updated sql-database

pulumi · Dec 11, 2024 · 6c932dc · 6c932dc
1 parent 2511282
commit 6c932dc
Show file tree

Hide file tree

Showing 3 changed files with 276 additions and 81 deletions.
diff --git a/provider/pkg/provider/test-programs/upgrade-sql-database/Pulumi.yaml b/provider/pkg/provider/test-programs/upgrade-sql-database/Pulumi.yaml
@@ -3,6 +3,8 @@ runtime: yaml
 description: |
   Upgrade test for SQL Server, Database, and related network objects, based on:
   https://learn.microsoft.com/en-us/azure/azure-sql/database/single-database-create-arm-template-quickstart?view=azuresql
+  With network access controls based on:
+  https://learn.microsoft.com/en-us/azure/azure-sql/database/network-access-controls-overview?view=azuresql
 
 resources:
   rg:
@@ -19,6 +21,22 @@ resources:
       special: true
       length: 12
 
+  vnet:
+    type: azure-native:network:VirtualNetwork
+    properties:
+      resourceGroupName: ${rg.name}
+      addressSpace:
+        addressPrefixes: ["10.1.0.0/16"]
+
+  subnet:
+    type: azure-native:network:Subnet
+    properties:
+      resourceGroupName: ${rg.name}
+      virtualNetworkName: ${vnet.name}
+      addressPrefix: "10.1.0.0/24"
+      serviceEndpoints:
+        - service: Microsoft.Sql
+
   server:
     type: azure-native:sql:Server
     properties:
@@ -39,6 +57,7 @@ resources:
         name: "Standard"
         tier: "Standard"
 
+  # Firewall rule for external connectivity
   firewallRuleCorp:
     type: azure-native:sql:FirewallRule
     properties:
@@ -48,6 +67,7 @@ resources:
       startIpAddress: "192.0.2.0"
       endIpAddress: "192.0.2.255"
 
+  # Firewall rule for Azure services
   firewallRuleAllowAzure:
     type: azure-native:sql:FirewallRule
     properties:
@@ -57,3 +77,12 @@ resources:
       startIpAddress: "0.0.0.0"
       endIpAddress: "0.0.0.0"
 
+  # Firewall rule for a particular virtual network subnet
+  virtualNetworkRule:
+    type: azure-native:sql:VirtualNetworkRule
+    properties:
+      resourceGroupName: ${rg.name}
+      serverName: ${server.name}
+      virtualNetworkRuleName: "myvnetrule"
+      virtualNetworkSubnetId: ${subnet.id}
+      ignoreMissingVnetServiceEndpoint: false