Azure · AlexanderSehr · Sep 16, 2023 · Sep 16, 2023 · Sep 16, 2023 · Sep 16, 2023
@@ -64,6 +64,9 @@ output subnetResourceId string = virtualNetwork.properties.subnets[0].id
 @description('The resource ID of the created Private DNS Zone.')
 output privateDNSResourceId string = privateDNSZone.id
 
+@description('The name of the created Managed Identity.')
+output managedIdentityName string = managedIdentity.name
+
 @description('The resource ID of the created Managed Identity.')
 output managedIdentityResourceId string = managedIdentity.id
 

@@ -109,5 +109,12 @@ module testDeployment '../../main.bicep' = {
     diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
     diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
     diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    administrators: [
+      {
+        identityResourceId: nestedDependencies.outputs.managedIdentityResourceId
+        login: nestedDependencies.outputs.managedIdentityName
+        sid: nestedDependencies.outputs.managedIdentityPrincipalId
+      }
+    ]
   }
 }
@@ -17,6 +17,7 @@ This module deploys a DBforMySQL Flexible Server.
 | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.DBforMySQL/flexibleServers` | [2022-09-30-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2022-09-30-preview/flexibleServers) |
+| `Microsoft.DBforMySQL/flexibleServers/administrators` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2022-01-01/flexibleServers/administrators) |
 | `Microsoft.DBforMySQL/flexibleServers/databases` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2022-01-01/flexibleServers/databases) |
 | `Microsoft.DBforMySQL/flexibleServers/firewallRules` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2022-01-01/flexibleServers/firewallRules) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
@@ -27,8 +28,6 @@ This module deploys a DBforMySQL Flexible Server.
 
 | Parameter Name | Type | Allowed Values | Description |
 | :-- | :-- | :-- | :-- |
-| `administratorLogin` | string |  | The administrator login name of a server. Can only be specified when the MySQL server is being created. |
-| `administratorLoginPassword` | securestring |  | The administrator login password. |
 | `name` | string |  | The name of the MySQL flexible server. |
 | `skuName` | string |  | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. |
 | `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". |
@@ -51,6 +50,9 @@ This module deploys a DBforMySQL Flexible Server.
 
 | Parameter Name | Type | Default Value | Allowed Values | Description |
 | :-- | :-- | :-- | :-- | :-- |
+| `administratorLogin` | string | `''` |  | The administrator login name of a server. Can only be specified when the MySQL server is being created. |
+| `administratorLoginPassword` | securestring | `''` |  | The administrator login password. |
+| `administrators` | array | `[]` |  | The Azure AD administrators when AAD authentication enabled. |
 | `availabilityZone` | string | `''` | `['', 1, 2, 3]` | Availability zone information of the server. Default will have no preference set. |
 | `backupRetentionDays` | int | `7` |  | Backup retention days for the server. |
 | `cMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. |
@@ -247,12 +249,12 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
   name: '${uniqueString(deployment().name, location)}-test-dfmsfsmin'
   params: {
     // Required parameters
-    administratorLogin: 'adminUserName'
-    administratorLoginPassword: '<administratorLoginPassword>'
     name: 'dfmsfsmin001'
     skuName: 'Standard_B1ms'
     tier: 'Burstable'
     // Non-required parameters
+    administratorLogin: 'adminUserName'
+    administratorLoginPassword: '<administratorLoginPassword>'
     enableDefaultTelemetry: '<enableDefaultTelemetry>'
   }
 }
@@ -271,12 +273,6 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
   "contentVersion": "1.0.0.0",
   "parameters": {
     // Required parameters
-    "administratorLogin": {
-      "value": "adminUserName"
-    },
-    "administratorLoginPassword": {
-      "value": "<administratorLoginPassword>"
-    },
     "name": {
       "value": "dfmsfsmin001"
     },
@@ -287,6 +283,12 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
       "value": "Burstable"
     },
     // Non-required parameters
+    "administratorLogin": {
+      "value": "adminUserName"
+    },
+    "administratorLoginPassword": {
+      "value": "<administratorLoginPassword>"
+    },
     "enableDefaultTelemetry": {
       "value": "<enableDefaultTelemetry>"
     }
@@ -308,12 +310,19 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
   name: '${uniqueString(deployment().name, location)}-test-dfmsfspvt'
   params: {
     // Required parameters
-    administratorLogin: 'adminUserName'
-    administratorLoginPassword: '<administratorLoginPassword>'
     name: 'dfmsfspvt001'
     skuName: 'Standard_D2ds_v4'
     tier: 'GeneralPurpose'
     // Non-required parameters
+    administratorLogin: 'adminUserName'
+    administratorLoginPassword: '<administratorLoginPassword>'
+    administrators: [
+      {
+        identityResourceId: '<identityResourceId>'
+        login: '<login>'
+        sid: '<sid>'
+      }
+    ]
     backupRetentionDays: 10
     databases: [
       {
@@ -368,12 +377,6 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
   "contentVersion": "1.0.0.0",
   "parameters": {
     // Required parameters
-    "administratorLogin": {
-      "value": "adminUserName"
-    },
-    "administratorLoginPassword": {
-      "value": "<administratorLoginPassword>"
-    },
     "name": {
       "value": "dfmsfspvt001"
     },
@@ -384,6 +387,21 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
       "value": "GeneralPurpose"
     },
     // Non-required parameters
+    "administratorLogin": {
+      "value": "adminUserName"
+    },
+    "administratorLoginPassword": {
+      "value": "<administratorLoginPassword>"
+    },
+    "administrators": {
+      "value": [
+        {
+          "identityResourceId": "<identityResourceId>",
+          "login": "<login>",
+          "sid": "<sid>"
+        }
+      ]
+    },
     "backupRetentionDays": {
       "value": 10
     },
@@ -477,12 +495,12 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
   name: '${uniqueString(deployment().name, location)}-test-dfmsfsp'
   params: {
     // Required parameters
-    administratorLogin: 'adminUserName'
-    administratorLoginPassword: '<administratorLoginPassword>'
     name: 'dfmsfsp001'
     skuName: 'Standard_D2ds_v4'
     tier: 'GeneralPurpose'
     // Non-required parameters
+    administratorLogin: 'adminUserName'
+    administratorLoginPassword: '<administratorLoginPassword>'
     availabilityZone: '1'
     backupRetentionDays: 20
     cMKKeyName: '<cMKKeyName>'
@@ -567,12 +585,6 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
   "contentVersion": "1.0.0.0",
   "parameters": {
     // Required parameters
-    "administratorLogin": {
-      "value": "adminUserName"
-    },
-    "administratorLoginPassword": {
-      "value": "<administratorLoginPassword>"
-    },
     "name": {
       "value": "dfmsfsp001"
     },
@@ -583,6 +595,12 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {
       "value": "GeneralPurpose"
     },
     // Non-required parameters
+    "administratorLogin": {
+      "value": "adminUserName"
+    },
+    "administratorLoginPassword": {
+      "value": "<administratorLoginPassword>"
+    },
     "availabilityZone": {
       "value": "1"
     },

@@ -0,0 +1,53 @@
+# DBforMySQL Flexible Server Administrators `[Microsoft.DBforMySQL/flexibleServers/administrators]`
+
+This module deploys a DBforMySQL Flexible Server Administrator.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.DBforMySQL/flexibleServers/administrators` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2022-01-01/flexibleServers/administrators) |
+
+## Parameters
+
+**Required parameters**
+
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `identityResourceId` | string | The resource ID of the identity used for AAD Authentication. |
+| `login` | string | Login name of the server administrator. |
+| `sid` | string | SID (object ID) of the server administrator. |
+
+**Conditional parameters**
+
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `flexibleServerName` | string | The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter Name | Type | Default Value | Description |
+| :-- | :-- | :-- | :-- |
+| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| `location` | string | `[resourceGroup().location]` | Location for all resources. |
+| `tenantId` | string | `[tenant().tenantId]` | The tenantId of the Active Directory administrator. |
+
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the deployed administrator. |
+| `resourceGroupName` | string | The resource group of the deployed administrator. |
+| `resourceId` | string | The resource ID of the deployed administrator. |
+
+## Cross-referenced modules
+
+_None_
@@ -0,0 +1,61 @@
+metadata name = 'DBforMySQL Flexible Server Administrators'
+metadata description = 'This module deploys a DBforMySQL Flexible Server Administrator.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Conditional. The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment.')
+param flexibleServerName string
+
+@description('Required. SID (object ID) of the server administrator.')
+param sid string
+
+@description('Required. The resource ID of the identity used for AAD Authentication.')
+param identityResourceId string
+
+@description('Required. Login name of the server administrator.')
+param login string
+
+@description('Optional. The tenantId of the Active Directory administrator.')
+param tenantId string = tenant().tenantId
+
+@description('Optional. Location for all resources.')
+param location string = resourceGroup().location
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
+resource flexibleServer 'Microsoft.DBforMySQL/flexibleServers@2022-01-01' existing = {
+  name: flexibleServerName
+}
+
+resource administrator 'Microsoft.DBforMySQL/flexibleServers/administrators@2022-01-01' = {
+  name: 'ActiveDirectory'
+  parent: flexibleServer
+  properties: {
+    administratorType: 'ActiveDirectory'
+    identityResourceId: identityResourceId
+    login: login
+    sid: sid
+    tenantId: tenantId
+  }
+}
+
+@description('The name of the deployed administrator.')
+output name string = administrator.name
+
+@description('The resource ID of the deployed administrator.')
+output resourceId string = administrator.id
+
+@description('The resource group of the deployed administrator.')
+output resourceGroupName string = resourceGroup().name