cannot configure `extended_auditing_policy` in secondary create mode

hbuckle commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v1.0.9 on windows_amd64

provider registry.terraform.io/hashicorp/azurerm v2.85.0

Affected Resource(s)

azurerm_mssql_database

Terraform Configuration Files

resource "azurerm_mssql_database" "managed" {
  name            = var.name
  create_mode     = "Default"
  server_id       = data.azurerm_mssql_server.managed.id
  collation       = var.collation
  max_size_gb     = var.max_size_gb
  sku_name        = var.elasticpool_name == null ? var.sku_name : "ElasticPool"
  read_scale      = var.read_scale
  zone_redundant  = var.zone_redundant
  elastic_pool_id = var.elasticpool_name == null ? null : data.azurerm_mssql_elasticpool.managed[0].id
  tags            = local.tags

  dynamic "short_term_retention_policy" {
    for_each = var.short_term_retention_policy == null ? [] : [var.short_term_retention_policy]
    content {
      retention_days = short_term_retention_policy.value.retention_days
    }
  }

  dynamic "long_term_retention_policy" {
    for_each = var.long_term_retention_policy == null ? [] : [var.long_term_retention_policy]
    content {
      weekly_retention  = long_term_retention_policy.value.weekly_retention
      monthly_retention = long_term_retention_policy.value.monthly_retention
      yearly_retention  = long_term_retention_policy.value.yearly_retention
      week_of_year      = long_term_retention_policy.value.week_of_year
    }
  }
}

resource "azurerm_mssql_database" "managed_secondary" {
  count                       = local.secondary ? 1 : 0
  name                        = var.name
  create_mode                 = "OnlineSecondary"
  creation_source_database_id = azurerm_mssql_database.managed.id
  server_id                   = data.azurerm_mssql_server.managed_secondary[0].id
  collation                   = var.collation
  sku_name                    = var.elasticpool_name == null ? var.sku_name : "ElasticPool"
  read_scale                  = var.read_scale
  zone_redundant              = false
  elastic_pool_id             = var.elasticpool_name == null ? null : data.azurerm_mssql_elasticpool.managed_secondary[0].id
  tags                        = local.tags
}

resource "azurerm_mssql_database_extended_auditing_policy" "managed" {
  database_id            = azurerm_mssql_database.managed.id
  log_monitoring_enabled = true
}

Actual Behaviour

Running terraform apply creates both databases successfully, but subsequent applies to change a property results in an error:

│ Error: cannot configure `extended_auditing_policy` in secondary create mode for Database: (Name "failover" / Server Name "oeeeo-ukwest" / Resource Group "terraform-managed-database-fixturesoeeeo-sql-ukwest")

Steps to Reproduce

terraform apply
change some property
terraform apply

aristosvo commented 3 years ago

Hi @hbuckle! Thanks for raising this issue!

I've created part of this, but I don't recall the exact difference between OnlineSecondary and Secondary. Does it mean an OnlineSecondary is readable and could contain an extended_auditing_policy, while an Secondary can't? I remember getting errors on creating a Secondary with extended_auditing_policy iirc..

In case that is the logic to apply I could easily fix this problem!

aristosvo commented 3 years ago

Ouch, seems like the read was not properly implemented for an OnlineSecondary, only for Secondary. PR (#14192) is ready!

hbuckle commented 3 years ago

I can't figure out the difference between OnlineSecondary and Secondary TBH. I've actually switched to Secondary now as that is what the provider sets when you import a secondary DB

hbuckle commented 3 years ago

The API lists both, but it only documents Secondary

https://docs.microsoft.com/en-us/rest/api/sql/2021-02-01-preview/databases/create-or-update#createmode

aristosvo commented 3 years ago

Indeed! Nice that your setup works already without the fix!

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-azurerm