From cdb8474aaca6d86b919f39c4d14d2f6230b7abe6 Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Tue, 20 Aug 2024 15:08:48 +0200 Subject: [PATCH 1/3] Add vars to azure/mysql_flexible_server and azure/mysql_flexible_server_public --- modules/azure/mysql_flexible_server/main.tf | 10 +++++++ .../azure/mysql_flexible_server/variables.tf | 30 +++++++++++++++++++ .../mysql_flexible_server_public/main.tf | 19 ++++++++++++ .../mysql_flexible_server_public/variables.tf | 30 +++++++++++++++++++ 4 files changed, 89 insertions(+) diff --git a/modules/azure/mysql_flexible_server/main.tf b/modules/azure/mysql_flexible_server/main.tf index 9a84d16b..181cf81d 100644 --- a/modules/azure/mysql_flexible_server/main.tf +++ b/modules/azure/mysql_flexible_server/main.tf @@ -68,6 +68,16 @@ resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_co value = var.slow_query_log } +resource "azurerm_mysql_flexible_server_active_directory_administrator" "entra_admin" { + for_each = var.entra_administrator_enabled == false ? [] : [1] + + server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id + identity_id = var.entra_identity_id + login = var.entra_login + object_id = var.entra_object_id + tenant_id = var.entra_tenant_id +} + data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { count = var.log_analytics_workspace_id == null ? 0 : 1 resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id diff --git a/modules/azure/mysql_flexible_server/variables.tf b/modules/azure/mysql_flexible_server/variables.tf index cd510d4f..b5cc9079 100644 --- a/modules/azure/mysql_flexible_server/variables.tf +++ b/modules/azure/mysql_flexible_server/variables.tf @@ -81,6 +81,36 @@ variable "mysql_admin_username" { description = "The administrator login username for the mysql server." } +variable "entra_administrator_enabled" { + type = bool + description = "Specifies whether or not Entra authentication is enabled for this MySQL Server" + default = false +} + +variable "entra_identity_id" { + type = string + description = "The Entra identity id for the mysql server." + default = null +} + +variable "entra_login" { + type = string + description = "The Entra administrator login username for the mysql server." + default = null +} + +variable "entra_object_id" { + type = string + description = "The Entra object id for the mysql server." + default = null +} + +variable "entra_tenant_id" { + type = string + description = "The Entra tenant id for the mysql server." + default = null +} + variable "password_keeper" { type = map(string) description = "Random map of strings, when changed the mysql admin password will rotate." diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index 815ab2b7..f0fade84 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -45,6 +45,15 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { size_gb = var.server_storage_max } + dynamic "identity" { + for_each = var.entra_administrator_enabled == false ? [] : [1] + + content { + type = "UserAssigned" + identity_ids = [var.entra_identity_id] + } + } + lifecycle { ignore_changes = [zone] prevent_destroy = true @@ -66,6 +75,16 @@ resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_co value = var.slow_query_log } +resource "azurerm_mysql_flexible_server_active_directory_administrator" "entra_admin" { + for_each = var.entra_administrator_enabled == false ? [] : [1] + + server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id + identity_id = var.entra_identity_id + login = var.entra_login + object_id = var.entra_object_id + tenant_id = var.entra_tenant_id +} + data "azurerm_monitor_diagnostic_categories" "diagnostic_categories" { count = var.log_analytics_workspace_id == null ? 0 : 1 resource_id = azurerm_mysql_flexible_server.mysql_flexible_server.id diff --git a/modules/azure/mysql_flexible_server_public/variables.tf b/modules/azure/mysql_flexible_server_public/variables.tf index 65ad027c..af51f211 100644 --- a/modules/azure/mysql_flexible_server_public/variables.tf +++ b/modules/azure/mysql_flexible_server_public/variables.tf @@ -70,6 +70,36 @@ variable "admin_username" { description = "The administrator login username for the mysql server." } +variable "entra_administrator_enabled" { + type = bool + description = "Specifies whether or not Entra authentication is enabled for this MySQL Server" + default = false +} + +variable "entra_identity_id" { + type = string + description = "The Entra identity id for the mysql server." + default = null +} + +variable "entra_login" { + type = string + description = "The Entra administrator login username for the mysql server." + default = null +} + +variable "entra_object_id" { + type = string + description = "The Entra object id for the mysql server." + default = null +} + +variable "entra_tenant_id" { + type = string + description = "The Entra tenant id for the mysql server." + default = null +} + variable "password_keeper" { type = map(string) description = "Random map of strings, when changed the mysql admin password will rotate." From 7c1382329d1aa47ade04afa347bd5bf4c075defb Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Tue, 20 Aug 2024 16:17:49 +0200 Subject: [PATCH 2/3] Fix for_each statement --- modules/azure/mysql_flexible_server/main.tf | 11 ++++++++++- modules/azure/mysql_flexible_server_public/main.tf | 4 ++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/azure/mysql_flexible_server/main.tf b/modules/azure/mysql_flexible_server/main.tf index 181cf81d..fc7809cb 100644 --- a/modules/azure/mysql_flexible_server/main.tf +++ b/modules/azure/mysql_flexible_server/main.tf @@ -48,6 +48,15 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { size_gb = var.mysql_server_storage_max } + dynamic "identity" { + for_each = var.entra_administrator_enabled == false ? [] : ["1"] + + content { + type = "UserAssigned" + identity_ids = [var.entra_identity_id] + } + } + lifecycle { ignore_changes = [zone] } @@ -69,7 +78,7 @@ resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_co } resource "azurerm_mysql_flexible_server_active_directory_administrator" "entra_admin" { - for_each = var.entra_administrator_enabled == false ? [] : [1] + for_each = var.entra_administrator_enabled == false ? [] : ["1"] server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id identity_id = var.entra_identity_id diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index f0fade84..a0256ead 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -46,7 +46,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { } dynamic "identity" { - for_each = var.entra_administrator_enabled == false ? [] : [1] + for_each = var.entra_administrator_enabled == false ? [] : ["1"] content { type = "UserAssigned" @@ -76,7 +76,7 @@ resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_co } resource "azurerm_mysql_flexible_server_active_directory_administrator" "entra_admin" { - for_each = var.entra_administrator_enabled == false ? [] : [1] + for_each = var.entra_administrator_enabled == false ? [] : ["1"] server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id identity_id = var.entra_identity_id From 8ab9e34264450bf0fccf92abd57a46b7d47308bd Mon Sep 17 00:00:00 2001 From: Tom Reinders Date: Tue, 13 Aug 2024 16:05:18 +0200 Subject: [PATCH 3/3] Fix for_each statement - part 2 --- modules/azure/mysql_flexible_server/main.tf | 4 ++-- modules/azure/mysql_flexible_server_public/main.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/azure/mysql_flexible_server/main.tf b/modules/azure/mysql_flexible_server/main.tf index fc7809cb..2f18bffe 100644 --- a/modules/azure/mysql_flexible_server/main.tf +++ b/modules/azure/mysql_flexible_server/main.tf @@ -49,7 +49,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { } dynamic "identity" { - for_each = var.entra_administrator_enabled == false ? [] : ["1"] + for_each = var.entra_administrator_enabled == false ? [] : [1] content { type = "UserAssigned" @@ -78,7 +78,7 @@ resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_co } resource "azurerm_mysql_flexible_server_active_directory_administrator" "entra_admin" { - for_each = var.entra_administrator_enabled == false ? [] : ["1"] + count = var.entra_administrator_enabled == false ? 0 : 1 server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id identity_id = var.entra_identity_id diff --git a/modules/azure/mysql_flexible_server_public/main.tf b/modules/azure/mysql_flexible_server_public/main.tf index a0256ead..9ae422f2 100644 --- a/modules/azure/mysql_flexible_server_public/main.tf +++ b/modules/azure/mysql_flexible_server_public/main.tf @@ -46,7 +46,7 @@ resource "azurerm_mysql_flexible_server" "mysql_flexible_server" { } dynamic "identity" { - for_each = var.entra_administrator_enabled == false ? [] : ["1"] + for_each = var.entra_administrator_enabled == false ? [] : [1] content { type = "UserAssigned" @@ -76,7 +76,7 @@ resource "azurerm_mysql_flexible_server_configuration" "mysql_flexible_server_co } resource "azurerm_mysql_flexible_server_active_directory_administrator" "entra_admin" { - for_each = var.entra_administrator_enabled == false ? [] : ["1"] + count = var.entra_administrator_enabled == false ? 0 : 1 server_id = azurerm_mysql_flexible_server.mysql_flexible_server.id identity_id = var.entra_identity_id