Fix of CreateUpdate mechanism

hashicorp · Oct 15, 2021 · 8ebace3 · 8ebace3
1 parent 255b4ee
commit 8ebace3
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 11 deletions.
diff --git a/internal/services/mssql/client/client.go b/internal/services/mssql/client/client.go
@@ -21,6 +21,7 @@ type Client struct {
 	ReplicationLinksClient                             *sql.ReplicationLinksClient
 	RestorableDroppedDatabasesClient                   *sql.RestorableDroppedDatabasesClient
 	ServerAzureADAdministratorsClient                  *sql.ServerAzureADAdministratorsClient
+	ServerAzureADOnlyAuthenticationsClient             *sql.ServerAzureADOnlyAuthenticationsClient
 	ServerConnectionPoliciesClient                     *sql.ServerConnectionPoliciesClient
 	ServerExtendedBlobAuditingPoliciesClient           *sql.ExtendedServerBlobAuditingPoliciesClient
 	ServerSecurityAlertPoliciesClient                  *sql.ServerSecurityAlertPoliciesClient
@@ -85,6 +86,9 @@ func NewClient(o *common.ClientOptions) *Client {
 	serverAzureADAdministratorsClient := sql.NewServerAzureADAdministratorsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&serverAzureADAdministratorsClient.Client, o.ResourceManagerAuthorizer)
 
+	serverAzureADOnlyAuthenticationsClient := sql.NewServerAzureADOnlyAuthenticationsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&serverAzureADOnlyAuthenticationsClient.Client, o.ResourceManagerAuthorizer)
+
 	serversClient := sql.NewServersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&serversClient.Client, o.ResourceManagerAuthorizer)
 
@@ -122,6 +126,7 @@ func NewClient(o *common.ClientOptions) *Client {
 		ReplicationLinksClient:                             &replicationLinksClient,
 		RestorableDroppedDatabasesClient:                   &restorableDroppedDatabasesClient,
 		ServerAzureADAdministratorsClient:                  &serverAzureADAdministratorsClient,
+		ServerAzureADOnlyAuthenticationsClient:             &serverAzureADOnlyAuthenticationsClient,
 		ServersClient:                                      &serversClient,
 		ServerExtendedBlobAuditingPoliciesClient:           &serverExtendedBlobAuditingPoliciesClient,
 		ServerConnectionPoliciesClient:                     &serverConnectionPoliciesClient,

diff --git a/internal/services/mssql/mssql_server_resource.go b/internal/services/mssql/mssql_server_resource.go
@@ -215,6 +215,7 @@ func resourceMsSqlServerCreateUpdate(d *pluginsdk.ResourceData, meta interface{}
 	auditingClient := meta.(*clients.Client).MSSQL.ServerExtendedBlobAuditingPoliciesClient
 	connectionClient := meta.(*clients.Client).MSSQL.ServerConnectionPoliciesClient
 	adminClient := meta.(*clients.Client).MSSQL.ServerAzureADAdministratorsClient
+	aadOnlyAuthentictionsClient := meta.(*clients.Client).MSSQL.ServerAzureADOnlyAuthenticationsClient
 	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -288,6 +289,18 @@ func resourceMsSqlServerCreateUpdate(d *pluginsdk.ResourceData, meta interface{}
 	d.SetId(id.ID())
 
 	if d.HasChange("azuread_administrator") {
+		aadOnlyAuthentictionsFuture, err := aadOnlyAuthentictionsClient.Delete(ctx, id.ResourceGroup, id.Name)
+		if err != nil {
+			if aadOnlyAuthentictionsFuture.Response().StatusCode != 400 {
+				return fmt.Errorf("deleting AD Only Authentications %s: %+v", id.String(), err)
+			}
+			log.Printf("[INFO] AD Only Authentication is not removed as AD Admin is not set for %s: %+v", id.String(), err)
+		} else {
+			if err = aadOnlyAuthentictionsFuture.WaitForCompletionRef(ctx, adminClient.Client); err != nil {
+				return fmt.Errorf("waiting for deletion of AD Only Authentications %s: %+v", id.String(), err)
+			}
+		}
+
 		adminDelFuture, err := adminClient.Delete(ctx, id.ResourceGroup, id.Name)
 		if err != nil {
 			return fmt.Errorf("deleting AAD admin  %s: %+v", id.String(), err)
@@ -306,6 +319,15 @@ func resourceMsSqlServerCreateUpdate(d *pluginsdk.ResourceData, meta interface{}
 			if err = adminFuture.WaitForCompletionRef(ctx, adminClient.Client); err != nil {
 				return fmt.Errorf("waiting for creation of AAD admin %s: %+v", id.String(), err)
 			}
+
+			if aadOnlyAuthentictionsEnabled := expandMsSqlServerAADOnlyAuthentictions(d.Get("azuread_administrator").([]interface{})); aadOnlyAuthentictionsEnabled {
+				aadOnlyAuthentictionsParams := sql.ServerAzureADOnlyAuthentication{
+					AzureADOnlyAuthProperties: &sql.AzureADOnlyAuthProperties{
+						AzureADOnlyAuthentication: utils.Bool(aadOnlyAuthentictionsEnabled),
+					},
+				}
+				aadOnlyAuthentictionsClient.CreateOrUpdate(ctx, id.ResourceGroup, id.Name, aadOnlyAuthentictionsParams)
+			}
 		}
 	}
 
@@ -500,6 +522,17 @@ func flattenSqlServerIdentity(identity *sql.ResourceIdentity) ([]interface{}, er
 	return []interface{}{result}, nil
 }
 
+func expandMsSqlServerAADOnlyAuthentictions(input []interface{}) bool {
+	if len(input) == 0 || input[0] == nil {
+		return false
+	}
+	admin := input[0].(map[string]interface{})
+	if v, ok := admin["azuread_only_authentication"]; ok && v != nil {
+		return v.(bool)
+	}
+	return false
+}
+
 func expandMsSqlServerAdministrator(input []interface{}) *sql.ServerAzureADAdministrator {
 	if len(input) == 0 || input[0] == nil {
 		return nil
@@ -516,11 +549,6 @@ func expandMsSqlServerAdministrator(input []interface{}) *sql.ServerAzureADAdmin
 		},
 	}
 
-	if v, ok := admin["azuread_only_authentication"]; ok {
-		adOnly, _ := v.(bool)
-		adminParams.AzureADOnlyAuthentication = &adOnly
-	}
-
 	if v, ok := admin["tenant_id"]; ok && v != "" {
 		tid, _ := uuid.FromString(v.(string))
 		adminParams.TenantID = &tid
@@ -543,17 +571,17 @@ func flatternMsSqlServerAdministrator(admin sql.ServerAzureADAdministrator) []in
 		tid = admin.TenantID.String()
 	}
 
-	var adOnly bool
+	var aadOnlyAuthentictionsEnabled bool
 	if admin.AzureADOnlyAuthentication != nil {
-		adOnly = *admin.AzureADOnlyAuthentication
+		aadOnlyAuthentictionsEnabled = *admin.AzureADOnlyAuthentication
 	}
 
 	return []interface{}{
 		map[string]interface{}{
 			"login_username":              login,
 			"object_id":                   sid,
 			"tenant_id":                   tid,
-			"azuread_only_authentication": adOnly,
+			"azuread_only_authentication": aadOnlyAuthentictionsEnabled,
 		},
 	}
 }

diff --git a/internal/services/mssql/mssql_server_resource_test.go b/internal/services/mssql/mssql_server_resource_test.go
@@ -618,9 +618,9 @@ resource "azurerm_mssql_server" "test" {
   administrator_login_password = "thisIsKat11"
 
   azuread_administrator {
-    login_username                = "AzureAD Admin2"
-    object_id                     = data.azuread_service_principal.test.id
-    azuread_only_authentication   = true
+    login_username              = "AzureAD Admin2"
+    object_id                   = data.azuread_service_principal.test.id
+    azuread_only_authentication = true
   }
 }
 `, data.RandomInteger, data.Locations.Primary, os.Getenv("ARM_CLIENT_ID"))