This message was deleted.
# generals
sparse-intern-71089
02/07/2022, 1:13 PMThis message was deleted.
q
quiet-wolf-18467
02/07/2022, 2:01 PM
Hi Mark. You can mark the database resources as
protected: truequiet-wolf-18467
02/07/2022, 2:02 PM
Your
pulumi refreshignoreChanges: []quiet-wolf-18467
02/07/2022, 2:02 PM
If you share some logs, I'd be happy to help you debug what happened
a
ancient-eve-13947
02/07/2022, 3:03 PMHi rawkode!
first of all, where do I add that attribute "protected..."?
second, I think I might have found out what triggers the re-creation in our case: when we go into the Azure portal and set a user as AAD sql admin on the server. (I have the same thing happening right now, I ran pulumi refresh, then pulumi preview, and I see it wants to re-create the server).
re logs: here comes the portion from pulumi preview concerning the sql-server:
```
sqlserver (azure-nativesqlServer)
-- azure-nativesqlServer (delete-replaced)
[id=/subscriptions/25110286-d288-4e46-851b-4e2bc880672f/resourceGroups/rgDEV/providers/Microsoft.Sql/servers/sqlserver85693a2b]
[urn=urnpulumiDevelopment:☁️azure nativesqlServer:sqlserver]
__createBeforeDelete : true
administratorLogin : "deonsqladmin"
administratorLoginPassword: "[secret]"
administrators : {
administratorType: "ActiveDirectory"
login : "hajek@deon.de"
principalType : "Group"
sid : "576a4759-7452-407f-8988-e1795b8987eb"
tenantId : "4194f5e7-c264-402f-b50a-1771cb365744"
}
location : "westeurope"
minimalTlsVersion : "1.2"
resourceGroupName : "rgDEV"
serverName : "sqlserver85693a2b"
blobServiceProperties (azure-nativestorageBlobServiceProperties)
~ azure-nativestorageBlobServiceProperties (update)
[id=/subscriptions/25110286-d288-4e46-851b-4e2bc880672f/resourceGroups/rgDEV/providers/Microsoft.Storage/storageAccounts/bsfontsb0c10337/blobServices/default]
[urn=urnpulumiDevelopment:☁️azure nativestorageBlobServiceProperties:blobServiceProperties]
__inputs : "[secret]"
deleteRetentionPolicy : {"enabled":false} => Output<T>
id : "/subscriptions/25110286-d288-4e46-851b-4e2bc880672f/resourceGroups/rgDEV/providers/Microsoft.Storage/storageAccounts/bsfontsb0c10337/blobServices/default" => Output<T>
sku : {"name":"Standard_RAGRS","tier":"Standard"} => Output<T>
type : "Microsoft.Storage/storageAccounts/blobServices" => Output<T>
ancient-eve-13947
02/07/2022, 3:04 PM(sry, I didn't get the block-code format right)
ancient-eve-13947
02/07/2022, 3:10 PMah, in the generic resource options, like dependsOn
ancient-eve-13947
02/07/2022, 3:19 PMhmm. so I added `{protect:true}`to all our resources that are persistence related and ran
pulumi previewancient-eve-13947
02/07/2022, 3:25 PMmaybe this works only on the database resources, but not the server? because they have the lock icon.
I'll run a pulumi up and see what happens.
q
quiet-wolf-18467
02/07/2022, 3:26 PM
can you show me
pulumi preview --diffa
ancient-eve-13947
02/07/2022, 3:27 PMsec
ancient-eve-13947
02/07/2022, 3:27 PMrunning...
ancient-eve-13947
02/07/2022, 3:28 PMthere will be other diffs, too, which are intentional.
q
quiet-wolf-18467
02/07/2022, 3:29 PM
You only need to share the diff for the resource that's causing you problems
a
ancient-eve-13947
02/07/2022, 3:29 PMah, sry
q
quiet-wolf-18467
02/07/2022, 3:30 PM
It's OK 🙂
a
ancient-eve-13947
02/07/2022, 3:30 PMline 306
ancient-eve-13947
02/07/2022, 3:32 PMthe code I'm using to define the server is:
q
quiet-wolf-18467
02/07/2022, 3:44 PM
OK
quiet-wolf-18467
02/07/2022, 3:44 PM
Copy code
+-azure-native:sql:Server: (replace) 🔒
[id=/subscriptions/25110286-d288-4e46-851b-4e2bc880672f/resourceGroups/rgDEV/providers/Microsoft.Sql/servers/sqlserver85693a2b]
[urn=urn:pulumi:Development::Cloud::azure-native:sql:Server::sqlserver]
[provider=urn:pulumi:Development::Cloud::pulumi:providers:azure-native::default_1_47_0::c3446659-4061-4fee-9512-9ef38b316f93]
- administrators: {
- administratorType: "ActiveDirectory"
- login : "<mailto:hajek@deon.de|hajek@deon.de>"
- principalType : "Group"
- sid : "576a4759-7452-407f-8988-e1795b8987eb"
- tenantId : "4194f5e7-c264-402f-b50a-1771cb365744"
}a
ancient-eve-13947
02/07/2022, 3:44 PMyes?
q
quiet-wolf-18467
02/07/2022, 3:44 PM
you can add
ignoreChanges: ["administrators"]a
ancient-eve-13947
02/07/2022, 3:44 PMwhere do I add this?
q
quiet-wolf-18467
02/07/2022, 3:44 PM
next to
protecta
ancient-eve-13947
02/07/2022, 3:45 PMah!
ancient-eve-13947
02/07/2022, 3:45 PMokay, that is very good to know
q
quiet-wolf-18467
02/07/2022, 3:45 PM
The reason for the change is that your declaration doesn't provide
administratorsquiet-wolf-18467
02/07/2022, 3:45 PM
and Pulumi will see this as a change during a refresh
a
ancient-eve-13947
02/07/2022, 3:45 PMyes, that makes sense
q
quiet-wolf-18467
02/07/2022, 3:45 PM
Why the protect doesn't work is confusing me though
a
ancient-eve-13947
02/07/2022, 3:46 PMyes, me, too. also, I wonder what would happen if it tried to recreate the server, while the databases are protected. I'd hope the re-create would fail.
ancient-eve-13947
02/07/2022, 3:46 PMI will add the ignoreChanges now and run preview agian
q
quiet-wolf-18467
02/07/2022, 3:49 PM
Cool
quiet-wolf-18467
02/07/2022, 3:49 PM
Let me know if it doesn't work and I'll help debug
a
ancient-eve-13947
02/07/2022, 3:51 PMworks!
ancient-eve-13947
02/07/2022, 3:51 PMthanks a lot!
q
quiet-wolf-18467
02/07/2022, 3:51 PM
hi five
😁 1
a
ancient-eve-13947
02/07/2022, 4:02 PMone more question: that ignoreChanges property, how does it match? simple string.contains()? just if we need this in the future for other stuff...
ancient-eve-13947
02/07/2022, 4:03 PMah, nevermind, I found it here - often googling pulumi searchterm is easier for finding docs in pulumi than looking in the TOC ;P
6 Views