-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to create containers when provisioned azure storage account has configured PE and network acl #27607
Comments
@RyanChen22 thank you for filing this issue. Till now I'm aware there are two main types of Storage resource provisioning issues in TF:
Firstly. I suggest do not regard the above two types as the same problem. Treat them separately. |
@mybayern1974 - thanks for your response. The situation is not falling under point 2. Cos even with PE+network ACL, storage account could be provisioning successfully without issues. The concern is on the creation of container after account was created. If you look at the shared debug error, it seems always retrieving static website properties before attempting to create the container. However, static website was not used at all in the terraform file. Also, please do not close the thread as the this has been affecting users and required an immediate solution asap. |
@RyanChen22 sure no problem to keep this issue open. Could you please provide a minimum reproducible TF config describing your SA, SA Container, and PE? |
sa&blob_storage_modules.zip |
@RyanChen22, in the current AzureRM implementation, it's SA that calls static website rather than the Storage Container, ending up in case any issues happen during accessing the static website in SA, the following provisioning to Storage Container would be impacted. Based on that, I think I can understand your saying that SA has already been fully successfully provisioned, then one possibility could be when executing terraform plan / apply to your terraform solution, accessing SA would always happen, which has no direct relationship with managing Storage Container, and accessing SA would trigger the access to static website. With that, as I mentioned above, investigation on either decoupling the static website from SA or be tolerant to issues happening during accessing the static website is actively ongoing by owners of this project. |
@mybayern1974 - Thanks for the reply. Tolerating the issue is definitely not acceptable as the container is not being provisioned after running the TF files since the error of static website will be thrown. Is there any solution or workaround on this? Cos if PE and network ACL is not configured in the TF, the provisioning of both account and containers are working successfully, which conflicts with your saying that accessing SA will trigger the access to static website. |
@RyanChen22 I would suggest to stay tuned to the final solution that has not been finalized yet, so it's out of my current knowledge scope now to share insights what that solution would be like.
|
@mybayern1974 - Appreciate your response and information so far. I would check with customers to see if the error could be ignored /skipped when deploying those TF files through pipeline. Meanwhile, will be happy to know if there is any ETA on the final solution. Thanks. |
Re "check with customers...error could be ignored...", I believe not. Customers are innocent and they are unable to swallow this error reported here at their layer (unless they use Terraform AzAPI to manage the SA), instead, the duty is at this provider. |
In such case, when could we expect to have a solution on this? |
Sorry this is out of my current information scope, instead, what I can tell is Hashicorp and Microsoft is actively looking into this issue. |
To speed up the process, customer has also tried AzAPI as well but encountering the below exception. Would we have some guidance on how to address the issue? Error: Failed to query available provider packages |
This looks like an AzAPI usage question. To keep this thread focused, please file the AzAPI question here to have discussion there. |
@mybayern1974 - I have helped my customers to raise another GH link for azapi workaround. Will appreciate if you could help to further advice the mitigation. Thanks |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Is there an existing issue for this?
Community Note
Terraform Version
1.9.7
AzureRM Provider Version
4.0.1
Affected Resource(s)/Data Source(s)
Containers of Azure Storage account
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
the containers should be created successfully after provisioning the storage account
Actual Behaviour
storage account was provisioned successfully but containers were failed to be created with the error in the debug log above. It keeps retrieving static website properties which was not used at all in the client terraform.
We have also tested successfully with similar terraform whereby if the provisioned storage account has public access enabled without PE + network acl, both account and containers are successfully provisioned without issues.
Steps to Reproduce
Important Factoids
N.A.
References
Found similar Github issue but failed to succeed it by using azapi:
#2977
The text was updated successfully, but these errors were encountered: