Skip to content

Commit 2b85bcd

Browse files
owlleg6owlleg6
authored
Merge pull request #7 from data-platform-hq/feat/management_of_the_defender
feat: added management of the mssql defender
2 parents e16d819 + 13ec7ec commit 2b85bcd

File tree

3 files changed

+42
-21
lines changed

3 files changed

+42
-21
lines changed

README.md

Lines changed: 23 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -30,30 +30,32 @@ No modules.
3030
| [azurerm_mssql_server_transparent_data_encryption.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_transparent_data_encryption) | resource |
3131
| [azurerm_mssql_firewall_rule.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_firewall_rule) | resource |
3232
| [azurerm_mssql_firewall_rule.azure_services](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_firewall_rule) | resource |
33-
| [azurerm_key_vault_key.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource |
33+
| [azurerm_key_vault_key.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key) | resource |
34+
| [azurerm_azurerm_mssql_server_security_alert_policy.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_security_alert_policy) | resource |
3435

3536
## Inputs
3637

37-
| Name | Description | Type | Default | Required |
38-
| ------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------- | ------- | :------: |
39-
| <a name="input_project"></a> [project](#input\_project) | Project name | `string` | n/a | yes |
40-
| <a name="input_env"></a> [env](#input\_env) | Environment name | `string` | n/a | yes |
41-
| <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | The name of the resource group in which to create the Microsoft SQL Server | `string` | n/a | yes |
42-
| <a name="input_location"></a> [location](#input\_location) | Specifies the supported Azure location where the resource exists | `string` | n/a | yes |
43-
| <a name="input_admin_login"></a> [admin\_login](#input\_admin\_login) | The administrator login name for the server | `string` | n/a | yes |
44-
| <a name="input_admin_password"></a> [admin\_password](#input\_admin\_password) | The password associated with the admin_username | `string` | n/a | yes |
45-
| <a name="input_azure_ad_admin_login"></a> [azure\_ad\_admin\_login](#input\_azure\_ad\_admin\_login) | The login username of the Azure AD Administrator of this SQL Server | `string` | n/a | yes |
46-
| <a name="input_azure_ad_admin_object_id"></a> [azure\_ad\_admin\_object\_id](#input\_azure\_ad\_admin\_object\_id) | The object id of the Azure AD Administrator of this SQL Server | `string` | n/a | yes |
47-
| <a name="input_server_version"></a> [server_version](#input\_server\_version) | Server version | `string` | 12.0 | no |
48-
| <a name="input_connection_policy"></a> [connection\_policy](#input\_connection\_policy) | The connection policy the server will use: [Default \| Proxy \| Redirect] | `string` | Default | no |
49-
| <a name="input_minimum_tls_version"></a> [minimum\_tls\_version](#input\_minimum\_tls\_version) | The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server: [1.0 \| 1.1 \| 1.2] | `string` | 1.2 | no |
50-
| <a name="input_public_network_access_enabled"></a> [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Whether public network access is allowed for this server | `bool` | true | no |
51-
| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(any)` | {} | no |
52-
| <a name="input_ip_rules"></a> [ip\_rules](#input\_ip\_rules) | Map of IP addresses permitted for access to DB | `map(string)` | {} | no |
53-
| <a name="input_key_vault_id"></a> [key\_vault\_id](#input\_key\_vault\_id) | Key Vault Id | `map(string)` | {} | no |
54-
| <a name="input_key_opts"></a> [key\_opts](#input\_key\_opts) | JSON web key operations: [decrypt\|encrypt\|sign\|unwrapKey\|verify\|wrapKey] | `list(string)` | <pre>[<br> "decrypt",<br> "encrypt",<br> "sign",<br> "unwrapKey",<br> "verify",<br> "wrapKey"<br>]</pre> | no |
55-
| <a name="input_key_size"></a> [key\_size](#input\_key\_size) | Size of the RSA key to create in bytes, requied for RSA & RSA-HSM: [1024\|2048] | `number` | `2048` | no |
56-
| <a name="input_key_type"></a> [key\_type](#input\_key\_type) | Key Type to use for this Key Vault Key: [EC\|EC-HSM\|Oct\|RSA\|RSA-HSM] | `string` | `"RSA"` | no |
38+
| Name | Description | Type | Default | Required |
39+
| ------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------- | -------------------------------------------------------------------------------------------------------------- | :------: |
40+
| <a name="input_project"></a> [project](#input\_project) | Project name | `string` | n/a | yes |
41+
| <a name="input_env"></a> [env](#input\_env) | Environment name | `string` | n/a | yes |
42+
| <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | The name of the resource group in which to create the Microsoft SQL Server | `string` | n/a | yes |
43+
| <a name="input_location"></a> [location](#input\_location) | Specifies the supported Azure location where the resource exists | `string` | n/a | yes |
44+
| <a name="input_admin_login"></a> [admin\_login](#input\_admin\_login) | The administrator login name for the server | `string` | n/a | yes |
45+
| <a name="input_admin_password"></a> [admin\_password](#input\_admin\_password) | The password associated with the admin_username | `string` | n/a | yes |
46+
| <a name="input_azure_ad_admin_login"></a> [azure\_ad\_admin\_login](#input\_azure\_ad\_admin\_login) | The login username of the Azure AD Administrator of this SQL Server | `string` | n/a | yes |
47+
| <a name="input_azure_ad_admin_object_id"></a> [azure\_ad\_admin\_object\_id](#input\_azure\_ad\_admin\_object\_id) | The object id of the Azure AD Administrator of this SQL Server | `string` | n/a | yes |
48+
| <a name="input_server_version"></a> [server_version](#input\_server\_version) | Server version | `string` | 12.0 | no |
49+
| <a name="input_connection_policy"></a> [connection\_policy](#input\_connection\_policy) | The connection policy the server will use: [Default \| Proxy \| Redirect] | `string` | Default | no |
50+
| <a name="input_minimum_tls_version"></a> [minimum\_tls\_version](#input\_minimum\_tls\_version) | The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server: [1.0 \| 1.1 \| 1.2] | `string` | 1.2 | no |
51+
| <a name="input_public_network_access_enabled"></a> [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Whether public network access is allowed for this server | `bool` | true | no |
52+
| <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(any)` | {} | no |
53+
| <a name="input_ip_rules"></a> [ip\_rules](#input\_ip\_rules) | Map of IP addresses permitted for access to DB | `map(string)` | {} | no |
54+
| <a name="input_key_vault_id"></a> [key\_vault\_id](#input\_key\_vault\_id) | Key Vault Id | `map(string)` | {} | no |
55+
| <a name="input_key_opts"></a> [key\_opts](#input\_key\_opts) | JSON web key operations: [decrypt\|encrypt\|sign\|unwrapKey\|verify\|wrapKey] | `list(string)` | <pre>[<br> "decrypt",<br> "encrypt",<br> "sign",<br> "unwrapKey",<br> "verify",<br> "wrapKey"<br>]</pre> | no |
56+
| <a name="input_key_size"></a> [key\_size](#input\_key\_size) | Size of the RSA key to create in bytes, requied for RSA & RSA-HSM: [1024\|2048] | `number` | `2048` | no |
57+
| <a name="input_key_type"></a> [key\_type](#input\_key\_type) | Key Type to use for this Key Vault Key: [EC\|EC-HSM\|Oct\|RSA\|RSA-HSM] | `string` | `"RSA"` | no |
58+
| <a name="input_mssql_defender_state"></a> [mssql\_defender\_state](#input\_mssql\_defender\_state) | Manages Microsoft Defender state on the mssql server: [Disabled\|Enabled] | `string` | `"Disabled"` | no |
5759

5860
## Outputs
5961

main.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,3 +77,11 @@ resource "azurerm_mssql_firewall_rule" "azure_services" {
7777
start_ip_address = "0.0.0.0"
7878
end_ip_address = "0.0.0.0"
7979
}
80+
81+
resource "azurerm_mssql_server_security_alert_policy" "this" {
82+
count = var.mssql_defender_state == null ? 0 : 1
83+
84+
resource_group_name = var.resource_group
85+
server_name = azurerm_mssql_server.this.name
86+
state = var.mssql_defender_state
87+
}

variables.tf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,3 +104,14 @@ variable "key_vault_id" {
104104
description = "Key Vault ID"
105105
default = {}
106106
}
107+
108+
variable "mssql_defender_state" {
109+
description = "Manages Microsoft Defender state on the mssql server"
110+
type = string
111+
default = null
112+
113+
validation {
114+
condition = var.mssql_defender_state != null ? contains(["Enabled", "Disabled"], var.mssql_defender_state) : true
115+
error_message = "The only allowed values for variable are: 'Enabled' or 'Disabled"
116+
}
117+
}

0 commit comments

Comments
 (0)