Support "Deny public network access" for MariaDB and PostgreSQL

[philipsd6]

SUMMARY

After creating PostgreSQL or MariaDB databases, the Azure UI has the option to "Deny public network access" ensuring that "only private endpoint connections will be allowed to access this resource."

The postgres/mariadb server/database modules should support this option. For some reason, when the resource is created via the module, the "Deny public network access" option is no longer available in Connection security, so we can't even create the database server with Ansible and manually set the option in the portal.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

• azure_rm_postgresqlserver
• azure_rm_mysqlserver
• azure_rm_mariadbserver

ADDITIONAL INFORMATION

For security reasons, it's best to block access to databases from the public internet, and only allow connections from defined private endpoints to the applications.

- name: Create (or Update) PostgreSQL Server
  azure_rm_postgresqlserver:
    resource_group: "{{ resource_group }}"
    name: "{{ pg_servername }}"
    deny_public_access: yes
    sku:
      name: "{{ pg_sku_name }}"
      tier: "{{ pg_sku_tier }}"
    storage_mb: "{{ pg_storage_mb }}"
    version: "{{ pg_version }}"
    enforce_ssl: "{{ pg_enforce_ssl }}"
    admin_username: "{{ pg_admin_username }}"
    admin_password: "{{ pg_admin_password }}"
  register: pg_server

Of course, then we would also need a module for creating private endpoints...

[Fred-sun]

@philipsd6 Thank you for submitting this issue, we church will investigate and resolve this issue!

[Fred-sun]

fixes by #594 and #593

[tgillitzer]

@Fred-sun @l3ender How do the changes mentioned allow you to set the "Deny public network access" that was originally requested? I see that the new module lets you set IP restrictions, but the "Deny public network access" setting seems to do more than that.

https://docs.microsoft.com/en-us/azure/mariadb/concepts-data-access-security-private-link#deny-public-access-for-azure-database-for-mariadb