Azure DevOps DACPAC deployment fails due to data classification statements

2
votes

I have classified some columns in my Azure SQL Database with Data Classification sensitivity labels. In the SSDT project that corresponds to the database, SQL statements like the following are present:

ADD SENSITIVITY CLASSIFICATION TO
    [dbo].[tablename].[UserName]
    WITH (LABEL = 'Confidential', LABEL_ID = 'guid1'
        , INFORMATION_TYPE = 'Credentials', INFORMATION_TYPE_ID = 'guid2');

The SSDT project builds fine in VS 2019 as well as in the Build task in Azure DevOps Build Pipelines. As expected, I had to use a VS 2019 (hosted) agent because prior versions of SSDT don't recognize that SQL syntax.

In the pipeline, the DACPAC for that project is successfully built. I am then trying to deploy that DACPAC using an Azure SQL Database deployment task. It uses the SqlPackage.exe version it finds in C:\Program Files\Microsoft SQL Server\150\DAC\bin\ on the hosted agent. It apparently doesn't recognize those SQL statements and fails with the following error:

The Element or Annotation class SqlSimpleColumn does not contain the Property class SensitivityLabel.

Is there a way to deploy a more updated SqlPackage.exe to a hosted build agent, or am I stuck waiting for Microsoft to update the image? Is there a way to pass a parameter to SqlPackage.exe instructing it to ignore those statements?

1
azure-devopsazure-sql-databaseazure-pipelines

1 Answers

5
votes

Is there a way to deploy a more updated SqlPackage.exe to a hosted build agent, or am I stuck waiting for Microsoft to update the image?

Afraid to say that, No, until now, we didn't offer the method for users to install the latest version of SqlPackage.exe into the image of hosted agent externally during its runtime, even if a temporary operation.

The Sensitivity labels has been added into a Azure SQL database, and also we has raised the PR internally to update the latest SQL Package.exe in hosted image: Add support for latest SQL Package.exe and in MSBuild. I'm sure it will be deployed and updated soon.

Is there a way to pass a parameter to SqlPackage.exe instructing it to ignore those statements?

As I know, there isn't such parameter exists can for SqlPackage.exe compiled. In this doc, we list all of the parameter that supported. You can refer to this for detaild. As until now, it doesn't work for the Sensitivity classification in release job, we recommend you released the project with removing the Sensitivity classification used temporarily. Or you can build a private agent, install the SqlPackage.exe in it. Then run SqlPackage.exe command from its locations on your local machine.

I will monitor this internal PR process, once the PR finished and the new images deployed, will update my answer here to let you and other SO users know.