-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Destroy storage account with network rules is impossible (hangs forever) #5434
Comments
I have found that this issue (unable to destroy the storage account and hangs forever) is related to the network rules. If I remove: The other strange thing is that if I create the storage account with network rules and I delete the network rules manually from the Azure Portal Console and remove them from the state than it is still impossible to delete the storage account... @tombuildsstuff can you please give some help here? |
I've encountered a similar problem and issue #3156 provided help. In my case I deployed a storage account via TF with 2 subnets from 1 vnet and 1 subnet from another vnet. Issue 3156 suggested the issue was with multiple subnets in the same vnet. I manually deleted one of the subnets in the first vnet (leaving 1 subnet in each vnet in the rules) and re-ran the destroy and it succeeded. I believe this happens because of the lock placed on the vnet so you can have more than one subnet in your rules as long as they are from different vnets because it will lock each vnet independently. |
Hi @mhaarbrink That's right. This is the exact problem. I have made a fix for this bug and I made a PR which is still waiting for approval. And I hope to be approved but for now no one reviewed it. |
Fix for issue #5434 (and related issues: #5530 , #3156 ) * **Problem:** If you have a storage account with more than one network rule set - the destroy action hangs forever and the real destroy/deletion of the resource never happens. If you have a storage account with zero or one network rule attached then this problem is irrelevant - the destroy action completes successfully. * **Reason:** In the `resourceArmStorageAccountDelete` method located in _azurerm/internal/services/storage/resource_arm_storage_account.go_ there is a string array which is passed to the mutex lock method `locks.MultipleByName`. The reason for the problem is that the creation of this array does not cover all possible cases. The logic of the method assumes that you have different virtual networks and inserts them into the array used for locking but does not work correctly in the corner case where you have one virtual network with few sub-networks and you are assigning these sub-networks as a network rules to your storage account. Hence the array passed to the lock method contains n-times strings with the same name (same strings). When this array goes to the mutex the first string is used to lock, the second string is used to lock etc. but at the end all the strings are the same and when the first unlock comes - everything is OK but when a second, third or what so ever unlock hits... dead lock there is nothing to unlock because the first unlock already used the string and it was removed and all other unlocks are trying to use something that simply does not exists. * **Resolution:** Check if there are subnets and attach them to the network name hence all the strings used to populate the array are unique and the lock-unlock problem is resolved.
closed by #5565 |
This has been released in version 1.44.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 1.44.0"
}
# ... other configuration ... |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
Community Note
Terraform (and AzureRM Provider) Version
Affected Resource(s)
azurerm_storage_account
Terraform Configuration Files
Debug Output
Recurring:
azurerm_storage_account.my_storage_azure: Still destroying... (ID: /subscriptions/<GUID>-...Microsoft.Storage/storageAccounts/test, 1h42m51s elapsed)
Trace Output
Recurring:
2020/01/17 12:05:07 [TRACE] dag/walk: vertex "output.my_storage_primary_file_endpoint (destroy)", waiting for: "output.my_storage_account_secondary_key (destroy)" 2020/01/17 12:05:07 [TRACE] dag/walk: vertex "output.my_storage_account_primary_key (destroy)", waiting for: "output.my_storage_account (destroy)" 2020/01/17 12:05:07 [TRACE] dag/walk: vertex "root", waiting for: "meta.count-boundary (count boundary fixup)" 2020/01/17 12:05:07 [TRACE] dag/walk: vertex "provider.azurerm (close)", waiting for: "azurerm_storage_account.my_storage_azure (destroy)" 2020/01/17 12:05:07 [TRACE] dag/walk: vertex "output.my_storage_account (destroy)", waiting for: "azurerm_storage_account.my_storage_azure (destroy)" 2020/01/17 12:05:07 [TRACE] dag/walk: vertex "meta.count-boundary (count boundary fixup)", waiting for: "output.my_storage_primary_file_endpoint (destroy)" 2020/01/17 12:05:07 [TRACE] dag/walk: vertex "output.my_storage_account_secondary_key (destroy)", waiting for: "output.my_storage_account_primary_key (destroy)" 2020/01/17 12:05:12 [TRACE] dag/walk: vertex "root", waiting for: "meta.count-boundary (count boundary fixup)" 2020/01/17 12:05:12 [TRACE] dag/walk: vertex "output.my_storage_primary_file_endpoint (destroy)", waiting for: "output.my_storage_account_secondary_key (destroy)" 2020/01/17 12:05:12 [TRACE] dag/walk: vertex "meta.count-boundary (count boundary fixup)", waiting for: "output.my_storage_primary_file_endpoint (destroy)" 2020/01/17 12:05:12 [TRACE] dag/walk: vertex "output.my_storage_account_primary_key (destroy)", waiting for: "output.my_storage_account (destroy)" 2020/01/17 12:05:12 [TRACE] dag/walk: vertex "provider.azurerm (close)", waiting for: "azurerm_storage_account.my_storage_azure (destroy)" 2020/01/17 12:05:12 [TRACE] dag/walk: vertex "output.my_storage_account (destroy)", waiting for: "azurerm_storage_account.my_storage_azure (destroy)" 2020/01/17 12:05:12 [TRACE] dag/walk: vertex "output.my_storage_account_secondary_key (destroy)", waiting for: "output.my_storage_account_primary_key (destroy)" azurerm_storage_account.my_storage_azure: Still destroying... (ID: /subscriptions/<GUID>...Microsoft.Storage/storageAccounts/test, 10s elapsed)
Panic Output
N/A
Expected Behavior
Destroy the storage account
Actual Behavior
Hangs forever and does not destroys the storage account
Steps to Reproduce
terraform apply
terraform destroy
Important Factoids
References
The text was updated successfully, but these errors were encountered: