com.pulumi.azure.mssql.kotlin.ServerArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-azure-kotlin Show documentation
Show all versions of pulumi-azure-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.mssql.kotlin
import com.pulumi.azure.mssql.ServerArgs.builder
import com.pulumi.azure.mssql.kotlin.inputs.ServerAzureadAdministratorArgs
import com.pulumi.azure.mssql.kotlin.inputs.ServerAzureadAdministratorArgsBuilder
import com.pulumi.azure.mssql.kotlin.inputs.ServerIdentityArgs
import com.pulumi.azure.mssql.kotlin.inputs.ServerIdentityArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Manages a Microsoft SQL Azure Database Server.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "database-rg",
* location: "West Europe",
* });
* const exampleServer = new azure.mssql.Server("example", {
* name: "mssqlserver",
* resourceGroupName: example.name,
* location: example.location,
* version: "12.0",
* administratorLogin: "missadministrator",
* administratorLoginPassword: "thisIsKat11",
* minimumTlsVersion: "1.2",
* azureadAdministrator: {
* loginUsername: "AzureAD Admin",
* objectId: "00000000-0000-0000-0000-000000000000",
* },
* tags: {
* environment: "production",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="database-rg",
* location="West Europe")
* example_server = azure.mssql.Server("example",
* name="mssqlserver",
* resource_group_name=example.name,
* location=example.location,
* version="12.0",
* administrator_login="missadministrator",
* administrator_login_password="thisIsKat11",
* minimum_tls_version="1.2",
* azuread_administrator={
* "login_username": "AzureAD Admin",
* "object_id": "00000000-0000-0000-0000-000000000000",
* },
* tags={
* "environment": "production",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "database-rg",
* Location = "West Europe",
* });
* var exampleServer = new Azure.MSSql.Server("example", new()
* {
* Name = "mssqlserver",
* ResourceGroupName = example.Name,
* Location = example.Location,
* Version = "12.0",
* AdministratorLogin = "missadministrator",
* AdministratorLoginPassword = "thisIsKat11",
* MinimumTlsVersion = "1.2",
* AzureadAdministrator = new Azure.MSSql.Inputs.ServerAzureadAdministratorArgs
* {
* LoginUsername = "AzureAD Admin",
* ObjectId = "00000000-0000-0000-0000-000000000000",
* },
* Tags =
* {
* { "environment", "production" },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/mssql"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("database-rg"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* _, err = mssql.NewServer(ctx, "example", &mssql.ServerArgs{
* Name: pulumi.String("mssqlserver"),
* ResourceGroupName: example.Name,
* Location: example.Location,
* Version: pulumi.String("12.0"),
* AdministratorLogin: pulumi.String("missadministrator"),
* AdministratorLoginPassword: pulumi.String("thisIsKat11"),
* MinimumTlsVersion: pulumi.String("1.2"),
* AzureadAdministrator: &mssql.ServerAzureadAdministratorArgs{
* LoginUsername: pulumi.String("AzureAD Admin"),
* ObjectId: pulumi.String("00000000-0000-0000-0000-000000000000"),
* },
* Tags: pulumi.StringMap{
* "environment": pulumi.String("production"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.mssql.Server;
* import com.pulumi.azure.mssql.ServerArgs;
* import com.pulumi.azure.mssql.inputs.ServerAzureadAdministratorArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("database-rg")
* .location("West Europe")
* .build());
* var exampleServer = new Server("exampleServer", ServerArgs.builder()
* .name("mssqlserver")
* .resourceGroupName(example.name())
* .location(example.location())
* .version("12.0")
* .administratorLogin("missadministrator")
* .administratorLoginPassword("thisIsKat11")
* .minimumTlsVersion("1.2")
* .azureadAdministrator(ServerAzureadAdministratorArgs.builder()
* .loginUsername("AzureAD Admin")
* .objectId("00000000-0000-0000-0000-000000000000")
* .build())
* .tags(Map.of("environment", "production"))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: database-rg
* location: West Europe
* exampleServer:
* type: azure:mssql:Server
* name: example
* properties:
* name: mssqlserver
* resourceGroupName: ${example.name}
* location: ${example.location}
* version: '12.0'
* administratorLogin: missadministrator
* administratorLoginPassword: thisIsKat11
* minimumTlsVersion: '1.2'
* azureadAdministrator:
* loginUsername: AzureAD Admin
* objectId: 00000000-0000-0000-0000-000000000000
* tags:
* environment: production
* ```
*
* ### Transparent Data Encryption(TDE) With A Customer Managed Key(CMK) During Create
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const current = azure.core.getClientConfig({});
* const example = new azure.core.ResourceGroup("example", {
* name: "example-resources",
* location: "West Europe",
* });
* const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
* name: "example-admin",
* location: example.location,
* resourceGroupName: example.name,
* });
* // Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
* const exampleKeyVault = new azure.keyvault.KeyVault("example", {
* name: "mssqltdeexample",
* location: example.location,
* resourceGroupName: example.name,
* enabledForDiskEncryption: true,
* tenantId: exampleUserAssignedIdentity.tenantId,
* softDeleteRetentionDays: 7,
* purgeProtectionEnabled: true,
* skuName: "standard",
* accessPolicies: [
* {
* tenantId: current.then(current => current.tenantId),
* objectId: current.then(current => current.objectId),
* keyPermissions: [
* "Get",
* "List",
* "Create",
* "Delete",
* "Update",
* "Recover",
* "Purge",
* "GetRotationPolicy",
* ],
* },
* {
* tenantId: exampleUserAssignedIdentity.tenantId,
* objectId: exampleUserAssignedIdentity.principalId,
* keyPermissions: [
* "Get",
* "WrapKey",
* "UnwrapKey",
* ],
* },
* ],
* });
* const exampleKey = new azure.keyvault.Key("example", {
* name: "example-key",
* keyVaultId: exampleKeyVault.id,
* keyType: "RSA",
* keySize: 2048,
* keyOpts: [
* "unwrapKey",
* "wrapKey",
* ],
* }, {
* dependsOn: [exampleKeyVault],
* });
* const exampleServer = new azure.mssql.Server("example", {
* name: "example-resource",
* resourceGroupName: example.name,
* location: example.location,
* version: "12.0",
* administratorLogin: "Example-Administrator",
* administratorLoginPassword: "Example_Password!",
* minimumTlsVersion: "1.2",
* azureadAdministrator: {
* loginUsername: exampleUserAssignedIdentity.name,
* objectId: exampleUserAssignedIdentity.principalId,
* },
* identity: {
* type: "UserAssigned",
* identityIds: [exampleUserAssignedIdentity.id],
* },
* primaryUserAssignedIdentityId: exampleUserAssignedIdentity.id,
* transparentDataEncryptionKeyVaultKeyId: exampleKey.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* current = azure.core.get_client_config()
* example = azure.core.ResourceGroup("example",
* name="example-resources",
* location="West Europe")
* example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
* name="example-admin",
* location=example.location,
* resource_group_name=example.name)
* # Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
* example_key_vault = azure.keyvault.KeyVault("example",
* name="mssqltdeexample",
* location=example.location,
* resource_group_name=example.name,
* enabled_for_disk_encryption=True,
* tenant_id=example_user_assigned_identity.tenant_id,
* soft_delete_retention_days=7,
* purge_protection_enabled=True,
* sku_name="standard",
* access_policies=[
* {
* "tenant_id": current.tenant_id,
* "object_id": current.object_id,
* "key_permissions": [
* "Get",
* "List",
* "Create",
* "Delete",
* "Update",
* "Recover",
* "Purge",
* "GetRotationPolicy",
* ],
* },
* {
* "tenant_id": example_user_assigned_identity.tenant_id,
* "object_id": example_user_assigned_identity.principal_id,
* "key_permissions": [
* "Get",
* "WrapKey",
* "UnwrapKey",
* ],
* },
* ])
* example_key = azure.keyvault.Key("example",
* name="example-key",
* key_vault_id=example_key_vault.id,
* key_type="RSA",
* key_size=2048,
* key_opts=[
* "unwrapKey",
* "wrapKey",
* ],
* opts = pulumi.ResourceOptions(depends_on=[example_key_vault]))
* example_server = azure.mssql.Server("example",
* name="example-resource",
* resource_group_name=example.name,
* location=example.location,
* version="12.0",
* administrator_login="Example-Administrator",
* administrator_login_password="Example_Password!",
* minimum_tls_version="1.2",
* azuread_administrator={
* "login_username": example_user_assigned_identity.name,
* "object_id": example_user_assigned_identity.principal_id,
* },
* identity={
* "type": "UserAssigned",
* "identity_ids": [example_user_assigned_identity.id],
* },
* primary_user_assigned_identity_id=example_user_assigned_identity.id,
* transparent_data_encryption_key_vault_key_id=example_key.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var current = Azure.Core.GetClientConfig.Invoke();
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-resources",
* Location = "West Europe",
* });
* var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
* {
* Name = "example-admin",
* Location = example.Location,
* ResourceGroupName = example.Name,
* });
* // Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
* var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
* {
* Name = "mssqltdeexample",
* Location = example.Location,
* ResourceGroupName = example.Name,
* EnabledForDiskEncryption = true,
* TenantId = exampleUserAssignedIdentity.TenantId,
* SoftDeleteRetentionDays = 7,
* PurgeProtectionEnabled = true,
* SkuName = "standard",
* AccessPolicies = new[]
* {
* new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
* {
* TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
* ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
* KeyPermissions = new[]
* {
* "Get",
* "List",
* "Create",
* "Delete",
* "Update",
* "Recover",
* "Purge",
* "GetRotationPolicy",
* },
* },
* new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
* {
* TenantId = exampleUserAssignedIdentity.TenantId,
* ObjectId = exampleUserAssignedIdentity.PrincipalId,
* KeyPermissions = new[]
* {
* "Get",
* "WrapKey",
* "UnwrapKey",
* },
* },
* },
* });
* var exampleKey = new Azure.KeyVault.Key("example", new()
* {
* Name = "example-key",
* KeyVaultId = exampleKeyVault.Id,
* KeyType = "RSA",
* KeySize = 2048,
* KeyOpts = new[]
* {
* "unwrapKey",
* "wrapKey",
* },
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* exampleKeyVault,
* },
* });
* var exampleServer = new Azure.MSSql.Server("example", new()
* {
* Name = "example-resource",
* ResourceGroupName = example.Name,
* Location = example.Location,
* Version = "12.0",
* AdministratorLogin = "Example-Administrator",
* AdministratorLoginPassword = "Example_Password!",
* MinimumTlsVersion = "1.2",
* AzureadAdministrator = new Azure.MSSql.Inputs.ServerAzureadAdministratorArgs
* {
* LoginUsername = exampleUserAssignedIdentity.Name,
* ObjectId = exampleUserAssignedIdentity.PrincipalId,
* },
* Identity = new Azure.MSSql.Inputs.ServerIdentityArgs
* {
* Type = "UserAssigned",
* IdentityIds = new[]
* {
* exampleUserAssignedIdentity.Id,
* },
* },
* PrimaryUserAssignedIdentityId = exampleUserAssignedIdentity.Id,
* TransparentDataEncryptionKeyVaultKeyId = exampleKey.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/mssql"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* current, err := core.GetClientConfig(ctx, nil, nil)
* if err != nil {
* return err
* }
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-resources"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
* Name: pulumi.String("example-admin"),
* Location: example.Location,
* ResourceGroupName: example.Name,
* })
* if err != nil {
* return err
* }
* // Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
* exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
* Name: pulumi.String("mssqltdeexample"),
* Location: example.Location,
* ResourceGroupName: example.Name,
* EnabledForDiskEncryption: pulumi.Bool(true),
* TenantId: exampleUserAssignedIdentity.TenantId,
* SoftDeleteRetentionDays: pulumi.Int(7),
* PurgeProtectionEnabled: pulumi.Bool(true),
* SkuName: pulumi.String("standard"),
* AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
* &keyvault.KeyVaultAccessPolicyArgs{
* TenantId: pulumi.String(current.TenantId),
* ObjectId: pulumi.String(current.ObjectId),
* KeyPermissions: pulumi.StringArray{
* pulumi.String("Get"),
* pulumi.String("List"),
* pulumi.String("Create"),
* pulumi.String("Delete"),
* pulumi.String("Update"),
* pulumi.String("Recover"),
* pulumi.String("Purge"),
* pulumi.String("GetRotationPolicy"),
* },
* },
* &keyvault.KeyVaultAccessPolicyArgs{
* TenantId: exampleUserAssignedIdentity.TenantId,
* ObjectId: exampleUserAssignedIdentity.PrincipalId,
* KeyPermissions: pulumi.StringArray{
* pulumi.String("Get"),
* pulumi.String("WrapKey"),
* pulumi.String("UnwrapKey"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
* Name: pulumi.String("example-key"),
* KeyVaultId: exampleKeyVault.ID(),
* KeyType: pulumi.String("RSA"),
* KeySize: pulumi.Int(2048),
* KeyOpts: pulumi.StringArray{
* pulumi.String("unwrapKey"),
* pulumi.String("wrapKey"),
* },
* }, pulumi.DependsOn([]pulumi.Resource{
* exampleKeyVault,
* }))
* if err != nil {
* return err
* }
* _, err = mssql.NewServer(ctx, "example", &mssql.ServerArgs{
* Name: pulumi.String("example-resource"),
* ResourceGroupName: example.Name,
* Location: example.Location,
* Version: pulumi.String("12.0"),
* AdministratorLogin: pulumi.String("Example-Administrator"),
* AdministratorLoginPassword: pulumi.String("Example_Password!"),
* MinimumTlsVersion: pulumi.String("1.2"),
* AzureadAdministrator: &mssql.ServerAzureadAdministratorArgs{
* LoginUsername: exampleUserAssignedIdentity.Name,
* ObjectId: exampleUserAssignedIdentity.PrincipalId,
* },
* Identity: &mssql.ServerIdentityArgs{
* Type: pulumi.String("UserAssigned"),
* IdentityIds: pulumi.StringArray{
* exampleUserAssignedIdentity.ID(),
* },
* },
* PrimaryUserAssignedIdentityId: exampleUserAssignedIdentity.ID(),
* TransparentDataEncryptionKeyVaultKeyId: exampleKey.ID(),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.authorization.UserAssignedIdentity;
* import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
* import com.pulumi.azure.keyvault.KeyVault;
* import com.pulumi.azure.keyvault.KeyVaultArgs;
* import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
* import com.pulumi.azure.keyvault.Key;
* import com.pulumi.azure.keyvault.KeyArgs;
* import com.pulumi.azure.mssql.Server;
* import com.pulumi.azure.mssql.ServerArgs;
* import com.pulumi.azure.mssql.inputs.ServerAzureadAdministratorArgs;
* import com.pulumi.azure.mssql.inputs.ServerIdentityArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var current = CoreFunctions.getClientConfig();
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-resources")
* .location("West Europe")
* .build());
* var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
* .name("example-admin")
* .location(example.location())
* .resourceGroupName(example.name())
* .build());
* // Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
* var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
* .name("mssqltdeexample")
* .location(example.location())
* .resourceGroupName(example.name())
* .enabledForDiskEncryption(true)
* .tenantId(exampleUserAssignedIdentity.tenantId())
* .softDeleteRetentionDays(7)
* .purgeProtectionEnabled(true)
* .skuName("standard")
* .accessPolicies(
* KeyVaultAccessPolicyArgs.builder()
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .keyPermissions(
* "Get",
* "List",
* "Create",
* "Delete",
* "Update",
* "Recover",
* "Purge",
* "GetRotationPolicy")
* .build(),
* KeyVaultAccessPolicyArgs.builder()
* .tenantId(exampleUserAssignedIdentity.tenantId())
* .objectId(exampleUserAssignedIdentity.principalId())
* .keyPermissions(
* "Get",
* "WrapKey",
* "UnwrapKey")
* .build())
* .build());
* var exampleKey = new Key("exampleKey", KeyArgs.builder()
* .name("example-key")
* .keyVaultId(exampleKeyVault.id())
* .keyType("RSA")
* .keySize(2048)
* .keyOpts(
* "unwrapKey",
* "wrapKey")
* .build(), CustomResourceOptions.builder()
* .dependsOn(exampleKeyVault)
* .build());
* var exampleServer = new Server("exampleServer", ServerArgs.builder()
* .name("example-resource")
* .resourceGroupName(example.name())
* .location(example.location())
* .version("12.0")
* .administratorLogin("Example-Administrator")
* .administratorLoginPassword("Example_Password!")
* .minimumTlsVersion("1.2")
* .azureadAdministrator(ServerAzureadAdministratorArgs.builder()
* .loginUsername(exampleUserAssignedIdentity.name())
* .objectId(exampleUserAssignedIdentity.principalId())
* .build())
* .identity(ServerIdentityArgs.builder()
* .type("UserAssigned")
* .identityIds(exampleUserAssignedIdentity.id())
* .build())
* .primaryUserAssignedIdentityId(exampleUserAssignedIdentity.id())
* .transparentDataEncryptionKeyVaultKeyId(exampleKey.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example-resources
* location: West Europe
* exampleUserAssignedIdentity:
* type: azure:authorization:UserAssignedIdentity
* name: example
* properties:
* name: example-admin
* location: ${example.location}
* resourceGroupName: ${example.name}
* exampleServer:
* type: azure:mssql:Server
* name: example
* properties:
* name: example-resource
* resourceGroupName: ${example.name}
* location: ${example.location}
* version: '12.0'
* administratorLogin: Example-Administrator
* administratorLoginPassword: Example_Password!
* minimumTlsVersion: '1.2'
* azureadAdministrator:
* loginUsername: ${exampleUserAssignedIdentity.name}
* objectId: ${exampleUserAssignedIdentity.principalId}
* identity:
* type: UserAssigned
* identityIds:
* - ${exampleUserAssignedIdentity.id}
* primaryUserAssignedIdentityId: ${exampleUserAssignedIdentity.id}
* transparentDataEncryptionKeyVaultKeyId: ${exampleKey.id}
* # Create a key vault with access policies which allow for the current user to get, list, create, delete, update, recover, purge and getRotationPolicy for the key vault key and also add a key vault access policy for the Microsoft Sql Server instance User Managed Identity to get, wrap, and unwrap key(s)
* exampleKeyVault:
* type: azure:keyvault:KeyVault
* name: example
* properties:
* name: mssqltdeexample
* location: ${example.location}
* resourceGroupName: ${example.name}
* enabledForDiskEncryption: true
* tenantId: ${exampleUserAssignedIdentity.tenantId}
* softDeleteRetentionDays: 7
* purgeProtectionEnabled: true
* skuName: standard
* accessPolicies:
* - tenantId: ${current.tenantId}
* objectId: ${current.objectId}
* keyPermissions:
* - Get
* - List
* - Create
* - Delete
* - Update
* - Recover
* - Purge
* - GetRotationPolicy
* - tenantId: ${exampleUserAssignedIdentity.tenantId}
* objectId: ${exampleUserAssignedIdentity.principalId}
* keyPermissions:
* - Get
* - WrapKey
* - UnwrapKey
* exampleKey:
* type: azure:keyvault:Key
* name: example
* properties:
* name: example-key
* keyVaultId: ${exampleKeyVault.id}
* keyType: RSA
* keySize: 2048
* keyOpts:
* - unwrapKey
* - wrapKey
* options:
* dependson:
* - ${exampleKeyVault}
* variables:
* current:
* fn::invoke:
* Function: azure:core:getClientConfig
* Arguments: {}
* ```
*
* ## Import
* SQL Servers can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:mssql/server:Server example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Sql/servers/myserver
* ```
* @property administratorLogin The administrator login name for the new server. Required unless `azuread_authentication_only` in the `azuread_administrator` block is `true`. When omitted, Azure will generate a default username which cannot be subsequently changed. Changing this forces a new resource to be created.
* @property administratorLoginPassword The password associated with the `administrator_login` user. Needs to comply with Azure's [Password Policy](https://msdn.microsoft.com/library/ms161959.aspx). Required unless `azuread_authentication_only` in the `azuread_administrator` block is `true`.
* @property azureadAdministrator An `azuread_administrator` block as defined below.
* @property connectionPolicy The connection policy the server will use. Possible values are `Default`, `Proxy`, and `Redirect`. Defaults to `Default`.
* @property identity An `identity` block as defined below.
* @property location Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
* @property minimumTlsVersion The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server. Valid values are: `1.0`, `1.1` , `1.2` and `Disabled`. Defaults to `1.2`.
* > **NOTE:** The `minimum_tls_version` is set to `Disabled` means all TLS versions are allowed. After you enforce a version of `minimum_tls_version`, it's not possible to revert to `Disabled`.
* @property name The name of the Microsoft SQL Server. This needs to be globally unique within Azure. Changing this forces a new resource to be created.
* @property outboundNetworkRestrictionEnabled Whether outbound network traffic is restricted for this server. Defaults to `false`.
* @property primaryUserAssignedIdentityId Specifies the primary user managed identity id. Required if `type` within the `identity` block is set to either `SystemAssigned, UserAssigned` or `UserAssigned` and should be set at same time as setting `identity_ids`.
* @property publicNetworkAccessEnabled Whether public network access is allowed for this server. Defaults to `true`.
* @property resourceGroupName The name of the resource group in which to create the Microsoft SQL Server. Changing this forces a new resource to be created.
* @property tags A mapping of tags to assign to the resource.
* @property transparentDataEncryptionKeyVaultKeyId The fully versioned `Key Vault` `Key` URL (e.g. `'https://.vault.azure.net/keys//`) to be used as the `Customer Managed Key`(CMK/BYOK) for the `Transparent Data Encryption`(TDE) layer.
* > **NOTE:** To successfully deploy a `Microsoft SQL Server` in CMK/BYOK TDE the `Key Vault` must have `Soft-delete` and `purge protection` enabled to protect from data loss due to accidental key and/or key vault deletion. The `Key Vault` and the `Microsoft SQL Server` `User Managed Identity Instance` must belong to the same `Azure Active Directory` `tenant`.
* > **NOTE:** Cross-tenant `Key Vault` and `Microsoft SQL Server` interactions are not supported. Please see the [product documentation](https://learn.microsoft.com/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-customer-managed-tde) for more information.
* > **NOTE:** When using a firewall with a `Key Vault`, you must enable the option `Allow trusted Microsoft services to bypass the firewall`.
* @property version The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server). Changing this forces a new resource to be created.
*/
public data class ServerArgs(
public val administratorLogin: Output? = null,
public val administratorLoginPassword: Output? = null,
public val azureadAdministrator: Output? = null,
public val connectionPolicy: Output? = null,
public val identity: Output? = null,
public val location: Output? = null,
public val minimumTlsVersion: Output? = null,
public val name: Output? = null,
public val outboundNetworkRestrictionEnabled: Output? = null,
public val primaryUserAssignedIdentityId: Output? = null,
public val publicNetworkAccessEnabled: Output? = null,
public val resourceGroupName: Output? = null,
public val tags: Output>? = null,
public val transparentDataEncryptionKeyVaultKeyId: Output? = null,
public val version: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.azure.mssql.ServerArgs =
com.pulumi.azure.mssql.ServerArgs.builder()
.administratorLogin(administratorLogin?.applyValue({ args0 -> args0 }))
.administratorLoginPassword(administratorLoginPassword?.applyValue({ args0 -> args0 }))
.azureadAdministrator(
azureadAdministrator?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.connectionPolicy(connectionPolicy?.applyValue({ args0 -> args0 }))
.identity(identity?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.location(location?.applyValue({ args0 -> args0 }))
.minimumTlsVersion(minimumTlsVersion?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.outboundNetworkRestrictionEnabled(
outboundNetworkRestrictionEnabled?.applyValue({ args0 ->
args0
}),
)
.primaryUserAssignedIdentityId(primaryUserAssignedIdentityId?.applyValue({ args0 -> args0 }))
.publicNetworkAccessEnabled(publicNetworkAccessEnabled?.applyValue({ args0 -> args0 }))
.resourceGroupName(resourceGroupName?.applyValue({ args0 -> args0 }))
.tags(tags?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
.transparentDataEncryptionKeyVaultKeyId(
transparentDataEncryptionKeyVaultKeyId?.applyValue({ args0 ->
args0
}),
)
.version(version?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [ServerArgs].
*/
@PulumiTagMarker
public class ServerArgsBuilder internal constructor() {
private var administratorLogin: Output? = null
private var administratorLoginPassword: Output? = null
private var azureadAdministrator: Output? = null
private var connectionPolicy: Output? = null
private var identity: Output? = null
private var location: Output? = null
private var minimumTlsVersion: Output? = null
private var name: Output? = null
private var outboundNetworkRestrictionEnabled: Output? = null
private var primaryUserAssignedIdentityId: Output? = null
private var publicNetworkAccessEnabled: Output? = null
private var resourceGroupName: Output? = null
private var tags: Output>? = null
private var transparentDataEncryptionKeyVaultKeyId: Output? = null
private var version: Output? = null
/**
* @param value The administrator login name for the new server. Required unless `azuread_authentication_only` in the `azuread_administrator` block is `true`. When omitted, Azure will generate a default username which cannot be subsequently changed. Changing this forces a new resource to be created.
*/
@JvmName("sorrvfoevloovyvb")
public suspend fun administratorLogin(`value`: Output) {
this.administratorLogin = value
}
/**
* @param value The password associated with the `administrator_login` user. Needs to comply with Azure's [Password Policy](https://msdn.microsoft.com/library/ms161959.aspx). Required unless `azuread_authentication_only` in the `azuread_administrator` block is `true`.
*/
@JvmName("pcugjlqhoxpjdjwk")
public suspend fun administratorLoginPassword(`value`: Output) {
this.administratorLoginPassword = value
}
/**
* @param value An `azuread_administrator` block as defined below.
*/
@JvmName("tcciflvupwyxaypj")
public suspend fun azureadAdministrator(`value`: Output) {
this.azureadAdministrator = value
}
/**
* @param value The connection policy the server will use. Possible values are `Default`, `Proxy`, and `Redirect`. Defaults to `Default`.
*/
@JvmName("nkekqcqucoxsdcfm")
public suspend fun connectionPolicy(`value`: Output) {
this.connectionPolicy = value
}
/**
* @param value An `identity` block as defined below.
*/
@JvmName("vcqtqjelypdaqocw")
public suspend fun identity(`value`: Output) {
this.identity = value
}
/**
* @param value Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
*/
@JvmName("rsgsntipbkkomepj")
public suspend fun location(`value`: Output) {
this.location = value
}
/**
* @param value The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server. Valid values are: `1.0`, `1.1` , `1.2` and `Disabled`. Defaults to `1.2`.
* > **NOTE:** The `minimum_tls_version` is set to `Disabled` means all TLS versions are allowed. After you enforce a version of `minimum_tls_version`, it's not possible to revert to `Disabled`.
*/
@JvmName("opcqajdfbysmaywn")
public suspend fun minimumTlsVersion(`value`: Output) {
this.minimumTlsVersion = value
}
/**
* @param value The name of the Microsoft SQL Server. This needs to be globally unique within Azure. Changing this forces a new resource to be created.
*/
@JvmName("iantkrmuwhrgcaij")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value Whether outbound network traffic is restricted for this server. Defaults to `false`.
*/
@JvmName("uncsngvytywfbjkw")
public suspend fun outboundNetworkRestrictionEnabled(`value`: Output) {
this.outboundNetworkRestrictionEnabled = value
}
/**
* @param value Specifies the primary user managed identity id. Required if `type` within the `identity` block is set to either `SystemAssigned, UserAssigned` or `UserAssigned` and should be set at same time as setting `identity_ids`.
*/
@JvmName("asihrjecrheeoddj")
public suspend fun primaryUserAssignedIdentityId(`value`: Output) {
this.primaryUserAssignedIdentityId = value
}
/**
* @param value Whether public network access is allowed for this server. Defaults to `true`.
*/
@JvmName("tpnuactqehwymcop")
public suspend fun publicNetworkAccessEnabled(`value`: Output) {
this.publicNetworkAccessEnabled = value
}
/**
* @param value The name of the resource group in which to create the Microsoft SQL Server. Changing this forces a new resource to be created.
*/
@JvmName("lbmjaryneocfoxyf")
public suspend fun resourceGroupName(`value`: Output) {
this.resourceGroupName = value
}
/**
* @param value A mapping of tags to assign to the resource.
*/
@JvmName("kbwwhsycgsotlhqh")
public suspend fun tags(`value`: Output>) {
this.tags = value
}
/**
* @param value The fully versioned `Key Vault` `Key` URL (e.g. `'https://.vault.azure.net/keys//`) to be used as the `Customer Managed Key`(CMK/BYOK) for the `Transparent Data Encryption`(TDE) layer.
* > **NOTE:** To successfully deploy a `Microsoft SQL Server` in CMK/BYOK TDE the `Key Vault` must have `Soft-delete` and `purge protection` enabled to protect from data loss due to accidental key and/or key vault deletion. The `Key Vault` and the `Microsoft SQL Server` `User Managed Identity Instance` must belong to the same `Azure Active Directory` `tenant`.
* > **NOTE:** Cross-tenant `Key Vault` and `Microsoft SQL Server` interactions are not supported. Please see the [product documentation](https://learn.microsoft.com/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-customer-managed-tde) for more information.
* > **NOTE:** When using a firewall with a `Key Vault`, you must enable the option `Allow trusted Microsoft services to bypass the firewall`.
*/
@JvmName("randddfkvixtysrm")
public suspend fun transparentDataEncryptionKeyVaultKeyId(`value`: Output) {
this.transparentDataEncryptionKeyVaultKeyId = value
}
/**
* @param value The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server). Changing this forces a new resource to be created.
*/
@JvmName("ehlyarvyfoyesdnj")
public suspend fun version(`value`: Output) {
this.version = value
}
/**
* @param value The administrator login name for the new server. Required unless `azuread_authentication_only` in the `azuread_administrator` block is `true`. When omitted, Azure will generate a default username which cannot be subsequently changed. Changing this forces a new resource to be created.
*/
@JvmName("lbfuwqtaieiyjdsf")
public suspend fun administratorLogin(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.administratorLogin = mapped
}
/**
* @param value The password associated with the `administrator_login` user. Needs to comply with Azure's [Password Policy](https://msdn.microsoft.com/library/ms161959.aspx). Required unless `azuread_authentication_only` in the `azuread_administrator` block is `true`.
*/
@JvmName("stemgcqdlhidngdu")
public suspend fun administratorLoginPassword(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.administratorLoginPassword = mapped
}
/**
* @param value An `azuread_administrator` block as defined below.
*/
@JvmName("ltmuathgdyfmrlbl")
public suspend fun azureadAdministrator(`value`: ServerAzureadAdministratorArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.azureadAdministrator = mapped
}
/**
* @param argument An `azuread_administrator` block as defined below.
*/
@JvmName("riilhvlldwfequps")
public suspend fun azureadAdministrator(argument: suspend ServerAzureadAdministratorArgsBuilder.() -> Unit) {
val toBeMapped = ServerAzureadAdministratorArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.azureadAdministrator = mapped
}
/**
* @param value The connection policy the server will use. Possible values are `Default`, `Proxy`, and `Redirect`. Defaults to `Default`.
*/
@JvmName("bcqtsxgghtrwyysd")
public suspend fun connectionPolicy(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.connectionPolicy = mapped
}
/**
* @param value An `identity` block as defined below.
*/
@JvmName("mmjvxllkecoptmja")
public suspend fun identity(`value`: ServerIdentityArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.identity = mapped
}
/**
* @param argument An `identity` block as defined below.
*/
@JvmName("qqouaumwfueeprnl")
public suspend fun identity(argument: suspend ServerIdentityArgsBuilder.() -> Unit) {
val toBeMapped = ServerIdentityArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.identity = mapped
}
/**
* @param value Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
*/
@JvmName("pkxyjahtdtxpyxmc")
public suspend fun location(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.location = mapped
}
/**
* @param value The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server. Valid values are: `1.0`, `1.1` , `1.2` and `Disabled`. Defaults to `1.2`.
* > **NOTE:** The `minimum_tls_version` is set to `Disabled` means all TLS versions are allowed. After you enforce a version of `minimum_tls_version`, it's not possible to revert to `Disabled`.
*/
@JvmName("ftsjigxoudhfcnrl")
public suspend fun minimumTlsVersion(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.minimumTlsVersion = mapped
}
/**
* @param value The name of the Microsoft SQL Server. This needs to be globally unique within Azure. Changing this forces a new resource to be created.
*/
@JvmName("dprjgvgtvanfache")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value Whether outbound network traffic is restricted for this server. Defaults to `false`.
*/
@JvmName("xmpmmaxwvwvxqpul")
public suspend fun outboundNetworkRestrictionEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.outboundNetworkRestrictionEnabled = mapped
}
/**
* @param value Specifies the primary user managed identity id. Required if `type` within the `identity` block is set to either `SystemAssigned, UserAssigned` or `UserAssigned` and should be set at same time as setting `identity_ids`.
*/
@JvmName("utjddthcvgmnaoqf")
public suspend fun primaryUserAssignedIdentityId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.primaryUserAssignedIdentityId = mapped
}
/**
* @param value Whether public network access is allowed for this server. Defaults to `true`.
*/
@JvmName("kksdpyfdoshcugxb")
public suspend fun publicNetworkAccessEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.publicNetworkAccessEnabled = mapped
}
/**
* @param value The name of the resource group in which to create the Microsoft SQL Server. Changing this forces a new resource to be created.
*/
@JvmName("racwrdskeujsregj")
public suspend fun resourceGroupName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.resourceGroupName = mapped
}
/**
* @param value A mapping of tags to assign to the resource.
*/
@JvmName("isdfonbvrqiuvvng")
public suspend fun tags(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param values A mapping of tags to assign to the resource.
*/
@JvmName("ksxugdpdlwdtxyqn")
public fun tags(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param value The fully versioned `Key Vault` `Key` URL (e.g. `'https://.vault.azure.net/keys//`) to be used as the `Customer Managed Key`(CMK/BYOK) for the `Transparent Data Encryption`(TDE) layer.
* > **NOTE:** To successfully deploy a `Microsoft SQL Server` in CMK/BYOK TDE the `Key Vault` must have `Soft-delete` and `purge protection` enabled to protect from data loss due to accidental key and/or key vault deletion. The `Key Vault` and the `Microsoft SQL Server` `User Managed Identity Instance` must belong to the same `Azure Active Directory` `tenant`.
* > **NOTE:** Cross-tenant `Key Vault` and `Microsoft SQL Server` interactions are not supported. Please see the [product documentation](https://learn.microsoft.com/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-customer-managed-tde) for more information.
* > **NOTE:** When using a firewall with a `Key Vault`, you must enable the option `Allow trusted Microsoft services to bypass the firewall`.
*/
@JvmName("wddhtbambwxwavyt")
public suspend fun transparentDataEncryptionKeyVaultKeyId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.transparentDataEncryptionKeyVaultKeyId = mapped
}
/**
* @param value The version for the new server. Valid values are: 2.0 (for v11 server) and 12.0 (for v12 server). Changing this forces a new resource to be created.
*/
@JvmName("jwwofulxfonihxsx")
public suspend fun version(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.version = mapped
}
internal fun build(): ServerArgs = ServerArgs(
administratorLogin = administratorLogin,
administratorLoginPassword = administratorLoginPassword,
azureadAdministrator = azureadAdministrator,
connectionPolicy = connectionPolicy,
identity = identity,
location = location,
minimumTlsVersion = minimumTlsVersion,
name = name,
outboundNetworkRestrictionEnabled = outboundNetworkRestrictionEnabled,
primaryUserAssignedIdentityId = primaryUserAssignedIdentityId,
publicNetworkAccessEnabled = publicNetworkAccessEnabled,
resourceGroupName = resourceGroupName,
tags = tags,
transparentDataEncryptionKeyVaultKeyId = transparentDataEncryptionKeyVaultKeyId,
version = version,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy