Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSSQLServer azureadAuthenticationOnly asks for login username and password #375

Open
Mikel-Landa opened this issue Sep 26, 2023 · 1 comment
Open

MSSQLServer azureadAuthenticationOnly asks for login username and password #375

Mikel-Landa opened this issue Sep 26, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@Mikel-Landa
Copy link

What happened?

On the azureadAdministrator -> azureadAuthenticationOnly setting:

Specifies whether only AD Users and administrators (e.g. azuread_administrator.0.login_username) can be used to login, or also local database users (e.g. administrator_login). When true, the administrator_login and administrator_login_password properties can be omitted.

However, when I configure the resource with the setting set to true, the status is the following:

Warning  CannotObserveExternalResource  33s (x7 over 102s)  managed/sql.azure.upbound.io/v1beta1, kind=mssqlserver  cannot run refresh: refresh failed: Missing required argument: "administrator_login": all of `administrator_login,administrator_login_password` must be specified

Spec:

apiVersion: sql.azure.upbound.io/v1beta1
kind: MSSQLServer
spec:
  forProvider:
    location: "West Europe"
    resourceGroupNameSelector:
      matchControllerRef: true
    azureadAdministrator:
      - azureadAuthenticationOnly: true
        objectId: **redacted**
        loginUsername: **redacted**
    version: "12.0"
    minimumTlsVersion: "1.2"

The resource stays on a Ready and Synced status of false, although the server is actually created on azure.
Also I can see it dynamically added the field administratorLogin to the resource with an autogenerated value.

How can we reproduce it?

Specify the azureadAdministrator[0].azureadAuthenticationOnly field but leave administratorLogin and administratorLoginPasswordSecretRef blank

What environment did it happen in?

Crossplane version: v1.13.2
Azure provider version: v0.36.0
@Mikel-Landa Mikel-Landa added the bug Something isn't working label Sep 26, 2023
@Mikel-Landa
Copy link
Author

Managed to get it working after enabling management-policies in the sql provider and excluding LateInitialize.
However, won't be closing the issue as I think this is just a workaround, especially taking into account the alpha status of management policies.

IMO it should have same default behavior as in terraform, e.g.

resource "azurerm_mssql_server" "this" {
  name                = "sql-${var.environment_name}-${var.unique_suffix}"
  resource_group_name = var.resource_group_name
  location            = var.location
  version             = "12.0"
  minimum_tls_version = "1.2"

  azuread_administrator {
    login_username              = var.ad_admin_group.display_name
    object_id                   = var.ad_admin_group.object_id
    azuread_authentication_only = true
  }

  tags = var.tags
}

works out of the box in terraform, no need for ignore_changes and setting up initial values.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Mikel-Landa