final configuration for version 1.0

kumarvna · kumarvna · commit 42a9951593c3 · 2021-06-24T22:29:04.000+05:30
diff --git a/README.md b/README.md
@@ -1 +1,74 @@
-# terraform-azurerm-mysql-db
+# Azure Database for MySQL Terraform Module
+
+Azure Database for MySQL is easy to set up, manage and scale. It automates the management and maintenance of your infrastructure and database server, including routine updates, backups and security. Enjoy maximum control of database management with custom maintenance windows and multiple configuration parameters for fine grained tuning with Flexible Server (Preview).
+
+## Module Usage
+
+```hcl
+module "mssql-server" {
+  source  = "kumarvna/mysql-db/azurerm"
+  version = "1.0.0"
+
+  # By default, this module will not create a resource group
+  # proivde a name to use an existing resource group, specify the existing resource group name,
+  # and set the argument to `create_resource_group = false`. Location will be same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # MySQL Server and Database settings
+  mysqlserver_name = "roshmysqldbsrv01"
+
+  mysqlserver_settings = {
+    sku_name   = "B_Gen5_2"
+    storage_mb = 5120
+    version    = "5.7"
+    # Database name, charset and collection arguments  
+    database_name = "roshydemomysqldb"
+    charset       = "utf8"
+    collation     = "utf8_unicode_ci"
+    # Storage Profile and other optional arguments
+    auto_grow_enabled                 = true
+    backup_retention_days             = 7
+    geo_redundant_backup_enabled      = false
+    infrastructure_encryption_enabled = false
+    public_network_access_enabled     = true
+    ssl_enforcement_enabled           = true
+    ssl_minimal_tls_version_enforced  = "TLS1_2"
+  }
+
+  # MySQL Server Parameters
+  # For more information: https://docs.microsoft.com/en-us/azure/mysql/concepts-server-parameters
+  mysql_configuration = {
+    interactive_timeout = "600"
+  }
+
+  # AD administrator for an Azure SQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "firstname.lastname@example.com"
+
+  # (Optional) To enable Azure Monitoring for Azure MySQL database
+  # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+
+  firewall_rules = {
+    access-to-azure = {
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    desktop-ip = {
+      start_ip_address = "49.204.228.223"
+      end_ip_address   = "49.204.228.223"
+    }
+  }
+
+  # Tags for Azure Resources
+  tags = {
+    Terraform   = "true"
+    Environment = "dev"
+    Owner       = "test-user"
+  }
+}
+```
diff --git a/example/complete/README.md b/example/complete/README.md
@@ -0,0 +1,88 @@
+# Azure Database for MySQL Terraform Module
+
+Azure Database for MySQL is easy to set up, manage and scale. It automates the management and maintenance of your infrastructure and database server, including routine updates, backups and security. Enjoy maximum control of database management with custom maintenance windows and multiple configuration parameters for fine grained tuning with Flexible Server (Preview).
+
+## Module Usage
+
+```hcl
+module "mssql-server" {
+  source  = "kumarvna/mysql-db/azurerm"
+  version = "1.0.0"
+
+  # By default, this module will not create a resource group
+  # proivde a name to use an existing resource group, specify the existing resource group name,
+  # and set the argument to `create_resource_group = false`. Location will be same as existing RG.
+  create_resource_group = false
+  resource_group_name   = "rg-shared-westeurope-01"
+  location              = "westeurope"
+
+  # MySQL Server and Database settings
+  mysqlserver_name = "roshmysqldbsrv01"
+
+  mysqlserver_settings = {
+    sku_name   = "B_Gen5_2"
+    storage_mb = 5120
+    version    = "5.7"
+    # Database name, charset and collection arguments  
+    database_name = "roshydemomysqldb"
+    charset       = "utf8"
+    collation     = "utf8_unicode_ci"
+    # Storage Profile and other optional arguments
+    auto_grow_enabled                 = true
+    backup_retention_days             = 7
+    geo_redundant_backup_enabled      = false
+    infrastructure_encryption_enabled = false
+    public_network_access_enabled     = true
+    ssl_enforcement_enabled           = true
+    ssl_minimal_tls_version_enforced  = "TLS1_2"
+  }
+
+  # MySQL Server Parameters
+  # For more information: https://docs.microsoft.com/en-us/azure/mysql/concepts-server-parameters
+  mysql_configuration = {
+    interactive_timeout = "600"
+  }
+
+  # AD administrator for an Azure SQL server
+  # Allows you to set a user or group as the AD administrator for an Azure SQL server
+  ad_admin_login_name = "firstname.lastname@example.com"
+
+  # (Optional) To enable Azure Monitoring for Azure MySQL database
+  # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
+  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
+  # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
+
+  firewall_rules = {
+    access-to-azure = {
+      start_ip_address = "0.0.0.0"
+      end_ip_address   = "0.0.0.0"
+    },
+    desktop-ip = {
+      start_ip_address = "49.204.228.223"
+      end_ip_address   = "49.204.228.223"
+    }
+  }
+
+  # Tags for Azure Resources
+  tags = {
+    Terraform   = "true"
+    Environment = "dev"
+    Owner       = "test-user"
+  }
+}
+```
+
+## Terraform Usage
+
+To run this example you need to execute following Terraform commands
+
+```hcl
+terraform init
+
+terraform plan
+
+terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.
diff --git a/example/complete/main.tf b/example/complete/main.tf
@@ -1,8 +1,6 @@
 module "mssql-server" {
-  //  source  = "kumarvna/mysql-db/azurerm"
-  //  version = "1.0.0"
-  //source = "../../"
-  source = "github.com/kumarvna/terraform-azurerm-mysql-db?ref=develop"
+  source  = "kumarvna/mysql-db/azurerm"
+  version = "1.0.0"
 
   # By default, this module will not create a resource group
   # proivde a name to use an existing resource group, specify the existing resource group name,
@@ -12,8 +10,8 @@ module "mssql-server" {
   location              = "westeurope"
 
   # MySQL Server and Database settings
-  # 
   mysqlserver_name = "roshmysqldbsrv01"
+  
   mysqlserver_settings = {
     sku_name   = "B_Gen5_2"
     storage_mb = 5120
@@ -32,28 +30,20 @@ module "mssql-server" {
     ssl_minimal_tls_version_enforced  = "TLS1_2"
   }
 
+  # MySQL Server Parameters
+  # For more information: https://docs.microsoft.com/en-us/azure/mysql/concepts-server-parameters
   mysql_configuration = {
     interactive_timeout = "600"
   }
-  # SQL server extended auditing policy defaults to `true`. 
-  # To turn off set enable_sql_server_extended_auditing_policy to `false`  
-  # DB extended auditing policy defaults to `false`. 
-  # to tun on set the variable `enable_database_extended_auditing_policy` to `true` 
-  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
-  enable_threat_detection_policy = false
-  #log_retention_days             = 30
-  #email_addresses_for_alerts     = ["user@example.com", "firstname.lastname@example.com"]
 
   # AD administrator for an Azure SQL server
   # Allows you to set a user or group as the AD administrator for an Azure SQL server
   ad_admin_login_name = "firstname.lastname@example.com"
 
-  /*
-  # (Optional) To enable Azure Monitoring for Azure SQL database including audit logs
-  # log analytic workspace name required
-  enable_log_monitoring        = true
+  # (Optional) To enable Azure Monitoring for Azure MySQL database
+  # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
   log_analytics_workspace_name = "loganalytics-we-sharedtest2"
-*/
+
   # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
 
   firewall_rules = {
diff --git a/main.tf b/main.tf
@@ -10,7 +10,6 @@ locals {
     charset   = "utf8"
     collation = "utf8_unicode_ci"
   })
-
 }
 
 #---------------------------------------------------------
@@ -172,3 +171,37 @@ resource "azurerm_mysql_server_key" "example" {
   server_id        = azurerm_mysql_server.main.id
   key_vault_key_id = var.key_vault_key_id
 }
+
+#------------------------------------------------------------------
+# azurerm monitoring diagnostics  - Default is "false" 
+#------------------------------------------------------------------
+resource "azurerm_monitor_diagnostic_setting" "extaudit" {
+  count                      = var.log_analytics_workspace_name != null ? 1 : 0
+  name                       = lower("extaudit-${var.mysqlserver_name}-diag")
+  target_resource_id         = azurerm_mysql_server.main.id
+  log_analytics_workspace_id = data.azurerm_log_analytics_workspace.logws.0.id
+  storage_account_id         = var.enable_threat_detection_policy ? azurerm_storage_account.storeacc.0.id : null
+
+  dynamic "log" {
+    for_each = var.extaudit_diag_logs
+    content {
+      category = log.value
+      enabled  = true
+      retention_policy {
+        enabled = false
+      }
+    }
+  }
+
+  metric {
+    category = "AllMetrics"
+
+    retention_policy {
+      enabled = false
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [log, metric]
+  }
+}
diff --git a/output.tf b/output.tf
@@ -0,0 +1,20 @@
+output "resource_group_name" {
+  description = "The name of the resource group in which resources are created"
+  value       = local.resource_group_name
+}
+
+output "resource_group_location" {
+  description = "The location of the resource group in which resources are created"
+  value       = local.location
+}
+
+output "storage_account_id" {
+  description = "The ID of the storage account"
+  value       = element(concat(azurerm_storage_account.storeacc.*.id, [""]), 0)
+}
+
+output "storage_account_name" {
+  description = "The name of the storage account"
+  value       = element(concat(azurerm_storage_account.storeacc.*.name, [""]), 0)
+}
+
diff --git a/variables.tf b/variables.tf
@@ -108,6 +108,16 @@ variable "ad_admin_login_name" {
   default     = null
 }
 
+variable "key_vault_key_id" {
+  description = "The URL to a Key Vault Key"
+  default     = null
+}
+
+variable "extaudit_diag_logs" {
+  description = "Database Monitoring Category details for Azure Diagnostic setting"
+  default     = ["MySqlSlowLogs", "MySqlAuditLogs"]
+}
+
 variable "tags" {
   description = "A map of tags to add to all resources"
   type        = map(string)
