diff --git a/arm/Microsoft.Sql/servers/.parameters/parameters.json b/arm/Microsoft.Sql/servers/.parameters/parameters.json index 47bf627cb5..e992fdbc54 100644 --- a/arm/Microsoft.Sql/servers/.parameters/parameters.json +++ b/arm/Microsoft.Sql/servers/.parameters/parameters.json @@ -18,6 +18,15 @@ "secretName": "administratorLoginPassword" } }, + "administrators": { + "value": { + "azureADOnlyAuthentication": false, + "login": "John Doe", + "sid": "<>", + "principalType": "Application", + "tenantId": "<>" + } + }, "location": { "value": "westeurope" }, @@ -78,4 +87,4 @@ } } } -} +} \ No newline at end of file diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/arm/Microsoft.Sql/servers/deploy.bicep index 06787626f7..001d30464c 100644 --- a/arm/Microsoft.Sql/servers/deploy.bicep +++ b/arm/Microsoft.Sql/servers/deploy.bicep @@ -1,9 +1,9 @@ -@description('Required. Administrator username for the server.') -param administratorLogin string +@description('Optional. Administrator username for the server. Required if no `administrators` object for AAD authentication is provided.') +param administratorLogin string = '' -@description('Required. The administrator login password.') +@description('Optional. The administrator login password. Required if no `administrators` object for AAD authentication is provided.') @secure() -param administratorLoginPassword string +param administratorLoginPassword string = '' @description('Optional. Location for all resources.') param location string = resourceGroup().location @@ -43,6 +43,9 @@ param firewallRules array = [] @description('Optional. The security alert policies to create in the server') param securityAlertPolicies array = [] +@description('Optional. The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided.') +param administrators object = {} + var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') var identity = identityType != 'None' ? { @@ -61,8 +64,16 @@ resource server 'Microsoft.Sql/servers@2021-05-01-preview' = { tags: tags identity: identity properties: { - administratorLogin: administratorLogin - administratorLoginPassword: administratorLoginPassword + administratorLogin: !empty(administratorLogin) ? administratorLogin : null + administratorLoginPassword: !empty(administratorLoginPassword) ? administratorLoginPassword : null + administrators: !empty(administrators) ? { + administratorType: 'ActiveDirectory' + azureADOnlyAuthentication: administrators.azureADOnlyAuthentication + login: administrators.login + principalType: administrators.principalType + sid: administrators.sid + tenantId: administrators.tenantId + } : null version: '12.0' } } diff --git a/arm/Microsoft.Sql/servers/readme.md b/arm/Microsoft.Sql/servers/readme.md index 5d05277843..ff928a6e30 100644 --- a/arm/Microsoft.Sql/servers/readme.md +++ b/arm/Microsoft.Sql/servers/readme.md @@ -18,8 +18,9 @@ This module deploys a SQL server. | Parameter Name | Type | Default Value | Possible Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `administratorLogin` | string | | | Required. Administrator username for the server. | -| `administratorLoginPassword` | secureString | | | Required. The administrator login password. | +| `administratorLogin` | string | | | Optional. Administrator username for the server. Required if no `administrators` object for AAD authentication is provided. | +| `administratorLoginPassword` | secureString | | | Optional. The administrator login password. Required if no `administrators` object for AAD authentication is provided. | +| `administrators` | object | `{object}` | | Optional. The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided. | | `cuaId` | string | | | Optional. Customer Usage Attribution ID (GUID). This GUID must be previously registered | | `databases` | _[databases](databases/readme.md)_ array | `[]` | | Optional. The databases to create in the server | | `firewallRules` | _[firewallRules](firewallRules/readme.md)_ array | `[]` | | Optional. The firewall rules to create in the server | @@ -28,7 +29,7 @@ This module deploys a SQL server. | `name` | string | | | Required. The name of the server. | | `roleAssignments` | array | `[]` | | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' | | `securityAlertPolicies` | _[securityAlertPolicies](securityAlertPolicies/readme.md)_ array | `[]` | | Optional. The security alert policies to create in the server | -| `systemAssignedIdentity` | bool | | | Optional. Enables system assigned managed identity on the resource. | +| `systemAssignedIdentity` | bool | `False` | | Optional. Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Optional. Tags of the resource. | | `userAssignedIdentities` | object | `{object}` | | Optional. The ID(s) to assign to the resource. | @@ -84,6 +85,23 @@ You can specify multiple user assigned identities to a resource by providing add }, ``` +### Parameter Usage: `administrators` + +Configure Azure Active Directory Authentication method for server administrator. +https://docs.microsoft.com/en-us/azure/templates/microsoft.sql/servers/administrators?tabs=bicep + +```json +"administrators": { + "value": { + "azureADOnlyAuthentication": false + "login": "John Doe" + "sid": "<>" + "principalType" : "User" // options: "User", "Group", "Application" + "tenantId": "<>" + } +}, +``` + ## Outputs | Output Name | Type | Description |