This repository has been archived by the owner on Nov 27, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmodule.tf
89 lines (73 loc) · 3.43 KB
/
module.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# June 2020 implemented from
# https://www.terraform.io/docs/providers/azurerm/r/sql_server.html
# https://www.terraform.io/docs/providers/azurerm/r/sql_virtual_network_rule.html
# https://www.terraform.io/docs/providers/azurerm/r/sql_active_directory_administrator.html
# https://www.terraform.io/docs/providers/azurerm/r/sql_elasticpool.html
resource "random_password" "password" {
length = 16
special = true
override_special = "_%@"
}
resource "azurecaf_naming_convention" "sql" {
name = var.sql_server.name
prefix = var.prefix
resource_type = "azurerm_sql_server"
convention = var.convention
}
resource "azurerm_sql_server" "sql_server" {
name = azurecaf_naming_convention.sql.result
location = var.location
resource_group_name = var.resource_group_name
version = var.sql_server.version
administrator_login = var.sql_server.admin
administrator_login_password = lookup(var.sql_server, "password", random_password.password.result)
tags = local.tags
connection_policy = lookup(var.sql_server, "connection_policy", null)
dynamic "identity" {
for_each = lookup(var.sql_server, "identity", {}) != {} ? [1] : []
content {
type = var.sql_server.identity.type
}
}
dynamic "extended_auditing_policy" {
for_each = lookup(var.sql_server, "extended_auditing_policy", {}) != {} ? [1] : []
content {
storage_account_access_key = var.sql_server.extended_auditing_policy.storage_account_access_key
storage_endpoint = var.sql_server.extended_auditing_policy.storage_endpoint
storage_account_access_key_is_secondary = lookup(var.sql_server.extended_auditing_policy, "storage_account_access_key_is_secondary", null)
retention_in_days = lookup(var.sql_server.extended_auditing_policy, "retention_in_days", null)
}
}
}
resource "azurerm_sql_virtual_network_rule" "sql_vnet_rule" {
## create only if we have a non-empty subnet ID passed
for_each = var.subnet_id_list
name = substr(basename(each.value), 0, 63)
resource_group_name = var.resource_group_name
server_name = azurerm_sql_server.sql_server.name
subnet_id = each.value
}
resource "azurerm_sql_active_directory_administrator" "admins" {
## create only if the aad_admin is non-empty
for_each = var.aad_admin
server_name = azurerm_sql_server.sql_server.name
resource_group_name = var.resource_group_name
login = each.value.name
object_id = each.value.id
tenant_id = each.value.tenant_id
}
resource "azurerm_sql_elasticpool" "sql_server_elastic_pool" {
## create only if elastic_pool object is filled
for_each = var.sql_server.elastic_pool
## dependencies in order for changes not to be concurrent on the object and get an error
depends_on = [azurerm_sql_virtual_network_rule.sql_vnet_rule, azurerm_sql_active_directory_administrator.admins]
name = each.value.name
resource_group_name = var.resource_group_name
location = var.location
server_name = azurerm_sql_server.sql_server.name
edition = each.value.edition
dtu = each.value.dtu
db_dtu_min = each.value.db_dtu_min
db_dtu_max = each.value.db_dtu_max
pool_size = each.value.pool_size
}