stackit-dev-tools/terraform-provider-stackitprivatepreview
2
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

SQL Server User Resource Triggers Modify Without Configuration Changes #63

New issue
Closed
opened 2026-02-16 07:15:24 +00:00 by sven.schmidt · 2 comments
sven.schmidt commented 2026-02-16 07:15:24 +00:00
Copy link

Description

When managing a SQL Server user via the STACKIT Terraform provider, running terraform apply without any configuration changes still results in a modify operation on the resource.

The SQL Server user resource is not behaving idempotently. Even though no attributes were changed in the Terraform configuration, the provider detects a difference and triggers an update.

This leads to unnecessary modifications and may cause state inconsistencies or follow-up errors.

Steps to reproduce

resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" {
  project_id  = var.tcc_project_id
  instance_id = data.terraform_remote_state.infra_db.outputs.sqlserver_instance_id
  username    = "testuser"
  roles = ["##STACKIT_DatabaseManager##",
    "##STACKIT_LoginManager##",
    "##STACKIT_ProcessManager##",
    "##STACKIT_ServerManager##",
    "##STACKIT_SQLAgentManager##",
    "##STACKIT_SQLAgentUser##",
  ]
}
  1. Run terraform ...

Actual behavior

Please describe the current behavior of the STACKIT Terraform provider. Don't forget to add detailed information like error messages.

stackitprivatepreview_postgresflexalpha_database.testDB: Creation complete after 16s [name=testdb]

 Error: Error updating user
 
   with stackitprivatepreview_sqlserverflexbeta_user.testUser,
   on 03-create-user-db-sql.tf line 7, in resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser":
    7: resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" {
 
 User can't be updated

::error::Terraform exited with code 1.




  # stackitprivatepreview_sqlserverflexbeta_user.testUser will be updated in-place
  ~ resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" {
      + default_database = (known after apply)
      ~ host             = "e5c5af15-d2c9-41bd-8523-77e0b96990f1.sqlserver.***.onstackit.cloud" -> (known after apply)
        id               = 274
      ~ port             = 1433 -> (known after apply)
      ~ roles            = [
          - "##STACKIT_SQLAgentManager##",
          - "##STACKIT_SQLAgentUser##",
            "##STACKIT_DatabaseManager##",
            # (2 unchanged elements hidden)
            "##STACKIT_ServerManager##",
          + "##STACKIT_SQLAgentManager##",
          + "##STACKIT_SQLAgentUser##",
        ]
        # (8 unchanged attributes hidden)
    }
Plan: 2 to add, 1 to change, 0 to destroy.

Expected behavior

Please describe the behavior which you would expect from the STACKIT Terraform provider in that case.

Terraform detects a change in the SQL Server user resource and attempts to modify it, even though no configuration changes were made.

## Description When managing a SQL Server user via the STACKIT Terraform provider, running terraform apply without any configuration changes still results in a modify operation on the resource. The SQL Server user resource is not behaving idempotently. Even though no attributes were changed in the Terraform configuration, the provider detects a difference and triggers an update. This leads to unnecessary modifications and may cause state inconsistencies or follow-up errors. ## Steps to reproduce ```terraform resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" { project_id = var.tcc_project_id instance_id = data.terraform_remote_state.infra_db.outputs.sqlserver_instance_id username = "testuser" roles = ["##STACKIT_DatabaseManager##", "##STACKIT_LoginManager##", "##STACKIT_ProcessManager##", "##STACKIT_ServerManager##", "##STACKIT_SQLAgentManager##", "##STACKIT_SQLAgentUser##", ] } ``` <!-- Please provide us with the steps to reproduce the behavior. --> 1. Run `terraform ...` ## Actual behavior *Please describe the current behavior of the STACKIT Terraform provider. Don't forget to add detailed information like error messages.* ```terraform stackitprivatepreview_postgresflexalpha_database.testDB: Creation complete after 16s [name=testdb] ╷ │ Error: Error updating user │ │ with stackitprivatepreview_sqlserverflexbeta_user.testUser, │ on 03-create-user-db-sql.tf line 7, in resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser": │ 7: resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" { │ │ User can't be updated ╵ ::error::Terraform exited with code 1. # stackitprivatepreview_sqlserverflexbeta_user.testUser will be updated in-place ~ resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" { + default_database = (known after apply) ~ host = "e5c5af15-d2c9-41bd-8523-77e0b96990f1.sqlserver.***.onstackit.cloud" -> (known after apply) id = 274 ~ port = 1433 -> (known after apply) ~ roles = [ - "##STACKIT_SQLAgentManager##", - "##STACKIT_SQLAgentUser##", "##STACKIT_DatabaseManager##", # (2 unchanged elements hidden) "##STACKIT_ServerManager##", + "##STACKIT_SQLAgentManager##", + "##STACKIT_SQLAgentUser##", ] # (8 unchanged attributes hidden) } Plan: 2 to add, 1 to change, 0 to destroy. ``` ## Expected behavior *Please describe the behavior which you would expect from the STACKIT Terraform provider in that case.* Terraform detects a change in the SQL Server user resource and attempts to modify it, even though no configuration changes were made.
marcel.henselin commented 2026-02-16 07:17:15 +00:00
Owner
Copy link

implement a sorting og roles:

  • when writing state
  • reading a resource and returning state
implement a sorting og roles: * when writing state * reading a resource and returning state
marcel.henselin self-assigned this 2026-02-16 07:37:33 +00:00
sven.schmidt commented 2026-02-16 11:17:47 +00:00
Author
Copy link

Not fixed - same behaviour occurs with tf alpha provider version 0.0.17-alpha

terraform apply
data.terraform_remote_state.infra_db: Reading...
data.terraform_remote_state.infra_db: Read complete after 0s
stackitprivatepreview_sqlserverflexbeta_user.testUser: Refreshing state...
stackitprivatepreview_sqlserverflexbeta_database.testDB: Refreshing state... [name=testdb]

Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # stackitprivatepreview_sqlserverflexbeta_user.testUser will be updated in-place
  ~ resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" {
      + default_database = (known after apply)
      ~ host             = "b9b63364-966a-474f-bc34-23b5e571210e.sqlserver.eu01.onstackit.cloud" -> (known after apply)
        id               = 267
      ~ port             = 1433 -> (known after apply)
      ~ roles            = [
            # (2 unchanged elements hidden)
            "##STACKIT_ProcessManager##",
          + "##STACKIT_ServerManager##",
            "##STACKIT_SQLAgentManager##",
            "##STACKIT_SQLAgentUser##",
          - "##STACKIT_ServerManager##",
        ]
        # (8 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: ^[^C

Interrupt received.
Please wait for Terraform to exit or data loss may occur.
Gracefully shutting down...


 Error: error asking for approval: interrupted
Not fixed - same behaviour occurs with tf alpha provider version 0.0.17-alpha ```terraform terraform apply data.terraform_remote_state.infra_db: Reading... data.terraform_remote_state.infra_db: Read complete after 0s stackitprivatepreview_sqlserverflexbeta_user.testUser: Refreshing state... stackitprivatepreview_sqlserverflexbeta_database.testDB: Refreshing state... [name=testdb] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # stackitprivatepreview_sqlserverflexbeta_user.testUser will be updated in-place ~ resource "stackitprivatepreview_sqlserverflexbeta_user" "testUser" { + default_database = (known after apply) ~ host = "b9b63364-966a-474f-bc34-23b5e571210e.sqlserver.eu01.onstackit.cloud" -> (known after apply) id = 267 ~ port = 1433 -> (known after apply) ~ roles = [ # (2 unchanged elements hidden) "##STACKIT_ProcessManager##", + "##STACKIT_ServerManager##", "##STACKIT_SQLAgentManager##", "##STACKIT_SQLAgentUser##", - "##STACKIT_ServerManager##", ] # (8 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: ^[^C Interrupt received. Please wait for Terraform to exit or data loss may occur. Gracefully shutting down... ╷ │ Error: error asking for approval: interrupted │ │ ╵ ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
alpha
chore/update_goreleaser
fix/generating_code
chore/ci_testing
fix/tests
chore/remove_generated_from_repo
feat/response_mapper
main
alpha-backup
v0.0.23-alpha
v0.0.22-alpha
v0.0.21-alpha
v0.0.20-alpha
v0.0.19-alpha
v0.0.18-alpha
v0.0.17-alpha
v0.0.16-alpha
v0.0.15-alpha
v0.0.14-alpha
v0.0.13-alpha
v0.0.12-alpha
v0.0.11-alpha
v0.0.10-alpha
v0.0.9-alpha
v0.0.8-alpha
v0.0.7-alpha
v0.0.6-alpha
v0.0.5-alpha
v0.0.4-alpha
v0.0.3-alpha
v0.0.2-alpha
v0.0.1-alpha
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
marcel.henselin
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: stackit-dev-tools/terraform-provider-stackitprivatepreview#63
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?