When running an apply on a terraform configuration that interacts with an azurerm_sql_server resource, you might run into an error similar to this:
Error: setting database threat detection policy:
sql.ServerSecurityAlertPoliciesClient#CreateOrUpdate: Failure sending request:
StatusCode=400 -- Original Error: Code="DataSecurityInvalidUserSuppliedParameter"
Message="storageAccountAccessKey parameter can not be null when storageEndpoint
parameter is not null\r\nParameter name: storageAccountAccessKey"
This is because the azurerm_sql_server resource, based on an old API (2017-03-01-preview) and "sku" model that Microsoft isn't developing further anymore - is now deprecated because Microsoft is now using the "vCore" model.
It is now recommended moving forward that you use the new azurerm_mssql_server resource in its place. This is because there isn't an Azure API that supports both versions at the same time, hence the reason for 2 separate resources to reduce impact to our users. To learn more about this, please click here.
You can migrate to the new resource using either of the following options:
1. Rename the old SQL server resource to the new name right in your terraform configuration
NOTE: This is possible provided you're not using a feature of the new API (resource) that isn't available in the old one. After a successful apply, you can take advantage of the newer features. For more info, please see here.
2. Import the existing azurerm_sql_server resource you have in Azure, but as the azurerm_mssql_server resource instead. Here's a link to the import command for the azurerm_mssql_server resource.
- To import, first write out the azurerm_mssql_server resource arguments in your configuration like it exists before running the import command. For more info on how terraform import works, please see this.
Successfully migrated to the new azurerm_mssql_server resource. If you experience issues doing this please reach out to Terraform Support or the larger community on the Terraform Discuss page.