Added enhancements

[AnkithaBH]

Hello Team,

We tested the module, and have identified a few changes and additions that we would like to implement. We believe that these enhancements will not only improve the module but also ensure it is versatile and compatible with different use cases that end users may encounter. These updates will allow for more effective internal usage.

Changes and Additions Contributed

• Added the below variables,

1. custom_tags - To be able to use custom tags
2. identity_type and user_assigned_identity_ids - Currently, the resource block of the server does not have the scope to use identity argument. Hence, added the same and these variables are leveraged to provide flexibility in usage.
3. entra_authentication - The module does not include "entra authentication", which is considered to be commonly used with mysql flexible server. Hence, added the same and the variable is leveraged to provide flexibility in usage.
4. server_parameters_enabled - To add flexibility and control, in leveraging "server parameters" configuration.
5. create_password - Currently the module uses count= var.admin_password == null ? 1 : 0 to check whether the password should be created or not. However, this particular configuration is throwing an error saying, The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To overcome the same, this variable is used.

• Replaced the default value of high_availabilty variable to null; to enhance flexibility and provide the end user the control to choose HA or not to chose HA.

• Added conditional expression for tags.

• Added resource block to create mysql server active directory administrator for entra authentication.

• Added identity block to the scope and conditional expression for name of the mysql server to be able to use custom names and follow internal naming standards by the end user.

The code structure is preserved while enhancing flexibility.

We hope these changes are considered.

Looking forward to use the module with the new version including the changes.

Kind Regards,
Ankitha

[AnkithaBH]

Hello Team,

Any updates on this PR?

[13archit]

Hi @AnkithaBH
Our team is looking into your changes and will get back to you shortly.
Thanks.

[d4kverma]

@AnkithaBH could you please revert the changes of admin_password
Right present, we have two examples where this works flawlessly.

1. If the user enters a value for admin_password, no random password is generated.
2. If the user does not enter a value for admin_password, a random password is generated and kept in the tfstate file.

[d4kverma]

@AnkithaBH Regarding server_parameters_enabled.
There is no need for an extra option to manage azurerm_mysql_flexible_server_configuration, since it is already controlled by the variable server_configuration_names.

[d4kverma]

Thanks for the other changes and apart from these above changes is acceptable.
@AnkithaBH

[AnkithaBH]

Thank You @d4kverma for the updates. I have reverted the changes you have asked. Please review. Awaiting for the merge.

[AnkithaBH]

Hi Team,
Can we close this PR with the merge please?

[d4kverma]

yes, Let my team review it .
@AnkithaBH

[d4kverma]

your changes has been merged and new tag is release 1.0.2 .

[AnkithaBH]

Thank You @d4kverma
But I am still facing this issue,
Error: Invalid count argument
│
│ on .terraform\modules\mysql_flexible_server\main.tf line 33, in resource "random_password" "main":
│ 33: count = var.admin_password == null ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot
│ predict how many instances will be created. To work around this, use the -target argument to first apply only the
│ resources that the count depends on.

Terraform version I am using is 1.9.5

[d4kverma]

i have tried with same version . Here is plan. I am using terraform 1.9.8 version .

Plan: 14 to add, 0 to change, 0 to destroy.

Changes to Outputs:

• azurerm_flexible-mysql_server_configuration_id = (known after apply)
• azurerm_private_dns_zone_id = (known after apply)
• azurerm_private_dns_zone_virtual_network_link_id = (known after apply)
• flexible-mysql_server_id = (known after apply)
  ╷
  │ Warning: Deprecated Resource
  │
  │ with module.flexible-mysql.azurerm_mysql_server_key.main,
  │ on ../../main.tf line 136, in resource "azurerm_mysql_server_key" "main":
  │ 136: resource "azurerm_mysql_server_key" "main" {
  │
  │ Azure Database for MySQL Single Server and its sub resources are scheduled for retirement by 2024-09-16 and will migrate to using Azure Database for MySQL Flexible Server:
  │ https://go.microsoft.com/fwlink/?linkid=2216041. The azurerm_mysql_server_key resource is deprecated and will be removed in v4.0 of the AzureRM Provider. Please use the
  │ customer_managed_key property of the azurerm_mysql_flexible_server resource instead.
  ╵

Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.

[d4kverma]

its better that you can share your example.
Also you can try by removing admin_password variables's value and let it be create using the random password.

I am using this ref example for testing - https://github.com/clouddrove/terraform-azure-flexible-mysql/tree/master/examples/complete

[AnkithaBH]

When I do not give admin_password value in module it is working fine. But I need the output of the password if I am using random password resource, I dont see the value as output in output.tf

[AnkithaBH]

But when we provide the value it is not working as expected, it should not be that way right?
Can we consider the changes I had suggested?

[d4kverma]

The sensitive output does not show in output.
you can take the password from tfstate file. Random password resource store in tfstate file only for better security.
Try to find using key password or random in tfstate file

[AnkithaBH]

But I cannot do the same, in CI/CD environment. I want to pass that value to store in a key vault.

[d4kverma]

so its better that you can share your example which is used for flexible MySQL , so we can track your issue better.
In my local env using terraform version 1.9.8 module is working fine as expected .

[d4kverma]

also you can create one more PR to take the password output from random password resource and use in key-vault secret input.

[AnkithaBH]

Okay, I will raise another PR to take the output.
Thank you

[AnkithaBH]

so its better that you can share your example which is used for flexible MySQL , so we can track your issue better. In my local env using terraform version 1.9.8 module is working fine as expected .

is it working fine for both? with and without providing the value?

[d4kverma]

so its better that you can share your example which is used for flexible MySQL , so we can track your issue better. In my local env using terraform version 1.9.8 module is working fine as expected .

is it working fine for both? with and without providing the value?

yes

[AnkithaBH]

@d4kverma Its because of the way our example code is configured.
As discussed, I have created another PR to derive password result. Please accept those changes.
#64