Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for private_link_access in azurerm_storage_account doesn't work as intended #11779

Closed
oguzkilcan opened this issue May 19, 2021 · 2 comments · Fixed by #11957
Closed

Support for private_link_access in azurerm_storage_account doesn't work as intended #11779

oguzkilcan opened this issue May 19, 2021 · 2 comments · Fixed by #11957
Labels
v/2.x (legacy)
Milestone
v2.61.0

Comments

@oguzkilcan
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

❯ terraform -v
Terraform v0.15.3
on darwin_amd64
+ provider registry.terraform.io/hashicorp/azurerm v2.59.0

Affected Resource(s)

  • azurerm_storage_account

Description

According to Azure documentation Resource instances is a preview feature on Storage accounts and only supports Azure Synapse so far.

However with the development of #11629, the REST endpoint for this feature is used to allow private endpoints. This creates two issues:

  1. terraform plan tries to delete Resource instances configuration for existing Storage accounts that have this setting configured manually from the UI.
  2. Creating/updating fails with error while trying to use Synapse workspaces in private_link_access because terraform actually expects privateEndpoints.

Terraform Configuration Files

Scenario 1:

resource "azurerm_storage_account" "this" {
  name = "uniquesaname"
  resource_group_name = "test-rg"
  account_replication_type = "LRS"
  account_tier = "Standard"
  location = "westeurope"
  network_rules {
    default_action = "Deny"
    ip_rules = ["cl.ie.nt.ip"]
  }
}

Scenario 2:

resource "azurerm_storage_account" "this" {
  name = "uniquesaname"
  resource_group_name = "test-rg"
  account_replication_type = "LRS"
  account_tier = "Standard"
  location = "westeurope"
  network_rules {
    default_action = "Deny"
    ip_rules = ["cl.ie.nt.ip"]
    private_link_access {
     endpoint_resource_id = "/subscriptions/<subscription-id>/resourcegroups/test-rg/providers/Microsoft.Synapse/workspaces/*"
    }
  }
}

Steps to Reproduce

Scenario 1:

  1. terraform apply snippet from Scenario 1
  2. Update Storage account from UI and configure Resource instances
    image
  3. terraform plan tries to delete existing configuration
  # azurerm_storage_account.this will be updated in-place
  ~ resource "azurerm_storage_account" "this" {
        id                             = "/subscriptions/<subscription-id>/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/uniquesaname"
        name                           = "uniquesaname"
        # (29 unchanged attributes hidden)


      ~ network_rules {
            # (4 unchanged attributes hidden)

          - private_link_access {
              - endpoint_resource_id = "/subscriptions/<subscription-id>/resourcegroups/test-rg/providers/Microsoft.Synapse/workspaces/*" -> null
              - endpoint_tenant_id   = "<tenant-id>" -> null
            }
        }

        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Scenario 2:

  1. terraform plan snippet from Scenario 2 fails with error
❯ terraform plan
╷
│ Error: ID was missing the `privateEndpoints` element
│ 
│   with azurerm_storage_account.this,
│   on main.tf line 35, in resource "azurerm_storage_account" "this":
│   35: resource "azurerm_storage_account" "this" {
│ 
╵

References
@yupwei68 yupwei68 mentioned this issue May 26, 2021
Merged
@mbfrahry mbfrahry added this to the v2.61.0 milestone May 26, 2021
@ghost
Copy link

ghost commented May 27, 2021

This has been released in version 2.61.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.61.0"
}
# ... other configuration ...

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 27, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
v/2.x (legacy)
Projects
None yet
Milestone
v2.61.0
3 participants
@oguzkilcan @mbfrahry @catriona-m