search

pulumi / pulumi-azure-native

Azure Native Provider
Apache License 2.0
128 stars 34 forks source link

change of `principalId` in `documentdb:SqlResourceSqlRoleAssignment` fails to update resource #3701

Open otahirs opened 2 days ago

otahirs commented 2 days ago

What happened?

see example

Example

const principalId = pulumi.output("from some resource");

const sqlResourceSqlRoleAssignment = new azure_native.documentdb.SqlResourceSqlRoleAssignment("sqlResourceSqlRoleAssignment", {
    accountName: "myAccountName",
    principalId: principalId,
    resourceGroupName: "myResourceGroupName",
    roleAssignmentId: "myRoleAssignmentId",
    roleDefinitionId: "/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/sqlRoleDefinitions/myRoleDefinitionId",
    scope: "/subscriptions/mySubscriptionId/resourceGroups/myResourceGroupName/providers/Microsoft.DocumentDB/databaseAccounts/myAccountName/dbs/purchases/colls/redmond-purchases",
});

given the above code, if the principalId is changed, the pulumi preview shows an update to the principalId property
during the update , the provider fails with

2024-10-11T11:10:02.1986888Z error: Code="BadRequest" Message="Updating SQL Role Assignment Principal ID is not permitted. You may only update the associated Role Definition.\r\nActivityId: 8a163189-0c65-45c0-9969-d09f2047f41d, Microsoft.Azure.Documents.Common/2.14.0"

Output of pulumi about

CLI
Version      3.137.0
Go Version   go1.23.2
Go Compiler  gc

Plugins
KIND      NAME    VERSION
language  nodejs  unknown

Host     
OS       Microsoft Windows 11 Enterprise
Version  10.0.22631 Build 22631
Arch     x86_64

This project is written in nodejs: executable='C:\Program Files\nodejs\node.exe' version='v20.15.0'

Additional context

can be workaround with { replaceOnChanges: ['principalId'], deleteBeforeReplace: true }

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

thomas11 commented 1 day ago

This is a common issue in the Azure spec where they don't annotate such properties that cannot be modified. We have a place in our provider to add this data so the schema and the SDKs correctly show the property as "requires replacement": https://github.com/pulumi/pulumi-azure-native/blob/cae1af60161bf3d944d456f1cba080394f8192f4/provider/pkg/gen/replacement.go#L9