azurerm_mysql_server - support public_network_access_enabled… (#6590)

Fix the issue #6482
hashicorp · Apr 23, 2020 · a6ce743 · a6ce743
1 parent 8dc7eca
commit a6ce743
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 0 deletions.
diff --git a/azurerm/internal/services/mysql/resource_arm_mysql_server.go b/azurerm/internal/services/mysql/resource_arm_mysql_server.go
@@ -152,6 +152,12 @@ func resourceArmMySqlServer() *schema.Resource {
 				DiffSuppressFunc: suppress.CaseDifference,
 			},
 
+			"public_network_access_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+
 			"fqdn": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -184,6 +190,11 @@ func resourceArmMySqlServerCreate(d *schema.ResourceData, meta interface{}) erro
 	location := azure.NormalizeLocation(d.Get("location").(string))
 	resourceGroup := d.Get("resource_group_name").(string)
 
+	publicAccess := mysql.PublicNetworkAccessEnumEnabled
+	if v := d.Get("public_network_access_enabled").(bool); !v {
+		publicAccess = mysql.PublicNetworkAccessEnumDisabled
+	}
+
 	if features.ShouldResourcesBeImported() && d.IsNewResource() {
 		existing, err := client.Get(ctx, resourceGroup, name)
 		if err != nil {
@@ -211,6 +222,7 @@ func resourceArmMySqlServerCreate(d *schema.ResourceData, meta interface{}) erro
 			SslEnforcement:             mysql.SslEnforcementEnum(d.Get("ssl_enforcement").(string)),
 			StorageProfile:             expandMySQLStorageProfile(d),
 			CreateMode:                 mysql.CreateMode("Default"),
+			PublicNetworkAccess:        publicAccess,
 		},
 		Sku:  sku,
 		Tags: tags.Expand(d.Get("tags").(map[string]interface{})),
@@ -254,12 +266,18 @@ func resourceArmMySqlServerUpdate(d *schema.ResourceData, meta interface{}) erro
 		return fmt.Errorf("error expanding sku_name for MySQL Server %q (Resource Group %q): %v", name, resourceGroup, err)
 	}
 
+	publicAccess := mysql.PublicNetworkAccessEnumEnabled
+	if v := d.Get("public_network_access_enabled").(bool); !v {
+		publicAccess = mysql.PublicNetworkAccessEnumDisabled
+	}
+
 	properties := mysql.ServerUpdateParameters{
 		ServerUpdateParametersProperties: &mysql.ServerUpdateParametersProperties{
 			StorageProfile:             expandMySQLStorageProfile(d),
 			AdministratorLoginPassword: utils.String(d.Get("administrator_login_password").(string)),
 			Version:                    mysql.ServerVersion(d.Get("version").(string)),
 			SslEnforcement:             mysql.SslEnforcementEnum(d.Get("ssl_enforcement").(string)),
+			PublicNetworkAccess:        publicAccess,
 		},
 		Sku:  sku,
 		Tags: tags.Expand(d.Get("tags").(map[string]interface{})),
@@ -324,6 +342,7 @@ func resourceArmMySqlServerRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("administrator_login", resp.AdministratorLogin)
 	d.Set("version", string(resp.Version))
 	d.Set("ssl_enforcement", string(resp.SslEnforcement))
+	d.Set("public_network_access_enabled", resp.PublicNetworkAccess != mysql.PublicNetworkAccessEnumDisabled)
 
 	if err := d.Set("storage_profile", flattenMySQLStorageProfile(resp.StorageProfile)); err != nil {
 		return fmt.Errorf("Error setting `storage_profile`: %+v", err)

diff --git a/azurerm/internal/services/mysql/tests/resource_arm_mysql_server_test.go b/azurerm/internal/services/mysql/tests/resource_arm_mysql_server_test.go
@@ -30,6 +30,25 @@ func TestAccAzureRMMySQLServer_basicFiveSix(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMMySQLServer_disablePublicNetworkAccess(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_mysql_server", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMMySQLServerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMMySQLServer_disablePublicNetworkAccess(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMMySQLServerExists(data.ResourceName),
+				),
+			},
+			data.ImportStep("administrator_login_password"), // not returned as sensitive
+		},
+	})
+}
+
 func TestAccAzureRMMySQLServer_requiresImport(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_mysql_server", "test")
 
@@ -286,6 +305,39 @@ resource "azurerm_mysql_server" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
 }
 
+func testAccAzureRMMySQLServer_disablePublicNetworkAccess(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_mysql_server" "test" {
+  name                = "acctestmysqlsvr-%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  sku_name = "GP_Gen5_2"
+
+  storage_profile {
+    storage_mb            = 51200
+    backup_retention_days = 7
+    geo_redundant_backup  = "Disabled"
+  }
+
+  administrator_login           = "acctestun"
+  administrator_login_password  = "H@Sh1CoR3!"
+  version                       = "5.6"
+  ssl_enforcement               = "Enabled"
+  public_network_access_enabled = false
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
+}
+
 func testAccAzureRMMySQLServer_basicFiveSeven(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {

diff --git a/website/docs/r/mysql_server.html.markdown b/website/docs/r/mysql_server.html.markdown
@@ -61,6 +61,8 @@ The following arguments are supported:
 
 * `ssl_enforcement` - (Required) Specifies if SSL should be enforced on connections. Possible values are `Enabled` and `Disabled`.
 
+* `public_network_access_enabled` - (Optional) Should public network access be allowed for this server? Defaults to `true`.
+
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ---