final configuration for version 1.0

Author: kumarvna

README.md

@@ -2,6 +2,17 @@
 
 Azure Database for MySQL is easy to set up, manage and scale. It automates the management and maintenance of your infrastructure and database server, including routine updates, backups and security. Enjoy maximum control of database management with custom maintenance windows and multiple configuration parameters for fine grained tuning with Flexible Server (Preview).
 
+## Resources are supported
+
+* [MySQL Servers](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server)
+* [MySQL Database](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_database)
+* [MySQL Configuration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_configuration)
+* [MySQL Firewall Rules](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_firewall_rule)
+* [MySQL Active Directory Administrator](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_active_directory_administrator)
+* [MySQL Customer Managed Key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server_key)
+* [MySQL Virtual Network Rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_virtual_network_rule)
+* [MySQL Diagnostics](https://docs.microsoft.com/en-us/azure/azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure?tabs=azure-portal)
+
 ## Module Usage
 
 ```hcl
@@ -72,3 +83,64 @@ module "mssql-server" {
   }
 }
 ```
+
+## Requirements
+
+| Name      | Version   |
+| --------- | --------- |
+| terraform | >= 0.13   |
+| azurerm   | >= 2.59.0 |
+
+## Providers
+
+| Name    | Version   |
+| ------- | --------- |
+| azurerm | >= 2.59.0 |
+
+## Inputs
+
+| Name | Description | Type | Default |
+|--|--|--|--|
+`create_resource_group` | Whether to create resource group and use it for all networking resources | string | `"false"`
+`resource_group_name` | The name of the resource group in which resources are created | string | `""`
+`location` | The location of the resource group in which resources are created | string | `""`
+`log_analytics_workspace_name`|The name of log analytics workspace name|string|`null`
+`random_password_length`|The desired length of random password created by this module|string|`24`
+`subnet_id`|The resource ID of the subnet|string|`null`
+`mysqlserver_name`|MySQL server Name|string|`""`
+`admin_username`|The username of the local administrator used for the SQL Server|string|`"sqladmin"`
+`admin_password`|The Password which should be used for the local-administrator on this SQL Server|string|`null`
+`identity`|If you want your SQL Server to have an managed identity. Defaults to false|string|`false`
+`mysqlserver_settings`|MySQL server settings|object({})|`{}`
+`storage_account_name`|The name of the storage account name|string|`null`
+`enable_threat_detection_policy`|Threat detection policy configuration, known in the API as Server Security Alerts Policy|string|`false`
+`email_addresses_for_alerts`|Account administrators email for alerts|`list(any)`|`""`
+`disabled_alerts`|Specifies an array of alerts that are disabled. Allowed values are: `Sql_Injection`, `Sql_Injection_Vulnerability`, `Access_Anomaly`, `Data_Exfiltration`, `Unsafe_Action`|list(any)|`[]`
+`log_retention_days`|Specifies the number of days to keep in the Threat Detection audit logs|number|`30`
+`mysql_configuration`|Sets a MySQL Configuration value on a MySQL Server|map(string)|`{}`
+firewall_rules|Range of IP addresses to allow firewall connections|map(object({}))|`null`
+`ad_admin_login_name`|The login name of the principal to set as the server administrator|string|`null`
+`key_vault_key_id`|The URL to a Key Vault custom managed key|string|`null`
+`extaudit_diag_logs`|Database Monitoring Category details for Azure Diagnostic setting|list(string)|`["MySqlSlowLogs", "MySqlAuditLogs"]`
+`Tags` | A map of tags to add to all resources | map | `{}`
+
+## Outputs
+
+| Name | Description |
+|--|--|
+`mysql_server_id`|The resource ID of the MySQL Server
+`mysql_server_fqdn`|The FQDN of the MySQL Server
+`mysql_database_id`|The resource ID of the MySQL Database
+
+## Resource Graph
+
+![Resource Graph](graph.png)
+
+## Authors
+
+Originally created by [Kumaraswamy Vithanala](mailto:kumarvna@gmail.com)
+
+## Other resources
+
+* [Azure database for MySQL](https://docs.microsoft.com/en-us/azure/mysql/)
+* [Terraform AzureRM Provider Documentation](https://www.terraform.io/docs/providers/azurerm/index.html)

example/complete/main.tf

@@ -1,7 +1,7 @@
 module "mssql-server" {
-  source  = "kumarvna/mysql-db/azurerm"
-  version = "1.0.0"
-
+  //  source  = "kumarvna/mysql-db/azurerm"
+  // version = "1.0.0"
+  source = "../../"
   # By default, this module will not create a resource group
   # proivde a name to use an existing resource group, specify the existing resource group name,
   # and set the argument to `create_resource_group = false`. Location will be same as existing RG.
@@ -11,9 +11,9 @@ module "mssql-server" {
 
   # MySQL Server and Database settings
   mysqlserver_name = "roshmysqldbsrv01"
-  
+
   mysqlserver_settings = {
-    sku_name   = "B_Gen5_2"
+    sku_name   = "GP_Gen5_16"
     storage_mb = 5120
     version    = "5.7"
     # Database name, charset and collection arguments  
@@ -36,10 +36,23 @@ module "mssql-server" {
     interactive_timeout = "600"
   }
 
+  # Use Virtual Network service endpoints and rules for Azure Database for MySQL
+  subnet_id = var.subnet_id
+
+  # The URL to a Key Vault custom managed key
+  key_vault_key_id = var.key_vault_key_id
+
+  # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
+  enable_threat_detection_policy = true
+  log_retention_days             = 30
+  email_addresses_for_alerts     = ["user@example.com", "firstname.lastname@example.com"]
+
   # AD administrator for an Azure SQL server
   # Allows you to set a user or group as the AD administrator for an Azure SQL server
   ad_admin_login_name = "firstname.lastname@example.com"
 
+
+
   # (Optional) To enable Azure Monitoring for Azure MySQL database
   # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
   log_analytics_workspace_name = "loganalytics-we-sharedtest2"

example/complete/variables.tf

@@ -0,0 +1,9 @@
+variable "key_vault_key_id" {
+  description = "The URL to a Key Vault Key"
+  default     = null
+}
+
+variable "subnet_id" {
+  description = "The resource ID of the subnet"
+  default     = null
+}

main.tf

@@ -172,6 +172,17 @@ resource "azurerm_mysql_server_key" "example" {
   key_vault_key_id = var.key_vault_key_id
 }
 
+#--------------------------------------------------------------------------------
+# Allowing traffic between an Azure SQL server and a subnet - Default is "false"
+#--------------------------------------------------------------------------------
+resource "azurerm_mysql_virtual_network_rule" "main" {
+  count               = var.subnet_id != null ? 1 : 0
+  name                = format("%s-vnet-rule", var.mysqlserver_name)
+  resource_group_name = local.resource_group_name
+  server_name         = azurerm_mysql_server.main.name
+  subnet_id           = var.subnet_id
+}
+
 #------------------------------------------------------------------
 # azurerm monitoring diagnostics  - Default is "false" 
 #------------------------------------------------------------------

output.tf

@@ -18,3 +18,18 @@ output "storage_account_name" {
   value       = element(concat(azurerm_storage_account.storeacc.*.name, [""]), 0)
 }
 
+output "mysql_server_id" {
+  description = "The resource ID of the MySQL Server"
+  value       = azurerm_mysql_server.main.id
+}
+
+output "mysql_server_fqdn" {
+  description = "The FQDN of the MySQL Server"
+  value       = azurerm_mysql_server.main.fqdn
+}
+
+output "mysql_database_id" {
+  description = "The resource ID of the MySQL Database"
+  value       = azurerm_mysql_database.main.id
+}
+

variables.tf

@@ -13,6 +13,11 @@ variable "location" {
   default     = ""
 }
 
+variable "subnet_id" {
+  description = "The resource ID of the subnet"
+  default     = ""
+}
+
 variable "log_analytics_workspace_name" {
   description = "The name of log analytics workspace name"
   default     = null
@@ -24,7 +29,7 @@ variable "random_password_length" {
 }
 
 variable "mysqlserver_name" {
-  description = "SQL server Name"
+  description = "MySQL server Name"
   default     = ""
 }
 
@@ -44,6 +49,7 @@ variable "identity" {
 }
 
 variable "mysqlserver_settings" {
+  description = "MySQL server settings"
   type = object({
     sku_name                          = string
     version                           = string
@@ -67,7 +73,7 @@ variable "storage_account_name" {
 }
 
 variable "enable_threat_detection_policy" {
-  description = ""
+  description = "Threat detection policy configuration, known in the API as Server Security Alerts Policy"
   default     = false
 }