diff --git a/.github/workflows/master-100-tf14.yaml b/.github/workflows/master-100-tf14.yaml index 2e45ee004c..cf98c7b1f1 100755 --- a/.github/workflows/master-100-tf14.yaml +++ b/.github/workflows/master-100-tf14.yaml @@ -104,7 +104,10 @@ jobs: "mariadb_server/102-private-endpoint-mariadb", "mariadb_server/103-private-endpoint-with-fw-rule-mariadb", "monitoring/100-service-health-alerts", - "mssql_server/elastic_pools", + "mssql_server/101-sqlserver-simple", + "mssql_server/102-sqlserver-extend", + "mssql_server/104-sqlserver-elastic_pools", + "mssql_server/105-sqlserver-failover_groups", "mysql_server/100-simple-mysql", "mysql_server/101-vnet-rule-mysql", "mysql_server/102-private-endpoint-mysql", diff --git a/.github/workflows/master-100-tf15.yaml b/.github/workflows/master-100-tf15.yaml index f4fcab3217..f92d793e0d 100755 --- a/.github/workflows/master-100-tf15.yaml +++ b/.github/workflows/master-100-tf15.yaml @@ -104,7 +104,10 @@ jobs: "mariadb_server/102-private-endpoint-mariadb", "mariadb_server/103-private-endpoint-with-fw-rule-mariadb", "monitoring/100-service-health-alerts", - "mssql_server/elastic_pools", + "mssql_server/101-sqlserver-simple", + "mssql_server/102-sqlserver-extend", + "mssql_server/104-sqlserver-elastic_pools", + "mssql_server/105-sqlserver-failover_groups", "mysql_server/100-simple-mysql", "mysql_server/101-vnet-rule-mysql", "mysql_server/102-private-endpoint-mysql", diff --git a/.github/workflows/master-100.yaml b/.github/workflows/master-100.yaml index bad1924d0f..ca073f45c2 100755 --- a/.github/workflows/master-100.yaml +++ b/.github/workflows/master-100.yaml @@ -111,7 +111,10 @@ jobs: "mariadb_server/102-private-endpoint-mariadb", "mariadb_server/103-private-endpoint-with-fw-rule-mariadb", "monitoring/100-service-health-alerts", - "mssql_server/elastic_pools", + "mssql_server/101-sqlserver-simple", + "mssql_server/102-sqlserver-extend", + "mssql_server/104-sqlserver-elastic_pools", + "mssql_server/105-sqlserver-failover_groups", "mysql_server/100-simple-mysql", "mysql_server/101-vnet-rule-mysql", "mysql_server/102-private-endpoint-mysql", diff --git a/.github/workflows/master-standalone-tf14.yaml b/.github/workflows/master-standalone-tf14.yaml index ed06348345..ee5996f381 100755 --- a/.github/workflows/master-standalone-tf14.yaml +++ b/.github/workflows/master-standalone-tf14.yaml @@ -57,8 +57,8 @@ jobs: "mariadb_server/102-private-endpoint-mariadb", "mariadb_server/103-private-endpoint-with-fw-rule-mariadb", "monitoring/100-service-health-alerts", - "mssql_server/elastic_pools", - "mssql_server/failover_groups", + "mssql_server/104-sqlserver-elastic_pools", + "mssql_server/105-sqlserver-failover_groups", "mysql_server/100-simple-mysql", "mysql_server/101-vnet-rule-mysql", "mysql_server/102-private-endpoint-mysql", diff --git a/.github/workflows/master-standalone-tf15.yaml b/.github/workflows/master-standalone-tf15.yaml index 7896ca7acf..fffd46bf30 100755 --- a/.github/workflows/master-standalone-tf15.yaml +++ b/.github/workflows/master-standalone-tf15.yaml @@ -57,8 +57,8 @@ jobs: "mariadb_server/102-private-endpoint-mariadb", "mariadb_server/103-private-endpoint-with-fw-rule-mariadb", "monitoring/100-service-health-alerts", - "mssql_server/elastic_pools", - "mssql_server/failover_groups", + "mssql_server/104-sqlserver-elastic_pools", + "mssql_server/105-sqlserver-failover_groups", "mysql_server/100-simple-mysql", "mysql_server/101-vnet-rule-mysql", "mysql_server/102-private-endpoint-mysql", diff --git a/.github/workflows/master-standalone.yaml b/.github/workflows/master-standalone.yaml index a0c70db5da..d3640059ed 100755 --- a/.github/workflows/master-standalone.yaml +++ b/.github/workflows/master-standalone.yaml @@ -65,8 +65,8 @@ jobs: "mariadb_server/102-private-endpoint-mariadb", "mariadb_server/103-private-endpoint-with-fw-rule-mariadb", "monitoring/100-service-health-alerts", - "mssql_server/elastic_pools", - "mssql_server/failover_groups", + "mssql_server/104-sqlserver-elastic_pools", + "mssql_server/105-sqlserver-failover_groups", "mysql_server/100-simple-mysql", "mysql_server/101-vnet-rule-mysql", "mysql_server/102-private-endpoint-mysql", diff --git a/examples/mssql_server/101-sqlserver-simple/configuration.tfvars b/examples/mssql_server/101-sqlserver-simple/configuration.tfvars new file mode 100644 index 0000000000..1c22a51e1a --- /dev/null +++ b/examples/mssql_server/101-sqlserver-simple/configuration.tfvars @@ -0,0 +1,57 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "southeastasia" + } +} + +resource_groups = { + sql_region1 = { + name = "sql-rg1" + region = "region1" + } +} + +mssql_servers = { + sql_rg1 = { + name = "sql-rg1" + region = "region1" + resource_group_key = "sql_region1" + administrator_login = "sqladmin" + } +} + +keyvaults = { + sql_rg1 = { + name = "sqlrg1" + resource_group_key = "sql_region1" + sku_name = "standard" + + creation_policies = { + logged_in_user = { + secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] + } + logged_in_aad_app = { + secret_permissions = ["Set", "Get", "List", "Delete", "Purge"] + } + } + } +} + +#need to place dynamic secrets module outside caf module to pass the objects +# dynamic_keyvault_secrets = { +# sql_rg1 = { +# sql_username = { +# output_key = "mssql_servers" +# resource_key = "sql_rg1" +# attribute_key = "administrator_login" +# secret_name = "sql-rg1-username" +# } +# sql_password = { +# output_key = "mssql_servers" +# resource_key = "sql_rg1" +# attribute_key = "administrator_login_password" +# secret_name = "sql-rg1-password" +# } +# } +# } \ No newline at end of file diff --git a/examples/mssql_server/200-mssql.tfvars b/examples/mssql_server/102-sqlserver-extend/configuration.tfvars similarity index 100% rename from examples/mssql_server/200-mssql.tfvars rename to examples/mssql_server/102-sqlserver-extend/configuration.tfvars diff --git a/examples/mssql_server/200-mssql-two-regions.tfvars b/examples/mssql_server/103-sqlserver-two-regions/configuration.tfvars similarity index 100% rename from examples/mssql_server/200-mssql-two-regions.tfvars rename to examples/mssql_server/103-sqlserver-two-regions/configuration.tfvars diff --git a/examples/mssql_server/elastic_pools/configuration.tfvars b/examples/mssql_server/104-sqlserver-elastic_pools/configuration.tfvars similarity index 100% rename from examples/mssql_server/elastic_pools/configuration.tfvars rename to examples/mssql_server/104-sqlserver-elastic_pools/configuration.tfvars diff --git a/examples/mssql_server/elastic_pools/standalone/ci.sh b/examples/mssql_server/104-sqlserver-elastic_pools/standalone/ci.sh similarity index 100% rename from examples/mssql_server/elastic_pools/standalone/ci.sh rename to examples/mssql_server/104-sqlserver-elastic_pools/standalone/ci.sh diff --git a/examples/mssql_server/elastic_pools/standalone/main.tf b/examples/mssql_server/104-sqlserver-elastic_pools/standalone/main.tf similarity index 100% rename from examples/mssql_server/elastic_pools/standalone/main.tf rename to examples/mssql_server/104-sqlserver-elastic_pools/standalone/main.tf diff --git a/examples/mssql_server/elastic_pools/standalone/module.tf b/examples/mssql_server/104-sqlserver-elastic_pools/standalone/module.tf similarity index 100% rename from examples/mssql_server/elastic_pools/standalone/module.tf rename to examples/mssql_server/104-sqlserver-elastic_pools/standalone/module.tf diff --git a/examples/mssql_server/elastic_pools/standalone/readme.md b/examples/mssql_server/104-sqlserver-elastic_pools/standalone/readme.md similarity index 68% rename from examples/mssql_server/elastic_pools/standalone/readme.md rename to examples/mssql_server/104-sqlserver-elastic_pools/standalone/readme.md index 452c5b69e8..a8f6a64bb9 100644 --- a/examples/mssql_server/elastic_pools/standalone/readme.md +++ b/examples/mssql_server/104-sqlserver-elastic_pools/standalone/readme.md @@ -1,7 +1,7 @@ You can test this module outside of a landingzone using ```bash -cd /tf/caf/examples/mssql_server/elastic_pools/standalone +cd /tf/caf/examples/mssql_server/104-sqlserver-elastic_pools/standalone terraform init @@ -16,7 +16,7 @@ To test this deployment in the example landingzone. Make sure the launchpad has rover \ -lz /tf/caf/aztfmod/examples \ - -var-folder /tf/caf/examples/mssql_server/elastic_pools/ \ + -var-folder /tf/caf/examples/mssql_server/104-sqlserver-elastic_pools/ \ -level level1 \ -a plan diff --git a/examples/mssql_server/elastic_pools/standalone/variables.tf b/examples/mssql_server/104-sqlserver-elastic_pools/standalone/variables.tf similarity index 100% rename from examples/mssql_server/elastic_pools/standalone/variables.tf rename to examples/mssql_server/104-sqlserver-elastic_pools/standalone/variables.tf diff --git a/examples/mssql_server/failover_groups/configuration.tfvars b/examples/mssql_server/105-sqlserver-failover_groups/configuration.tfvars similarity index 100% rename from examples/mssql_server/failover_groups/configuration.tfvars rename to examples/mssql_server/105-sqlserver-failover_groups/configuration.tfvars diff --git a/examples/mssql_server/failover_groups/standalone/ci.sh b/examples/mssql_server/105-sqlserver-failover_groups/standalone/ci.sh similarity index 100% rename from examples/mssql_server/failover_groups/standalone/ci.sh rename to examples/mssql_server/105-sqlserver-failover_groups/standalone/ci.sh diff --git a/examples/mssql_server/failover_groups/standalone/main.tf b/examples/mssql_server/105-sqlserver-failover_groups/standalone/main.tf similarity index 100% rename from examples/mssql_server/failover_groups/standalone/main.tf rename to examples/mssql_server/105-sqlserver-failover_groups/standalone/main.tf diff --git a/examples/mssql_server/failover_groups/standalone/module.tf b/examples/mssql_server/105-sqlserver-failover_groups/standalone/module.tf similarity index 100% rename from examples/mssql_server/failover_groups/standalone/module.tf rename to examples/mssql_server/105-sqlserver-failover_groups/standalone/module.tf diff --git a/examples/mssql_server/failover_groups/standalone/readme.md b/examples/mssql_server/105-sqlserver-failover_groups/standalone/readme.md similarity index 68% rename from examples/mssql_server/failover_groups/standalone/readme.md rename to examples/mssql_server/105-sqlserver-failover_groups/standalone/readme.md index d3e1b2620d..3ef83f08b3 100644 --- a/examples/mssql_server/failover_groups/standalone/readme.md +++ b/examples/mssql_server/105-sqlserver-failover_groups/standalone/readme.md @@ -1,7 +1,7 @@ You can test this module outside of a landingzone using ```bash -cd /tf/caf/examples/mssql_server/failover_groups/standalone +cd /tf/caf/examples/mssql_server/105-sqlserver-failover_groups/standalone terraform init @@ -16,7 +16,7 @@ To test this deployment in the example landingzone. Make sure the launchpad has rover \ -lz /tf/caf/aztfmod/examples \ - -var-folder /tf/caf/examples/mssql_server/failover_groups/ \ + -var-folder /tf/caf/examples/mssql_server/105-sqlserver-failover_groups/ \ -level level1 \ -a plan diff --git a/examples/mssql_server/failover_groups/standalone/variables.tf b/examples/mssql_server/105-sqlserver-failover_groups/standalone/variables.tf similarity index 100% rename from examples/mssql_server/failover_groups/standalone/variables.tf rename to examples/mssql_server/105-sqlserver-failover_groups/standalone/variables.tf diff --git a/modules/databases/mssql_server/output.tf b/modules/databases/mssql_server/output.tf index aeb82e8256..3b2b8d20c5 100644 --- a/modules/databases/mssql_server/output.tf +++ b/modules/databases/mssql_server/output.tf @@ -24,4 +24,12 @@ output resource_group_name { output location { value = var.location +} + +output administrator_login { + value = var.settings.administrator_login +} + +output administrator_login_password { + value = try(var.settings.administrator_login_password, random_password.sql_admin.0.result) } \ No newline at end of file diff --git a/modules/databases/mssql_server/server.tf b/modules/databases/mssql_server/server.tf index 1aeb703dcf..a0204c0409 100755 --- a/modules/databases/mssql_server/server.tf +++ b/modules/databases/mssql_server/server.tf @@ -5,7 +5,7 @@ resource "azurerm_mssql_server" "mssql" { location = var.location version = try(var.settings.version, "12.0") administrator_login = var.settings.administrator_login - administrator_login_password = try(var.settings.administrator_login_password, azurerm_key_vault_secret.sql_admin_password.0.value) + administrator_login_password = try(var.settings.administrator_login_password, random_password.sql_admin.0.result) public_network_access_enabled = try(var.settings.public_network_access_enabled, true) connection_policy = try(var.settings.connection_policy, null) minimum_tls_version = try(var.settings.minimum_tls_version, null) @@ -51,27 +51,4 @@ resource "random_password" "sql_admin" { override_special = "$#%" } -# Store the generated password into keyvault -resource "azurerm_key_vault_secret" "sql_admin_password" { - count = try(var.settings.administrator_login_password, null) == null ? 1 : 0 - - name = format("%s-password", azurecaf_name.mssql.result) - value = random_password.sql_admin.0.result - key_vault_id = var.keyvault_id - - lifecycle { - ignore_changes = [ - value - ] - } -} - -resource "azurerm_key_vault_secret" "sql_admin" { - count = try(var.settings.administrator_login_password, null) == null ? 1 : 0 - - name = format("%s-username", azurecaf_name.mssql.result) - value = var.settings.administrator_login - key_vault_id = var.keyvault_id -} - diff --git a/modules/databases/mssql_server/variables.tf b/modules/databases/mssql_server/variables.tf index 6dd5cd4717..3021fd5cbc 100755 --- a/modules/databases/mssql_server/variables.tf +++ b/modules/databases/mssql_server/variables.tf @@ -13,7 +13,6 @@ variable location { description = "(Required) Specifies the supported Azure location where to create the resource. Changing this forces a new resource to be created." type = string } -variable keyvault_id {} variable storage_accounts {} variable azuread_groups {} variable vnets {} diff --git a/modules/webapps/appservice/storage_account.tf b/modules/webapps/appservice/storage_account.tf index a03ed95412..81a94288c5 100644 --- a/modules/webapps/appservice/storage_account.tf +++ b/modules/webapps/appservice/storage_account.tf @@ -5,8 +5,6 @@ data "azurerm_storage_account_blob_container_sas" "backup" { container_name = local.backup_storage_account.containers[var.settings.backup.container_key].name https_only = true - #ip_address = "168.1.5.65" - start = time_rotating.sas[0].id expiry = timeadd(time_rotating.sas[0].id, format("%sh", var.settings.backup.sas_policy.expire_in_days * 24)) @@ -18,12 +16,6 @@ data "azurerm_storage_account_blob_container_sas" "backup" { delete = true list = true } - - # cache_control = "max-age=5" - # content_disposition = "inline" - # content_encoding = "deflate" - # content_language = "en-US" - # content_type = "application/json" } resource "time_rotating" "sas" { diff --git a/mssql_servers.tf b/mssql_servers.tf index a0532b834c..410ad523a0 100755 --- a/mssql_servers.tf +++ b/mssql_servers.tf @@ -14,7 +14,6 @@ module "mssql_servers" { settings = each.value resource_group_name = module.resource_groups[each.value.resource_group_key].name location = lookup(each.value, "region", null) == null ? module.resource_groups[each.value.resource_group_key].location : local.global_settings.regions[each.value.region] - keyvault_id = try(each.value.administrator_login_password, null) != null ? null : try(each.value.lz_key, null) == null ? local.combined_objects_keyvaults[local.client_config.landingzone_key][each.value.keyvault_key].id : local.combined_objects_keyvaults[each.value.lz_key][each.value.keyvault_key].id storage_accounts = module.storage_accounts azuread_groups = local.combined_objects_azuread_groups vnets = local.combined_objects_networking