terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

`azurerm_mssql_managed_instance` : support new property `azure_active_directory_administrator`

Open sinbai opened this issue 1 year ago • 11 comments

  • Support azure_active_directory_administrator property. Swagger: https://github.com/Azure/azure-rest-api-specs/blob/5e060c76edd4fab38e9202055062154006463018/specification/sql/resource-manager/Microsoft.Sql/stable/2021-11-01/ManagedInstances.json#L669

  • Corrected documentation issue that zone_redundant_enabled should be a property of azurerm_mssql_managed_instance instead of azurerm_sql_managed_instance.

Test results: https://hashicorp.teamcity.com/buildConfiguration/TF_AzureRM_AZURERM_SERVICE_PUBLIC_MSSQLMANAGEDINSTANCE/113037?buildTab=tests

Fix #17601.

sinbai avatar Feb 07 '24 07:02 sinbai

This should be reopened and reconsidered. As of now it is impossible to spin down the managed instance if the AD admin is enabled on it declaratively through terraform and I suspect this would fix it.

nathanblair avatar Mar 28 '24 15:03 nathanblair

@nathanblair Could you raise an issue for this? This should be supported and we will look to fix this.

manicminer avatar Mar 28 '24 15:03 manicminer

One already has been raised - #21165

nathanblair avatar Mar 28 '24 15:03 nathanblair

Great, thanks for the pointer 👍

manicminer avatar Mar 28 '24 15:03 manicminer

Thanks for clarifying the new capabilities of the resource @sinbai, I'll re-open this and review it shortly 👍

manicminer avatar Apr 15 '24 12:04 manicminer

Hi @sinbai, thanks for working on this and for the discussion RE the API behavior. This is looking good but needs some work, if you can take a look at my questions and suggestions below I'll happily review again.

Hi @manicminer thank you very much for your feedback and time. I have fixed the above comments. Tested in TC. Could you please take another look? Thanks in advance.

Test results in TC: https://hashicorp.teamcity.com/buildConfiguration/TF_AzureRM_AZURERM_SERVICE_PUBLIC_MSSQLMANAGEDINSTANCE/135557?buildTab=tests

sinbai avatar Apr 19 '24 10:04 sinbai

Thanks @sinbai, just a couple questions around handling of AAD-auth-only during the Update, and a suggestion for the docs. If you can take a look at these, this should be good to merge.

Hi @manicminer thanks for your feedback. I have fixed the comments. Test results are as follows. Could you please take another look?

https://hashicorp.teamcity.com/buildConfiguration/TF_AzureRM_AZURERM_SERVICE_PUBLIC_MSSQLMANAGEDINSTANCE/140065?buildTab=tests

sinbai avatar Apr 28 '24 09:04 sinbai

@sinbai Thanks for updating the logic around disabling AAD-only auth, however you have not addressed why the AAD Administrator is being set twice in the same operation? We should also add some logging around the API calls.

Hi @manicminer thanks again for your feedback. I have fixed the comments. The test results are as follows. Could you please take another look? https://hashicorp.teamcity.com/buildConfiguration/TF_AzureRM_AZURERM_SERVICE_PUBLIC_MSSQLMANAGEDINSTANCE/141702?buildTab=tests&expandedTest=build%3A%28id%3A141702%29%2Cid%3A2000000001

sinbai avatar Apr 30 '24 07:04 sinbai

Thanks @sinbai, unfortunately still waiting on test results due to apparent service instability

manicminer avatar May 08 '24 23:05 manicminer

@sinbai The tests are mostly failing with the following error, which seems related to some out-of-band network provisioning for a managed instance - would you be able to investigate?

Screenshot 2024-05-09 at 21 55 00

manicminer avatar May 09 '24 20:05 manicminer

@sinbai The tests are mostly failing with the following error, which seems related to some out-of-band network provisioning for a managed instance - would you be able to investigate?

Screenshot 2024-05-09 at 21 55 00

@manicminer I have investigated the above issue and I think it is an API bug and have submitted a GH issue for this. For details, please see: https://github.com/Azure/azure-rest-api-specs/issues/27991

sinbai avatar May 10 '24 02:05 sinbai

Hi, Any ideas when this will get completed?

MonzT avatar May 20 '24 13:05 MonzT

@sinbai The tests are mostly failing with the following error, which seems related to some out-of-band network provisioning for a managed instance - would you be able to investigate? Screenshot 2024-05-09 at 21 55 00

@manicminer I have investigated the above issue and I think it is an API bug and have submitted a GH issue for this. For details, please see: https://github.com/Azure/azure-rest-api-specs/issues/27991

Hi @manicminer The symptom of the GH issue(https://github.com/Azure/azure-rest-api-specs/issues/27991) is that a hidden filed is not deleted when deleting the instance, I assume that the issue is not related to the functionality supported by the current PR. Therefore, is it possible to merged this PR first to unlock users?

sinbai avatar Jun 18 '24 10:06 sinbai

Agreed @sinbai this PR should not be blocked by an existing issue which seems to be unrelated to the change.

This change would be really beneficial from a security perspective and I think a few folks are waiting for it to be merged.

TyranVdMerwe avatar Jun 18 '24 10:06 TyranVdMerwe

Any updates here please? could really use this in a current project

MonzT avatar Jul 29 '24 08:07 MonzT

@manicminer any feedback here?

TyranVdMerwe avatar Aug 05 '24 10:08 TyranVdMerwe

Hi @sinbai - The SDK for this has been bumped to Pandora, I suspect that it will need rebasing and updating to account for this and to resolve conflicts before we can continue review.

Hi @jackofallops thanks for your reminder. I have resolved the conflicts, could you please take another look?

sinbai avatar Aug 21 '24 08:08 sinbai

+1.. please can we get this one in?

MonzThomas avatar Aug 26 '24 09:08 MonzThomas