azurerm_mssql_server - Add support for azuread_administrator (#6822)

hashicorp · May 8, 2020 · 745543c · 745543c
1 parent f4d116a
commit 745543c
Show file tree

Hide file tree

Showing 4 changed files with 344 additions and 1 deletion.
diff --git a/azurerm/internal/services/mssql/client/client.go b/azurerm/internal/services/mssql/client/client.go
@@ -12,6 +12,7 @@ type Client struct {
 	DatabaseThreatDetectionPoliciesClient              *sql.DatabaseThreatDetectionPoliciesClient
 	ElasticPoolsClient                                 *sql.ElasticPoolsClient
 	DatabaseVulnerabilityAssessmentRuleBaselinesClient *sql.DatabaseVulnerabilityAssessmentRuleBaselinesClient
+	ServerAzureADAdministratorsClient                  *sql.ServerAzureADAdministratorsClient
 	ServersClient                                      *sql.ServersClient
 	ServerExtendedBlobAuditingPoliciesClient           *sql.ExtendedServerBlobAuditingPoliciesClient
 	ServerConnectionPoliciesClient                     *sql.ServerConnectionPoliciesClient
@@ -45,6 +46,9 @@ func NewClient(o *common.ClientOptions) *Client {
 	serverVulnerabilityAssessmentsClient := sql.NewServerVulnerabilityAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&serverVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer)
 
+	serverAzureADAdministratorsClient := sql.NewServerAzureADAdministratorsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&serverAzureADAdministratorsClient.Client, o.ResourceManagerAuthorizer)
+
 	serversClient := sql.NewServersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&serversClient.Client, o.ResourceManagerAuthorizer)
 
@@ -60,6 +64,7 @@ func NewClient(o *common.ClientOptions) *Client {
 		DatabaseThreatDetectionPoliciesClient:              &databaseThreatDetectionPoliciesClient,
 		DatabaseVulnerabilityAssessmentRuleBaselinesClient: &databaseVulnerabilityAssessmentRuleBaselinesClient,
 		ElasticPoolsClient:                                 &elasticPoolsClient,
+		ServerAzureADAdministratorsClient:                  &serverAzureADAdministratorsClient,
 		ServersClient:                                      &serversClient,
 		ServerExtendedBlobAuditingPoliciesClient:           &serverExtendedBlobAuditingPoliciesClient,
 		ServerConnectionPoliciesClient:                     &serverConnectionPoliciesClient,

diff --git a/azurerm/internal/services/mssql/mssql_server_resource.go b/azurerm/internal/services/mssql/mssql_server_resource.go
@@ -9,6 +9,7 @@ import (
 	"github.com/hashicorp/go-azure-helpers/response"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	uuid "github.com/satori/go.uuid"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
@@ -71,6 +72,35 @@ func resourceArmMsSqlServer() *schema.Resource {
 				Sensitive: true,
 			},
 
+			"azuread_administrator": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				MinItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"login_username": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validation.StringIsNotEmpty,
+						},
+
+						"object_id": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validation.IsUUID,
+						},
+
+						"tenant_id": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							Computed:     true,
+							ValidateFunc: validation.IsUUID,
+						},
+					},
+				},
+			},
+
 			"connection_policy": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -129,6 +159,7 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
 	client := meta.(*clients.Client).MSSQL.ServersClient
 	auditingClient := meta.(*clients.Client).MSSQL.ServerExtendedBlobAuditingPoliciesClient
 	connectionClient := meta.(*clients.Client).MSSQL.ServerConnectionPoliciesClient
+	adminClient := meta.(*clients.Client).MSSQL.ServerAzureADAdministratorsClient
 	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -198,6 +229,28 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
 
 	d.SetId(*resp.ID)
 
+	if d.HasChange("azuread_administrator") {
+		adminDelFuture, err := adminClient.Delete(ctx, resGroup, name)
+		if err != nil {
+			return fmt.Errorf("deleting SQL Server %q AAD admin (Resource Group %q): %+v", name, resGroup, err)
+		}
+
+		if err = adminDelFuture.WaitForCompletionRef(ctx, adminClient.Client); err != nil {
+			return fmt.Errorf("waiting for SQL Server %q AAD admin (Resource Group %q) to be deleted: %+v", name, resGroup, err)
+		}
+
+		if adminParams := expandAzureRmMsSqlServerAdministrator(d.Get("azuread_administrator").([]interface{})); adminParams != nil {
+			adminFuture, err := adminClient.CreateOrUpdate(ctx, resGroup, name, *adminParams)
+			if err != nil {
+				return fmt.Errorf("creating SQL Server %q AAD admin (Resource Group %q): %+v", name, resGroup, err)
+			}
+
+			if err = adminFuture.WaitForCompletionRef(ctx, adminClient.Client); err != nil {
+				return fmt.Errorf("waiting for creation of SQL Server %q AAD admin (Resource Group %q): %+v", name, resGroup, err)
+			}
+		}
+	}
+
 	connection := sql.ServerConnectionPolicy{
 		ServerConnectionPolicyProperties: &sql.ServerConnectionPolicyProperties{
 			ConnectionType: sql.ServerConnectionType(d.Get("connection_policy").(string)),
@@ -210,17 +263,24 @@ func resourceArmMsSqlServerCreateUpdate(d *schema.ResourceData, meta interface{}
 	auditingProps := sql.ExtendedServerBlobAuditingPolicy{
 		ExtendedServerBlobAuditingPolicyProperties: helper.ExpandAzureRmSqlServerBlobAuditingPolicies(d.Get("extended_auditing_policy").([]interface{})),
 	}
-	if _, err = auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps); err != nil {
+
+	auditingFuture, err := auditingClient.CreateOrUpdate(ctx, resGroup, name, auditingProps)
+	if err != nil {
 		return fmt.Errorf("Error issuing create/update request for SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err)
 	}
 
+	if err = auditingFuture.WaitForCompletionRef(ctx, auditingClient.Client); err != nil {
+		return fmt.Errorf("waiting for creation of SQL Server %q Blob Auditing Policies(Resource Group %q): %+v", name, resGroup, err)
+	}
+
 	return resourceArmMsSqlServerRead(d, meta)
 }
 
 func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).MSSQL.ServersClient
 	auditingClient := meta.(*clients.Client).MSSQL.ServerExtendedBlobAuditingPoliciesClient
 	connectionClient := meta.(*clients.Client).MSSQL.ServerConnectionPoliciesClient
+	adminClient := meta.(*clients.Client).MSSQL.ServerAzureADAdministratorsClient
 	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -260,6 +320,17 @@ func resourceArmMsSqlServerRead(d *schema.ResourceData, meta interface{}) error
 		d.Set("public_network_access_enabled", props.PublicNetworkAccess == sql.ServerPublicNetworkAccessEnabled)
 	}
 
+	adminResp, err := adminClient.Get(ctx, resGroup, name)
+	if err != nil {
+		if !utils.ResponseWasNotFound(adminResp.Response) {
+			return fmt.Errorf("Error reading SQL Server %s AAD admin: %v", name, err)
+		}
+	} else {
+		if err := d.Set("azuread_administrator", flatternAzureRmMsSqlServerAdministrator(adminResp)); err != nil {
+			return fmt.Errorf("setting `azuread_administrator`: %+v", err)
+		}
+	}
+
 	connection, err := connectionClient.Get(ctx, resGroup, name)
 	if err != nil {
 		return fmt.Errorf("Error reading SQL Server %s Blob Connection Policy: %v ", name, err)
@@ -328,3 +399,50 @@ func flattenAzureRmSqlServerIdentity(identity *sql.ResourceIdentity) []interface
 
 	return []interface{}{result}
 }
+
+func expandAzureRmMsSqlServerAdministrator(input []interface{}) *sql.ServerAzureADAdministrator {
+	if len(input) == 0 || input[0] == nil {
+		return nil
+	}
+
+	admin := input[0].(map[string]interface{})
+	sid, _ := uuid.FromString(admin["object_id"].(string))
+
+	adminParams := sql.ServerAzureADAdministrator{
+		AdministratorProperties: &sql.AdministratorProperties{
+			AdministratorType: utils.String("ActiveDirectory"),
+			Login:             utils.String(admin["login_username"].(string)),
+			Sid:               &sid,
+		},
+	}
+
+	if v, ok := admin["tenant_id"]; ok && v != "" {
+		tid, _ := uuid.FromString(v.(string))
+		adminParams.TenantID = &tid
+	}
+
+	return &adminParams
+}
+
+func flatternAzureRmMsSqlServerAdministrator(admin sql.ServerAzureADAdministrator) []interface{} {
+	var login, sid, tid string
+	if admin.Login != nil {
+		login = *admin.Login
+	}
+
+	if admin.Sid != nil {
+		sid = admin.Sid.String()
+	}
+
+	if admin.TenantID != nil {
+		tid = admin.TenantID.String()
+	}
+
+	return []interface{}{
+		map[string]interface{}{
+			"login_username": login,
+			"object_id":      sid,
+			"tenant_id":      tid,
+		},
+	}
+}