Skip to content

Latest commit

 

History

History
99 lines (76 loc) · 3.76 KB

index.md

File metadata and controls

99 lines (76 loc) · 3.76 KB
layout page_title description
Provider: MS SQL Server
The provider can be used to configure objects in Microsoft SQL Server and Azure SQL instances.

MS SQL provider

The provider can be used to configure objects in Microsoft SQL Server and Azure SQL instances.

Authentication methods

SQL auth

Provider username and password, using sql_auth field:

provider "mssql" {
  hostname = "localhost"
  port     = 1433

  sql_auth = {
    username = "sa"
    password = "sa_password"
  }
}

Azure AD

In case of Azure SQL connections, Azure Active Directory auth tokens can be used to authenticate.


#### Service Principal Provide client ID (a.k.a. application ID), secret and tenant ID, using `azure_auth` field: ```terraform provider "mssql" { hostname = "example.database.windows.net" port = 1433

azure_auth = { client_id = "94e8d55d-cbbc-4e41-b21a-8923d83f9a85" client_secret = "client_secret" tenant_id = "a352c914-bfd9-4b7e-8b1d-554a58353f22" } }


<br/>
#### Default chained credentials
When `azure_auth` value is set to empty object (`{}`), the provider uses chained credentials built from `EnvironmentCredential` -> `ManagedIdentityCredential` -> `AzureCLICredential`.
See [DefaultAzureCredential docs](https://github.com/Azure/azure-sdk-for-go/wiki/Set-up-Your-Environment-for-Authentication#configure-defaultazurecredential) for details.

<br/>
#### Environment variables
When `azure_auth` value is set to empty object (`{}`) and following environment variables are set, the env variable values will be used for authentication, taking precedence over `DefaultAzureCredential`.
- `ARM_CLIENT_ID`
- `ARM_CLIENT_SECRET`
- `ARM_TENANT_ID`

<br/>
Example:
```terraform
provider "mssql" {
  hostname   = "example.database.windows.net"
  port       = 1433
  azure_auth = {}
}

Computed connection provider configuration

Provider can be used, with certain limitations, with computed provider configuration. For example, provider's hostname can be sourced from azurerm_mssql_server.fully_qualified_domain_name. As shown in this Azure SQL example

~> Warning When connection details are computed and not known during plan execution (e.g. SQL Server resource returning FQDN is planned to be recreated), the state cannot contain any previously created mssql_* resources. In such case error will be reported, as the provider does not have enough information to generate correct plan.

Schema

Optional

  • azure_auth (Attributes) When provided, Azure AD authentication will be used when connecting. (see below for nested schema)
  • hostname (String) FQDN or IP address of the SQL endpoint. Can be also set using MSSQL_HOSTNAME environment variable.
  • port (Number) TCP port of SQL endpoint. Defaults to 1433. Can be also set using MSSQL_PORT environment variable.
  • sql_auth (Attributes) When provided, SQL authentication will be used when connecting. (see below for nested schema)

Nested Schema for azure_auth

Optional:

  • client_id (String) Service Principal client (application) ID. When omitted, default, chained set of credentials will be used.
  • client_secret (String, Sensitive) Service Principal secret. When omitted, default, chained set of credentials will be used.
  • tenant_id (String) Azure AD tenant ID. Required only if Azure SQL Server's tenant is different than Service Principal's.

Nested Schema for sql_auth

Required:

  • password (String, Sensitive) Password for SQL authentication.
  • username (String) User name for SQL authentication.