From b94b251b69eff8837047927fae2754c20ae86477 Mon Sep 17 00:00:00 2001 From: Hanumesh Date: Fri, 18 Oct 2024 18:54:14 +0530 Subject: [PATCH 01/10] Added enhancements --- main.tf | 36 ++++++++++++++++++++++++++++-------- variables.tf | 42 ++++++++++++++++++++++++++++++++++++++---- 2 files changed, 66 insertions(+), 12 deletions(-) diff --git a/main.tf b/main.tf index 708debd..a0c6380 100644 --- a/main.tf +++ b/main.tf @@ -30,7 +30,7 @@ module "labels" { ##----------------------------------------------------------------------------- resource "random_password" "main" { - count = var.admin_password == null ? 1 : 0 + count = var.create_password ? 1 : 0 length = var.admin_password_length min_upper = 4 min_lower = 2 @@ -44,7 +44,7 @@ resource "random_password" "main" { resource "azurerm_mysql_flexible_server" "main" { count = var.enabled ? 1 : 0 - name = format("%s-mysql-flexible-server", module.labels.id) + name = var.mysql_server_name != null ? var.mysql_server_name : format("%s-mysql-flexible-server", module.labels.id) resource_group_name = local.resource_group_name location = var.location administrator_login = var.admin_username @@ -71,15 +71,35 @@ resource "azurerm_mysql_flexible_server" "main" { standby_availability_zone = lookup(high_availability.value, "standby_availability_zone", 1) } } + identity { + type = var.identity_type + identity_ids = var.identity_type == "UserAssigned" ? var.user_assigned_identity_ids : [] + } version = var.mysql_version zone = var.zone - tags = module.labels.tags + tags = var.custom_tags == null ? module.labels.tags : var.custom_tags depends_on = [azurerm_private_dns_zone_virtual_network_link.main, azurerm_private_dns_zone_virtual_network_link.main2] } +##----------------------------------------------------------------------------- +## Below resource will create mysql server active directory administrator. +##----------------------------------------------------------------------------- + +resource "azurerm_mysql_flexible_server_active_directory_administrator" "main" { + count = length(var.entra_authentication.object_id[*]) > 0 ? 1 : 0 + + server_id = join("", azurerm_mysql_flexible_server.main.*.id) + identity_id = var.entra_authentication.user_assigned_identity_id + login = var.entra_authentication.login + object_id = var.entra_authentication.object_id + tenant_id = data.azurerm_client_config.current.tenant_id + + depends_on = [ azurerm_mysql_flexible_server.main ] +} + ##----------------------------------------------------------------------------- ## Below resource will create mysql flexible database. ##----------------------------------------------------------------------------- @@ -91,7 +111,7 @@ resource "azurerm_mysql_flexible_database" "main" { server_name = join("", azurerm_mysql_flexible_server.main.*.name) charset = var.charset collation = var.collation - depends_on = [azurerm_mysql_flexible_server.main] + depends_on = [azurerm_mysql_flexible_server_active_directory_administrator.main] } ##----------------------------------------------------------------------------- @@ -99,7 +119,7 @@ resource "azurerm_mysql_flexible_database" "main" { ##----------------------------------------------------------------------------- resource "azurerm_mysql_flexible_server_configuration" "main" { - count = var.enabled ? length(var.server_configuration_names) : 0 + count = var.enabled && var.server_parameters_enabled ? length(var.server_configuration_names) : 0 name = element(var.server_configuration_names, count.index) resource_group_name = local.resource_group_name server_name = join("", azurerm_mysql_flexible_server.main.*.name) @@ -122,7 +142,7 @@ resource "azurerm_private_dns_zone" "main" { count = var.enabled && var.private_dns ? 1 : 0 name = "privatelink.mysql.database.azure.com" resource_group_name = local.resource_group_name - tags = module.labels.tags + tags = var.custom_tags == null ? module.labels.tags : var.custom_tags } ##----------------------------------------------------------------------------- @@ -135,7 +155,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "main" { virtual_network_id = var.virtual_network_id resource_group_name = local.resource_group_name registration_enabled = var.registration_enabled - tags = module.labels.tags + tags = var.custom_tags == null ? module.labels.tags : var.custom_tags } ##----------------------------------------------------------------------------- @@ -148,7 +168,7 @@ resource "azurerm_private_dns_zone_virtual_network_link" "main2" { virtual_network_id = var.virtual_network_id resource_group_name = var.main_rg_name registration_enabled = var.registration_enabled - tags = module.labels.tags + tags = var.custom_tags == null ? module.labels.tags : var.custom_tags } resource "azurerm_monitor_diagnostic_setting" "mysql" { diff --git a/variables.tf b/variables.tf index d78a3fa..07585d7 100644 --- a/variables.tf +++ b/variables.tf @@ -245,10 +245,7 @@ variable "high_availability" { mode = string standby_availability_zone = optional(number) }) - default = { - mode = "SameZone" - standby_availability_zone = 1 - } + default = null } variable "enable_diagnostic" { @@ -298,4 +295,41 @@ variable "eventhub_authorization_rule_id" { type = string default = null description = "Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG." +} + +variable "custom_tags" { + type = map(string) + default = {} +} + +variable "identity_type" { + description = "Type of managed identity to set" + type = string + default = null +} + +variable "user_assigned_identity_ids" { + description = "List of user-assigned managed identity IDs" + type = list(string) + default = [] +} + +variable "entra_authentication" { + description = "Azure Entra authentication configuration block for Azure MySQL Flexible Server" + type = object({ + user_assigned_identity_id = optional(string, null) + login = optional(string, null) + object_id = optional(string, null) + }) + default = {} +} + +variable "server_parameters_enabled" { + type = bool + default = true +} + +variable "create_password" { + type = bool + default = false } \ No newline at end of file From b68748fa7a433339c733ea990de80b260ddee636 Mon Sep 17 00:00:00 2001 From: Ankitha B H <76145952+AnkithaBH@users.noreply.github.com> Date: Mon, 28 Oct 2024 19:49:43 +0530 Subject: [PATCH 02/10] Reverting changes made to password and server configuration --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index a0c6380..e96d5b5 100644 --- a/main.tf +++ b/main.tf @@ -30,7 +30,7 @@ module "labels" { ##----------------------------------------------------------------------------- resource "random_password" "main" { - count = var.create_password ? 1 : 0 + count = var.admin_password == null ? 1 : 0 length = var.admin_password_length min_upper = 4 min_lower = 2 @@ -119,7 +119,7 @@ resource "azurerm_mysql_flexible_database" "main" { ##----------------------------------------------------------------------------- resource "azurerm_mysql_flexible_server_configuration" "main" { - count = var.enabled && var.server_parameters_enabled ? length(var.server_configuration_names) : 0 + count = var.enabled && ? length(var.server_configuration_names) : 0 name = element(var.server_configuration_names, count.index) resource_group_name = local.resource_group_name server_name = join("", azurerm_mysql_flexible_server.main.*.name) From e4a1e82f7fd8b3549d448cd0cdd1d27b5a605ee5 Mon Sep 17 00:00:00 2001 From: Ankitha B H <76145952+AnkithaBH@users.noreply.github.com> Date: Mon, 28 Oct 2024 19:51:21 +0530 Subject: [PATCH 03/10] Reverting server configuration --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index e96d5b5..f356956 100644 --- a/main.tf +++ b/main.tf @@ -119,7 +119,7 @@ resource "azurerm_mysql_flexible_database" "main" { ##----------------------------------------------------------------------------- resource "azurerm_mysql_flexible_server_configuration" "main" { - count = var.enabled && ? length(var.server_configuration_names) : 0 + count = var.enabled ? length(var.server_configuration_names) : 0 name = element(var.server_configuration_names, count.index) resource_group_name = local.resource_group_name server_name = join("", azurerm_mysql_flexible_server.main.*.name) From 106db4027a3cc9184822691ca9ca7ce345f3c987 Mon Sep 17 00:00:00 2001 From: Ankitha B H <76145952+AnkithaBH@users.noreply.github.com> Date: Mon, 28 Oct 2024 19:53:39 +0530 Subject: [PATCH 04/10] Removing server parameters and password variables --- variables.tf | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/variables.tf b/variables.tf index 07585d7..d19783c 100644 --- a/variables.tf +++ b/variables.tf @@ -323,13 +323,3 @@ variable "entra_authentication" { }) default = {} } - -variable "server_parameters_enabled" { - type = bool - default = true -} - -variable "create_password" { - type = bool - default = false -} \ No newline at end of file From 531a7fd1644183d844b2dac44bbc5c46a89818f6 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Tue, 29 Oct 2024 07:22:46 +0000 Subject: [PATCH 05/10] update README.md --- docs/io.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/io.md b/docs/io.md index 3eb7abe..f8cfbf4 100644 --- a/docs/io.md +++ b/docs/io.md @@ -10,12 +10,14 @@ | charset | Specifies the Charset for the MySQL Database, which needs to be a valid MySQL Charset. Changing this forces a new resource to be created. | `string` | `""` | no | | collation | Specifies the Collation for the MySQL Database, which needs to be a valid MySQL Collation. Changing this forces a new resource to be created. | `string` | `""` | no | | create\_mode | The creation mode. Can be used to restore or replicate existing servers. Possible values are `Default`, `Replica`, `GeoRestore`, and `PointInTimeRestore`. Defaults to `Default` | `string` | `"Default"` | no | +| custom\_tags | n/a | `map(string)` | `{}` | no | | db\_name | Specifies the name of the MySQL Database, which needs to be a valid MySQL identifier. Changing this forces a new resource to be created. | `string` | `""` | no | | delegated\_subnet\_id | The resource ID of the subnet | `string` | `""` | no | | enable\_diagnostic | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | | enable\_private\_endpoint | Manages a Private Endpoint to Azure database for MySQL | `bool` | `false` | no | | enabled | Set to false to prevent the module from creating any resources. | `bool` | `true` | no | | end\_ip\_address | n/a | `string` | `""` | no | +| entra\_authentication | Azure Entra authentication configuration block for Azure MySQL Flexible Server | 
object({
    user_assigned_identity_id = optional(string, null)
    login                     = optional(string, null)
    object_id                 = optional(string, null)
  })
| `{}` | no | | environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | | eventhub\_authorization\_rule\_id | Eventhub authorization rule id to pass it to destination details of diagnosys setting of NSG. | `string` | `null` | no | | eventhub\_name | Eventhub Name to pass it to destination details of diagnosys setting of NSG. | `string` | `null` | no | @@ -23,7 +25,8 @@ | existing\_private\_dns\_zone\_id | n/a | `string` | `""` | no | | existing\_private\_dns\_zone\_name | The name of the Private DNS zone (without a terminating dot). Changing this forces a new resource to be created. | `string` | `""` | no | | geo\_redundant\_backup\_enabled | Should geo redundant backup enabled? Defaults to false. Changing this forces a new MySQL Flexible Server to be created. | `bool` | `true` | no | -| high\_availability | Map of high availability configuration: https://docs.microsoft.com/en-us/azure/mysql/flexible-server/concepts-high-availability. `null` to disable high availability | 
object({
    mode                      = string
    standby_availability_zone = optional(number)
  })
| 
{
  "mode": "SameZone",
  "standby_availability_zone": 1
}
| no | +| high\_availability | Map of high availability configuration: https://docs.microsoft.com/en-us/azure/mysql/flexible-server/concepts-high-availability. `null` to disable high availability | 
object({
    mode                      = string
    standby_availability_zone = optional(number)
  })
| `null` | no | +| identity\_type | Type of managed identity to set | `string` | `null` | no | | iops | The storage IOPS for the MySQL Flexible Server. Possible values are between 360 and 20000. | `number` | `360` | no | | key\_vault\_id | Specifies the URL to a Key Vault Key (either from a Key Vault Key, or the Key URL for the Key Vault Secret | `string` | `""` | no | | key\_vault\_key\_id | The URL to a Key Vault Key | `string` | `null` | no | @@ -50,6 +53,7 @@ | source\_server\_id | The resource ID of the source MySQL Flexible Server to be restored. Required when create\_mode is PointInTimeRestore, GeoRestore, and Replica. Changing this forces a new MySQL Flexible Server to be created. | `string` | `null` | no | | start\_ip\_address | n/a | `string` | `""` | no | | storage\_account\_id | Storage account id to pass it to destination details of diagnosys setting of NSG. | `string` | `null` | no | +| user\_assigned\_identity\_ids | List of user-assigned managed identity IDs | `list(string)` | `[]` | no | | values | Specifies the value of the MySQL Flexible Server Configuration. See the MySQL documentation for valid values. Changing this forces a new resource to be created. | `list(string)` | `[]` | no | | virtual\_network\_id | The name of the virtual network | `string` | `""` | no | | zone | Specifies the Availability Zone in which this MySQL Flexible Server should be located. Possible values are 1, 2 and 3. | `number` | `null` | no | From d900473cbb8230bc3eaed6fa92356a486eb4c4f0 Mon Sep 17 00:00:00 2001 From: CloudDrove CI <84795582+clouddrove-ci@users.noreply.github.com> Date: Tue, 29 Oct 2024 07:28:26 +0000 Subject: [PATCH 06/10] docs: update CHANGELOG.md for 1.0.2 --- CHANGELOG.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4624be4..68b06ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.2] - 2024-10-29 +### :sparkles: New Features +- [`82e81ea`](https://github.com/clouddrove/terraform-azure-flexible-mysql/commit/82e81ea77b10b1779c8223773727a564417b25a4) - Added diagnostic settings *(commit by [@13archit](https://github.com/13archit))* + +### :bug: Bug Fixes +- [`34d3b5b`](https://github.com/clouddrove/terraform-azure-flexible-mysql/commit/34d3b5bc24885be9d4bf692cc7b07718a4790560) - renamed _examples to examples and referenced it *(commit by [@vjdbj](https://github.com/vjdbj))* +- [`706034d`](https://github.com/clouddrove/terraform-azure-flexible-mysql/commit/706034dc905e57ce474e649bc4c146c0d38ca59a) - added versions in examples *(commit by [@vjdbj](https://github.com/vjdbj))* +- [`96ad328`](https://github.com/clouddrove/terraform-azure-flexible-mysql/commit/96ad3284773f4e8da8ced82e3875e36b3b21e6d2) - fixed versions in examples *(commit by [@vjdbj](https://github.com/vjdbj))* +- [`9c39dad`](https://github.com/clouddrove/terraform-azure-flexible-mysql/commit/9c39dad158dc968e1b9295154f926c31d2a81d28) - fixed tf version *(commit by [@vjdbj](https://github.com/vjdbj))* + +### :construction_worker: Build System +- [`adc6d6c`](https://github.com/clouddrove/terraform-azure-flexible-mysql/commit/adc6d6c7effd447a7f0650dfa5eb22c182e90382) - **deps**: bump clouddrove/subnet/azure in /_example/complete *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* +- [`34215d5`](https://github.com/clouddrove/terraform-azure-flexible-mysql/commit/34215d5ce62fa8c870c05c96f63c09aa5cd16802) - **deps**: bump clouddrove/subnet/azure *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* + + ## [1.0.1] - 2023-07-03 ### :sparkles: New Features - [`c690aa3`](https://github.com/clouddrove/terraform-azure-flexible-mysql/commit/c690aa3ad0b3ae5d324c3820097e27cbaf7eb522) - auto changelog action added *(commit by [@themaheshyadav](https://github.com/themaheshyadav))* @@ -26,4 +41,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [1.0.0]: https://github.com/clouddrove/terraform-azure-flexible-mysql/compare/1.0.0...master -[1.0.1]: https://github.com/clouddrove/terraform-azure-flexible-mysql/compare/1.0.0...1.0.1 \ No newline at end of file +[1.0.1]: https://github.com/clouddrove/terraform-azure-flexible-mysql/compare/1.0.0...1.0.1 +[1.0.2]: https://github.com/clouddrove/terraform-azure-flexible-mysql/compare/1.0.1...1.0.2 From de5fe387e0ad8f6f7badd7e7e84680ee1e89f740 Mon Sep 17 00:00:00 2001 From: Hanumesh Date: Tue, 29 Oct 2024 18:36:07 +0530 Subject: [PATCH 07/10] Added password output value --- output.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/output.tf b/output.tf index 71cdaec..81c9840 100644 --- a/output.tf +++ b/output.tf @@ -20,6 +20,11 @@ output "azurerm_private_dns_zone_id" { description = "The Private DNS Zone ID." } +output "password_result" { + value = var.admin_password == null ? random_password.main[0].result : var.admin_password + description = "Password Value" + sensitive = true +} From 0bbdb3e4c17855bb742c7bc60a4f8baff1364949 Mon Sep 17 00:00:00 2001 From: Deepak Verma Date: Wed, 30 Oct 2024 13:04:33 +0530 Subject: [PATCH 08/10] fix identity block --- main.tf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index f356956..54e37b5 100644 --- a/main.tf +++ b/main.tf @@ -71,9 +71,13 @@ resource "azurerm_mysql_flexible_server" "main" { standby_availability_zone = lookup(high_availability.value, "standby_availability_zone", 1) } } - identity { - type = var.identity_type + dynamic "identity" { + for_each = toset(var.identity_type != null ? [var.identity_type] : []) + content { + type = var.identity_type identity_ids = var.identity_type == "UserAssigned" ? var.user_assigned_identity_ids : [] + } + } version = var.mysql_version From 401896250fe7d50395ad821f30c831b240e90692 Mon Sep 17 00:00:00 2001 From: Deepak Verma Date: Wed, 30 Oct 2024 13:05:38 +0530 Subject: [PATCH 09/10] fmt run --- main.tf | 8 ++++---- output.tf | 4 ++-- variables.tf | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 54e37b5..ea182c8 100644 --- a/main.tf +++ b/main.tf @@ -71,13 +71,13 @@ resource "azurerm_mysql_flexible_server" "main" { standby_availability_zone = lookup(high_availability.value, "standby_availability_zone", 1) } } - dynamic "identity" { + dynamic "identity" { for_each = toset(var.identity_type != null ? [var.identity_type] : []) content { type = var.identity_type - identity_ids = var.identity_type == "UserAssigned" ? var.user_assigned_identity_ids : [] + identity_ids = var.identity_type == "UserAssigned" ? var.user_assigned_identity_ids : [] } - + } version = var.mysql_version @@ -101,7 +101,7 @@ resource "azurerm_mysql_flexible_server_active_directory_administrator" "main" { object_id = var.entra_authentication.object_id tenant_id = data.azurerm_client_config.current.tenant_id - depends_on = [ azurerm_mysql_flexible_server.main ] + depends_on = [azurerm_mysql_flexible_server.main] } ##----------------------------------------------------------------------------- diff --git a/output.tf b/output.tf index 81c9840..1fdd5ea 100644 --- a/output.tf +++ b/output.tf @@ -21,9 +21,9 @@ output "azurerm_private_dns_zone_id" { } output "password_result" { - value = var.admin_password == null ? random_password.main[0].result : var.admin_password + value = var.admin_password == null ? random_password.main[0].result : var.admin_password description = "Password Value" - sensitive = true + sensitive = true } diff --git a/variables.tf b/variables.tf index d19783c..9a72fc8 100644 --- a/variables.tf +++ b/variables.tf @@ -298,7 +298,7 @@ variable "eventhub_authorization_rule_id" { } variable "custom_tags" { - type = map(string) + type = map(string) default = {} } From 77e39e466b9f83a6130de9cc4f16ca4da5de4072 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Wed, 30 Oct 2024 07:41:51 +0000 Subject: [PATCH 10/10] update README.md --- docs/io.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/io.md b/docs/io.md index f8cfbf4..1bb6eb9 100644 --- a/docs/io.md +++ b/docs/io.md @@ -67,4 +67,5 @@ | azurerm\_private\_dns\_zone\_virtual\_network\_link\_id | The ID of the Private DNS Zone Virtual Network Link. | | existing\_private\_dns\_zone\_virtual\_network\_link\_id | The ID of the Private DNS Zone Virtual Network Link. | | mysql\_flexible\_server\_id | The ID of the MySQL Flexible Server. | +| password\_result | Password Value |