Azure Service Operator
Management of databases on an existing Azure SQL Server
"Login failed for user"
AzureSQLManagedUser objects you may see the following error:
PingContext failed: Login error: mssql: Login failed for user '<token-identified principal>'.
Unlike the ARM resources the service operator usually manipulates, in order to create a SQL Server user mapping, the service operator must authenticate directly with the SQL Server, without ARM. It will only be able to authenticate if its service principal is configured as the server's AD administrator. It doesn't seem to be possible to set this to a group containing the service principal.
Particularly in cases where the reconciliation of one resource depends on the provisioning of another you may encounter cases where provisioning fails and is not retried. The only reliable resolution to this is to recreate the affected object.
Kubernetes finalisers are used to ensure deletion of the ARM resources prior to deletion of the Kubernetes object. In cases where a fatal error is encountered during provisioning, or bugs in the operator prevent it from successfully reconciling resources, it may be necessary to remove the
azure.microsoft.com/finalizer finaliser first.