13 +109,20 @@ func resourceArmSqlServer() *schema.Resource {
 
  "extended_auditing_policy": helper.ExtendedAuditingSchema(),
 
+ "fully_qualified_domain_name": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
  "tags": tags.Schema(),
  },
  }
 }
 
 func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}) error {
  client := meta.(*clients.Client).Sql.ServersClient
+ auditingClient := meta.(*clients.Client).Sql.ServerExtendedBlobAuditingPoliciesClient
+ connectionClient := meta.(*clients.Client).Sql.ServerConnectionPoliciesClient
  ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
  defer cancel()
 
@@ -174,7 +187,15 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{})
 
  d.SetId(*resp.ID)
 
- auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient
+ connection := sql.ServerConnectionPolicy{
+ ServerConnectionPolicyProperties: &sql.ServerConnectionPolicyProperties{
+ ConnectionType: sql.ServerConnectionType(d.Get("connection_policy").(string)),
+ },
+ }
+ if _, err = connectionClient.CreateOrUpdate(ctx, resGroup, name, connection); err != nil {
+ return fmt.Errorf("Error issuing create/update request for SQL Server %q Connection Policy (Resource Group %q): %+v", name, resGroup, err)
+ }
+
  auditingProps := sql.ExtendedServerBlobAuditingPolicy{
  ExtendedServerBlobAuditingPolicyProperties: helper.ExpandAzureRmSqlServerBlobAuditingPolicies(d.Get("extended_auditing_policy").([]interface{})),
  }
@@ -187,6 +208,8 @@ func resourceArmSqlServerCreateUpdate(d *schema.ResourceData, meta interface{})
 
 func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error {
  client := meta.(*clients.Client).Sql.ServersClient
+ auditingClient := meta.(*clients.Client).Sql.ServerExtendedBlobAuditingPoliciesClient
+ connectionClient := meta.(*clients.Client).Sql.ServerConnectionPoliciesClient
  ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
  defer cancel()
 
@@ -225,14 +248,21 @@ func resourceArmSqlServerRead(d *schema.ResourceData, meta interface{}) error {
  d.Set("fully_qualified_domain_name", serverProperties.FullyQualifiedDomainName)
  }
 
- auditingClient := meta.(*clients.Client).Sql.ExtendedServerBlobAuditingPoliciesClient
+ connection, err := connectionClient.Get(ctx, resGroup, name)
+ if err != nil {
+ return fmt.Errorf("Error reading SQL Server %s Blob Connection Policy: %v ", name, err)
+ }
+
+ if props := connection.ServerConnectionPolicyProperties; props != nil {
+ d.Set("connection_policy", string(props.ConnectionType))
+ }
+
  auditingResp, err := auditingClient.Get(ctx, resGroup, name)
  if err != nil {
  return fmt.Errorf("Error reading SQL Server %s Blob Auditing Policies: %v ", name, err)
  }
 
- flattenBlobAuditing := helper.FlattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)
- if err := d.Set("extended_auditing_policy", flattenBlobAuditing); err != nil {
+ if err := d.Set("extended_auditing_policy", helper.FlattenAzureRmSqlServerBlobAuditingPolicies(&auditingResp, d)); err != nil {
  return fmt.Errorf("Error setting `extended_auditing_policy`: %+v", err)
  }
 

website/docs/r/sql_server.html.markdown

@@ -66,6 +66,8 @@ The following arguments are supported:
 
 * `administrator_login_password` - (Required) The password associated with the `administrator_login` user. Needs to comply with Azure's [Password Policy](https://msdn.microsoft.com/library/ms161959.aspx)
 
+* `connection_policy` - (Optional) The connection policy the server will use. Possible values are `Default`, `Proxy`, and `Redirect`. Defaults to `Default`.
+
 * `identity` - (Optional) An `identity` block as defined below.
 
 * `extended_auditing_policy` - (Optional) A `extended_auditing_policy` block as defined below.