Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQL Database Security Alert Policies API (2014-04-01) In-Idempotent Behavior of userServerDefault #9762

Closed
magodo opened this issue Jun 8, 2020 · 7 comments
Closed

SQL Database Security Alert Policies API (2014-04-01) In-Idempotent Behavior of userServerDefault #9762

magodo opened this issue Jun 8, 2020 · 7 comments
Labels
question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention Workflow: This issue is responsible by Azure service team. SQL - Data Security SQL

Comments

@magodo
Copy link
Contributor

magodo commented Jun 8, 2020

SQL Database Security Alert Policies API version 2014-04-01 has property called useServerDefault in the DatabaseSecurityAlertPolicyProperties. From swagger definition, this property accepts either "Enabled" or "Disabled". So if I define the security alert policy in SQL Server, invoke the following request, which specifies this property as Enabled:

PUT HTTP/2.0 https://management.azure.com/subscriptions/67a9759d-d099-4aa8-8675-e6cfd669c3f4/resourceGroups/acceptanceTestRG-magodo2/providers/Microsoft.Sql/servers/sqlserver-magodo/databases/sqldatabase-magodo/securityAlertPolicies/default?api-version=2014-04-01

REQUEST

{
    "location": "eastus",
    "properties": {
        "disabledAlerts": "",
        "emailAccountAdmins": "Disabled",
        "emailAddresses": "",
        "retentionDays": 0,
        "state": "Disabled",
        "storageAccountAccessKey": "",
        "storageEndpoint": "",
        "useServerDefault": "Enabled"
    }
}

RESPONSE

{
    "id": "/subscriptions/67a9759d-d099-4aa8-8675-e6cfd669c3f4/resourceGroups/acceptanceTestRG-magodo2/providers/Microsoft.Sql/servers/sqlserver-magodo/databases/sqldatabase-magodo/securityAlertPolicies/default",
    "kind": null,
    "location": "eastus",
    "name": "default",
    "properties": {
        "disabledAlerts": "",
        "emailAccountAdmins": "Disabled",
        "emailAddresses": "",
        "retentionDays": 0,
        "state": "Disabled",
        "storageAccountAccessKey": "",
        "storageEndpoint": "",
        "useServerDefault": "Enabled"
    },
    "type": "Microsoft.Sql/servers/databases/securityAlertPolicies"
}

Then if I invoke a GET right after, the useServerDefault is changed into Disabled.

GET HTTP/2.0  https://management.azure.com/subscriptions/67a9759d-d099-4aa8-8675-e6cfd669c3f4/resourceGroups/acceptanceTestRG-magodo2/providers/Microsoft.Sql/servers/sqlserver-magodo/databases/sqldatabase-magodo/securityAlertPolicies/default?api-version=2014-04-01

RESPONSE

{
    "id": "/subscriptions/67a9759d-d099-4aa8-8675-e6cfd669c3f4/resourceGroups/acceptanceTestRG-magodo2/providers/Microsoft.Sql/servers/sqlserver-magodo/databases/sqldatabase-magodo/securityAlertPolicies/default",
    "kind": null,
    "location": "East US",
    "name": "default",
    "properties": {
        "disabledAlerts": "",
        "emailAccountAdmins": "Disabled",
        "emailAddresses": "",
        "retentionDays": 0,
        "state": "Disabled",
        "storageAccountAccessKey": "",
        "storageEndpoint": "",
        "useServerDefault": "Disabled"
    },
    "type": "Microsoft.Sql/servers/databases/securityAlertPolicies"
}

This behavior makes IaC tools that depend on the idempotency of API hard to implement.
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jun 8, 2020
@mmyyrroonn mmyyrroonn added Service Attention Workflow: This issue is responsible by Azure service team. SQL SQL - Data Security labels Jun 8, 2020
@ghost
Copy link

ghost commented Jun 8, 2020

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @azureSQLGitHub.

@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Jun 8, 2020
@magodo magodo mentioned this issue Jun 8, 2020
Closed
@magodo
Copy link
Contributor Author

magodo commented Aug 25, 2020

Any progress on this one?

@GrooveGod
Copy link

Just confirmed this problem still exists, any progress yet?

@magodo
Copy link
Contributor Author

magodo commented Dec 10, 2020

@weidongxu-microsoft Please take a look at this issue, it breaks for a long time..

@weidongxu-microsoft
Copy link
Member

@azureSQLGitHub any update?

@ayeletshpigelman
Copy link
Contributor

useServerDefault is a deprecated property. please ignore it. Moreover, we recommend using API version 2018-06-01-preview for QL Database Security Alert Policies

@ericshape
Copy link
Contributor

@magodo Thanks for your feedback!
for MSFT internal user, please raise one IcM sev 3 CRI ticket to unblock if necessary.
I will close this issue because the expert @ayeletshpigelman has provided the answer.

@pearcec pearcec mentioned this issue Feb 11, 2021
Closed
@magodo magodo mentioned this issue Feb 18, 2021
Merged
aristosvo pushed a commit to aristosvo/terraform-provider-azurerm that referenced this issue Oct 6, 2021
Deprecate use_server_default based on Azure/azure-rest-api-specs#97…
ea77fe9 
…62 (comment)
aristosvo pushed a commit to aristosvo/terraform-provider-azurerm that referenced this issue Oct 6, 2021
Deprecate use_server_default based on Azure/azure-rest-api-specs#97…
66dbf2a 
…62 (comment)
This was referenced Oct 6, 2021
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention Workflow: This issue is responsible by Azure service team. SQL - Data Security SQL
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ericshape @magodo @ayeletshpigelman @GrooveGod @mmyyrroonn @weidongxu-microsoft