Skip to content

Commit

Permalink
remove unnecessary identity checks are they are obselete due to 2023-…
Browse files Browse the repository at this point in the history
…02-01-preview version
  • Loading branch information
harshavmb committed Dec 14, 2023
1 parent ed9d6da commit 9bcd157
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 12 deletions.
10 changes: 0 additions & 10 deletions internal/services/mssql/mssql_server_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -278,11 +278,6 @@ func resourceMsSqlServerCreate(d *pluginsdk.ResourceData, meta interface{}) erro
props.Properties.PrimaryUserAssignedIdentityId = pointer.To(primaryUserAssignedIdentityID.(string))
}

// NOTE: If you pass the Key ID you must also define the PrimaryUserAssignedIdentityID...
if props.Properties.KeyId != nil && props.Properties.PrimaryUserAssignedIdentityId == nil {
return fmt.Errorf("the `primary_user_assigned_identity_id` field must be specified to use the 'transparent_data_encryption_key_vault_key_id' in %s", id)
}

if v := d.Get("public_network_access_enabled"); !v.(bool) {
props.Properties.PublicNetworkAccess = pointer.To(servers.ServerPublicNetworkAccessFlagDisabled)
}
Expand Down Expand Up @@ -366,11 +361,6 @@ func resourceMsSqlServerUpdate(d *pluginsdk.ResourceData, meta interface{}) erro
payload.Properties.PrimaryUserAssignedIdentityId = pointer.To(primaryUserAssignedIdentityID.(string))
}

// if you pass the Key ID you must also define the PrimaryUserAssignedIdentityID...
if payload.Properties.KeyId != nil && payload.Properties.PrimaryUserAssignedIdentityId == nil {
return fmt.Errorf("the `primary_user_assigned_identity_id` field must be specified to use the 'transparent_data_encryption_key_vault_key_id' in %s", id)
}

payload.Properties.PublicNetworkAccess = pointer.To(servers.ServerPublicNetworkAccessFlagDisabled)
payload.Properties.RestrictOutboundNetworkAccess = pointer.To(servers.ServerNetworkAccessFlagDisabled)

Expand Down
2 changes: 0 additions & 2 deletions website/docs/r/mssql_server.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -147,8 +147,6 @@ The following arguments are supported:

* `transparent_data_encryption_key_vault_key_id` - (Optional) The fully versioned `Key Vault` `Key` URL (e.g. `'https://<YourVaultName>.vault.azure.net/keys/<YourKeyName>/<YourKeyVersion>`) to be used as the `Customer Managed Key`(CMK/BYOK) for the `Transparent Data Encryption`(TDE) layer.

~> **NOTE:** To use `transparent_data_encryption_key_vault_key_id` a User Assigned identity must be specified in `primary_user_assigned_identity_id`. System Assigned Identities are not supported.

~> **NOTE:** To successfully deploy a `Microsoft SQL Server` in CMK/BYOK TDE the `Key Vault` must have `Soft-delete` and `purge protection` enabled to protect from data loss due to accidental key and/or key vault deletion. The `Key Vault` and the `Microsoft SQL Server` `User Managed Identity Instance` must belong to the same `Azure Active Directory` `tenant`.

~> **NOTE:** Cross-tenant `Key Vault` and `Microsoft SQL Server` interactions are not supported. Please see the [product documentation](https://learn.microsoft.com/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql#requirements-for-configuring-customer-managed-tde) for more information.
Expand Down

0 comments on commit 9bcd157

Please sign in to comment.