yonzhan
commented
2 years ago route to CXP team
Open mandarsj opened 2 years ago
yonzhan
commented
2 years ago route to CXP team
navba-MSFT
commented
2 years ago Adding the Service Attention label so that the Github Devops Service team can look into this issue.
ghost
commented
2 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @v-anvashist, @V-hmusukula.
| Author: | mandarsj |
|---|---|
| Assignees: | - |
| Labels: | `Service Attention`, `customer-reported`, `DevOps`, `Pipelines`, `Auto-Assign` |
| Milestone: | - |
v1ferrarij
commented
2 years ago I am also having this issue.
v-soujanya
commented
2 years ago Hi @mandarsj we are only owning the CLI service. Do we have Az CLI Command or query to repro the issue on our end?
Describe the bug We are using Sql Azure in a resource group , the resource group also has a delete lock to avoid accidental deletion of resources, which is according to us is a standard practice. The sql azure database is updated using code first pattern using Deploy Azure Database task in Azure DevOps . The details in this documentation.
https://docs.microsoft.com/en-us/azure/devops/pipelines/targets/azure-sqldb?view=azure-devops&tabs=yaml
We also found, this task internally adds and removes a firewall rules to sql azure server to allow agent to access the sql serve.
However If resource group is locked for deletion, this scenario fails as pipeline is unable to delete a firewall rule.
This seems a catch 22 situation as we want resource group locked for deletion but also want pipeline to be able to delete firewall rules to access server to deploy database scripts. To Reproduce
Create SQL Azure Server and Database
Setup with code first deployment
Lock resource group for deletion
Try to deploy database using azure devops pipeline.
pipeline fails
Expected behavior
The resource group lock should have an exception for a service principle which is able to bypass this resource lock.