azurerm_mssql_server_extended_auditing_policy - Support for `micros…

…oft_support_audit_enabled`
hashicorp · Oct 3, 2022 · 1f33ede · 1f33ede
1 parent 781abaa
commit 1f33ede
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/internal/services/mssql/mssql_server_extended_auditing_policy_resource.go b/internal/services/mssql/mssql_server_extended_auditing_policy_resource.go
@@ -80,6 +80,13 @@ func resourceMsSqlServerExtendedAuditingPolicy() *pluginsdk.Resource {
 				Optional: true,
 				Default:  true,
 			},
+
+			"microsoft_support_audit_enabled": {
+				Type:     pluginsdk.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+
 			"storage_account_subscription_id": {
 				Type:         pluginsdk.TypeString,
 				Optional:     true,
@@ -123,6 +130,7 @@ func resourceMsSqlServerExtendedAuditingPolicyCreateUpdate(d *pluginsdk.Resource
 			IsStorageSecondaryKeyInUse:  utils.Bool(d.Get("storage_account_access_key_is_secondary").(bool)),
 			RetentionDays:               utils.Int32(int32(d.Get("retention_in_days").(int))),
 			IsAzureMonitorTargetEnabled: utils.Bool(d.Get("log_monitoring_enabled").(bool)),
+			IsDevopsAuditEnabled:        utils.Bool(d.Get("microsoft_support_audit_enabled").(bool)),
 		},
 	}
 
@@ -199,6 +207,7 @@ func resourceMsSqlServerExtendedAuditingPolicyRead(d *pluginsdk.ResourceData, me
 		d.Set("storage_endpoint", props.StorageEndpoint)
 		d.Set("storage_account_access_key_is_secondary", props.IsStorageSecondaryKeyInUse)
 		d.Set("retention_in_days", props.RetentionDays)
+		d.Set("microsoft_support_audit_enabled", props.IsDevopsAuditEnabled)
 		d.Set("log_monitoring_enabled", props.IsAzureMonitorTargetEnabled)
 		d.Set("enabled", props.State == sql.BlobAuditingPolicyStateEnabled)
 

diff --git a/internal/services/mssql/mssql_server_extended_auditing_policy_resource_test.go b/internal/services/mssql/mssql_server_extended_auditing_policy_resource_test.go
@@ -167,6 +167,8 @@ resource "azurerm_mssql_server_extended_auditing_policy" "test" {
   server_id                  = azurerm_mssql_server.test.id
   storage_endpoint           = azurerm_storage_account.test.primary_blob_endpoint
   storage_account_access_key = azurerm_storage_account.test.primary_access_key
+
+	microsoft_support_audit_enabled = true
 }
 `, r.template(data))
 }

diff --git a/website/docs/r/mssql_server_extended_auditing_policy.html.markdown b/website/docs/r/mssql_server_extended_auditing_policy.html.markdown
@@ -177,6 +177,8 @@ The following arguments are supported:
 
 * `log_monitoring_enabled` - (Optional) Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor.
 
+* `microsoft_support_audit_enabled` - (Optional) Enable audits of Microsoft support operations. `log_monitoring_enabled` should also be enabled for it to work. Diagnostic Settings with `DevOpsOperationsAudit` diagnostic logs category on the master database should also be created.
+
 * `storage_account_subscription_id` - (Optional) The ID of the Subscription containing the Storage Account.
 
 ## Attributes Reference