Hi! I tried to update my Azure SQL Server and added "Admininstrators".

var sqlServer = new Server("myServer", new ServerArgs
{
    AdministratorLogin = administratorLogin,
    AdministratorLoginPassword = administratorLoginPassword,
    ResourceGroupName = resourceGroup.Name,
    Identity = new ResourceIdentityArgs { Type = IdentityType.SystemAssigned },
    Administrators = new ServerExternalAdministratorArgs { PrincipalType = PrincipalType.User, Login = "MyLoginAADAccountName", Sid = "SomeGuid" } // I added this line
});

Why did pulumi removed my Azure SQL Server and recreated it?

@elegant-stone-54832 can you show me the diff? it's more than likely because the upstream API doesn't allow that field to be modified

Do you mean this? updating stack... Updating (dev): pulumipulumiStack pulumi-test-project-dev running azure-nativeresourcesResourceGroup myapp-dev ++ azure-nativesqlServer myServer creating replacement [diff: +administrators,identity] azure-nativewebAppServicePlan pulitestserviceplan azure-nativewebWebApp myApp ++ azure-nativesqlServer myServer created replacement [diff: +administrators,identity] +- azure-nativesqlServer myServer replacing [diff: +administrators,identity] +- azure-nativesqlServer myServer replaced [diff: +administrators,identity] -- azure-nativesqlDatabase myDb deleting original -- azure-nativesqlDatabase myDb deleted original +- azure-nativesqlDatabase myDb replacing [diff: ~serverName] +- azure-nativesqlDatabase myDb replaced [diff: ~serverName] ++ azure-nativesqlDatabase myDb creating replacement [diff: ~serverName] ++ azure-nativesqlDatabase myDb created replacement [diff: ~serverName] -- azure-nativesqlServer myServer deleting original [diff: +administrators,identity] -- azure-nativesqlServer myServer deleted original [diff: +administrators,identity] pulumipulumiStack pulumi-test-project-dev

yes that helps, if you update properties in your pulumi program (like the administrators) and rerun, pulumi checks the upstreams API to determine if it allows a patch operation. if it can't, it'll replace the resource

So when I use pulumi it is not possible to update a sql server administrator property without recreating the sql server? I could ignore this property, but then I still have not won anything 😮 Tbh for me this is a showstopper. Please correct me, if I am wrong 😕

@elegant-stone-54832 this is a limitation of the cloud api I believe

ok, but is the terraform provider better in this scenario?

administrators

is a create-only property as shown in the specs here: https://github.com/Azure/azure-rest-api-specs/blob/master/specification/sql/resour[…]e-manager/Microsoft.Sql/preview/2021-02-01-preview/Servers.json

ok interessting thank you guys!

Just to answer the tf question, it'll be the same for terraform too, in case that wasn't clear

@tall-librarian-49374 may I ask why this seems possible using the Azure Portal? Is there something else that does not rely on ARM api? Because if you have a db in place (more in general for everything that has a state) destroy and replace it (it depends on the server) most of the time is absolutely unthinkable 😅 Thanks!

this

What exactly is possible?

change the Administrators of the server without touching the underlying DBs...if I try to do the same in Pulumi dbs will be destroyed and re-created

I don’t know about the portal but we follow the spec: https://github.com/Azure/azure-rest-api-specs/blob/main/specification/sql/resource[…]manager/Microsoft.Sql/preview/2021-05-01-preview/Databases.json says it’s create-only

yes I saw this 😅, do you think there is a way to work around this problem? We setup the Administators with AzureAD and sometimes we need to change permissions. Can we just change them using the portal and then refresh the Pulumi state?

Administrators = new ServerExternalAdministratorArgs
{
    AzureADOnlyAuthentication = true,
    Login = "Alm Devs",
    PrincipalType = Pulumi.AzureNative.Sql.PrincipalType.Group,
    Sid = "...",
    TenantId = "...",
}