amccullough84
diff --git a/‎internal/services/mysql/client/client.go
+5 b/‎internal/services/mysql/client/client.go
+5
diff --git a/‎internal/services/mysql/mysql_flexible_server_firewall_rule_resource.go
+163 b/‎internal/services/mysql/mysql_flexible_server_firewall_rule_resource.go
+163
diff --git a/‎internal/services/mysql/mysql_flexible_server_firewall_rule_resource_test.go
+105 b/‎internal/services/mysql/mysql_flexible_server_firewall_rule_resource_test.go
+105
diff --git a/‎internal/services/mysql/parse/flexible_server_firewall_rule.go
+75 b/‎internal/services/mysql/parse/flexible_server_firewall_rule.go
+75
@@ -12,6 +12,7 @@ type Client struct {
 	FirewallRulesClient                *mysql.FirewallRulesClient
 	FlexibleServerConfigurationsClient *mysqlflexibleservers.ConfigurationsClient
 	FlexibleServerClient               *mysqlflexibleservers.ServersClient
+	FlexibleServerFirewallRulesClient  *mysqlflexibleservers.FirewallRulesClient
 	ServersClient                      *mysql.ServersClient
 	ServerKeysClient                   *mysql.ServerKeysClient
 	ServerSecurityAlertPoliciesClient  *mysql.ServerSecurityAlertPoliciesClient
@@ -32,6 +33,9 @@ func NewClient(o *common.ClientOptions) *Client {
 	flexibleServerClient := mysqlflexibleservers.NewServersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&flexibleServerClient.Client, o.ResourceManagerAuthorizer)
 
+	flexibleServerFirewallRulesClient := mysqlflexibleservers.NewFirewallRulesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&flexibleServerFirewallRulesClient.Client, o.ResourceManagerAuthorizer)
+
 	flexibleServerConfigurationsClient := mysqlflexibleservers.NewConfigurationsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&flexibleServerConfigurationsClient.Client, o.ResourceManagerAuthorizer)
 
@@ -55,6 +59,7 @@ func NewClient(o *common.ClientOptions) *Client {
 		DatabasesClient:                    &DatabasesClient,
 		FirewallRulesClient:                &FirewallRulesClient,
 		FlexibleServerClient:               &flexibleServerClient,
+		FlexibleServerFirewallRulesClient:  &flexibleServerFirewallRulesClient,
 		FlexibleServerConfigurationsClient: &flexibleServerConfigurationsClient,
 		ServersClient:                      &ServersClient,
 		ServerKeysClient:                   &ServerKeysClient,
 
@@ -0,0 +1,163 @@
+package mysql
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/services/mysql/mgmt/2021-05-01/mysqlflexibleservers"
+	"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
+	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
+	azValidate "github.com/hashicorp/terraform-provider-azurerm/helpers/validate"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/mysql/parse"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/mysql/validate"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
+	"github.com/hashicorp/terraform-provider-azurerm/utils"
+)
+
+func resourceMySqlFlexibleServerFirewallRule() *pluginsdk.Resource {
+	return &pluginsdk.Resource{
+		Create: resourceMySqlFlexibleServerFirewallRuleCreateUpdate,
+		Read:   resourceMySqlFlexibleServerFirewallRuleRead,
+		Update: resourceMySqlFlexibleServerFirewallRuleCreateUpdate,
+		Delete: resourceMySqlFlexibleServerFirewallRuleDelete,
+
+		Importer: pluginsdk.ImporterValidatingResourceId(func(id string) error {
+			_, err := parse.FlexibleServerFirewallRuleID(id)
+			return err
+		}),
+
+		Timeouts: &pluginsdk.ResourceTimeout{
+			Create: pluginsdk.DefaultTimeout(30 * time.Minute),
+			Read:   pluginsdk.DefaultTimeout(5 * time.Minute),
+			Update: pluginsdk.DefaultTimeout(30 * time.Minute),
+			Delete: pluginsdk.DefaultTimeout(30 * time.Minute),
+		},
+
+		Schema: map[string]*pluginsdk.Schema{
+			"name": {
+				Type:     pluginsdk.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"resource_group_name": azure.SchemaResourceGroupName(),
+
+			"server_name": {
+				Type:         pluginsdk.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validate.FlexibleServerName,
+			},
+
+			"start_ip_address": {
+				Type:         pluginsdk.TypeString,
+				Required:     true,
+				ValidateFunc: azValidate.IPv4Address,
+			},
+
+			"end_ip_address": {
+				Type:         pluginsdk.TypeString,
+				Required:     true,
+				ValidateFunc: azValidate.IPv4Address,
+			},
+		},
+	}
+}
+
+func resourceMySqlFlexibleServerFirewallRuleCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).MySQL.FlexibleServerFirewallRulesClient
+	subscriptionId := meta.(*clients.Client).Account.SubscriptionId
+	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	log.Printf("[INFO] preparing arguments for AzureRM MySQL Flexible Server Firewall Rule creation.")
+	startIPAddress := d.Get("start_ip_address").(string)
+	endIPAddress := d.Get("end_ip_address").(string)
+
+	id := parse.NewFlexibleServerFirewallRuleID(subscriptionId, d.Get("resource_group_name").(string), d.Get("server_name").(string), d.Get("name").(string))
+	if d.IsNewResource() {
+		existing, err := client.Get(ctx, id.ResourceGroup, id.FlexibleServerName, id.FirewallRuleName)
+		if err != nil {
+			if !utils.ResponseWasNotFound(existing.Response) {
+				return fmt.Errorf("checking for presence of existing %s: %v", id, err)
+			}
+		}
+
+		if !utils.ResponseWasNotFound(existing.Response) {
+			return tf.ImportAsExistsError("azurerm_mysql_flexible_server_firewall_rule", id.ID())
+		}
+	}
+
+	properties := mysqlflexibleservers.FirewallRule{
+		FirewallRuleProperties: &mysqlflexibleservers.FirewallRuleProperties{
+			StartIPAddress: utils.String(startIPAddress),
+			EndIPAddress:   utils.String(endIPAddress),
+		},
+	}
+
+	future, err := client.CreateOrUpdate(ctx, id.ResourceGroup, id.FlexibleServerName, id.FirewallRuleName, properties)
+	if err != nil {
+		return fmt.Errorf("creating/updating %s: %v", id, err)
+	}
+
+	if err = future.WaitForCompletionRef(ctx, client.Client); err != nil {
+		return fmt.Errorf("waiting for create/update of %s: %v", id, err)
+	}
+
+	d.SetId(id.ID())
+	return resourceMySqlFlexibleServerFirewallRuleRead(d, meta)
+}
+
+func resourceMySqlFlexibleServerFirewallRuleRead(d *pluginsdk.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).MySQL.FlexibleServerFirewallRulesClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.FlexibleServerFirewallRuleID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	resp, err := client.Get(ctx, id.ResourceGroup, id.FlexibleServerName, id.FirewallRuleName)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("retrieving %s: %+v", *id, err)
+	}
+
+	d.Set("name", id.FirewallRuleName)
+	d.Set("server_name", id.FlexibleServerName)
+	d.Set("resource_group_name", id.ResourceGroup)
+
+	d.Set("start_ip_address", resp.StartIPAddress)
+	d.Set("end_ip_address", resp.EndIPAddress)
+
+	return nil
+}
+
+func resourceMySqlFlexibleServerFirewallRuleDelete(d *pluginsdk.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).MySQL.FlexibleServerFirewallRulesClient
+	ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.FlexibleServerFirewallRuleID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	future, err := client.Delete(ctx, id.ResourceGroup, id.FlexibleServerName, id.FirewallRuleName)
+	if err != nil {
+		return fmt.Errorf("deleting %s: %+v", *id, err)
+	}
+
+	if err := future.WaitForCompletionRef(ctx, client.Client); err != nil {
+		return fmt.Errorf("waiting for deletion of %s: %+v", *id, err)
+	}
+
+	return nil
+}
@@ -0,0 +1,105 @@
+package mysql_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/mysql/parse"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/utils"
+)
+
+type MySQLFlexibleServerFirewallRuleResource struct {
+}
+
+func TestAccMySQLFlexibleServerFirewallRule_basic(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_mysql_flexible_server_firewall_rule", "test")
+	r := MySQLFlexibleServerFirewallRuleResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
+func TestAccMySQLFlexibleServerFirewallRule_requiresImport(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_mysql_flexible_server_firewall_rule", "test")
+	r := MySQLFlexibleServerFirewallRuleResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.basic(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.RequiresImportErrorStep(r.requiresImport),
+	})
+}
+
+func (t MySQLFlexibleServerFirewallRuleResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
+	id, err := parse.FlexibleServerFirewallRuleID(state.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := clients.MySQL.FlexibleServerFirewallRulesClient.Get(ctx, id.ResourceGroup, id.FlexibleServerName, id.FirewallRuleName)
+	if err != nil {
+		return nil, err
+	}
+
+	return utils.Bool(resp.Name != nil), nil
+}
+
+func (MySQLFlexibleServerFirewallRuleResource) basic(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_mysql_flexible_server" "test" {
+  name                   = "acctest-fs-%d"
+  resource_group_name    = azurerm_resource_group.test.name
+  location               = azurerm_resource_group.test.location
+  administrator_login    = "adminTerraform"
+  administrator_password = "QAZwsx123"
+  sku_name               = "B_Standard_B1s"
+}
+
+resource "azurerm_mysql_flexible_server_firewall_rule" "test" {
+  name                = "acctestfwrule-%d"
+  resource_group_name = azurerm_resource_group.test.name
+  server_name         = azurerm_mysql_flexible_server.test.name
+  start_ip_address    = "0.0.0.0"
+  end_ip_address      = "255.255.255.255"
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
+}
+
+func (r MySQLFlexibleServerFirewallRuleResource) requiresImport(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_mysql_flexible_server_firewall_rule" "import" {
+  name                = azurerm_mysql_flexible_server_firewall_rule.test.name
+  resource_group_name = azurerm_mysql_flexible_server_firewall_rule.test.resource_group_name
+  server_name         = azurerm_mysql_flexible_server_firewall_rule.test.server_name
+  start_ip_address    = azurerm_mysql_flexible_server_firewall_rule.test.start_ip_address
+  end_ip_address      = azurerm_mysql_flexible_server_firewall_rule.test.end_ip_address
+}
+`, r.basic(data))
+}
@@ -0,0 +1,75 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-provider-azurerm/helpers/azure"
+)
+
+type FlexibleServerFirewallRuleId struct {
+	SubscriptionId     string
+	ResourceGroup      string
+	FlexibleServerName string
+	FirewallRuleName   string
+}
+
+func NewFlexibleServerFirewallRuleID(subscriptionId, resourceGroup, flexibleServerName, firewallRuleName string) FlexibleServerFirewallRuleId {
+	return FlexibleServerFirewallRuleId{
+		SubscriptionId:     subscriptionId,
+		ResourceGroup:      resourceGroup,
+		FlexibleServerName: flexibleServerName,
+		FirewallRuleName:   firewallRuleName,
+	}
+}
+
+func (id FlexibleServerFirewallRuleId) String() string {
+	segments := []string{
+		fmt.Sprintf("Firewall Rule Name %q", id.FirewallRuleName),
+		fmt.Sprintf("Flexible Server Name %q", id.FlexibleServerName),
+		fmt.Sprintf("Resource Group %q", id.ResourceGroup),
+	}
+	segmentsStr := strings.Join(segments, " / ")
+	return fmt.Sprintf("%s: (%s)", "Flexible Server Firewall Rule", segmentsStr)
+}
+
+func (id FlexibleServerFirewallRuleId) ID() string {
+	fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.DBforMySQL/flexibleServers/%s/firewallRules/%s"
+	return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.FlexibleServerName, id.FirewallRuleName)
+}
+
+// FlexibleServerFirewallRuleID parses a FlexibleServerFirewallRule ID into an FlexibleServerFirewallRuleId struct
+func FlexibleServerFirewallRuleID(input string) (*FlexibleServerFirewallRuleId, error) {
+	id, err := azure.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, err
+	}
+
+	resourceId := FlexibleServerFirewallRuleId{
+		SubscriptionId: id.SubscriptionID,
+		ResourceGroup:  id.ResourceGroup,
+	}
+
+	if resourceId.SubscriptionId == "" {
+		return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
+	}
+
+	if resourceId.ResourceGroup == "" {
+		return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
+	}
+
+	if resourceId.FlexibleServerName, err = id.PopSegment("flexibleServers"); err != nil {
+		return nil, err
+	}
+	if resourceId.FirewallRuleName, err = id.PopSegment("firewallRules"); err != nil {
+		return nil, err
+	}
+
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &resourceId, nil
+}