https://pulumi.com logo
Title
e

elegant-stone-54832

09/27/2021, 7:43 PM
Hi! I tried to update my Azure SQL Server and added "Admininstrators".
var sqlServer = new Server("myServer", new ServerArgs
{
    AdministratorLogin = administratorLogin,
    AdministratorLoginPassword = administratorLoginPassword,
    ResourceGroupName = resourceGroup.Name,
    Identity = new ResourceIdentityArgs { Type = IdentityType.SystemAssigned },
    Administrators = new ServerExternalAdministratorArgs { PrincipalType = PrincipalType.User, Login = "MyLoginAADAccountName", Sid = "SomeGuid" } // I added this line
});
Why did pulumi removed my Azure SQL Server and recreated it?
b

billowy-army-68599

09/27/2021, 8:34 PM
@elegant-stone-54832 can you show me the diff? it's more than likely because the upstream API doesn't allow that field to be modified
e

elegant-stone-54832

09/27/2021, 9:13 PM
Do you mean this? updating stack... Updating (dev): pulumi๐Ÿ˜›ulumi:Stack pulumi-test-project-dev running azure-native:resources:ResourceGroup myapp-dev ++ azure-native๐Ÿ˜’ql:Server myServer creating replacement [diff: +administrators,identity] azure-native:web:AppServicePlan pulitestserviceplan azure-native:web:WebApp myApp ++ azure-native๐Ÿ˜’ql:Server myServer created replacement [diff: +administrators,identity] +- azure-native๐Ÿ˜’ql:Server myServer replacing [diff: +administrators,identity] +- azure-native๐Ÿ˜’ql:Server myServer replaced [diff: +administrators,identity] -- azure-native๐Ÿ˜’ql:Database myDb deleting original -- azure-native๐Ÿ˜’ql:Database myDb deleted original +- azure-native๐Ÿ˜’ql:Database myDb replacing [diff: ~serverName] +- azure-native๐Ÿ˜’ql:Database myDb replaced [diff: ~serverName] ++ azure-native๐Ÿ˜’ql:Database myDb creating replacement [diff: ~serverName] ++ azure-native๐Ÿ˜’ql:Database myDb created replacement [diff: ~serverName] -- azure-native๐Ÿ˜’ql:Server myServer deleting original [diff: +administrators,identity] -- azure-native๐Ÿ˜’ql:Server myServer deleted original [diff: +administrators,identity] pulumi๐Ÿ˜›ulumi:Stack pulumi-test-project-dev
Seems like I also changed the identity column.
b

billowy-army-68599

09/27/2021, 9:33 PM
yes that helps, if you update properties in your pulumi program (like the administrators) and rerun, pulumi checks the upstreams API to determine if it allows a patch operation. if it can't, it'll replace the resource
you stop this behaviour by setting the
ignoreChanges
resource property, so that only new instantiations of a resource will have that property, and existing ones will not be modified
finally, if you have critical resources which you want to make sure are never deleted (like databases) you can set
protect
on the resource options
e

elegant-stone-54832

09/28/2021, 7:53 PM
So when I use pulumi it is not possible to update a sql server administrator property without recreating the sql server? I could ignore this property, but then I still have not won anything ๐Ÿ˜ฎ Tbh for me this is a showstopper. Please correct me, if I am wrong ๐Ÿ˜•
@tall-librarian-49374 maybe you can jump in here.
b

billowy-army-68599

09/28/2021, 8:01 PM
@elegant-stone-54832 this is a limitation of the cloud api I believe
It's not unique to Pulumi
I could be wrong, but this is usually the case with other tools
e

elegant-stone-54832

09/28/2021, 8:05 PM
ok, but is the terraform provider better in this scenario?
t

tall-librarian-49374

09/28/2021, 8:05 PM
So, a change in this property causes a replacement
e

elegant-stone-54832

09/28/2021, 8:05 PM
ok interessting thank you guys!
b

billowy-army-68599

09/28/2021, 9:17 PM
Just to answer the tf question, it'll be the same for terraform too, in case that wasn't clear
๐Ÿ‘ 1
c

cold-insurance-72507

12/15/2021, 8:56 AM
@tall-librarian-49374 may I ask why this seems possible using the Azure Portal? Is there something else that does not rely on ARM api? Because if you have a db in place (more in general for everything that has a state) destroy and replace it (it depends on the server) most of the time is absolutely unthinkable ๐Ÿ˜… Thanks!
t

tall-librarian-49374

12/15/2021, 8:58 AM
this
What exactly is possible?
c

cold-insurance-72507

12/15/2021, 9:06 AM
change the Administrators of the server without touching the underlying DBs...if I try to do the same in Pulumi dbs will be destroyed and re-created
t

tall-librarian-49374

12/15/2021, 9:08 AM
(maybe I picked a wrong type but I think the point holds)
c

cold-insurance-72507

12/15/2021, 9:12 AM
yes I saw this ๐Ÿ˜…, do you think there is a way to work around this problem? We setup the Administators with AzureAD and sometimes we need to change permissions. Can we just change them using the portal and then refresh the Pulumi state?
Administrators = new ServerExternalAdministratorArgs
{
    AzureADOnlyAuthentication = true,
    Login = "Alm Devs",
    PrincipalType = Pulumi.AzureNative.Sql.PrincipalType.Group,
    Sid = "...",
    TenantId = "...",
}