Hi,
Created
sql server (set deny public to false in code) and created private link
But still unable to create firewall rules with error below. as the deny public is set to disabled after the build completes.
Error: status=400 Code=“DenyPublicEndpointEnabled” Message=“Unable to create or modify firewall rules when public network interface for the server is disabled. To manage server or database level firewall rules, please enable the public network interface.”
resource "azurerm_mssql_server" "this" {
provider = azurerm.environment
name = var.sql_server_name
resource_group_name = var.resource_group_name
location = var.location
version = var.sql_version
administrator_login = var.sql_admin
administrator_login_password = var.sqladminpwd
public_network_access_enabled = false
tags = var.tags #merge(var.tags, var.tags_sql)
}
resource "azurerm_sql_active_directory_administrator" "this" {
server_name = azurerm_mssql_server.this.name
resource_group_name = var.resource_group_name
login = data.azuread_group.databaseadmin.display_name
tenant_id = var.tenant_id
object_id = data.azuread_group.databaseadmin.object_id
}
resource "azurerm_private_endpoint" "this" {
provider = azurerm.environment
name = "pvt_endpoint_${var.sql_server_name}"
location = var.location
resource_group_name = var.resource_group_name
subnet_id = data.azurerm_subnet.restricted.id
private_service_connection {
name = "privatesvc_conn_${var.sql_server_name}"
is_manual_connection = "false"
private_connection_resource_id = azurerm_mssql_server.this.id
subresource_names = ["sqlServer"]
}
depends_on = [azurerm_mssql_server.this]
lifecycle {
ignore_changes = [subnet_id]
}
}
resource "azurerm_private_dns_a_record" "private_dns_a_record" {
provider = azurerm.sharedservice
name = azurerm_mssql_server.this.name
zone_name = var.private_dns_zone_name
resource_group_name = var.resource_group_dns_zone
ttl = 300
records = [data.azurerm_private_endpoint_connection.connection.private_service_connection.0.private_ip_address]
}
resource "azurerm_mssql_firewall_rule" "this" {
#for_each = var.netskope_ip_address_range
for_each = { for x in var.netskope_ip_address_range: x.name => x }
name = each.value.name
server_id = azurerm_mssql_server.this.id
start_ip_address = each.value.range_min
end_ip_address = each.value.range_max
}