search

pulumiverse / pulumi-mssql

Pulumi provider for Microsoft SQL Server and Azure SQL
Apache License 2.0
2 stars 1 forks source link

Import/Update SqlLogin #14

Open welkin18fe opened 5 months ago

welkin18fe commented 5 months ago

Hello,

I'm in dotnet and using Azure SQL.

I imported a SqlLogin and then used Pulumi refresh which imported the Name and PrincipalId. I expected that we would have to update the password afterwards with an ALTER LOGIN. When I tried to do it with Pulumi up it always indicates that it would be an update, but the error suggests that it's a replacement of some sort.

Previewing update (Stack.dev):
     Type                                  Name                                 Plan        Info
     pulumi:pulumi:Stack                   Stack-Stack.dev                                  5 messages
     └─ component:Mssql                    Mssql
 ~      ├─ mssql:index:SqlLogin            orgOwnerSqlLogin                     update      [diff: +password]

Updating (Stack.dev):
     Type                              Name                        Status                  Info
     pulumi:pulumi:Stack               Stack-Stack.dev             **failed**              1 error; 3 messages
     └─ component:Mssql                Mssql
 ~      └─ mssql:index:SqlLogin        orgOwnerSqlLogin            **updating failed**     [diff: +password]; 1 error
Diagnostics:
  mssql:index:SqlLogin (orgOwnerSqlLogin):
    error: Could not execute SQL: mssql: The server principal 'orgOwner' already exists.

I tried to set DeleteBeforeReplace to true in CustomResourceOptions, but the result is the same and I'm not sure I want to do that in production in the end. I also checked the audit on my SQL DB, but nothing there.

I also tried to use ImportId in CustomResourceOptions with the sid and I have this error :

mssql:index:SqlLogin (orgOwnerSqlLogin):
    error: inputs to import do not match the existing resource

I'm guessing that maybe I have to use another id?

Let me know if there's a workaround that I could use or if you need more information. Thank you for your time !

tmeckel commented 5 months ago

@welkin18fe sorry for being late. From my point of view this is definitely an issue in the upstream Terraform provider https://github.com/PGSSoft/terraform-provider-mssql Problem is that it seems that the repo is abandoned https://github.com/PGSSoft/terraform-provider-mssql/issues/140

So I doubt it would make any sense to open an issue there. Sorry for not being able to help you here.

welkin18fe commented 4 months ago

Hello thank you for you answer ! Do you or anyone in the Pulumi/Pulumiverse team intend to fork the terraform-provider-mssql to be able to maintain this pulumi mssql provider fully?

In the meantime, I'm not sure that's the best thing, but if someone needs it I'm using this workaround : import the login, pulumi refresh, add the password property on the login in input and output directly in the stack and add the custom option ignoreChanges on the password. This way if you create a new component the login is created and can be tracked. The downside is that you need to update the password manually on the database if needed.