search

Azure / bicep

Bicep is a declarative language for describing and deploying Azure resources
MIT License
3.25k stars 753 forks source link

Flexible servers psql cannot be created with secure() password with hyphens #9031

Open sbe-arg opened 1 year ago

sbe-arg commented 1 year ago

Bicep version Azcli 2.42.0

Describe the bug When deploying flexible servers with bicep with some password patterns allowed in the console the deployment fails. It makes it harder to debug if you are reading the password from keyvault auto-rotated passwords.

param dbAdminUser string = 'someusername'
@secure()
param dbAdminPassword string = 'somecomplexpassword' // if password contains ( - ) it fails with internalservererror 

resource dbServer 'Microsoft.DBforPostgreSQL/flexibleServers@2021-06-01' = {
  name: 'db'
  location: location
  sku: {
    name: 'Standard_B1ms' // https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable
    tier: 'Burstable' // https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/flexibleservers?pivots=deployment-language-bicep#sku
  }
  properties: {
    version: '14'
    administratorLogin: dbAdminUser
    administratorLoginPassword: dbAdminPassword
    availabilityZone: '1'
    highAvailability: {
      mode: 'Disabled'
    }
    backup: {
      geoRedundantBackup: 'Disabled'
      backupRetentionDays: 7
    }
    network: {
      delegatedSubnetResourceId: dbPrivateSubnetId
      privateDnsZoneArmResourceId: privateDnsZoneId
    }
    storage: {
      storageSizeGB: 128
    }
  }
}

To Reproduce try to deploy flexible server with password or username with hypens

Additional context N/A

alex-frankel commented 1 year ago

Can you share the full error with a correlation ID? If you are receiving an Internal Server Error, that that is a bug in the Resource Provider's error handling logic. Can you open a support ticket and request that it be routed to the DBforPostgreSQL/flexibleServers team?

sbe-arg commented 1 year ago

Can you share the full error with a correlation ID? If you are receiving an Internal Server Error, that that is a bug in the Resource Provider's error handling logic. Can you open a support ticket and request that it be routed to the DBforPostgreSQL/flexibleServers team?

Opened 2 support tickets they said is as it works on the console its not their problem.

correlation ID 18d3df39-a50d-4b01-bb4b-3e59521e9acd

{ "status": "Failed", "error": { "code": "InternalServerError", "message": "An unexpected error occured while processing the request. Tracking ID: '4fbe6c9b-435b-4e9a-b01d-403d017955c1'" } }

Same password entered via GUI web resource creation works bue same apssword retrieved from a keyvault or passed as secure() parameters fails. password example: some-very-insecure-pa22-#456 breaks in bicep password example: someveryinsecurepa22456 works in both

ghost commented 1 year ago

Hi sbe-arg, this issue has been marked as stale because it was labeled as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. Thanks for contributing to bicep! :smile: :mechanical_arm:

sbe-arg commented 1 year ago

Lol

alex-frankel commented 1 year ago

If there is an internal server error, then some service has a bug. It could be the deployments service or it could be the "flexible servers" resource provider. We can work on trying to reproduce it and triage it accordingly. @sbe-arg, do you happen to have the support ticket numbers from those cases?

sbe-arg commented 1 year ago

@alex-frankel no I don't this happened a while ago in a test subscription that we cancelled later on. Since then we create a randomly generated password with force rotation on demand. I'm not sure if this is still a problem, have not tested password generation with hyphens for this use case since.