terraform-provider-azurerm
terraform-provider-azurerm copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
Cannot destroy, planing after create container, share in private storage account
Is there an existing issue for this?
- [X] I have searched the existing issues
Community Note
- Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
1.2.9
AzureRM Provider Version
3.24.0
Affected Resource(s)/Data Source(s)
azurerm_storage_account, azurerm_storage_container, azurerm_storage_account_network_rules
Terraform Configuration Files
##Storage Account
resource "azurerm_storage_account" "storage_account_function" {
name = "funapstoragename"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
account_tier = "Standard"
account_replication_type = "LRS"
allow_nested_items_to_be_public = false
}
resource "azurerm_storage_container" "blob_containers-function" {
name = "containername"
storage_account_name = azurerm_storage_account.storage_account_function.name
container_access_type = "private"
}
# resource "azurerm_storage_share" "storage_account_function-file_share" {
# name = "fileshare"
# storage_account_name = azurerm_storage_account.storage_account_function.name
# quota = 5120
# access_tier = "TransactionOptimized"
# }
# resource "azurerm_private_endpoint" "st_pe" {
# count = length(local.private_dns_zones)
# name = "pep-${azurerm_storage_account.storage_account_function.name}-${local.private_dns_zones[count.index].subresource}"
# location = azurerm_resource_group.rg.location
# resource_group_name = azurerm_resource_group.rg.name
# subnet_id = azurerm_subnet.sn-private_endpoints.id
# private_service_connection {
# name = "psc-${azurerm_storage_account.storage_account_function.name}-${local.private_dns_zones[count.index].subresource}"
# private_connection_resource_id = azurerm_storage_account.storage_account_function.id
# subresource_names = ["${local.private_dns_zones[count.index].subresource}"]
# is_manual_connection = false
# }
# private_dns_zone_group {
# name = "default"
# private_dns_zone_ids = [local.private_dns_zones[count.index].id]
# }
# }
resource "azurerm_storage_account_network_rules" "storage_account_function-network" {
storage_account_id = azurerm_storage_account.storage_account_function.id
default_action = "Deny"
ip_rules = []
virtual_network_subnet_ids = []
bypass = ["AzureServices"]
depends_on = [
# azurerm_storage_share.storage_account_function-file_share,
azurerm_storage_container.blob_containers-function
]
}
Debug Output/Panic Output
Error: retrieving Container "containername" (Account "funapstoragename" / Resource Group "kob-dev-rg"): containers.Client#GetProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:b60e5afd-001e-0018-1e13-cf8c92000000\nTime:2022-09-23T06:13:53.8470839Z"
Expected Behaviour
Everything still works fine when creating the resource. However, after the Storage Account is private, I cannot destroy and plan resources. I think the reason is that the terraform is executing at the local-backend. If creating azurerm_storage_container using CLI, this problem can be solved. Is there any solution for this problem? (I don't want to add my_ip at ip_rules ) Thanks !!
Actual Behaviour
No response
Steps to Reproduce
No response
Important Factoids
No response
References
No response
