diff --git a/avm/res/sql/server/README.md b/avm/res/sql/server/README.md index 032341619cd..1129ccf620b 100644 --- a/avm/res/sql/server/README.md +++ b/avm/res/sql/server/README.md @@ -22,18 +22,19 @@ This module deploys an Azure SQL Server. | `Microsoft.KeyVault/vaults/secrets` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2023-07-01/vaults/secrets) | | `Microsoft.Network/privateEndpoints` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.Sql/servers` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers) | -| `Microsoft.Sql/servers/auditingSettings` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/auditingSettings) | -| `Microsoft.Sql/servers/databases` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/databases) | +| `Microsoft.Sql/servers` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers) | +| `Microsoft.Sql/servers/auditingSettings` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/auditingSettings) | +| `Microsoft.Sql/servers/databases` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/databases) | | `Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-05-01-preview/servers/databases/backupLongTermRetentionPolicies) | -| `Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies) | -| `Microsoft.Sql/servers/elasticPools` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/elasticPools) | -| `Microsoft.Sql/servers/encryptionProtector` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/encryptionProtector) | -| `Microsoft.Sql/servers/firewallRules` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/firewallRules) | -| `Microsoft.Sql/servers/keys` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/keys) | -| `Microsoft.Sql/servers/securityAlertPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/securityAlertPolicies) | -| `Microsoft.Sql/servers/virtualNetworkRules` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/virtualNetworkRules) | -| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/vulnerabilityAssessments) | +| `Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/databases/backupShortTermRetentionPolicies) | +| `Microsoft.Sql/servers/elasticPools` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/elasticPools) | +| `Microsoft.Sql/servers/encryptionProtector` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/encryptionProtector) | +| `Microsoft.Sql/servers/failoverGroups` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2024-05-01-preview/servers/failoverGroups) | +| `Microsoft.Sql/servers/firewallRules` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/firewallRules) | +| `Microsoft.Sql/servers/keys` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/keys) | +| `Microsoft.Sql/servers/securityAlertPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/securityAlertPolicies) | +| `Microsoft.Sql/servers/virtualNetworkRules` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/virtualNetworkRules) | +| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/vulnerabilityAssessments) | ## Usage examples @@ -47,11 +48,12 @@ The following section provides usage examples for the module, which were used to - [With audit settings](#example-2-with-audit-settings) - [Using only defaults](#example-3-using-only-defaults) - [Using elastic pool](#example-4-using-elastic-pool) -- [Deploying with a key vault reference to save secrets](#example-5-deploying-with-a-key-vault-reference-to-save-secrets) -- [Using large parameter set](#example-6-using-large-parameter-set) -- [With a secondary database](#example-7-with-a-secondary-database) -- [With vulnerability assessment](#example-8-with-vulnerability-assessment) -- [WAF-aligned](#example-9-waf-aligned) +- [Using failover groups](#example-5-using-failover-groups) +- [Deploying with a key vault reference to save secrets](#example-6-deploying-with-a-key-vault-reference-to-save-secrets) +- [Using large parameter set](#example-7-using-large-parameter-set) +- [With a secondary database](#example-8-with-a-secondary-database) +- [With vulnerability assessment](#example-9-with-vulnerability-assessment) +- [WAF-aligned](#example-10-waf-aligned) ### Example 1: _With an administrator_ @@ -446,7 +448,313 @@ param location = ''

-### Example 5: _Deploying with a key vault reference to save secrets_ +### Example 5: _Using failover groups_ + +This instance deploys the module with failover groups. + + +

+ +via Bicep module + +```bicep +module server 'br/public:avm/res/sql/server:' = { + name: 'serverDeployment' + params: { + // Required parameters + name: 'ssfog001' + // Non-required parameters + administratorLogin: 'adminUserName' + administratorLoginPassword: '' + databases: [ + { + maxSizeBytes: 2147483648 + name: 'ssfog-db1' + sku: { + name: 'S1' + tier: 'Standard' + } + zoneRedundant: false + } + { + maxSizeBytes: 2147483648 + name: 'ssfog-db2' + sku: { + capacity: 2 + name: 'GP_Gen5' + tier: 'GeneralPurpose' + } + zoneRedundant: false + } + { + maxSizeBytes: 2147483648 + name: 'ssfog-db3' + sku: { + name: 'S1' + tier: 'Standard' + } + zoneRedundant: false + } + ] + failoverGroups: [ + { + databases: [ + 'ssfog-db1' + ] + name: 'ssfog-fg-geo' + partnerServers: [ + '' + ] + readWriteEndpoint: { + failoverPolicy: 'Manual' + } + secondaryType: 'Geo' + } + { + databases: [ + 'ssfog-db2' + ] + name: 'ssfog-fg-standby' + partnerServers: [ + '' + ] + readWriteEndpoint: { + failoverPolicy: 'Automatic' + failoverWithDataLossGracePeriodMinutes: 60 + } + secondaryType: 'Standby' + } + { + databases: [ + 'ssfog-db3' + ] + name: 'ssfog-fg-readonly' + partnerServers: [ + '' + ] + readOnlyEndpoint: { + failoverPolicy: 'Enabled' + targetServer: '' + } + readWriteEndpoint: { + failoverPolicy: 'Manual' + } + secondaryType: 'Geo' + } + ] + location: '' + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "ssfog001" + }, + // Non-required parameters + "administratorLogin": { + "value": "adminUserName" + }, + "administratorLoginPassword": { + "value": "" + }, + "databases": { + "value": [ + { + "maxSizeBytes": 2147483648, + "name": "ssfog-db1", + "sku": { + "name": "S1", + "tier": "Standard" + }, + "zoneRedundant": false + }, + { + "maxSizeBytes": 2147483648, + "name": "ssfog-db2", + "sku": { + "capacity": 2, + "name": "GP_Gen5", + "tier": "GeneralPurpose" + }, + "zoneRedundant": false + }, + { + "maxSizeBytes": 2147483648, + "name": "ssfog-db3", + "sku": { + "name": "S1", + "tier": "Standard" + }, + "zoneRedundant": false + } + ] + }, + "failoverGroups": { + "value": [ + { + "databases": [ + "ssfog-db1" + ], + "name": "ssfog-fg-geo", + "partnerServers": [ + "" + ], + "readWriteEndpoint": { + "failoverPolicy": "Manual" + }, + "secondaryType": "Geo" + }, + { + "databases": [ + "ssfog-db2" + ], + "name": "ssfog-fg-standby", + "partnerServers": [ + "" + ], + "readWriteEndpoint": { + "failoverPolicy": "Automatic", + "failoverWithDataLossGracePeriodMinutes": 60 + }, + "secondaryType": "Standby" + }, + { + "databases": [ + "ssfog-db3" + ], + "name": "ssfog-fg-readonly", + "partnerServers": [ + "" + ], + "readOnlyEndpoint": { + "failoverPolicy": "Enabled", + "targetServer": "" + }, + "readWriteEndpoint": { + "failoverPolicy": "Manual" + }, + "secondaryType": "Geo" + } + ] + }, + "location": { + "value": "" + } + } +} +``` + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/res/sql/server:' + +// Required parameters +param name = 'ssfog001' +// Non-required parameters +param administratorLogin = 'adminUserName' +param administratorLoginPassword = '' +param databases = [ + { + maxSizeBytes: 2147483648 + name: 'ssfog-db1' + sku: { + name: 'S1' + tier: 'Standard' + } + zoneRedundant: false + } + { + maxSizeBytes: 2147483648 + name: 'ssfog-db2' + sku: { + capacity: 2 + name: 'GP_Gen5' + tier: 'GeneralPurpose' + } + zoneRedundant: false + } + { + maxSizeBytes: 2147483648 + name: 'ssfog-db3' + sku: { + name: 'S1' + tier: 'Standard' + } + zoneRedundant: false + } +] +param failoverGroups = [ + { + databases: [ + 'ssfog-db1' + ] + name: 'ssfog-fg-geo' + partnerServers: [ + '' + ] + readWriteEndpoint: { + failoverPolicy: 'Manual' + } + secondaryType: 'Geo' + } + { + databases: [ + 'ssfog-db2' + ] + name: 'ssfog-fg-standby' + partnerServers: [ + '' + ] + readWriteEndpoint: { + failoverPolicy: 'Automatic' + failoverWithDataLossGracePeriodMinutes: 60 + } + secondaryType: 'Standby' + } + { + databases: [ + 'ssfog-db3' + ] + name: 'ssfog-fg-readonly' + partnerServers: [ + '' + ] + readOnlyEndpoint: { + failoverPolicy: 'Enabled' + targetServer: '' + } + readWriteEndpoint: { + failoverPolicy: 'Manual' + } + secondaryType: 'Geo' + } +] +param location = '' +``` + +
+

+ +### Example 6: _Deploying with a key vault reference to save secrets_ This instance deploys the module saving all its secrets in a key vault. @@ -557,7 +865,7 @@ param secretsExportConfiguration = {

-### Example 6: _Using large parameter set_ +### Example 7: _Using large parameter set_ This instance deploys the module with most of its features enabled. @@ -1097,7 +1405,7 @@ param vulnerabilityAssessmentsObj = {

-### Example 7: _With a secondary database_ +### Example 8: _With a secondary database_ This instance deploys the module with a secondary database. @@ -1229,7 +1537,7 @@ param tags = {

-### Example 8: _With vulnerability assessment_ +### Example 9: _With vulnerability assessment_ This instance deploys the module with a vulnerability assessment. @@ -1412,7 +1720,7 @@ param vulnerabilityAssessmentsObj = {

-### Example 9: _WAF-aligned_ +### Example 10: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -1868,6 +2176,7 @@ param vulnerabilityAssessmentsObj = { | [`elasticPools`](#parameter-elasticpools) | array | The Elastic Pools to create in the server. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`encryptionProtectorObj`](#parameter-encryptionprotectorobj) | object | The encryption protection configuration. | +| [`failoverGroups`](#parameter-failovergroups) | array | The failover groups configuration. | | [`federatedClientId`](#parameter-federatedclientid) | string | The Client id used for cross tenant CMK scenario. | | [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the server. | | [`isIPv6Enabled`](#parameter-isipv6enabled) | string | Whether or not to enable IPv6 support for this server. | @@ -3068,6 +3377,140 @@ The encryption protector type. ] ``` +### Parameter: `failoverGroups` + +The failover groups configuration. + +- Required: No +- Type: array +- Default: `[]` + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`databases`](#parameter-failovergroupsdatabases) | array | List of databases in the failover group. | +| [`name`](#parameter-failovergroupsname) | string | The name of the failover group. | +| [`partnerServers`](#parameter-failovergroupspartnerservers) | array | List of the partner servers for the failover group. | +| [`readWriteEndpoint`](#parameter-failovergroupsreadwriteendpoint) | object | Read-write endpoint of the failover group instance. | +| [`secondaryType`](#parameter-failovergroupssecondarytype) | string | Databases secondary type on partner server. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`readOnlyEndpoint`](#parameter-failovergroupsreadonlyendpoint) | object | Read-only endpoint of the failover group instance. | + +### Parameter: `failoverGroups.databases` + +List of databases in the failover group. + +- Required: Yes +- Type: array + +### Parameter: `failoverGroups.name` + +The name of the failover group. + +- Required: Yes +- Type: string + +### Parameter: `failoverGroups.partnerServers` + +List of the partner servers for the failover group. + +- Required: Yes +- Type: array + +### Parameter: `failoverGroups.readWriteEndpoint` + +Read-write endpoint of the failover group instance. + +- Required: Yes +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`failoverPolicy`](#parameter-failovergroupsreadwriteendpointfailoverpolicy) | string | Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`failoverWithDataLossGracePeriodMinutes`](#parameter-failovergroupsreadwriteendpointfailoverwithdatalossgraceperiodminutes) | int | Grace period before failover with data loss is attempted for the read-write endpoint. | + +### Parameter: `failoverGroups.readWriteEndpoint.failoverPolicy` + +Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Automatic' + 'Manual' + ] + ``` + +### Parameter: `failoverGroups.readWriteEndpoint.failoverWithDataLossGracePeriodMinutes` + +Grace period before failover with data loss is attempted for the read-write endpoint. + +- Required: No +- Type: int + +### Parameter: `failoverGroups.secondaryType` + +Databases secondary type on partner server. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Geo' + 'Standby' + ] + ``` + +### Parameter: `failoverGroups.readOnlyEndpoint` + +Read-only endpoint of the failover group instance. + +- Required: No +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`failoverPolicy`](#parameter-failovergroupsreadonlyendpointfailoverpolicy) | string | Failover policy of the read-only endpoint for the failover group. | +| [`targetServer`](#parameter-failovergroupsreadonlyendpointtargetserver) | string | The target partner server where the read-only endpoint points to. | + +### Parameter: `failoverGroups.readOnlyEndpoint.failoverPolicy` + +Failover policy of the read-only endpoint for the failover group. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `failoverGroups.readOnlyEndpoint.targetServer` + +The target partner server where the read-only endpoint points to. + +- Required: Yes +- Type: string + ### Parameter: `federatedClientId` The Client id used for cross tenant CMK scenario. diff --git a/avm/res/sql/server/audit-settings/README.md b/avm/res/sql/server/audit-settings/README.md index 79759eb42a3..6fa594cb110 100644 --- a/avm/res/sql/server/audit-settings/README.md +++ b/avm/res/sql/server/audit-settings/README.md @@ -13,7 +13,7 @@ This module deploys an Azure SQL Server Audit Settings. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Sql/servers/auditingSettings` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/auditingSettings) | +| `Microsoft.Sql/servers/auditingSettings` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/auditingSettings) | ## Parameters diff --git a/avm/res/sql/server/database/README.md b/avm/res/sql/server/database/README.md index 9783dcfb7aa..dda27f0ab0f 100644 --- a/avm/res/sql/server/database/README.md +++ b/avm/res/sql/server/database/README.md @@ -14,9 +14,9 @@ This module deploys an Azure SQL Server Database. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Sql/servers/databases` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/databases) | +| `Microsoft.Sql/servers/databases` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/databases) | | `Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-05-01-preview/servers/databases/backupLongTermRetentionPolicies) | -| `Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies) | +| `Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/databases/backupShortTermRetentionPolicies) | ## Parameters diff --git a/avm/res/sql/server/database/backup-short-term-retention-policy/README.md b/avm/res/sql/server/database/backup-short-term-retention-policy/README.md index 711861fcd11..f484e634ba2 100644 --- a/avm/res/sql/server/database/backup-short-term-retention-policy/README.md +++ b/avm/res/sql/server/database/backup-short-term-retention-policy/README.md @@ -12,7 +12,7 @@ This module deploys an Azure SQL Server Database Short-Term Backup Retention Pol | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies) | +| `Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/databases/backupShortTermRetentionPolicies) | ## Parameters diff --git a/avm/res/sql/server/elastic-pool/README.md b/avm/res/sql/server/elastic-pool/README.md index 33336196b5d..8491a1de90c 100644 --- a/avm/res/sql/server/elastic-pool/README.md +++ b/avm/res/sql/server/elastic-pool/README.md @@ -12,7 +12,7 @@ This module deploys an Azure SQL Server Elastic Pool. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Sql/servers/elasticPools` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/elasticPools) | +| `Microsoft.Sql/servers/elasticPools` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/elasticPools) | ## Parameters diff --git a/avm/res/sql/server/encryption-protector/README.md b/avm/res/sql/server/encryption-protector/README.md index d2daaf2f960..5faaac72095 100644 --- a/avm/res/sql/server/encryption-protector/README.md +++ b/avm/res/sql/server/encryption-protector/README.md @@ -12,7 +12,7 @@ This module deploys an Azure SQL Server Encryption Protector. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Sql/servers/encryptionProtector` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/encryptionProtector) | +| `Microsoft.Sql/servers/encryptionProtector` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/encryptionProtector) | ## Parameters diff --git a/avm/res/sql/server/failover-group/README.md b/avm/res/sql/server/failover-group/README.md new file mode 100644 index 00000000000..6036d7f355e --- /dev/null +++ b/avm/res/sql/server/failover-group/README.md @@ -0,0 +1,164 @@ +# Azure SQL Server failover group `[Microsoft.Sql/servers/failoverGroups]` + +This module deploys Azure SQL Server failover group. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Sql/servers/failoverGroups` | [2024-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2024-05-01-preview/servers/failoverGroups) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`databases`](#parameter-databases) | array | List of databases in the failover group. | +| [`name`](#parameter-name) | string | The name of the failover group. | +| [`partnerServers`](#parameter-partnerservers) | array | List of the partner servers for the failover group. | +| [`readWriteEndpoint`](#parameter-readwriteendpoint) | object | Read-write endpoint of the failover group instance. | +| [`secondaryType`](#parameter-secondarytype) | string | Databases secondary type on partner server. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`serverName`](#parameter-servername) | string | The Name of SQL Server. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`readOnlyEndpoint`](#parameter-readonlyendpoint) | object | Read-only endpoint of the failover group instance. | + +### Parameter: `databases` + +List of databases in the failover group. + +- Required: Yes +- Type: array + +### Parameter: `name` + +The name of the failover group. + +- Required: Yes +- Type: string + +### Parameter: `partnerServers` + +List of the partner servers for the failover group. + +- Required: Yes +- Type: array + +### Parameter: `readWriteEndpoint` + +Read-write endpoint of the failover group instance. + +- Required: Yes +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`failoverPolicy`](#parameter-readwriteendpointfailoverpolicy) | string | Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`failoverWithDataLossGracePeriodMinutes`](#parameter-readwriteendpointfailoverwithdatalossgraceperiodminutes) | int | Grace period before failover with data loss is attempted for the read-write endpoint. | + +### Parameter: `readWriteEndpoint.failoverPolicy` + +Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Automatic' + 'Manual' + ] + ``` + +### Parameter: `readWriteEndpoint.failoverWithDataLossGracePeriodMinutes` + +Grace period before failover with data loss is attempted for the read-write endpoint. + +- Required: No +- Type: int + +### Parameter: `secondaryType` + +Databases secondary type on partner server. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Geo' + 'Standby' + ] + ``` + +### Parameter: `serverName` + +The Name of SQL Server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `readOnlyEndpoint` + +Read-only endpoint of the failover group instance. + +- Required: No +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`failoverPolicy`](#parameter-readonlyendpointfailoverpolicy) | string | Failover policy of the read-only endpoint for the failover group. | +| [`targetServer`](#parameter-readonlyendpointtargetserver) | string | The target partner server where the read-only endpoint points to. | + +### Parameter: `readOnlyEndpoint.failoverPolicy` + +Failover policy of the read-only endpoint for the failover group. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `readOnlyEndpoint.targetServer` + +The target partner server where the read-only endpoint points to. + +- Required: Yes +- Type: string + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the deployed failover group. | +| `resourceGroupName` | string | The resource group of the deployed failover group. | +| `resourceId` | string | The resource ID of the deployed failover group. | diff --git a/avm/res/sql/server/failover-group/main.bicep b/avm/res/sql/server/failover-group/main.bicep new file mode 100644 index 00000000000..2f08001ad1c --- /dev/null +++ b/avm/res/sql/server/failover-group/main.bicep @@ -0,0 +1,83 @@ +metadata name = 'Azure SQL Server failover group' +metadata description = 'This module deploys Azure SQL Server failover group.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. The name of the failover group.') +param name string + +@description('Conditional. The Name of SQL Server. Required if the template is used in a standalone deployment.') +param serverName string + +@description('Required. List of databases in the failover group.') +param databases string[] + +@description('Required. List of the partner servers for the failover group.') +param partnerServers string[] + +@description('Optional. Read-only endpoint of the failover group instance.') +param readOnlyEndpoint FailoverGroupReadOnlyEndpointType? + +@description('Required. Read-write endpoint of the failover group instance.') +param readWriteEndpoint FailoverGroupReadWriteEndpointType + +@description('Required. Databases secondary type on partner server.') +param secondaryType 'Geo' | 'Standby' + +resource server 'Microsoft.Sql/servers@2023-08-01-preview' existing = { + name: serverName +} + +// https://stackoverflow.com/questions/78337117/azure-sql-failover-group-fails-on-second-run +// https://github.com/Azure/bicep-types-az/issues/2153 + +resource failoverGroup 'Microsoft.Sql/servers/failoverGroups@2024-05-01-preview' = { + name: name + parent: server + properties: { + databases: [for db in databases: resourceId('Microsoft.Sql/servers/databases', serverName, db)] + partnerServers: [ + for partnerServer in partnerServers: { + id: resourceId(resourceGroup().name, 'Microsoft.Sql/servers', partnerServer) + } + ] + readOnlyEndpoint: !empty(readOnlyEndpoint) + ? { + failoverPolicy: readOnlyEndpoint!.failoverPolicy + targetServer: resourceId(resourceGroup().name, 'Microsoft.Sql/servers', readOnlyEndpoint!.targetServer) + } + : null + readWriteEndpoint: readWriteEndpoint + secondaryType: secondaryType + } +} + +// =============== // +// Outputs // +// =============== // + +@description('The name of the deployed failover group.') +output name string = failoverGroup.name + +@description('The resource ID of the deployed failover group.') +output resourceId string = failoverGroup.id + +@description('The resource group of the deployed failover group.') +output resourceGroupName string = resourceGroup().name + +@export() +type FailoverGroupReadOnlyEndpointType = { + @description('Required. Failover policy of the read-only endpoint for the failover group.') + failoverPolicy: 'Disabled' | 'Enabled' + + @description('Required. The target partner server where the read-only endpoint points to.') + targetServer: string +} + +@export() +type FailoverGroupReadWriteEndpointType = { + @description('Required. Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.') + failoverPolicy: 'Automatic' | 'Manual' + + @description('Optional. Grace period before failover with data loss is attempted for the read-write endpoint.') + failoverWithDataLossGracePeriodMinutes: int? +} diff --git a/avm/res/sql/server/failover-group/main.json b/avm/res/sql/server/failover-group/main.json new file mode 100644 index 00000000000..0febe667c8b --- /dev/null +++ b/avm/res/sql/server/failover-group/main.json @@ -0,0 +1,179 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.31.92.45157", + "templateHash": "3154093122727936526" + }, + "name": "Azure SQL Server failover group", + "description": "This module deploys Azure SQL Server failover group.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "FailoverGroupReadOnlyEndpointType": { + "type": "object", + "properties": { + "failoverPolicy": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Required. Failover policy of the read-only endpoint for the failover group." + } + }, + "targetServer": { + "type": "string", + "metadata": { + "description": "Required. The target partner server where the read-only endpoint points to." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "FailoverGroupReadWriteEndpointType": { + "type": "object", + "properties": { + "failoverPolicy": { + "type": "string", + "allowedValues": [ + "Automatic", + "Manual" + ], + "metadata": { + "description": "Required. Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required." + } + }, + "failoverWithDataLossGracePeriodMinutes": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Grace period before failover with data loss is attempted for the read-write endpoint." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the failover group." + } + }, + "serverName": { + "type": "string", + "metadata": { + "description": "Conditional. The Name of SQL Server. Required if the template is used in a standalone deployment." + } + }, + "databases": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of databases in the failover group." + } + }, + "partnerServers": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of the partner servers for the failover group." + } + }, + "readOnlyEndpoint": { + "$ref": "#/definitions/FailoverGroupReadOnlyEndpointType", + "nullable": true, + "metadata": { + "description": "Optional. Read-only endpoint of the failover group instance." + } + }, + "readWriteEndpoint": { + "$ref": "#/definitions/FailoverGroupReadWriteEndpointType", + "metadata": { + "description": "Required. Read-write endpoint of the failover group instance." + } + }, + "secondaryType": { + "type": "string", + "allowedValues": [ + "Geo", + "Standby" + ], + "metadata": { + "description": "Required. Databases secondary type on partner server." + } + } + }, + "resources": { + "server": { + "existing": true, + "type": "Microsoft.Sql/servers", + "apiVersion": "2023-08-01-preview", + "name": "[parameters('serverName')]" + }, + "failoverGroup": { + "type": "Microsoft.Sql/servers/failoverGroups", + "apiVersion": "2024-05-01-preview", + "name": "[format('{0}/{1}', parameters('serverName'), parameters('name'))]", + "properties": { + "copy": [ + { + "name": "databases", + "count": "[length(parameters('databases'))]", + "input": "[resourceId('Microsoft.Sql/servers/databases', parameters('serverName'), parameters('databases')[copyIndex('databases')])]" + }, + { + "name": "partnerServers", + "count": "[length(parameters('partnerServers'))]", + "input": { + "id": "[resourceId(resourceGroup().name, 'Microsoft.Sql/servers', parameters('partnerServers')[copyIndex('partnerServers')])]" + } + } + ], + "readOnlyEndpoint": "[if(not(empty(parameters('readOnlyEndpoint'))), createObject('failoverPolicy', parameters('readOnlyEndpoint').failoverPolicy, 'targetServer', resourceId(resourceGroup().name, 'Microsoft.Sql/servers', parameters('readOnlyEndpoint').targetServer)), null())]", + "readWriteEndpoint": "[parameters('readWriteEndpoint')]", + "secondaryType": "[parameters('secondaryType')]" + }, + "dependsOn": [ + "server" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed failover group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed failover group." + }, + "value": "[resourceId('Microsoft.Sql/servers/failoverGroups', parameters('serverName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed failover group." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/avm/res/sql/server/firewall-rule/README.md b/avm/res/sql/server/firewall-rule/README.md index cbb1d968e76..98ff8ac6a07 100644 --- a/avm/res/sql/server/firewall-rule/README.md +++ b/avm/res/sql/server/firewall-rule/README.md @@ -12,7 +12,7 @@ This module deploys an Azure SQL Server Firewall Rule. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Sql/servers/firewallRules` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/firewallRules) | +| `Microsoft.Sql/servers/firewallRules` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/firewallRules) | ## Parameters diff --git a/avm/res/sql/server/key/README.md b/avm/res/sql/server/key/README.md index 99f0e22b1dd..e724763397d 100644 --- a/avm/res/sql/server/key/README.md +++ b/avm/res/sql/server/key/README.md @@ -12,7 +12,7 @@ This module deploys an Azure SQL Server Key. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Sql/servers/keys` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/keys) | +| `Microsoft.Sql/servers/keys` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/keys) | ## Parameters diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep index 33c61e2822a..f212cdcc9d0 100644 --- a/avm/res/sql/server/main.bicep +++ b/avm/res/sql/server/main.bicep @@ -129,6 +129,9 @@ param auditSettings auditSettingsType = {} //Use the defaults from the child mod @description('Optional. Key vault reference and secret settings for the module\'s secrets export.') param secretsExportConfiguration secretsExportConfigurationType? +@description('Optional. The failover groups configuration.') +param failoverGroups FailoverGroupType[] = [] + var builtInRoleNames = { Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') @@ -516,6 +519,24 @@ module secretsExport 'modules/keyVaultExport.bicep' = if (secretsExportConfigura } } +module failover_groups 'failover-group/main.bicep' = [ + for (failoverGroup, index) in failoverGroups: { + name: '${uniqueString(deployment().name, location)}-Sql-FailoverGroup-${index}' + params: { + name: failoverGroup.name + serverName: server.name + databases: failoverGroup.databases + partnerServers: failoverGroup.partnerServers + readOnlyEndpoint: failoverGroup.?readOnlyEndpoint + readWriteEndpoint: failoverGroup.readWriteEndpoint + secondaryType: failoverGroup.secondaryType + } + dependsOn: [ + server_databases + ] + } +] + @description('The name of the deployed SQL server.') output name string = server.name @@ -559,6 +580,7 @@ import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-ty import { elasticPoolPerDatabaseSettingsType, elasticPoolSkuType } from 'elastic-pool/main.bicep' import { databaseSkuType, shortTermBackupRetentionPolicyType, longTermBackupRetentionPolicyType } from 'database/main.bicep' import { recurringScansType } from 'vulnerability-assessment/main.bicep' +import { FailoverGroupReadOnlyEndpointType, FailoverGroupReadWriteEndpointType } from 'failover-group/main.bicep' @export() type auditSettingsType = { @@ -900,3 +922,24 @@ type securityAlerPolicyType = { @description('Optional. Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs.') storageEndpoint: string? } + +@export() +type FailoverGroupType = { + @description('Required. The name of the failover group.') + name: string + + @description('Required. List of databases in the failover group.') + databases: string[] + + @description('Required. List of the partner servers for the failover group.') + partnerServers: string[] + + @description('Optional. Read-only endpoint of the failover group instance.') + readOnlyEndpoint: FailoverGroupReadOnlyEndpointType? + + @description('Required. Read-write endpoint of the failover group instance.') + readWriteEndpoint: FailoverGroupReadWriteEndpointType + + @description('Required. Databases secondary type on partner server.') + secondaryType: 'Geo' | 'Standby' +} diff --git a/avm/res/sql/server/main.json b/avm/res/sql/server/main.json index e6817c82b92..6c9535f100a 100644 --- a/avm/res/sql/server/main.json +++ b/avm/res/sql/server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.92.45157", - "templateHash": "2810003323744846464" + "templateHash": "5686412393030703115" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server.", @@ -861,6 +861,61 @@ "__bicep_export!": true } }, + "FailoverGroupType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the failover group." + } + }, + "databases": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of databases in the failover group." + } + }, + "partnerServers": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of the partner servers for the failover group." + } + }, + "readOnlyEndpoint": { + "$ref": "#/definitions/FailoverGroupReadOnlyEndpointType", + "nullable": true, + "metadata": { + "description": "Optional. Read-only endpoint of the failover group instance." + } + }, + "readWriteEndpoint": { + "$ref": "#/definitions/FailoverGroupReadWriteEndpointType", + "metadata": { + "description": "Required. Read-write endpoint of the failover group instance." + } + }, + "secondaryType": { + "type": "string", + "allowedValues": [ + "Geo", + "Standby" + ], + "metadata": { + "description": "Required. Databases secondary type on partner server." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, "_1.privateEndpointCustomDnsConfigType": { "type": "object", "properties": { @@ -1255,6 +1310,59 @@ } } }, + "FailoverGroupReadOnlyEndpointType": { + "type": "object", + "properties": { + "failoverPolicy": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Required. Failover policy of the read-only endpoint for the failover group." + } + }, + "targetServer": { + "type": "string", + "metadata": { + "description": "Required. The target partner server where the read-only endpoint points to." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "failover-group/main.bicep" + } + } + }, + "FailoverGroupReadWriteEndpointType": { + "type": "object", + "properties": { + "failoverPolicy": { + "type": "string", + "allowedValues": [ + "Automatic", + "Manual" + ], + "metadata": { + "description": "Required. Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required." + } + }, + "failoverWithDataLossGracePeriodMinutes": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Grace period before failover with data loss is attempted for the read-write endpoint." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "failover-group/main.bicep" + } + } + }, "lockType": { "type": "object", "properties": { @@ -1904,6 +2012,16 @@ "metadata": { "description": "Optional. Key vault reference and secret settings for the module's secrets export." } + }, + "failoverGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/FailoverGroupType" + }, + "defaultValue": [], + "metadata": { + "description": "Optional. The failover groups configuration." + } } }, "variables": { @@ -5559,6 +5677,220 @@ "dependsOn": [ "server" ] + }, + "failover_groups": { + "copy": { + "name": "failover_groups", + "count": "[length(parameters('failoverGroups'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Sql-FailoverGroup-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('failoverGroups')[copyIndex()].name]" + }, + "serverName": { + "value": "[parameters('name')]" + }, + "databases": { + "value": "[parameters('failoverGroups')[copyIndex()].databases]" + }, + "partnerServers": { + "value": "[parameters('failoverGroups')[copyIndex()].partnerServers]" + }, + "readOnlyEndpoint": { + "value": "[tryGet(parameters('failoverGroups')[copyIndex()], 'readOnlyEndpoint')]" + }, + "readWriteEndpoint": { + "value": "[parameters('failoverGroups')[copyIndex()].readWriteEndpoint]" + }, + "secondaryType": { + "value": "[parameters('failoverGroups')[copyIndex()].secondaryType]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.31.92.45157", + "templateHash": "15435538033459810136" + }, + "name": "Azure SQL Server failover group", + "description": "This module deploys Azure SQL Server failover group.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "FailoverGroupReadOnlyEndpointType": { + "type": "object", + "properties": { + "failoverPolicy": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Required. Failover policy of the read-only endpoint for the failover group." + } + }, + "targetServer": { + "type": "string", + "metadata": { + "description": "Required. The target partner server where the read-only endpoint points to." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "FailoverGroupReadWriteEndpointType": { + "type": "object", + "properties": { + "failoverPolicy": { + "type": "string", + "allowedValues": [ + "Automatic", + "Manual" + ], + "metadata": { + "description": "Required. Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required." + } + }, + "failoverWithDataLossGracePeriodMinutes": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Grace period before failover with data loss is attempted for the read-write endpoint." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the failover group." + } + }, + "serverName": { + "type": "string", + "metadata": { + "description": "Conditional. The Name of SQL Server. Required if the template is used in a standalone deployment." + } + }, + "databases": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of databases in the failover group." + } + }, + "partnerServers": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of the partner servers for the failover group." + } + }, + "readOnlyEndpoint": { + "$ref": "#/definitions/FailoverGroupReadOnlyEndpointType", + "nullable": true, + "metadata": { + "description": "Optional. Read-only endpoint of the failover group instance." + } + }, + "readWriteEndpoint": { + "$ref": "#/definitions/FailoverGroupReadWriteEndpointType", + "metadata": { + "description": "Required. Read-write endpoint of the failover group instance." + } + }, + "secondaryType": { + "type": "string", + "allowedValues": [ + "Geo", + "Standby" + ], + "metadata": { + "description": "Required. Databases secondary type on partner server." + } + } + }, + "resources": { + "server": { + "existing": true, + "type": "Microsoft.Sql/servers", + "apiVersion": "2023-08-01-preview", + "name": "[parameters('serverName')]" + }, + "failoverGroup": { + "type": "Microsoft.Sql/servers/failoverGroups", + "apiVersion": "2024-05-01-preview", + "name": "[format('{0}/{1}', parameters('serverName'), parameters('name'))]", + "properties": { + "copy": [ + { + "name": "databases", + "count": "[length(parameters('databases'))]", + "input": "[resourceId('Microsoft.Sql/servers/databases', parameters('serverName'), parameters('databases')[copyIndex('databases')])]" + }, + { + "name": "partnerServers", + "count": "[length(parameters('partnerServers'))]", + "input": { + "id": "[resourceId(resourceGroup().name, 'Microsoft.Sql/servers', parameters('partnerServers')[copyIndex('partnerServers')])]" + } + } + ], + "readOnlyEndpoint": "[if(not(empty(parameters('readOnlyEndpoint'))), createObject('failoverPolicy', parameters('readOnlyEndpoint').failoverPolicy, 'targetServer', resourceId(resourceGroup().name, 'Microsoft.Sql/servers', parameters('readOnlyEndpoint').targetServer)), null())]", + "readWriteEndpoint": "[parameters('readWriteEndpoint')]", + "secondaryType": "[parameters('secondaryType')]" + }, + "dependsOn": [ + "server" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed failover group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed failover group." + }, + "value": "[resourceId('Microsoft.Sql/servers/failoverGroups', parameters('serverName'), parameters('name'))]" + } + } + } + }, + "dependsOn": [ + "server", + "server_databases" + ] } }, "outputs": { diff --git a/avm/res/sql/server/security-alert-policy/README.md b/avm/res/sql/server/security-alert-policy/README.md index 822cc94cca4..63a07fbb0e0 100644 --- a/avm/res/sql/server/security-alert-policy/README.md +++ b/avm/res/sql/server/security-alert-policy/README.md @@ -12,7 +12,7 @@ This module deploys an Azure SQL Server Security Alert Policy. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Sql/servers/securityAlertPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/securityAlertPolicies) | +| `Microsoft.Sql/servers/securityAlertPolicies` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/securityAlertPolicies) | ## Parameters diff --git a/avm/res/sql/server/tests/e2e/failover-group/main.test.bicep b/avm/res/sql/server/tests/e2e/failover-group/main.test.bicep new file mode 100644 index 00000000000..2c238ed69ce --- /dev/null +++ b/avm/res/sql/server/tests/e2e/failover-group/main.test.bicep @@ -0,0 +1,151 @@ +targetScope = 'subscription' + +metadata name = 'Using failover groups' +metadata description = 'This instance deploys the module with failover groups.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-sql.servers-${serviceShort}-rg' + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'ssfog' + +@description('Optional. The password to leverage for the login.') +@secure() +param password string = newGuid() + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// Use paired regions +// https://learn.microsoft.com/en-us/azure/reliability/cross-region-replication-azure +var locationPrimary = 'eastasia' +var locationSecondary = 'southeastasia' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: locationPrimary +} + +// Create a secondary server for the failover group +module secondary '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, locationSecondary)}-test-${serviceShort}-secondary' + params: { + name: '${namePrefix}${serviceShort}002' + location: locationSecondary + administratorLogin: 'adminUserName' + administratorLoginPassword: password + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, locationPrimary)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: locationPrimary + administratorLogin: 'adminUserName' + administratorLoginPassword: password + databases: [ + { + name: '${namePrefix}-${serviceShort}-db1' + sku: { + name: 'S1' + tier: 'Standard' + } + maxSizeBytes: 2147483648 + zoneRedundant: false + } + { + name: '${namePrefix}-${serviceShort}-db2' + sku: { + name: 'GP_Gen5' + tier: 'GeneralPurpose' + capacity: 2 + } + maxSizeBytes: 2147483648 + // licenseType: 'LicenseIncluded' + zoneRedundant: false + } + { + name: '${namePrefix}-${serviceShort}-db3' + sku: { + name: 'S1' + tier: 'Standard' + } + maxSizeBytes: 2147483648 + zoneRedundant: false + } + ] + failoverGroups: [ + // Geo failover group with read-write endpoint failover + { + name: '${namePrefix}-${serviceShort}-fg-geo' + databases: [ + '${namePrefix}-${serviceShort}-db1' + ] + partnerServers: [ + secondary.outputs.name + ] + readWriteEndpoint: { + failoverPolicy: 'Manual' + } + secondaryType: 'Geo' + } + // Standby failover group + { + name: '${namePrefix}-${serviceShort}-fg-standby' + databases: [ + '${namePrefix}-${serviceShort}-db2' + ] + partnerServers: [ + secondary.outputs.name + ] + readWriteEndpoint: { + failoverPolicy: 'Automatic' + failoverWithDataLossGracePeriodMinutes: 60 + } + secondaryType: 'Standby' + } + // Geo failover group with read-write AND read-only endpoint failover policy + { + name: '${namePrefix}-${serviceShort}-fg-readonly' + databases: [ + '${namePrefix}-${serviceShort}-db3' + ] + partnerServers: [ + secondary.outputs.name + ] + readWriteEndpoint: { + failoverPolicy: 'Manual' + } + readOnlyEndpoint: { + failoverPolicy: 'Enabled' + targetServer: secondary.outputs.name + } + secondaryType: 'Geo' + } + ] + } + dependsOn: [ + secondary + ] + } +] diff --git a/avm/res/sql/server/virtual-network-rule/README.md b/avm/res/sql/server/virtual-network-rule/README.md index 399e9c28e07..f044d5d22eb 100644 --- a/avm/res/sql/server/virtual-network-rule/README.md +++ b/avm/res/sql/server/virtual-network-rule/README.md @@ -12,7 +12,7 @@ This module deploys an Azure SQL Server Virtual Network Rule. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Sql/servers/virtualNetworkRules` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/virtualNetworkRules) | +| `Microsoft.Sql/servers/virtualNetworkRules` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/virtualNetworkRules) | ## Parameters diff --git a/avm/res/sql/server/vulnerability-assessment/README.md b/avm/res/sql/server/vulnerability-assessment/README.md index d2a2c44b504..b915a87ff6e 100644 --- a/avm/res/sql/server/vulnerability-assessment/README.md +++ b/avm/res/sql/server/vulnerability-assessment/README.md @@ -13,7 +13,7 @@ This module deploys an Azure SQL Server Vulnerability Assessment. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/servers/vulnerabilityAssessments) | +| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2023-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Sql/2023-08-01-preview/servers/vulnerabilityAssessments) | ## Parameters