Skip to content

Bicep cannot find EntraId group to configure as flexible PostgreSQL EntraId admin #18602

New issue
New issue
Open
Open
Bicep cannot find EntraId group to configure as flexible PostgreSQL EntraId admin#18602
Labels
Needs: Triage 🔍
@BasJanssenQuadira

Description

@BasJanssenQuadira
BasJanssenQuadira
opened on Dec 1, 2025

Bicep version
Bicep CLI version 0.39.26 (1e90b06e40)

Describe the bug
When trying to configure an existing EntraId group as administrators for an instance of Microsoft.DBforPostgreSQL/flexibleServers@2025-06-01-preview using the 'Microsoft.DBforPostgreSQL/flexibleServers/administrators@2025-06-01-preview resource results in an error message indicating that the group could not be found, as it would be duplicate.

I have tried to reference the group both by the Display Name and UniqueName properties, but neither results in Bicep selecting the existing group.
I have also tried using the Microsoft.Graph/[email protected] as an existing resource that references the group using the UniqueName, which is successful, and referencing that resource in the administrators resource. This also results in the attempted creation of a new group that then conflicts.

I would expect Bicep to be able to reference the group correctly.

To Reproduce

resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2025-06-01-preview' = {
  name: '${projectName}-prod'
  location: location

  tags: tags

  sku: {
    name: 'Standard_B1ms'
    tier: 'Burstable'
  }

  properties: {
    authConfig: {
      activeDirectoryAuth: 'Enabled'
      tenantId: tenantId
      passwordAuth: 'Disabled'
    }
    administratorLogin: <admin-user>
    administratorLoginPassword: adminPassword
    dataEncryption: {
      type: 'SystemManaged'
    }
    maintenanceWindow: {
      customWindow: 'Enabled'
      dayOfWeek: 6
      startHour: 5
      startMinute: 0
    }
    network: {
      publicNetworkAccess: 'Enabled'
    }
    replica: {
      role: 'Primary'
    }
    replicationRole: 'Primary'
    storage: {
      autoGrow: 'Enabled'
      iops: 240
      storageSizeGB: 64
      tier: 'P6'
    }
    version: '17'
  }
}

resource productionOwnersGroup 'Microsoft.Graph/[email protected]' existing = {
  uniqueName: <uniqueName>
}

resource dbAdmin 'Microsoft.DBforPostgreSQL/flexibleServers/administrators@2025-06-01-preview' = {
  parent: postgresServer
  name: guid(postgresServer.name, '/', <GUID>)
  properties: {
    principalType: 'Group'
    tenantId: tenantId
    principalName: productionOwnersGroup.uniqueName
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    Needs: Triage 🔍

    Type

    No type

    Projects

    Bicep

    Status

    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions