Adding Postgres Active Directory admin configuration

kumarvna · kumarvna · commit 530133387922 · 2021-06-26T19:04:29.000+05:30
diff --git a/examples/PostgreSQL_Server/main.tf b/examples/PostgreSQL_Server/main.tf
@@ -46,7 +46,7 @@ module "postgresql-db" {
 
   # The URL to a Key Vault custom managed key
   key_vault_key_id = var.key_vault_key_id
-
+*/
   # To enable Azure Defender for database set `enable_threat_detection_policy` to true 
   enable_threat_detection_policy = true
   log_retention_days             = 30
@@ -58,8 +58,8 @@ module "postgresql-db" {
 
   # (Optional) To enable Azure Monitoring for Azure MySQL database
   # (Optional) Specify `storage_account_name` to save monitoring logs to storage. 
-  log_analytics_workspace_name = "loganalytics-we-sharedtest2"
-*/
+  //log_analytics_workspace_name = "loganalytics-we-sharedtest2"
+
   # Firewall Rules to allow azure and external clients and specific Ip address/ranges. 
   firewall_rules = {
     access-to-azure = {
diff --git a/main.tf b/main.tf
@@ -140,7 +140,7 @@ resource "azurerm_postgresql_configuration" "main" {
 }
 
 #------------------------------------------------------------
-# Adding Firewall rules for MySQL Server - Default is "false"
+# Adding Firewall rules for PostgreSQL Server - Default is "false"
 #------------------------------------------------------------
 resource "azurerm_postgresql_firewall_rule" "main" {
   for_each            = var.firewall_rules != null ? { for k, v in var.firewall_rules : k => v if v != null } : {}
@@ -150,3 +150,15 @@ resource "azurerm_postgresql_firewall_rule" "main" {
   start_ip_address    = each.value["start_ip_address"]
   end_ip_address      = each.value["end_ip_address"]
 }
+
+#----------------------------------------------------------
+# Adding AD Admin to PostgreSQL Server - Default is "false"
+#----------------------------------------------------------
+resource "azurerm_postgresql_active_directory_administrator" "main" {
+  count               = var.ad_admin_login_name != null ? 1 : 0
+  server_name         = azurerm_postgresql_server.main.name
+  resource_group_name = local.resource_group_name
+  login               = var.ad_admin_login_name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  object_id           = data.azurerm_client_config.current.object_id
+}
diff --git a/variables.tf b/variables.tf
@@ -124,6 +124,11 @@ variable "firewall_rules" {
   default = null
 }
 
+variable "ad_admin_login_name" {
+  description = "The login name of the principal to set as the server administrator"
+  default     = null
+}
+
 variable "tags" {
   description = "A map of tags to add to all resources"
   type        = map(string)
