search

Azure / azure-rest-api-specs

The source for REST API specifications for Microsoft Azure.
MIT License
2.7k stars 5.12k forks source link

`Microsoft.Sql/servers` bug: `administrators` property set, but ignored #16423

Open aristosvo opened 3 years ago

aristosvo commented 3 years ago

When trying to set the properties.administrators property in Microsoft.Sql/servers createUpdate request for an existing server, nothing happens. Is this expected behaviour or a bug?:

PUT /subscriptions/<subscriptionId>/resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226?api-version=2021-02-01-preview HTTP/1.1
Host: management.azure.com
User-Agent: Go/go1.16.6 (amd64-darwin) go-autorest/v14.2.1 Azure-SDK-For-Go/v58.0.0 sql/v5.0 HashiCorp Terraform/1.0.5 (+https://www.terraform.io) Terraform Plugin SDK/2.7.0 terraform-provider-azurerm/acc pid-222c6c49-1b0a-5959-a213-6608f9eb8820
Content-Length: 296
Content-Type: application/json; charset=utf-8
X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91
Accept-Encoding: gzip

{"location":"westeurope","properties":{"administratorLogin":"missadministrator","administrators":{"administratorType":"ActiveDirectory","principalType":"Application","login":"AzureAD Admin","sid":"a009252d-9bb1-418e-803b-939f87182168"},"publicNetworkAccess":"Enabled","version":"12.0"},"tags":{}}
2021/10/15 11:43:32 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226?api-version=2021-02-01-preview: 
HTTP/2.0 202 Accepted
Content-Length: 74

2021/10/15 11:43:36 [DEBUG] AzureRM Request: 
GET /subscriptions/<subscriptionId>/resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/locations/westeurope/serverAzureAsyncOperation/66e0b7a0-7caa-4dba-aac3-0d4ce9d2eb91?api-version=2021-02-01-preview HTTP/1.1
Host: management.azure.com
User-Agent: Go/go1.16.6 (amd64-darwin) go-autorest/v14.2.1 Azure-SDK-For-Go/v58.0.0 sql/v5.0 HashiCorp Terraform/1.0.5 (+https://www.terraform.io) Terraform Plugin SDK/2.7.0 terraform-provider-azurerm/acc pid-222c6c49-1b0a-5959-a213-6608f9eb8820
X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91
Accept-Encoding: gzip

2021/10/15 11:43:36 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/locations/westeurope/serverAzureAsyncOperation/66e0b7a0-7caa-4dba-aac3-0d4ce9d2eb91?api-version=2021-02-01-preview: 
HTTP/2.0 200 OK
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Fri, 15 Oct 2021 09:43:36 GMT
Expires: -1
Pragma: no-cache
Retry-After: 15
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91
X-Ms-Ratelimit-Remaining-Subscription-Reads: 11992
X-Ms-Request-Id: f5d8c083-d6c0-407c-a296-6bdd5a5ee154
X-Ms-Routing-Request-Id: WESTEUROPE:20211015T094336Z:c9ea393b-5157-4aa8-b0ab-9cde2a6d9c14

{"name":"66e0b7a0-7caa-4dba-aac3-0d4ce9d2eb91","status":"Succeeded","startTime":"2021-10-15T09:43:32.067Z"}
2021/10/15 11:44:39 [DEBUG] AzureRM Request: 
GET /subscriptions/<subscriptionId>/resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226?api-version=2021-02-01-preview HTTP/1.1
Host: management.azure.com
User-Agent: Go/go1.16.6 (amd64-darwin) go-autorest/v14.2.1 Azure-SDK-For-Go/v58.0.0 sql/v5.0 HashiCorp Terraform/1.0.5 (+https://www.terraform.io) Terraform Plugin SDK/2.7.0 terraform-provider-azurerm/acc pid-222c6c49-1b0a-5959-a213-6608f9eb8820
X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91
Accept-Encoding: gzip

2021/10/15 11:44:39 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226?api-version=2021-02-01-preview: 
HTTP/2.0 200 OK
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Fri, 15 Oct 2021 09:44:38 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91
X-Ms-Ratelimit-Remaining-Subscription-Reads: 11991
X-Ms-Request-Id: 27dc715a-020a-4196-b17d-5e488fd676e7
X-Ms-Routing-Request-Id: WESTEUROPE:20211015T094439Z:5f794f92-ba58-4d2c-b361-5f03abc11868

{"kind":"v12.0","properties":{"administratorLogin":"missadministrator","version":"12.0","state":"Ready","fullyQualifiedDomainName":"acctestsqlserver211015113918523226.database.windows.net","privateEndpointConnections":[],"publicNetworkAccess":"Enabled","restrictOutboundNetworkAccess":"Disabled"},"location":"westeurope","tags":{},"id":"/subscriptions/<subscriptionId>/resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226","name":"acctestsqlserver211015113918523226","type":"Microsoft.Sql/servers"}

Related to: Terraform issue.

ghost commented 3 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @azureSQLGitHub.

Issue Details
When trying to set the `properties.administrators` property in `Microsoft.Sql/servers` createUpdate request for an existing server, nothing happens. Is this expected behaviour or a bug?: ``` PUT /subscriptions//resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226?api-version=2021-02-01-preview HTTP/1.1 Host: management.azure.com User-Agent: Go/go1.16.6 (amd64-darwin) go-autorest/v14.2.1 Azure-SDK-For-Go/v58.0.0 sql/v5.0 HashiCorp Terraform/1.0.5 (+https://www.terraform.io) Terraform Plugin SDK/2.7.0 terraform-provider-azurerm/acc pid-222c6c49-1b0a-5959-a213-6608f9eb8820 Content-Length: 296 Content-Type: application/json; charset=utf-8 X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91 Accept-Encoding: gzip {"location":"westeurope","properties":{"administratorLogin":"missadministrator","administrators":{"administratorType":"ActiveDirectory","principalType":"Application","login":"AzureAD Admin","sid":"a009252d-9bb1-418e-803b-939f87182168"},"publicNetworkAccess":"Enabled","version":"12.0"},"tags":{}} 2021/10/15 11:43:32 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions//resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226?api-version=2021-02-01-preview: HTTP/2.0 202 Accepted Content-Length: 74 2021/10/15 11:43:36 [DEBUG] AzureRM Request: GET /subscriptions//resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/locations/westeurope/serverAzureAsyncOperation/66e0b7a0-7caa-4dba-aac3-0d4ce9d2eb91?api-version=2021-02-01-preview HTTP/1.1 Host: management.azure.com User-Agent: Go/go1.16.6 (amd64-darwin) go-autorest/v14.2.1 Azure-SDK-For-Go/v58.0.0 sql/v5.0 HashiCorp Terraform/1.0.5 (+https://www.terraform.io) Terraform Plugin SDK/2.7.0 terraform-provider-azurerm/acc pid-222c6c49-1b0a-5959-a213-6608f9eb8820 X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91 Accept-Encoding: gzip 2021/10/15 11:43:36 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions//resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/locations/westeurope/serverAzureAsyncOperation/66e0b7a0-7caa-4dba-aac3-0d4ce9d2eb91?api-version=2021-02-01-preview: HTTP/2.0 200 OK Cache-Control: no-cache Content-Type: application/json; charset=utf-8 Date: Fri, 15 Oct 2021 09:43:36 GMT Expires: -1 Pragma: no-cache Retry-After: 15 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91 X-Ms-Ratelimit-Remaining-Subscription-Reads: 11992 X-Ms-Request-Id: f5d8c083-d6c0-407c-a296-6bdd5a5ee154 X-Ms-Routing-Request-Id: WESTEUROPE:20211015T094336Z:c9ea393b-5157-4aa8-b0ab-9cde2a6d9c14 {"name":"66e0b7a0-7caa-4dba-aac3-0d4ce9d2eb91","status":"Succeeded","startTime":"2021-10-15T09:43:32.067Z"} 2021/10/15 11:44:39 [DEBUG] AzureRM Request: GET /subscriptions//resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226?api-version=2021-02-01-preview HTTP/1.1 Host: management.azure.com User-Agent: Go/go1.16.6 (amd64-darwin) go-autorest/v14.2.1 Azure-SDK-For-Go/v58.0.0 sql/v5.0 HashiCorp Terraform/1.0.5 (+https://www.terraform.io) Terraform Plugin SDK/2.7.0 terraform-provider-azurerm/acc pid-222c6c49-1b0a-5959-a213-6608f9eb8820 X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91 Accept-Encoding: gzip 2021/10/15 11:44:39 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions//resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226?api-version=2021-02-01-preview: HTTP/2.0 200 OK Cache-Control: no-cache Content-Type: application/json; charset=utf-8 Date: Fri, 15 Oct 2021 09:44:38 GMT Expires: -1 Pragma: no-cache Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Ms-Correlation-Request-Id: 93484ffa-cd98-9b67-5173-6a1da36e3e91 X-Ms-Ratelimit-Remaining-Subscription-Reads: 11991 X-Ms-Request-Id: 27dc715a-020a-4196-b17d-5e488fd676e7 X-Ms-Routing-Request-Id: WESTEUROPE:20211015T094439Z:5f794f92-ba58-4d2c-b361-5f03abc11868 {"kind":"v12.0","properties":{"administratorLogin":"missadministrator","version":"12.0","state":"Ready","fullyQualifiedDomainName":"acctestsqlserver211015113918523226.database.windows.net","privateEndpointConnections":[],"publicNetworkAccess":"Enabled","restrictOutboundNetworkAccess":"Disabled"},"location":"westeurope","tags":{},"id":"/subscriptions//resourceGroups/acctestRG-mssql-211015113918523226/providers/Microsoft.Sql/servers/acctestsqlserver211015113918523226","name":"acctestsqlserver211015113918523226","type":"Microsoft.Sql/servers"} ``` Related to: [Terraform issue](https://github.com/hashicorp/terraform-provider-azurerm/issues/13677).
Author: aristosvo
Assignees: ruowan
Labels: `question`, `SQL`, `Service Attention`, `customer-reported`, `needs-triage`
Milestone: -
nofield commented 1 year ago

Updates to the Azure AD Admin are not currently supported through the Servers API. However, we support updates to the Azure AD Admin through the ServerAzureADAdministrators API: azure-rest-api-specs/ServerAzureADAdministrators.json.

We've made improvements to the administrators property description in recent API releases to clarify this behavior:

The Azure Active Directory administrator of the server. This can only be used at server create time. If used for server update, it will be ignored or it will result in an error. For updates individual APIs will need to be used.

We don't support updates to the Azure AD Admin through the Server API due to a difference in RBAC permission requirements. The permission model is SQL DB contributor for create server, and SQL Security Manager for updating the Azure AD Only property, and we decided to maintain consistency in API behavior between the two Azure AD properties.

We are revisiting this design to determine if we should expose the Azure AD Admin property through the Server API.