Something from my daily work (It is possible, that I will more about it as I see daily issues).
I got an assignment to enhance out Azure SQL Managed Instances Terraform deployment module with DTC (Yes, it is a good question, why on earth this outdated technology is still needed).
For the DTC you will need two resources added to your managed instance. One is the DTC configuration, the other is the serverTrustGroup what determine which of your managed instances trust each other for the distributed transaction.
As I not even surprised, none of the above exists in the Terrafrom AzureRM provider, so you need to use AzAPI provider for it.
The DTC setting itself is a piece of cake - if you have experience using the AzAPI resources you can easily handle it.
The trustGroup is a different animal.
Here you can find the Microsoft documentation for it:
https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2023-05-01-preview/locations/servertrustgroups?pivots=deployment-language-terraformYou just add the resource and done...
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Sql/locations/serverTrustGroups@2023-05-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
groupMembers = [
{
serverId = "string"
}
]
trustScopes = [
"string"
]
}
})
}Not exactly. The name, groupMembers, trustScopes are explained in the documentation. The parent_id is not exactly. The documentation said:
"The ID of the resource that is the parent for this resource.
ID for resource of type: locations"
What this means to you?
Usually in the Azure "location" is used as the synonym of "region" - here: wrong
Even, if it would be the region, where should it be located in the management group/subscription/resource group hierarchy?
Anyway, as a normal Azure resource, it should be located in a resource group. Ok, add the resource group ID there. The Terraform give back this error:
"Error: `parent_id is invalid`: expect ID of `Microsoft.Sql/locations`"
What a hack is this Microsoft.Sql/locations ?
Looked through the internet. Yes it is part of the object hierarchy of the serverTrustGroups but, as resource it doesn't exists.
Ok. Deploy the Trust Group manually. Done it. On the portal you can't see the JSON of it.
Try other way.
Try to get it back via AZ CLI:
az sql stg list -g <resource group name> --instance-name <name>The result:
[
{
"groupMembers": [
{
"serverId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<resource group name>/providers/Microsoft.Sql/managedInstances/sql-test-01"
},
{
"serverId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<resource group name>/providers/Microsoft.Sql/managedInstances/sql-test-02"
}
],
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<resource group name>/providers/Microsoft.Sql/locations/West Europe/serverTrustGroups/trust-group",
"name": "trust-group",
"resourceGroup": " <resource group name>",
"trustScopes": [
"GlobalTransactions",
"ServiceBroker"
],
"type": "Microsoft.Sql/locations/serverTrustGroups"
}
]Now, can you see?
After this, our code will look like something this:
resource "azapi_resource" "trust-group" {
type = "Microsoft.Sql/locations/serverTrustGroups@2023-05-01-preview"
name = var.trust_group_name
parent_id = "${var.resource_group_id}/providers/Microsoft.Sql/locations/${var.region}"
body = jsonencode({
properties = {
groupMembers = [for ServerID in var.groupMembers : { "serverId" = ServerID }]
trustScopes = var.trustScopes
}
})
}And I try not to judge the quality of the Microsoft documentation ...