search

Azure / bicep-registry-modules

Bicep registry modules
MIT License
489 stars 342 forks source link

[AVM Module Issue]: Incorrect database ownership during initial deployment of DB for Postgre SQL Flexible Server #3596

Open PeterBrun opened 21 hours ago

PeterBrun commented 21 hours ago

Check for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/db-for-postgre-sql/flexible-server

(Optional) Module Version

No response

Description

There is a bug in the flexible-server AVM module (br/public:avm/res/db-for-postgre-sql/flexible-server) where databases are created before administrators. This causes the databases to be owned by azuresu instead of the specified admin group. If a database is added after the initial creation of the server, the owner is set correctly to the admin group.

Steps to Reproduce

  1. Deploy the flexible-server AVM module with databases and an Entra ID group as administrator. Example: 
    
using 'br/public:avm/res/db-for-postgre-sql/flexible-server:0.4.0'

// Required parameters param name = 'avmflexexampleadmin001' param skuName = 'Standard_B2s' param tier = 'Burstable' // Non-required parameters param highAvailability = 'Disabled' param location = 'swedencentral'

param administrators = [ { objectId: '[ENTER GROUP OBJECT ID]' principalName: 'admins' principalType: 'Group' } ] param databases = [ { name: 'db1' } ]


2. Observe that the database `db1` are owned `azuresu`. E.g., by connecting to the server with PgAdmin.
3. Add a new database after the initial creation.
4. Observe that the new database has the owner set correctly to the `admins` group.

#### Expected behavior
All databases should have the owner set to the specified admin group upon initial creation.

#### Suggested fix
In [main.bicep](https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/db-for-postgre-sql/flexible-server/main.bicep), make `flexibleServer_databases` depend on `flexibleServer_administrators`.

### (Optional) Correlation Id

_No response_
microsoft-github-policy-service[bot] commented 21 hours ago

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

avm-team-linter[bot] commented 21 hours ago

@PeterBrun, thanks for submitting this issue for the avm/res/db-for-postgre-sql/flexible-server module!

[!IMPORTANT] A member of the @Azure/avm-res-dbforpostgresql-flexibleserver-module-owners-bicep or @Azure/avm-res-dbforpostgresql-flexibleserver-module-contributors-bicep team will review it soon!