Ensono · Trishisingh · Apr 17, 2023 · Apr 13, 2023 · Apr 13, 2023 · Apr 13, 2023
diff --git a/azurerm/modules/azurerm-sql/README.md b/azurerm/modules/azurerm-sql/README.md
@@ -0,0 +1,59 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 3.51.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | 3.5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_mssql_database.example-db](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database) | resource |
+| [azurerm_mssql_firewall_rule.example_fw_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_firewall_rule) | resource |
+| [azurerm_mssql_server.example](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server) | resource |
+| [random_password.password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_administrator_login"></a> [administrator\_login](#input\_administrator\_login) | The administrator login name for the new server. Required unless azuread\_authentication\_only in the azuread\_administrator block is true. When omitted, Azure will generate a default username which cannot be subsequently changed. Changing this forces a new resource to be created. | `string` | n/a | yes |
+| <a name="input_auto_pause_delay_in_minutes"></a> [auto\_pause\_delay\_in\_minutes](#input\_auto\_pause\_delay\_in\_minutes) | Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. This property is only settable for General Purpose Serverless databases. | `number` | `60` | no |
+| <a name="input_azuread_administrator"></a> [azuread\_administrator](#input\_azuread\_administrator) | Specifies whether only AD Users and administrators (like azuread\_administrator.0.login\_username) can be used to login, or also local database users (like administrator\_login). When true, the administrator\_login and administrator\_login\_password properties can be omitted. | <pre>list(object({<br>    login_username = string<br>    object_id      = string<br>  }))</pre> | <pre>[<br>  {<br>    "login_username": "[email protected]",<br>    "object_id": "3d21d0d6-91be-447f-a3b5-082fe57c093c"<br>  }<br>]</pre> | no |
+| <a name="input_collation"></a> [collation](#input\_collation) | Specifies the collation of the database. Changing this forces a new resource to be created. | `string` | `"SQL_Latin1_General_CP1_CI_AS"` | no |
+| <a name="input_create_mode"></a> [create\_mode](#input\_create\_mode) | The create mode of the database. Possible values are Copy, Default, OnlineSecondary, PointInTimeRestore, Recovery, Restore, RestoreExternalBackup, RestoreExternalBackupSecondary, RestoreLongTermRetentionBackup and Secondary. Mutually exclusive with import. Changing this forces a new resource to be created. | `string` | `"Default"` | no |
+| <a name="input_license_type"></a> [license\_type](#input\_license\_type) | Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice. | `string` | `"LicenseIncluded"` | no |
+| <a name="input_location_name_map"></a> [location\_name\_map](#input\_location\_name\_map) | Each region must have corresponding a shortend name for resource naming purposes | `map(string)` | <pre>{<br>  "eastasia": "ase",<br>  "eastus": "use",<br>  "eastus2": "use2",<br>  "northeurope": "eun",<br>  "southeastasia": "asse",<br>  "uksouth": "uks",<br>  "ukwest": "ukw",<br>  "westeurope": "euw",<br>  "westus": "usw"<br>}</pre> | no |
+| <a name="input_name_component"></a> [name\_component](#input\_name\_component) | Component Name - should/will be used in conventional resource naming. Typically this will be a logical name for this part of the system i.e. `API` \|\| `middleware` or more generic like `Billing` | `string` | `"sql"` | no |
+| <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | Location of Resource group | `string` | `"uksouth"` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | name of resource group | `string` | n/a | yes |
+| <a name="input_resource_namer"></a> [resource\_namer](#input\_resource\_namer) | User defined naming convention applied to all resources created as part of this module | `string` | n/a | yes |
+| <a name="input_resource_tags"></a> [resource\_tags](#input\_resource\_tags) | Map of tags to be applied to all resources created as part of this module | `map(string)` | `{}` | no |
+| <a name="input_sample_name"></a> [sample\_name](#input\_sample\_name) | Specifies the name of the sample schema to apply when creating this database. Possible value is AdventureWorksLT | `string` | `"AdventureWorksLT"` | no |
+| <a name="input_sku_name"></a> [sku\_name](#input\_sku\_name) | Specifies the name of the SKU used by the database. For example, GP\_S\_Gen5\_2,HS\_Gen4\_1,BC\_Gen5\_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource. | `string` | `"Basic"` | no |
+| <a name="input_sql_db_names"></a> [sql\_db\_names](#input\_sql\_db\_names) | The name of the MS SQL Database. Changing this forces a new resource to be created. | `list(string)` | <pre>[<br>  "sqldbtest"<br>]</pre> | no |
+| <a name="input_sql_fw_rules"></a> [sql\_fw\_rules](#input\_sql\_fw\_rules) | Allows you to manage an Azure SQL Firewall Rule. | <pre>list(object({<br>    name             = string<br>    start_ip_address = string<br>    end_ip_address   = string<br>  }))</pre> | <pre>[<br>  {<br>    "end_ip_address": "0.0.0.0",<br>    "name": "SQLFirewallRule1",<br>    "start_ip_address": "0.0.0.0"<br>  }<br>]</pre> | no |
+| <a name="input_sql_version"></a> [sql\_version](#input\_sql\_version) | The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server). Changing this forces a new resource to be created. | `string` | `"12.0"` | no |
+| <a name="input_zone_redundant"></a> [zone\_redundant](#input\_zone\_redundant) | Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones. This property is only settable for Premium and Business Critical databases. | `bool` | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_sql_sa_login"></a> [sql\_sa\_login](#output\_sql\_sa\_login) | n/a |
+| <a name="output_sql_sa_password"></a> [sql\_sa\_password](#output\_sql\_sa\_password) | n/a |
+| <a name="output_sql_server_name"></a> [sql\_server\_name](#output\_sql\_server\_name) | n/a |
+<!-- END_TF_DOCS -->
diff --git a/azurerm/modules/azurerm-sql/constraints.tf b/azurerm/modules/azurerm-sql/constraints.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
+    }
+  }
+}
diff --git a/azurerm/modules/azurerm-sql/example/constraints.tf b/azurerm/modules/azurerm-sql/example/constraints.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
+    }
+  }
+}
diff --git a/azurerm/modules/azurerm-sql/example/main.tf b/azurerm/modules/azurerm-sql/example/main.tf
@@ -0,0 +1,30 @@
+
+module "default_label" {
+  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=0.25.0"
+  namespace  = "${var.name_company}-${var.name_project}"
+  stage      = var.stage
+  name       = "${lookup(var.location_name_map, var.resource_group_location, "uksouth")}-${var.name_component}"
+  attributes = var.attributes
+  delimiter  = "-"
+  tags       = var.tags
+}
+
+##################################################
+# ResourceGroups
+##################################################
+
+resource "azurerm_resource_group" "default" {
+  name     = module.default_label.id
+  location = var.resource_group_location
+  tags     = var.tags
+}
+
+module "sql" {
+  source                  = "../../azurerm-sql"
+  resource_namer          = module.default_label.id
+  resource_group_name     = azurerm_resource_group.default.name
+  resource_group_location = azurerm_resource_group.default.location
+  sql_version             = var.sql_version
+  administrator_login     = var.administrator_login
+  sql_db_names            = var.sql_db_names
+}
diff --git a/azurerm/modules/azurerm-sql/example/providers.tf b/azurerm/modules/azurerm-sql/example/providers.tf
@@ -0,0 +1,13 @@
+terraform {
+  backend "azurerm" {
+    resource_group_name  = "tfstateresourcegroup"
+    storage_account_name = "tfstaterishi"
+    container_name       = "tfstate"
+    key                  = "devsql.terraform.tfstate"
+  }
+
+}
+
+provider "azurerm" {
+  features {}
+}
diff --git a/azurerm/modules/azurerm-sql/example/vars.tf b/azurerm/modules/azurerm-sql/example/vars.tf
@@ -0,0 +1,114 @@
+############################################
+# NAMING
+############################################
+
+variable "name_company" {
+  description = "Company Name - should/will be used in conventional resource naming"
+  type        = string
+}
+
+variable "name_project" {
+  description = "Project Name - should/will be used in conventional resource naming"
+  type        = string
+}
+
+variable "name_component" {
+  description = "Component Name - should/will be used in conventional resource naming. Typically this will be a logical name for this part of the system i.e. `API` || `middleware` or more generic like `Billing`"
+  type        = string
+}
+
+variable "name_environment" {
+  type = string
+}
+
+variable "stage" {
+  type    = string
+  default = "dev"
+}
+
+variable "attributes" {
+  description = "Additional attributes for tagging"
+  default     = []
+}
+
+variable "tags" {
+  description = "Tags to be assigned to all resources, NB if global tagging is enabled these will get overwritten periodically"
+  type        = map(string)
+  default     = {}
+}
+
+variable "resource_namer" {
+  type        = string
+  description = "User defined naming convention applied to all resources created as part of this module"
+}
+
+variable "resource_tags" {
+  description = "Map of tags to be applied to all resources created as part of this module"
+  type        = map(string)
+  default     = {}
+}
+
+
+############################################
+# RESOURCE INFORMATION
+############################################
+
+variable "resource_group_location" {
+  type        = string
+  default     = "uksouth"
+  description = "Location of Resource group"
+}
+
+variable "resource_group_name" {
+  type        = string
+  description = "name of resource group"
+}
+
+# Each region must have corresponding a shortend name for resource naming purposes 
+variable "location_name_map" {
+  type = map(string)
+
+  default = {
+    northeurope   = "eun"
+    westeurope    = "euw"
+    uksouth       = "uks"
+    ukwest        = "ukw"
+    eastus        = "use"
+    eastus2       = "use2"
+    westus        = "usw"
+    eastasia      = "ase"
+    southeastasia = "asse"
+  }
+}
+
+############################################
+# SQL INFORMATION
+############################################
+
+variable "sql_version" {
+  type        = string
+  default     = "12.0"
+  description = "The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server). Changing this forces a new resource to be created."
+}
+
+variable "administrator_login" {
+  type        = string
+  sensitive   = true
+  description = "The administrator login name for the new server. Required unless azuread_authentication_only in the azuread_administrator block is true. When omitted, Azure will generate a default username which cannot be subsequently changed. Changing this forces a new resource to be created."
+}
+
+variable "azuread_administrator" {
+  type = list(object({
+    login_username = string
+    object_id      = string
+  }))
+  description = "Specifies whether only AD Users and administrators (like azuread_administrator.0.login_username) can be used to login, or also local database users (like administrator_login). When true, the administrator_login and administrator_login_password properties can be omitted."
+  default     = []
+
+}
+
+variable "sql_db_names" {
+  type        = list(string)
+  default     = ["sqldbtest1", "sqldbtest2"]
+  description = "The name of the MS SQL Database. Changing this forces a new resource to be created."
+}
diff --git a/azurerm/modules/azurerm-sql/main.tf b/azurerm/modules/azurerm-sql/main.tf
@@ -0,0 +1,52 @@
+# Generates Random Password for Sql Server Admin
+resource "random_password" "password" {
+  length           = 16
+  min_upper        = 2
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
+# SQL Server instance
+resource "azurerm_mssql_server" "example" {
+  name                         = substr(replace("${var.resource_namer}-sql", "-", ""), 0, 24)
+  resource_group_name          = var.resource_group_name
+  location                     = var.resource_group_location
+  version                      = var.sql_version
+  administrator_login          = var.administrator_login
+  administrator_login_password = random_password.password.result
+
+  dynamic "azuread_administrator" {
+    for_each = { for i in var.azuread_administrator : i.login_username => i }
+    content {
+      login_username = azuread_administrator.key
+      object_id      = azuread_administrator.value.object_id
+    }
+  }
+
+
+  tags = var.resource_tags
+}
+
+#Adding Sql Network Rules 
+resource "azurerm_mssql_firewall_rule" "example_fw_rule" {
+  for_each         = { for i in var.sql_fw_rules : i.name => i }
+  name             = each.key
+  server_id        = azurerm_mssql_server.example.id
+  start_ip_address = each.value.start_ip_address
+  end_ip_address   = each.value.end_ip_address
+}
+
+resource "azurerm_mssql_database" "example-db" {
+  for_each       = toset(var.sql_db_names)
+  name           = each.key
+  server_id      = azurerm_mssql_server.example.id
+  create_mode    = var.create_mode
+  sample_name    = var.sample_name
+  collation      = var.collation
+  license_type   = var.license_type
+  sku_name       = var.sku_name
+  zone_redundant = var.zone_redundant
+  auto_pause_delay_in_minutes = var.auto_pause_delay_in_minutes
+  tags           = var.resource_tags
+
+}
diff --git a/azurerm/modules/azurerm-sql/output.tf b/azurerm/modules/azurerm-sql/output.tf
@@ -0,0 +1,14 @@
+output "sql_sa_password" {
+  sensitive = true
+  value     = azurerm_mssql_server.example.administrator_login_password
+}
+
+output "sql_sa_login" {
+  sensitive = true
+  value     = azurerm_mssql_server.example.administrator_login
+}
+
+output "sql_server_name" {
+  sensitive = true
+  value     = azurerm_mssql_server.example.name
+}