https://pulumi.com logo
#azure
Title
# azure
e

elegant-stone-54832

09/27/2021, 7:43 PM
Hi! I tried to update my Azure SQL Server and added "Admininstrators".
Copy code
var sqlServer = new Server("myServer", new ServerArgs
{
    AdministratorLogin = administratorLogin,
    AdministratorLoginPassword = administratorLoginPassword,
    ResourceGroupName = resourceGroup.Name,
    Identity = new ResourceIdentityArgs { Type = IdentityType.SystemAssigned },
    Administrators = new ServerExternalAdministratorArgs { PrincipalType = PrincipalType.User, Login = "MyLoginAADAccountName", Sid = "SomeGuid" } // I added this line
});
Why did pulumi removed my Azure SQL Server and recreated it?
b

billowy-army-68599

09/27/2021, 8:34 PM
@elegant-stone-54832 can you show me the diff? it's more than likely because the upstream API doesn't allow that field to be modified
e

elegant-stone-54832

09/27/2021, 9:13 PM
Do you mean this? updating stack... Updating (dev): pulumipulumiStack pulumi-test-project-dev running azure-nativeresourcesResourceGroup myapp-dev ++ azure-nativesqlServer myServer creating replacement [diff: +administrators,identity] azure-nativewebAppServicePlan pulitestserviceplan azure-nativewebWebApp myApp ++ azure-nativesqlServer myServer created replacement [diff: +administrators,identity] +- azure-nativesqlServer myServer replacing [diff: +administrators,identity] +- azure-nativesqlServer myServer replaced [diff: +administrators,identity] -- azure-nativesqlDatabase myDb deleting original -- azure-nativesqlDatabase myDb deleted original +- azure-nativesqlDatabase myDb replacing [diff: ~serverName] +- azure-nativesqlDatabase myDb replaced [diff: ~serverName] ++ azure-nativesqlDatabase myDb creating replacement [diff: ~serverName] ++ azure-nativesqlDatabase myDb created replacement [diff: ~serverName] -- azure-nativesqlServer myServer deleting original [diff: +administrators,identity] -- azure-nativesqlServer myServer deleted original [diff: +administrators,identity] pulumipulumiStack pulumi-test-project-dev
Seems like I also changed the identity column.
b

billowy-army-68599

09/27/2021, 9:33 PM
yes that helps, if you update properties in your pulumi program (like the administrators) and rerun, pulumi checks the upstreams API to determine if it allows a patch operation. if it can't, it'll replace the resource
you stop this behaviour by setting the
ignoreChanges
resource property, so that only new instantiations of a resource will have that property, and existing ones will not be modified
finally, if you have critical resources which you want to make sure are never deleted (like databases) you can set
protect
on the resource options
e

elegant-stone-54832

09/28/2021, 7:53 PM
So when I use pulumi it is not possible to update a sql server administrator property without recreating the sql server? I could ignore this property, but then I still have not won anything 😮 Tbh for me this is a showstopper. Please correct me, if I am wrong 😕
@tall-librarian-49374 maybe you can jump in here.
b

billowy-army-68599

09/28/2021, 8:01 PM
@elegant-stone-54832 this is a limitation of the cloud api I believe
It's not unique to Pulumi
I could be wrong, but this is usually the case with other tools
e

elegant-stone-54832

09/28/2021, 8:05 PM
ok, but is the terraform provider better in this scenario?
t

tall-librarian-49374

09/28/2021, 8:05 PM
So, a change in this property causes a replacement
e

elegant-stone-54832

09/28/2021, 8:05 PM
ok interessting thank you guys!
b

billowy-army-68599

09/28/2021, 9:17 PM
Just to answer the tf question, it'll be the same for terraform too, in case that wasn't clear
👍 1
c

cold-insurance-72507

12/15/2021, 8:56 AM
@tall-librarian-49374 may I ask why this seems possible using the Azure Portal? Is there something else that does not rely on ARM api? Because if you have a db in place (more in general for everything that has a state) destroy and replace it (it depends on the server) most of the time is absolutely unthinkable 😅 Thanks!
t

tall-librarian-49374

12/15/2021, 8:58 AM
this
What exactly is possible?
c

cold-insurance-72507

12/15/2021, 9:06 AM
change the Administrators of the server without touching the underlying DBs...if I try to do the same in Pulumi dbs will be destroyed and re-created
t

tall-librarian-49374

12/15/2021, 9:08 AM
(maybe I picked a wrong type but I think the point holds)
c

cold-insurance-72507

12/15/2021, 9:12 AM
yes I saw this 😅, do you think there is a way to work around this problem? We setup the Administators with AzureAD and sometimes we need to change permissions. Can we just change them using the portal and then refresh the Pulumi state?
Copy code
Administrators = new ServerExternalAdministratorArgs
{
    AzureADOnlyAuthentication = true,
    Login = "Alm Devs",
    PrincipalType = Pulumi.AzureNative.Sql.PrincipalType.Group,
    Sid = "...",
    TenantId = "...",
}
3 Views