We recently upgraded from the azurerm_sql_server module to the azurerm_mssql_server module; however, the way in which we use to apply the SQL Active Directory Administrator appears to have changed. It is now a built-in block which works for setting a single individual user name (e.g. myuser@myco.com) but does not work when applying to an AAD group (e.g. MySQLADAdmins). However, if you defer to using the previous way to applying the SQL AD Admin it works; however, every other time it removes the entry. Meaning if you run the following block it will apply it but if you re-run it, it will remove it (and on and on):
resource “azurerm_sql_active_directory_administrator” “main” {
- server_name = azurerm_sql_server.main.name*
- resource_group_name = azurerm_resource_group.main.name*
- tenant_id = “000000000000000000000000000”*
- login = “MySQLADAdmins”*
- object_id = “11111111111111111111111”*
}
Again the new way, which is shown below, only works with a single username but we need this to be a group.
resource “azurerm_mssql_server” “main” {
-
name = “${local.resource_prefix}-sql”*
-
resource_group_name = azurerm_resource_group.main.name*
-
location = azurerm_resource_group.main.location*
-
version = “12.0”*
-
administrator_login = random_string.sql_username.result*
-
administrator_login_password = random_password.sql_password.result*
-
azuread_administrator {*
-
login_username = “MySQLADAdmins”*
-
object_id = “111111111111111111111111”*
-
tenant_id = “000000000000000000000000”*
-
}*
Any suggestions?