Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_storage_management_policy overwrites the rules #18583

Closed
1 task done
ankitkotnala opened this issue Sep 29, 2022 · 3 comments · Fixed by #22966
Closed
1 task done

azurerm_storage_management_policy overwrites the rules #18583

ankitkotnala opened this issue Sep 29, 2022 · 3 comments · Fixed by #22966
Assignees
@magodo
Labels
bug service/storage v/3.x

Comments

@ankitkotnala
Copy link
Contributor

ankitkotnala commented Sep 29, 2022
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.2.0

AzureRM Provider Version

3.24.0

Affected Resource(s)/Data Source(s)

azurerm_storage_management_policy

Terraform Configuration Files

data "azurerm_storage_account" "example"{
    name = "csgxxxxxxxxxxxxxxxx"
    resource_group_name = "cloud-shell-xxxxxx"
}


resource "azurerm_storage_management_policy" "default" {
  storage_account_id = data.azurerm_storage_account.example.id

  rule {
    name    = "default"
    enabled = true
    filters {
      prefix_match = [""]
      blob_types   = ["blockBlob"]
    }
    actions {
      base_blob {
        tier_to_cool_after_days_since_modification_greater_than    = 999
        tier_to_archive_after_days_since_modification_greater_than = 999
        delete_after_days_since_modification_greater_than          = 0
      }
      
    }
  }
}


resource "azurerm_storage_management_policy" "default1" {
  storage_account_id = data.azurerm_storage_account.example.id

  rule {
    name    = "retention"
    enabled = true
    filters {
      prefix_match = ["container/blob1"]
      blob_types   = ["blockBlob"]
    }
    actions {
      base_blob {
        tier_to_cool_after_days_since_modification_greater_than    = 30
        # tier_to_archive_after_days_since_modification_greater_than = 90
        # delete_after_days_since_modification_greater_than          = 0
      }
      
    }
  }
}

Debug Output/Panic Output

�[0m�[1mdata.azurerm_storage_account.example: Reading...�[0m�[0m
�[0m�[1mdata.azurerm_storage_account.example: Read complete after 0s [id=/subscriptions/xxxxx188-21a7-xxxx-8d0c-zzxxxxx/resourceGroups/cloud-shell-xxxxxxx/providers/Microsoft.Storage/storageAccounts/csgxxxxxxxxx]�[0m
�[0m�[1mazurerm_storage_management_policy.default: Refreshing state... [id=/subscriptions/xxxxx188-21a7-xxxx-8d0c-zzxxxxx/resourceGroups/cloud-shell-xxxxxxx/providers/Microsoft.Storage/storageAccounts/csgxxxxxxxxx/managementPolicies/default]�[0m
�[0m�[1mazurerm_storage_management_policy.default1: Refreshing state... [id=/subscriptions/xxxxx188-21a7-xxxx-8d0c-zzxxxxx/resourceGroups/cloud-shell-xxxxxxx/providers/Microsoft.Storage/storageAccounts/csgxxxxxxxxx/managementPolicies/default]�[0m

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  �[33m~�[0m update in-place
�[0m
Terraform will perform the following actions:

�[1m  # azurerm_storage_management_policy.default�[0m will be updated in-place�[0m�[0m
�[0m  �[33m~�[0m�[0m resource "azurerm_storage_management_policy" "default" {
        �[1m�[0mid�[0m�[0m                 = "/subscriptions/xxxxx188-21a7-xxxx-8d0c-zzxxxxx/resourceGroups/cloud-shell-xxxxxxx/providers/Microsoft.Storage/storageAccounts/csgxxxxxxxxx/managementPolicies/default"
        �[90m# (1 unchanged attribute hidden)�[0m�[0m

      �[33m~�[0m �[0mrule {
          �[33m~�[0m �[0m�[1m�[0mname�[0m�[0m    = "retention" �[33m->�[0m �[0m"default"
            �[90m# (1 unchanged attribute hidden)�[0m�[0m

          �[33m~�[0m �[0mactions {
              �[33m~�[0m �[0mbase_blob {
                  �[33m~�[0m �[0m�[1m�[0mdelete_after_days_since_modification_greater_than�[0m�[0m              = -1 �[33m->�[0m �[0m0
                  �[33m~�[0m �[0m�[1m�[0mtier_to_archive_after_days_since_modification_greater_than�[0m�[0m     = -1 �[33m->�[0m �[0m9999
                  �[33m~�[0m �[0m�[1m�[0mtier_to_cool_after_days_since_modification_greater_than�[0m�[0m        = 30 �[33m->�[0m �[0m9999
                    �[90m# (3 unchanged attributes hidden)�[0m�[0m
                }
            }

          �[33m~�[0m �[0mfilters {
              �[33m~�[0m �[0m�[1m�[0mprefix_match�[0m�[0m = [
                  �[32m+�[0m �[0m"",
                  �[31m-�[0m �[0m"container/blob1",
                ]
                �[90m# (1 unchanged attribute hidden)�[0m�[0m
            }
        }
    }

�[0m�[1mPlan:�[0m 0 to add, 1 to change, 0 to destroy.
�[0m�[0m�[1mazurerm_storage_management_policy.default: Modifying... [id=/subscriptions/xxxxx188-21a7-xxxx-8d0c-zzxxxxx/resourceGroups/cloud-shell-xxxxxxx/providers/Microsoft.Storage/storageAccounts/csgxxxxxxxxx/managementPolicies/default]�[0m�[0m
�[0m�[1mazurerm_storage_management_policy.default: Modifications complete after 0s [id=/subscriptions/xxxxx188-21a7-xxxx-8d0c-zzxxxxx/resourceGroups/cloud-shell-xxxxxxx/providers/Microsoft.Storage/storageAccounts/csgxxxxxxxxx/managementPolicies/default]�[0m
�[0m�[1m�[32m
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
�[0m

Expected Behaviour

Should create two policy rules , as they can be created from the portal

Actual Behaviour

terraform plan shows to create only one rule and doesn't shows the removal of the rule which the apply performs

deletes one rule and creates only one of the two rules for lifecycle management

Steps to Reproduce

terraform plan

terraform apply

Important Factoids

No response

References

Is this because of the constraint :

https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-overview#:~:text=If%20you%20define%20more%20than%20one%20action%20on%20the%20same%20blob%2C%20lifecycle%20management%20applies%20the%20least%20expensive%20action%20to%20the%20blob.
@github-actions github-actions bot removed the bug label Sep 29, 2022
@lewis-od
Copy link
Contributor

lewis-od commented Aug 15, 2023
edited
Loading

I ran into a similar issue, and found fix is to add both rules to the same azurerm_storage_management_policy resource, e.g:

resource "azurerm_storage_management_policy" "default" {
  storage_account_id = data.azurerm_storage_account.example.id

  rule {
    name    = "default"
    enabled = true
    filters {
      prefix_match = [""]
      blob_types   = ["blockBlob"]
    }
    actions {
      base_blob {
        tier_to_cool_after_days_since_modification_greater_than    = 999
        tier_to_archive_after_days_since_modification_greater_than = 999
        delete_after_days_since_modification_greater_than          = 0
      }
      
    }
  }

  rule {
    name    = "retention"
    enabled = true
    filters {
      prefix_match = ["container/blob1"]
      blob_types   = ["blockBlob"]
    }
    actions {
      base_blob {
        tier_to_cool_after_days_since_modification_greater_than    = 30
      }
    }
  }
}

From what I can tell, each storage account can only have a single management policy. If you try create multiple azurerm_storage_management_policy resources, they both get assigned the same ID (/subscriptions/<subscription id>/resourceGroups/<resource group name>/providers/Microsoft.Storage/storageAccounts/<account name>/managementPolicies/default), resulting in the overwriting behaviour.

I think it would be good if this were mentioned in the docs, and the provider either prevented you from creating multiple azurerm_storage_management_policy resources, or supported multiple but assigned them different IDs internally (the former seems more in line with how Azure works?)

@tombuildsstuff
Copy link
Contributor

@lewis-od

I think it would be good if this were mentioned in the docs, and the provider either prevented you from creating multiple azurerm_storage_management_policy resources

Indeed - that's a bug since every other Resource in the Provider checks for the presence of an existing resource (or non-default configuration, where the resource is created by default) when creating the resource to ensure we don't unintentionally adopt it - so fixing that would fix this issue.

@magodo since you've worked with this one most recently/have the most context, would you mind taking a look into that?

@magodo magodo mentioned this issue Aug 16, 2023
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented May 8, 2024

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@magodo magodo

Labels
bug service/storage v/3.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

azurerm_storage_management_policy - Add existance check magodo/terraform-provider-azurerm
5 participants
@tombuildsstuff @lewis-od @magodo @ankitkotnala @catriona-m