[release/9.1] Fix Azure PostgreSQL AsExisting #7702
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In bicep, it is not supported to set properties on "existing" resources. When using AsExisting on an Azure PostgreSQL resource, we are setting authConfig properties to enable/disable password and activeDirectory auth. This is causing errors when trying to deploy because the bicep is invalid. Fix this by not setting these properties on existing resources. Instead for activeDirectory/Entra ID auth, we will add the principle as an admin on the server. For password auth on an existing resource, we expect the user to pass the correct username/password parameters to connect to the database server. Fix #7694
danmoseley
approved these changes
Feb 20, 2025
danmoseley
added
NO-MERGE
danmoseley
added
Servicing-approved
eerhardt
approved these changes
Feb 20, 2025
github-actions
bot
added
the
area-integrations
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #7699 to release/9.1
/cc @eerhardt
Customer Impact
Customers are unable to use AsExisting on Azure PostgreSQL resources. Doing so causes failures at provisioning time - both F5 and
azd up. The reason is because we are setting properties on the existing resource, which bicep doesn't allow.Fix this by not setting these properties on existing resources. Instead for activeDirectory/Entra ID auth, we will add the principle as an admin on the server. For password auth on an existing resource, we expect the user to pass the correct username/password parameters to connect to the database server.
Testing
Manually tested using both password based auth and Entra ID auth to an existing Azure PostgreSQL database. Both work as expected. When using Entra ID, the current user gets added as an admin as expected. When using password auth, the user is expected to have the username/password of the existing server and pass it in via parameters.
Risk
Low. This change only affects existing Azure PostgreSQL resources and shouldn't affect other scenarios.
Regression?
No