Resource Block Schema #
Each resource block MAY have an ensure attribute. The possible values are:
present- If the resource doesn’t exist, create it. If it exists, alter it to match the resource block.absent- If the resource exists, remove italter- If the resource exists, alter it. If it doesn’t exist, do nothing.
If no ensure attribute is found, it defaults to present
Server Resource Blocks #
The following resource block types are supported
configurationname(string - optional. If not provided, it defaults to the resource name) Any valid name fromsys.configurationswhereis_dynamic= 1. Common value are:backup compression defaultclr enabledcost threshold for parallelismmax degree of parallismmax server memory (MB)max text repl size (B)optimize for ad hoc workloadsxp_cmdshell
value(int32 - required)- Configuration entries can’t be created or deleted. Ensure
presentis treated likealter. Ensureabsentisn’t valid.
loginname(string - optional starting in 1.18. If not provided, it defaults to the resource name.loginmay be used in place ofname.)disabled(true/false)sqldsc_credential(string - required for SQL Server logins) - the local saved vault entry use to set the passworddefault_database(string)check_policy(bool)check_expiration(bool)sid- (string - only for SQL Server logins)- Ensure defaults to
presentexcept for this pattern:resource "login" "sa" {}. If we are on Azure or thesalogin has been renamed, it won’t try to recreate it. This is often used in the caseresource "login" "sa" {disabled = true}which disablessaeverywhere it finds it.
server_permissionlogin(string - required)permission(string - required)
server_role_memberlogin(string - required)role(string - required)
linked_server- Please see the Linked Server page.linked_login- Please see the Linked Server page.sql_script- starting in 1.41.8, this requires the PRO Editiontest_query– SQL query that returns rows if the script has already run. If the queryexpected_rows, the SQL file specified infilewill be run.expected_rows(int - optional) Defaults to 1. If provided, this is how many rows thetest_queryis expected to return. If not provided, the script will only run if the test_query doesn’t return one row.script_file– file to look for in thescriptsdirectory. This file is run usingsqlcmd.exe. Prior to 1.17 this was namedfile_name.ensure–presentwill run the file if no rows are returned bytest_query. All other values are an error.database– run the script in this database- The ‘
--push file.sql’ parameter will always run a script if passed on the command line. This useful for situations where you want to update a common stored procedure across servers. Typically this is used to put something like sp_whoisactive on servers.
Database Resource Blocks #
databasename(string - optional starting in 1.18. If not provided, it defaults to the resource name.databasemay be used in place ofname.)owner(string) - this defaults tosafor new databasesrecovery_model(string - full/simple/bulk_logged)rcsi(true/false) read committed snapshot enabledcompatibility_level(int) database compatibility level (100, 110, 120, etc.). A value of -1 matches the version of the server.
query_storesize_mb(int)size_map(see below)
database_userdatabase(string - required)user(string - required)default_schema(string) - the default schema for this user. Prior to 1.18 this was namedschema.
database_roledatabase(string - required)role(string - required)owner(string - optional - defaults to ‘dbo’)
database_role_memberdatabase(string - required)role(string - required)user(string - required)
database_permissiondatabase(string - required)user(string - required)permission(string - required)
schemaschema(string - required)database(string - required)owner(string - optional - defaults to ‘dbo’)
schema_permissionschema(string - required)database(string - required)user(string - required - user or role to grant or revoke permission)permission(string - required - EXEC, SELECT, etc.)
object_permissionsets a permission on a database objectdatabase(string - required)schema(string - required)object(string - required)user(string - required)permission(string - required)
Query Store #
The Query Store Resource Block allows you to set the desired size of the Query Store. The simplest format below sets the size to 100 MB.
resource "query_store" "db_name" {
size_mb = 100
}
A better way to dynamically set the size using a size_map. This sets the size of the Query Store based on the size of the database. The result of this
- A database less than 100 MB won’t have Query Store enabled.
- A database at least 100 MB but less than 200 MB, will have a 10 MB Query Store
- A database 200 MB or greater will have a 20 MB query store. This should keep the Query Store size from changing too often but still make it dynamic.
resource "query_store" "db_name" {
size_map = {
"100mb": "10mb",
"200 mb": "20mb"
}
}
An even better way is to use the user_databases block in PRO vesion to set Query Store for all databases. This sets the Query Store size for each user database based on the size of that database.
user_databases {
resource "query_store" "dummy" {
size_map = {
"100mb": "10mb",
"200 mb": "20mb"
}
}
}
Query Store Resource Blocks merge differnetly than most blocks. If a Resource Block defines a size map, and then a later Resource Block sets a specific size, only the later value will be applied.
Agent Resource Blocks #
The Regular Edition only supports single-step TSQL jobs. The Professional Edition supports more complicated jobs.
agentThis sets the SQL Server Agent properties (starting in 1.37.15)max_history(int - optional) Maximum size of the jog history log (in rows). -1 is unlimited.max_job_history(int - optional) Maximum job history rows per job. Must be less and or equal tomax_history.
agent_operatorname(string - optional starting in 1.18. If not provided, it defaults to the resource name)email(string - required)
agent_alertsupports setting alerts based on error number or severity. It doesn’t support performance conditions.name(string - optional that defaults to the resource name)enabled(bool - optional that defaults to true)message_id(int) Message number that defines the alert. Eithermessage_idorseveritymust be specified.severity(int) Severity that defines the alert. Eithermessage_idorseveritymust be specified.delay_between_responses(string - optional) Must be a duration in the format “5m” or “3m30s”notification_message(string - optional) Message to appear as part of the alert. Limited to 512 characters.include_event_description(string - optional that defaults to true)job_name(string - optional) Job to run in repsonse to alertemail_operators(string array - optional) List of operators to email when the alert fires
agent_job- This is primarily used to remove old jobs. Jobs should be defined using the Job Blockjob(string - optional. If not provided, it defaults to the resource name)enabled(bool - optional. Defaults to true)owner(string - optional. Defaults tosa)notify_on(string - optional -never|success|failure|completed) Send a notification email based on this.operator(string - optional) Name of the operator to receive the email
Breaking Changes #
- Starting in 1.37.14, the Job Step Name field is
stepand the Job Schedule Name field isschedule. - Starting in 1.35, the
login_nameattribute is replaced byloginand therole_nameattribute is replace byrole. This affectsserver_role_memberandserver_permission. - In the
sql_scriptresource, the file is now specified in thescript_filefield.scriptis also supported but will be removed in a future release. - The name of the resource was changed from
sql_filetosql_scriptin 1.18 (12 April 2020) - Resource Blocks now overwrite previous definitions. Prior to this they would merge. It’s just too complicated to figure out where different settings come from in files in 1.22 (22 April 2020)