Server
An Azure SQL Database server. Uses Azure REST API version 2023-08-01. In version 2.x of the Azure Native provider, it used API version 2021-11-01. Other available API versions: 2014-04-01, 2015-05-01-preview, 2019-06-01-preview, 2020-02-02-preview, 2020-08-01-preview, 2020-11-01-preview, 2021-02-01-preview, 2021-05-01-preview, 2021-08-01-preview, 2021-11-01, 2021-11-01-preview, 2022-02-01-preview, 2022-05-01-preview, 2022-08-01-preview, 2022-11-01-preview, 2023-02-01-preview, 2023-05-01-preview, 2023-08-01-preview, 2024-05-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native sql [ApiVersion]. See the ../../../version-guide/#accessing-any-api-version-via-local-packages for details. Warning: when AzureADOnlyAuthentication is enabled, the Azure SQL API rejects any AdministratorLoginPassword, even if it is the same as the current one. According to the Azure team, this API design owes to the following reasons:
Changing the password is not allowed when Entra-only authentication is enabled because it could lead to invalid templates.
Any updates containing the same, unchanged password are also rejected because different behavior for same vs different passwords would be a vector for brute forcing the password. To work around this, you can comment out
AdministratorLoginPasswordwhen enablingAzureADOnlyAuthentication. To update the password, you can disableAzureADOnlyAuthenticationand re-enable it after the update. For more details and discussion please see this issue.
Example Usage
Create server
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var server = new AzureNative.Sql.Server("server", new()
{
AdministratorLogin = "dummylogin",
AdministratorLoginPassword = "PLACEHOLDER",
Administrators = new AzureNative.Sql.Inputs.ServerExternalAdministratorArgs
{
AzureADOnlyAuthentication = true,
Login = "bob@contoso.com",
PrincipalType = AzureNative.Sql.PrincipalType.User,
Sid = "00000011-1111-2222-2222-123456789111",
TenantId = "00000011-1111-2222-2222-123456789111",
},
IsIPv6Enabled = AzureNative.Sql.ServerNetworkAccessFlag.Enabled,
Location = "Japan East",
PublicNetworkAccess = AzureNative.Sql.ServerPublicNetworkAccessFlag.Enabled,
ResourceGroupName = "sqlcrudtest-7398",
RestrictOutboundNetworkAccess = AzureNative.Sql.ServerNetworkAccessFlag.Enabled,
ServerName = "sqlcrudtest-4645",
});
});package main
import (
sql "github.com/pulumi/pulumi-azure-native-sdk/sql/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sql.NewServer(ctx, "server", &sql.ServerArgs{
AdministratorLogin: pulumi.String("dummylogin"),
AdministratorLoginPassword: pulumi.String("PLACEHOLDER"),
Administrators: &sql.ServerExternalAdministratorArgs{
AzureADOnlyAuthentication: pulumi.Bool(true),
Login: pulumi.String("bob@contoso.com"),
PrincipalType: pulumi.String(sql.PrincipalTypeUser),
Sid: pulumi.String("00000011-1111-2222-2222-123456789111"),
TenantId: pulumi.String("00000011-1111-2222-2222-123456789111"),
},
IsIPv6Enabled: pulumi.String(sql.ServerNetworkAccessFlagEnabled),
Location: pulumi.String("Japan East"),
PublicNetworkAccess: pulumi.String(sql.ServerPublicNetworkAccessFlagEnabled),
ResourceGroupName: pulumi.String("sqlcrudtest-7398"),
RestrictOutboundNetworkAccess: pulumi.String(sql.ServerNetworkAccessFlagEnabled),
ServerName: pulumi.String("sqlcrudtest-4645"),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.sql.Server;
import com.pulumi.azurenative.sql.ServerArgs;
import com.pulumi.azurenative.sql.inputs.ServerExternalAdministratorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var server = new Server("server", ServerArgs.builder()
.administratorLogin("dummylogin")
.administratorLoginPassword("PLACEHOLDER")
.administrators(ServerExternalAdministratorArgs.builder()
.azureADOnlyAuthentication(true)
.login("bob@contoso.com")
.principalType("User")
.sid("00000011-1111-2222-2222-123456789111")
.tenantId("00000011-1111-2222-2222-123456789111")
.build())
.isIPv6Enabled("Enabled")
.location("Japan East")
.publicNetworkAccess("Enabled")
.resourceGroupName("sqlcrudtest-7398")
.restrictOutboundNetworkAccess("Enabled")
.serverName("sqlcrudtest-4645")
.build());
}
}Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:sql:Server sqlcrudtest-4645 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}Properties
Administrator username for the server. Once created it cannot be changed.
The Azure Active Directory administrator of the server. This can only be used at server create time. If used for server update, it will be ignored or it will result in an error. For updates individual APIs will need to be used.
The Azure API version of the resource.
Status of external governance.
The Client id used for cross tenant CMK scenario
The fully qualified domain name of the server.
The Azure Active Directory identity of the server.
Whether or not to enable IPv6 support for this server. Value is optional but if passed in, must be 'Enabled' or 'Disabled'
Minimal TLS version. Allowed values: 'None', 1.0', '1.1', '1.2', '1.3'
The resource id of a user assigned identity to be used by default.
List of private endpoint connections on a server
Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be 'Enabled' or 'Disabled' or 'SecuredByPerimeter'
Whether or not to restrict outbound network access for this server. Value is optional but if passed in, must be 'Enabled' or 'Disabled'
Whether or not existing server has a workspace created and if it allows connection from workspace