azure-dev icon indicating copy to clipboard operation
azure-dev copied to clipboard

Published 20 hours ago verified publisher icon Azure

Subsequent provisioning of Aspire project with Azure Sql Server fails

Open miceiken opened this issue 1 year ago • 1 comments

  • [ ] Make sure you've installed the latest version using instructions in the wiki

Output from azd version azd version 1.7.0 (commit 49d6adc2efb178083f61822e6b4715258560803d)

Describe the bug I was asked to post the issue here, from https://github.com/dotnet/aspire/issues/3101

Seemingly out of the blue, our pipeline provisioning started failing:

  (✓) Done: Resource group: rg-snip
  (✓) Done: Log Analytics workspace: law-snip
  (✓) Done: Container Apps Environment: cae-snip
  (✓) Done: Container Registry: acrsnip
  (✓) Done: Container App: snip
  (✓) Done: Key Vault: secretssnip
  (✓) Done: Application Insights: appinsights-snip
  (x) Failed: Azure SQL Server: sqlserver-snip

ERROR: deployment failed: failing invoking action 'provision', error deploying infrastructure: deploying to subscription:

Deployment Error Details:
InvalidParameterValue: Invalid value given for parameter ExternalAdministratorLoginSid. Specify a valid parameter value.

We did try changing the AD admin for the SQL server to a group (with the managed identity as a member) in Azure Portal, but even when changing it back to the managed identity it still fails.

I think it is related to: https://github.com/Azure/bicep/issues/4988

https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2022-05-01-preview/servers?pivots=deployment-language-bicep

The Azure Active Directory administrator of the server. This can only be used at server create time. If used for server update, it will be ignored or it will result in an error. For updates individual APIs will need to be used

To Reproduce

  1. Deploy Aspire project with Azure Sql Server
  2. Change AD Administraor for the SQL server in to something other than the managed identity
  3. Redeploy

Expected behavior azd provision should not fail, and either: replace administrator or ignore the change

Environment

 Workload version: 8.0.200-manifests.a7f084b6
 [aspire]
   Installation Source: SDK 8.0.200
   Manifest Version:    8.0.0-preview.4.24156.9/8.0.100
   Manifest Path:       /usr/local/share/dotnet/sdk-manifests/8.0.100/microsoft.net.sdk.aspire/8.0.0-preview.4.24156.9/WorkloadManifest.json
   Install Type:        FileBased

miceiken avatar Mar 23 '24 13:03 miceiken

Related: https://github.com/dotnet/aspire/issues/3101

I'm thinking that this might be on the Aspire team to fix, although we will depend on types being available from CDK /cc @JoshLove-msft

mitchdenny avatar Mar 25 '24 02:03 mitchdenny

Based on above update. There isn't anything to be done in azd. Upstream changes in Aspire core/CDK are needed.

rajeshkamal5050 avatar Apr 09 '24 16:04 rajeshkamal5050

Hi @miceiken. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.

microsoft-github-policy-service[bot] avatar Apr 09 '24 16:04 microsoft-github-policy-service[bot]