terraform-provider-azurerm

terraform-provider-azurerm copied to clipboard

resolve #22992 resolve #19055 resolve #18897 resolve #15609 resolve #12627

May be solution for #20257

Added loop for reading blob, file, queue and static website properties with timeout 5 min for each service

log level INFO:

Plan: 1 to add, 0 to change, 0 to destroy.
2023-08-18T00:07:18.509+0200 [INFO]  provider: configuring client automatic mTLS
2023-08-18T00:07:18.532+0200 [INFO]  provider.terraform-provider-azurerm: configuring server automatic mTLS: timestamp=2023-08-18T00:07:18.532+0200
azurerm_storage_account.test: Creating...
azurerm_storage_account.test: Still creating... [10s elapsed]
azurerm_storage_account.test: Still creating... [20s elapsed]
2023-08-18T00:07:50.600+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:b0293f99-401e-0072-3f57-d110eb000000\nTime:2023-08-17T22:07:50.6104106Z": timestamp=2023-08-18T00:07:50.600+0200
2023-08-18T00:07:55.822+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:843d7103-601e-004a-5857-d1b42b000000\nTime:2023-08-17T22:07:55.8326890Z": timestamp=2023-08-18T00:07:55.822+0200
azurerm_storage_account.test: Still creating... [30s elapsed]
2023-08-18T00:08:01.040+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:caa0a015-a01e-009e-1357-d1047a000000\nTime:2023-08-17T22:08:01.0526371Z": timestamp=2023-08-18T00:08:01.040+0200
2023-08-18T00:08:06.281+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:4399273b-001e-0074-1357-d1d71a000000\nTime:2023-08-17T22:08:06.2927747Z": timestamp=2023-08-18T00:08:06.281+0200
azurerm_storage_account.test: Still creating... [40s elapsed]
2023-08-18T00:08:11.503+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:0b527d09-701e-0041-6857-d1bb0e000000\nTime:2023-08-17T22:08:11.5119259Z": timestamp=2023-08-18T00:08:11.503+0200
2023-08-18T00:08:16.716+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:ff9f3cd8-c01e-007b-0a57-d1a176000000\nTime:2023-08-17T22:08:16.7411096Z": timestamp=2023-08-18T00:08:16.715+0200
azurerm_storage_account.test: Still creating... [50s elapsed]
2023-08-18T00:08:21.953+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:72e2f39d-b01e-0031-6d57-d1864b000000\nTime:2023-08-17T22:08:21.9672107Z": timestamp=2023-08-18T00:08:21.952+0200
azurerm_storage_account.test: Still creating... [1m0s elapsed]
2023-08-18T00:08:27.185+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:36183d5e-701e-0001-3f57-d13884000000\nTime:2023-08-17T22:08:27.1972534Z": timestamp=2023-08-18T00:08:27.185+0200
2023-08-18T00:08:32.393+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:fd18ddec-e01e-0061-1557-d1441b000000\nTime:2023-08-17T22:08:32.4046359Z": timestamp=2023-08-18T00:08:32.392+0200
azurerm_storage_account.test: Still creating... [1m10s elapsed]
2023-08-18T00:08:37.621+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:93b2abba-801e-0052-1657-d16b4c000000\nTime:2023-08-17T22:08:37.6313915Z": timestamp=2023-08-18T00:08:37.620+0200
2023-08-18T00:08:42.855+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:e089e35e-b01e-0059-7157-d19027000000\nTime:2023-08-17T22:08:42.8631422Z": timestamp=2023-08-18T00:08:42.855+0200
azurerm_storage_account.test: Still creating... [1m20s elapsed]
2023-08-18T00:08:48.069+0200 [INFO]  provider.terraform-provider-azurerm: refreshing static website properties Storage Account (Subscription: "d8714754-66ff-4440-8712-570f2c86ef2b"
Resource Group Name: "azurerm-resources"
Storage Account Name: "storageaccountnamex"): accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The specified resource does not exist.\nRequestId:f0f1df6d-f01e-0058-7557-d1cffb000000\nTime:2023-08-17T22:08:48.0801024Z": timestamp=2023-08-18T00:08:48.069+0200
azurerm_storage_account.test: Creation complete after 1m26s [id=/subscriptions/d8714754-66ff-4440-8712-570f2c86ef2b/resourceGroups/azurerm-resources/providers/Microsoft.Storage/storageAccounts/storageaccountnamex]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Hi @magodo if you would like to format the INFO log messages, please let me know. Thank you

Hi @petr-stupka, thank you for this PR! For the retrying logic, can we use the pluginsdk.StateChangeConf instead of hardcoding those values, an example can be found at https://github.com/hashicorp/terraform-provider-azurerm/blob/fe7093c14e3be751ee33a24311a4e041cabd3894/internal/services/compute/dedicated_host_resource.go#L287-L294

Hi @magodo, pluginsdk.StateChangeConf make sense. I wasn't aware about it.

In one of my test, two endpoints took time to get available, so that looks good

Hi @petr-stupka, thanks for pushing those changes. I have left a few more comments and I don't think that the resourceStorageAccountRead function is the correct place for doing these waits. I think it would be much better if you could relocate that logic to the bottom of resourceStorageAccountCreate and the resourceStorageAccountUpdate functions, if it makes sense to put it in the update function.

Hi @WodansSon, thanks for the review

here i'm not sure, both functions resourceStorageAccountCreate and resourceStorageAccountUpdate return resourceStorageAccountRead function

return resourceStorageAccountRead(d, meta)

Reading storage service properties logic been already in resourceStorageAccountRead (i've extended it with the loop/wait func). Function resourceStorageAccountCreate read account properties and static website properties. Function resourceStorageAccountUpdate read account and service properties, however the issue is only during create operation on the resource (DNS propagation delay)

Option 1) If the resourceStorageAccountRead place is a option then @magodo was right, i've adjusted timeout to pluginsdk.TimeoutRead instead of pluginsdk.TimeoutCreate

stateConf := &pluginsdk.StateChangeConf{
   ...
   Timeout:    d.Timeout(pluginsdk.TimeoutRead)
}

Also reading of service properties in the resourceStorageAccountUpdate can be removed if it will be handled in resourceStorageAccountRead function

Option 2) If the resourceStorageAccountRead is not the correct place, it is possible to change the logic, i would just need to rework the existing code a bit more

Please let me know your toughs

Hi @petr-stupka,

here i'm not sure, both functions resourceStorageAccountCreate and resourceStorageAccountUpdate return resourceStorageAccountRead function

Yes, that is correct, that is where we refresh the state file with the current configuration of the resources in Azure. Read also gets called during import, which is why I was a bit leery about putting that logic in the read function. I am not really sure where it should go to be honest, but my gut it telling me it makes more sense to live in the Create function. Let me ask some folks in our slack channel about this and I will get back to you. 🙂

Hi @WodansSon

I am not really sure where it should go to be honest, but my gut it telling me it makes more sense to live in the Create function. Let me ask some folks in our slack channel about this and I will get back to you. 🙂

You right. I've tested it with full resource config. If the endpoint is not available during resourceStorageAccountCreate the function will fail, because it can not set the properties.

So i've wrapped the .SetServiceProperties and .UpdateServiceProperties methods with the &pluginsdk.StateChangeConf helper and seems to me it is working.

I would suggest to keep the same in the resourceStorageAccountRead in case of someone will use anything else, i.e local-exec to create storage account, the functions will make sure all services are available.

In resourceStorageAccountUpdate i do not think the issue will happen here, because of the error will happen only when the storage account is (re)created

Please take a look and let me know

Hi @WodansSon do you think you guys would be able to review it before new release tomorrow?

Hi @tombuildsstuff not sure if request review will send notification or i should mention you to inform you about the PR ready to review

@WodansSon, @tombuildsstuff and @magodo we also have this problem that we can't create or recreate storage accounts. Do you have any timeframe in when this bug is fixed?

@petr-stupka I have raised your question on our internal slack channel, so your ask is now on his radar 🙂

Hi @tombuildsstuff not sure if request review will send notification or i should mention you to inform you about the PR ready to review

Hi @petr-stupka, thank you for pushing that change, however on my second look at the updated code, I noticed that you still have the pluginsdk.StateChangeConf in the resourceStorageAccountRead function. IIRC that is not allowed in the provider, is there a way you can isolate that functionality to just the resourceStorageAccountCreate function?

Hi @WodansSon

... is there a way you can isolate that functionality to just the resourceStorageAccountCreate function?

In the resourceStorageAccountCreate function is the logic i mentioned in https://github.com/hashicorp/terraform-provider-azurerm/pull/23002#discussion_r1314298344

if val, ok := d.GetOk("blob_properties"); ok {
  if !supportLevel.supportBlob {
	  return fmt.Errorf("`blob_properties` aren't supported for account kind %q in sku tier %q", accountKind, accountTier)
  }
  polling set function...
  ...

I can try to modify resourceStorageAccountCreate to something like

If supportLevel.supportBlob then wait for endpoint to become available using "get" function

if supportLevel.supportBlob {
  blobClient := storageClient.BlobServicesClient
  var blobProps storage.BlobServiceProperties

  // wait for blob service endpoint to become available
  log.Printf("[DEBUG] waiting for %s blob service to become available", *id)
  deadline, ok := ctx.Deadline()
  if !ok {
    return fmt.Errorf("internal-error: context had no deadline")
  }
  stateConf := &pluginsdk.StateChangeConf{
	Pending: []string{"Pending"},
	Target:  []string{"Available"},
	Refresh: func() (interface{}, string, error) {
		blobProps, err = blobClient.GetServiceProperties(ctx, id.ResourceGroupName, id.StorageAccountName)
		if err != nil {
			return handleStorageServiceError("blob", "creating", err)
		}
		return blobProps, "Available", nil
	},
	MinTimeout: 10 * time.Second,
	Timeout:    time.Until(deadline),
}

if val, ok := d.GetOk("blob_properties"); ok {
  if !supportLevel.supportBlob {
	  return fmt.Errorf("`blob_properties` aren't supported for account kind %q in sku tier %q", accountKind, accountTier)
  }
  ...

Then also we do not need the polling in the "set" function.

Or do you think there can be different logic implemented?

Hi @WodansSon, please check this version

Is there any progress in this matter? We're looking really forward to an fix for this issue. We would like to replace a bunch of storage accounts for the same storage accounts with infrastructure encryption enabled, but like to minimize impact by re-using the storage account names.

Hi @petr-stupka, it appears that we cannot have the pluginsdk.StateChangeConf in the Read functions at all. Perhaps @tombuildsstuff can explain this further. Sorry about the delay 🙁

Hi @WodansSon yes i got it. I changed the code so now the polling is only in the create function. Or i didn't get it? 😀

Hi @petr-stupka, no worries... we have not forgotten about this we are currently discussing the PR internally and will address it shortly, sorry for the delay or lack of communication to that effect, but we are looing at this... 🙂

Hi @tombuildsstuff

sorry for the delay, i reviewed your suggested changes, i would like to ask for confirmation the error handling is not required. See https://github.com/hashicorp/terraform-provider-azurerm/pull/23002#discussion_r1334207708

@petr-stupka, I have brought this up in our sync, we will get to it asap 🙂

Hi @WodansSon just a kindly reminder

@petr-stupka Has there been any further progress in getting this PR merged? @WodansSon

Hi guys @magodo @WodansSon can you please let me know how to proceed with the PR? Should i modify it like @tombuildsstuff proposed please?

Hi @magodo @WodansSon do you think we can make a progress on this? AS i said i can do what Tom requested or adjust it with the error handling described above

@petr-stupka I've ping tom and hopefully he'll look at that comment when he has bandwidth.

This PR is being labeled as "stale" because it has not been updated for 30 or more days.

If this PR is still valid, please remove the "stale" label. If this PR is blocked, please add it to the "Blocked" milestone.

If you need some help completing this PR, please leave a comment letting us know. Thank you!

hey @petr-stupka

Thanks for this PR and apologies for the delayed review/response here.

There’s been a number of changes to the Storage resources since this PR was first opened, namely the Data Plane SDK and it’s base layer have been updated to make use of hashicorp/go-azure-sdk’s base layer rather than Azure/go-autorest (in addition to some other changes to the resource).

Since this PR is currently relying on the error behaviour of the older base layer, the logic in this PR would need adapting to account for that - however there’s also some larger changes needed for the Storage Account resource as a part of moving it to hashicorp/go-azure-sdk.

I’ve recently been looking into porting the remaining Storage resources over to using hashicorp/go-azure-sdk instead of Azure/azure-sdk-for-go and have opened #26218 which does this.

Whilst I took a look into updating this PR to account for that work, when I pulled this down locally to test/reproduce this, I realised the test case doesn’t recreate the Storage Account at present and as such it would also require updating.

As such I ended up including a fix for #22992 in #26218 - which both updates this logic to use the new base layer (and the custompollers that we’re now using, which are what hashicorp/go-azure-sdk exposes) - and updates the test to ensure that we’re deleting and recreating the same Storage Account in the same region.

As such whilst I’d like to thank you for this contribution and apologise that this PR has been sitting for a while - I hope you don’t mind but I’m going to close this PR in favour of #26218 which incorporates a fix for #22992.

Thanks!

Cool, i don't mind closing this PR, important is the bug has been fixed! Thank you for the update!

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.