diff --git a/internal/services/mssql/mssql_server_resource_test.go b/internal/services/mssql/mssql_server_resource_test.go index f7bf40291eb5..60a8278907dd 100644 --- a/internal/services/mssql/mssql_server_resource_test.go +++ b/internal/services/mssql/mssql_server_resource_test.go @@ -272,6 +272,35 @@ func TestAccMsSqlServer_TDECMKServerDeployment(t *testing.T) { }) } +func TestAccMsSqlServer_CMKServerTagsUpdate(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_mssql_server", "test") + r := MsSqlServerResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.CMKServerTags(data, "Sandbox"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("administrator_login_password"), + { + Config: r.CMKServerTags(data, "Production"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("administrator_login_password"), + { + Config: r.CMKServerNoTags(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("administrator_login_password"), + }) +} + func (MsSqlServerResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := parse.ServerID(state.ID) if err != nil { @@ -859,3 +888,169 @@ resource "azurerm_key_vault_key" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomString) } + +func (MsSqlServerResource) CMKServerTags(data acceptance.TestData, tag string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +data "azurerm_client_config" "test" {} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-mssql-%[1]d" + location = "%[2]s" +} + +resource "azurerm_user_assigned_identity" "test" { + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + name = "test_identity_2112" +} + +resource "azurerm_mssql_server" "test" { + name = "acctestsqlserver%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + version = "12.0" + administrator_login = "DaveLister" + administrator_login_password = "7h1515K4711" + minimum_tls_version = "1.2" + + azuread_administrator { + login_username = azurerm_user_assigned_identity.test.name + object_id = azurerm_user_assigned_identity.test.principal_id + } + + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.test.id] + } + + primary_user_assigned_identity_id = azurerm_user_assigned_identity.test.id + transparent_data_encryption_key_vault_key_id = azurerm_key_vault_key.test.id + + tags = { + DB = "%[4]s" + } +} + +resource "azurerm_key_vault" "test" { + name = "vault%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + enabled_for_disk_encryption = true + tenant_id = azurerm_user_assigned_identity.test.tenant_id + soft_delete_retention_days = 7 + purge_protection_enabled = true + + sku_name = "standard" + + access_policy { + tenant_id = data.azurerm_client_config.test.tenant_id + object_id = data.azurerm_client_config.test.object_id + + key_permissions = ["Get", "List", "Create", "Delete", "Update", "Recover", "Purge", "GetRotationPolicy"] + } + + access_policy { + tenant_id = azurerm_user_assigned_identity.test.tenant_id + object_id = azurerm_user_assigned_identity.test.principal_id + + key_permissions = ["Get", "WrapKey", "UnwrapKey"] + } +} + +resource "azurerm_key_vault_key" "test" { + depends_on = [azurerm_key_vault.test] + + name = "key-%[3]s" + key_vault_id = azurerm_key_vault.test.id + key_type = "RSA" + key_size = 2048 + + key_opts = ["unwrapKey", "wrapKey"] +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString, tag) +} + +func (MsSqlServerResource) CMKServerNoTags(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +data "azurerm_client_config" "test" {} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-mssql-%[1]d" + location = "%[2]s" +} + +resource "azurerm_user_assigned_identity" "test" { + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + name = "test_identity_2112" +} + +resource "azurerm_mssql_server" "test" { + name = "acctestsqlserver%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + version = "12.0" + administrator_login = "DaveLister" + administrator_login_password = "7h1515K4711" + minimum_tls_version = "1.2" + + azuread_administrator { + login_username = azurerm_user_assigned_identity.test.name + object_id = azurerm_user_assigned_identity.test.principal_id + } + + identity { + type = "UserAssigned" + identity_ids = [azurerm_user_assigned_identity.test.id] + } + + primary_user_assigned_identity_id = azurerm_user_assigned_identity.test.id + transparent_data_encryption_key_vault_key_id = azurerm_key_vault_key.test.id +} + +resource "azurerm_key_vault" "test" { + name = "vault%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + enabled_for_disk_encryption = true + tenant_id = azurerm_user_assigned_identity.test.tenant_id + soft_delete_retention_days = 7 + purge_protection_enabled = true + + sku_name = "standard" + + access_policy { + tenant_id = data.azurerm_client_config.test.tenant_id + object_id = data.azurerm_client_config.test.object_id + + key_permissions = ["Get", "List", "Create", "Delete", "Update", "Recover", "Purge", "GetRotationPolicy"] + } + + access_policy { + tenant_id = azurerm_user_assigned_identity.test.tenant_id + object_id = azurerm_user_assigned_identity.test.principal_id + + key_permissions = ["Get", "WrapKey", "UnwrapKey"] + } +} + +resource "azurerm_key_vault_key" "test" { + depends_on = [azurerm_key_vault.test] + + name = "key-%[3]s" + key_vault_id = azurerm_key_vault.test.id + key_type = "RSA" + key_size = 2048 + + key_opts = ["unwrapKey", "wrapKey"] +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString) +}