pulumi-azure-native icon indicating copy to clipboard operation
pulumi-azure-native copied to clipboard

Published 20 hours ago verified publisher icon pulumi

dbforpostgresql: Configuration resource cannot be deleted.

Open MitchellGerdisch opened this issue 1 year ago • 1 comments

What happened?

I believe this is more of an Azure-issue rather than Pulumi, but wanted to capture it for two reasons:

  • maybe there is something that can be done to address this, and to
  • provide a work-around

Using code below, run pulumi up and then pulumi destroy and see that the attempt to delete the Configuration resource fails. What's interesting to note is that using the azure cli and Azure UI to delete the Configuration resource is not allowed as well.

The work around is to use the retain_on_delete resource option for the Configuration resource. In the code below you can uncomment the resourceOptions line, run pulumi up and then pulumi destroy and see that things will work.

This is also probably applicable to dbformariadb and dbformysql resources.

Example

from pulumi_azure_native import resources
import pulumi_azure_native.dbforpostgresql as dbforpostgresql
import pulumi_random as random

base_name = "pgconfig"

# Create an Azure Resource Group
resource_group = resources.ResourceGroup(f"{base_name}-rg")

pg_user = "dbadmin"
server_pass = random.RandomPassword(
    "pg_server_pass",
    length=16,
    special=True,
    override_special="!#$%&*()-_=+[]{}<>:?"
)

server = dbforpostgresql.Server(
    f"{base_name}-postgres-server",
    location="centralus",
    administrator_login=pg_user,
    administrator_login_password=server_pass.result,
    resource_group_name=resource_group.name,
    server_name=f"{base_name}-pgs",
    sku=dbforpostgresql.SkuArgs(
        name="Standard_D4s_v3",
        tier=dbforpostgresql.SkuTier.GENERAL_PURPOSE,
    ),
    storage=dbforpostgresql.StorageArgs(storage_size_gb=32),
    version=dbforpostgresql.ServerVersion.SERVER_VERSION_14,
    high_availability=dbforpostgresql.HighAvailabilityArgs(
        mode="ZoneRedundant"),
)

configuration = dbforpostgresql.Configuration("configuration",
    configuration_name="require_secure_transport",
    resource_group_name=resource_group.name,
    server_name=server.name,
    source="user-override",
    value="OFF",
### UNCOMMENT the following line, run pulumi up and then pulumi destroy and the error will not occur
    # opts=pulumi.ResourceOptions(retain_on_delete=True)
)

Output of pulumi about

CLI
Version 3.104.2 Go Version go1.21.6 Go Compiler gc

Plugins NAME VERSION azure-native 2.28.0 python unknown random 4.15.1

Host
OS darwin Version 13.6.3 Arch x86_64

This project is written in python: python3' version='3.10.11'

Current Stack: MitchGerdisch/postgresdb-config-issue/dev

TYPE URN pulumi:pulumi:Stack urn:pulumi:dev::postgresdb-config-issue::pulumi:pulumi:Stack::postgresdb-config-issue-dev pulumi:providers:random urn:pulumi:dev::postgresdb-config-issue::pulumi:providers:random::default_4_15_1 random:index/randomPassword:RandomPassword urn:pulumi:dev::postgresdb-config-issue::random:index/randomPassword:RandomPassword::pg_server_pass pulumi:providers:azure-native urn:pulumi:dev::postgresdb-config-issue::pulumi:providers:azure-native::default_2_28_0 azure-native:resources:ResourceGroup urn:pulumi:dev::postgresdb-config-issue::azure-native:resources:ResourceGroup::pgconfig-rg azure-native:dbforpostgresql:Server urn:pulumi:dev::postgresdb-config-issue::azure-native:dbforpostgresql:Server::pgconfig-postgres-server azure-native:dbforpostgresql:Configuration urn:pulumi:dev::postgresdb-config-issue::azure-native:dbforpostgresql:Configuration::configuration

Found no pending operations associated with dev

Backend
Name pulumi.com Token type personal

Dependencies: NAME VERSION pip 24.0.0 pulumi_azure_native 2.28.0 pulumi_random 4.15.1 setuptools 69.0.3 wheel 0.42.0

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

MitchellGerdisch avatar Feb 08 '24 14:02 MitchellGerdisch

A custom resource would look exactly like the one for PIM Role Management Policies. On Create, save the existing configuration, and on Delete, restore it. We might be able to share some code.

Alternatively, or at least as a short-term measure, we can patch the docs to instruct users to set retain_on_delete.

thomas11 avatar Apr 10 '24 18:04 thomas11

It turns out there is a way to delete a Configuration, i.e., reset it to its default, by making a PATCH request without a value. Tracked by #3476.

thomas11 avatar Aug 09 '24 09:08 thomas11