terraform-azurerm-database/README.md

8.9 KiB

terraform-azurerm-database

Create an Azure SQL Database

This Terraform module creates a basic Azure SQL Database.

Usage

module "sql-database" {
  source              = "Azure/database/azurerm"
  resource_group_name = "myapp"
  location            = "westus"
  db_name             = "mydatabase"
  sql_admin_username  = "mradministrator"
  sql_password        = "P@ssw0rd12345!"

  tags = {
    environment = "dev"
    costcenter  = "it"
  }

}

Pre-Commit & Pr-Check & Test

Configurations

We assumed that you have setup service principal's credentials in your environment variables like below:

export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"

On Windows Powershell:

$env:ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
$env:ARM_TENANT_ID="<azure_subscription_tenant_id>"
$env:ARM_CLIENT_ID="<service_principal_appid>"
$env:ARM_CLIENT_SECRET="<service_principal_password>"

We provide a docker image to run the pre-commit checks and tests for you: mcr.microsoft.com/azterraform:latest

To run the pre-commit task, we can run the following command:

$ docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit

On Windows Powershell:

$ docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pre-commit

In pre-commit task, we will:

  1. Run terraform fmt -recursive command for your Terraform code.
  2. Run terrafmt fmt -f command for markdown files and go code files to ensure that the Terraform code embedded in these files are well formatted.
  3. Run go mod tidy and go mod vendor for test folder to ensure that all the dependencies have been synced.
  4. Run gofmt for all go code files.
  5. Run gofumpt for all go code files.
  6. Run terraform-docs on README.md file, then run markdown-table-formatter to format markdown tables in README.md.

Then we can run the pr-check task to check whether our code meets our pipeline's requirement(We strongly recommend you run the following command before you commit):

$ docker run --rm -v $(pwd):/src -w /src mcr.microsoft.com/azterraform:latest make pr-check

On Windows Powershell:

$ docker run --rm -v ${pwd}:/src -w /src mcr.microsoft.com/azterraform:latest make pr-check

To run the e2e-test, we can run the following command:

docker run --rm -v $(pwd):/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test

On Windows Powershell:

docker run --rm -v ${pwd}:/src -w /src -e ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID -e ARM_CLIENT_ID -e ARM_CLIENT_SECRET mcr.microsoft.com/azterraform:latest make e2e-test

Prerequisites

Authors

Originally created by James Earle

License

MIT

Requirements

Name Version
terraform >= 1.2
azurerm ~>3.0

Providers

Name Version
azurerm ~>3.0

Modules

No modules.

Resources

Name Type
azurerm_resource_group.rg resource
azurerm_sql_active_directory_administrator.aad_admin resource
azurerm_sql_database.db resource
azurerm_sql_firewall_rule.fw resource
azurerm_sql_server.server resource

Inputs

Name Description Type Default Required
collation The collation for the database. Default is SQL_Latin1_General_CP1_CI_AS string "SQL_Latin1_General_CP1_CI_AS" no
create_resource_group Create a new resource group with name var.resource_group_name, or just use it as resource group's name. Default to true. Changing this forces a new resource to be created. bool true no
db_edition The edition of the database to be created. string "Basic" no
db_name The name of the database to be created. string n/a yes
end_ip_address Defines the end IP address used in your database firewall rule. string "0.0.0.0" no
location The location/region where the database and server are created. Changing this forces a new resource to be created. string n/a yes
resource_group_name Default resource group name that the database will be created in. string "myapp-rg" no
server_version The version for the database server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server). string "12.0" no
service_objective_name The performance level for the database. For the list of acceptable values, see https://docs.microsoft.com/en-gb/azure/sql-database/sql-database-service-tiers. Default is Basic. string "Basic" no
sql_aad_administrator object({
login = (Required) The login name of the principal to set as the server administrator
object_id = (Required) The ID of the principal to set as the server administrator
tenant_id = (Required) The Azure Tenant ID
azuread_authentication_only = (Optional) Specifies whether only AD Users and administrators can be used to login (true) or also local database users (false).
})
object({
login = string
object_id = string
tenant_id = string
azuread_authentication_only = optional(bool)
})
null no
sql_admin_username The administrator username of the SQL Server. string n/a yes
sql_password The administrator password of the SQL Server. string n/a yes
start_ip_address Defines the start IP address used in your database firewall rule. string "0.0.0.0" no
tags The tags to associate with your network and subnets. map(string)
{
"tag1": "",
"tag2": ""
}
no
tracing_tags_enabled Whether enable tracing tags that generated by BridgeCrew Yor. bool false no
tracing_tags_prefix Default prefix for generated tracing tags string "avm_" no

Outputs

Name Description
connection_string Connection string for the Azure SQL Database created.
database_name Database name of the Azure SQL Database created.
sql_server_fqdn Fully Qualified Domain Name (FQDN) of the Azure SQL Database created.
sql_server_location Location of the Azure SQL Database created.
sql_server_name Server name of the Azure SQL Database created.
sql_server_version Version the Azure SQL Database created.