Description
Hello,
While using terraform to manage a MySQL managed instance (https://www.terraform.io/docs/providers/azurerm/r/mysql_server.html), I am running with an issue related to the threat_detection_policy configuration.
According to the documentation https://docs.microsoft.com/en-us/rest/api/mariadb/serversecurityalertpolicies/get#serversecurityalertpolicy, the only allowed values in properties.disabledAlerts are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly. If no alert is disabled, I would expect the array to be empty, however the API returns [""]. See the example below based on my terraform run (I removed part of the output):
2020-07-31T10:57:20.953-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.20.0_x5: [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/***/resourceGroups/***/providers/Microsoft.DBforMySQL/servers/***/securityAlertPolicies/Default?api-version=2017-12-01:
2020-07-31T10:57:20.953-0400 [DEBUG] plugin.terraform-provider-azurerm_v2.20.0_x5: {"properties":{"state":"Enabled","disabledAlerts":[""],...},"id":"/subscriptions/***/resourceGroups/***/providers/Microsoft.DBforMySQL/servers/***/securityAlertPolicies/Default","name":"Default","type":"Microsoft.DBforMySQL/servers/securityAlertPolicies"}
The end result is that terraform sees an update while it should not:
~ threat_detection_policy {
~ disabled_alerts = [
- "",
]
...
}
I believe this is a problem with the API rather than Terraform, because Terraform seems to follow what is specified in the documentation.
In addition to this, the securityAlertPolicies API is not documented for MySQL (the link I posted above was for MariaDB).