When running an apply on a terraform configuration that interacts with an azurerm_sql_server resource, you might run into an error similar to this:
Error: setting database threat detection policy:
sql.ServerSecurityAlertPoliciesClient#CreateOrUpdate: Failure sending request:
StatusCode=400 -- Original Error: Code="DataSecurityInvalidUserSuppliedParameter"
Message="storageAccountAccessKey parameter can not be null when storageEndpoint
parameter is not null\r\nParameter name: storageAccountAccessKey"
This is because the azurerm_sql_server resource, based on an old API (2017-03-01-preview) and "sku" model that Microsoft isn't developing further anymore - is now deprecated because Microsoft is now using the "vCore" model.
It is now recommended moving forward that you use the new azurerm_mssql_server resource in its place. This is because there isn't an Azure API that supports both versions at the same time, hence the reason for 2 separate resources to reduce impact to our users. To learn more about this, please click here.
You can migrate to the new resource using either of the following options:
1. Rename the old SQL server resource to the new name right in your terraform configuration
NOTE: This is possible provided you're not using a feature of the new API (resource) that isn't available in the old one. After a successful apply, you can take advantage of the newer features. For more info, please see here.
2. Import the existing azurerm_sql_server resource you have in Azure, but as the azurerm_mssql_server resource instead. Here's a link to the import command for the azurerm_mssql_server resource.
- To import, first write out the azurerm_mssql_server resource arguments in your configuration like it exists before running the import command. For more info on how terraform import works, please see this.