The

SQLServer

has an admin user, but I’m missing the way of creating specific users for the databases I create inside the server to hand those restricted users to some service / container instance that should use the database. Technically it works with the SQL admin user but I want each service to have a dedicated user to its database.

Doing this outside of the pulumi context (or even manually) destroys all mechanisms of passing the credentials to the service.

I found this blog post (https://mikhail.io/2018/06/programmable-cloud-provisioning-azure-app-service-with-pulumi/) by @tall-librarian-49374 which also has an example application here: https://github.com/pulumi/examples/blob/21e672e577c82a0df4b7e6e5d0184e78fdefe0c6/azure-ts-appservice/index.ts#L97 but it also uses the admin credentials inside the

AppService

.

My question is more if I need to do such a hack or if there are easier ways of executing code. I’m wondering what I need to take care of to work nicely within the preview phase. I assume this could cause some issues as the code can only be executed when in the real execution.

I read about

isDryRun

but not sure if that’s a good practice for that.

I’m fine with implementing this part.

Then I’ll have a look at the DynamicProvider documentation. Thanks for this direction! 👍

Like you can't create a Blob with ARM. But you can with Pulumi 🙂

There is https://github.com/pulumi/pulumi-mysql so I guess there could be a provider for SQL Server/Database

Some examples of dynamic providers: https://github.com/pulumi/examples/blob/master/azure-ts-static-website/staticWebsite.ts and https://github.com/pulumi/examples/blob/master/azure-ts-dynamicresource/cdnCustomDomain.ts

hit variuos issues with trying to create MSI users 'from external provider' but i've since found a workaround