Terraform-provider-azurerm: Error creating SQL Firewall Rule AlllowAzureServices - json: cannot unmarshal array into Go struct field serviceError2.details of type map[string]interface {}

Created on 8 Apr 2019  路  3Comments  路  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.11.11
+ provider.azurerm v1.24.0

Affected Resource(s)

  • "azurerm_sql_server
  • "azurerm_sql_database

Terraform Configuration Files

locals {
  tags = {
    ownerinfo            = "${var.ownerinfo}"
    costcenter           = "${var.costcenter}"
    deploymenttype       = "${var.deploymenttype}"
    notificationdistlist = "${var.notificationdistlist}"
    env_info             = "${var.environmentinfo}"
    application_name     = "${var.applicationname}"
    platform             = "${var.platform}"
  }
}

resource "azurerm_sql_server" "main" {
  name                         = "test-server-mysql-0001"
  resource_group_name          = "${var.resource_group_name}"
  location                     = "${var.deployment_location}"
  version                      = "12.0"
  administrator_login          = "XXXXXXXXXXXX"
  administrator_login_password = "XXXXXXXXXXXX"
  tags                         = "${local.tags}"
}

resource "azurerm_sql_firewall_rule" "main" {
  name                = "AlllowAzureServices"
  resource_group_name = "${var.resource_group_name}"
  server_name         = "${azurerm_sql_server.main.name}"
  start_ip_address    = "XXX.XXX.XXX.XXX/32"
  end_ip_address      = "XXX.XXX.XXX.XXX/32"
}

resource "azurerm_sql_database" "main" {
  name                             = "test-database-mysql-0001"
  resource_group_name              = "${var.resource_group_name}"
  location                         = "${var.deployment_location}"
  server_name                      = "${azurerm_sql_server.main.name}"
  edition                          = "Standard"
  requested_service_objective_name = "S1"
  tags                             = "${local.tags}"
  threat_detection_policy {
    state                      = "Enabled"
    email_addresses            = "${var.threat_email_notification}"
    storage_account_access_key = "${var.storage_account_primary_access_key}"
    storage_endpoint           = "${var.storage_account_primary_blob_endpoint}"
    retention_days             = "${var.threat_retention_logs}"
  }
}

Debug Output

Panic Output

2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: 2019/04/08 13:29:17 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX/resourceGroups/XXXXXXXXXXXX/providers/Microsoft.Sql/servers/test-server-mysql-0001/databases/test-database-mysql-0001/securityAlertPolicies/default?api-version=2014-04-01:
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: HTTP/2.0 504 Gateway Timeout
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: Content-Length: 141
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: Cache-Control: no-cache
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: Content-Type: application/json; charset=utf-8
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: Date: Mon, 08 Apr 2019 17:29:16 GMT
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: Expires: -1
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: Pragma: no-cache
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: Strict-Transport-Security: max-age=31536000; includeSubDomains
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: X-Content-Type-Options: nosniff
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: X-Ms-Correlation-Request-Id: ad932308-1e8e-4a77-bb0e-8079aa7de1a1
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: X-Ms-Failure-Cause: service
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: X-Ms-Request-Id: ad932308-1e8e-4a77-bb0e-8079aa7de1a1
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: X-Ms-Routing-Request-Id: CANADAEAST:20190408T172917Z:ad932308-1e8e-4a77-bb0e-8079aa7de1a1
2019-04-08T13:29:17.643-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4:
2019/04/08 13:33:17 [ERROR] root: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:

* azurerm_sql_database.main: Error setting database threat detection policy: sql.DatabaseThreatDetectionPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=504 -- Original Error: autorest/azure: Service returned an error. Status=504 Code="GatewayTimeout" Message="The gateway did not receive a response from 'Microsoft.Sql' within the specified time period."
2019/04/08 13:33:17 [ERROR] root: eval: *terraform.EvalSequence, err: 1 error(s) occurred:

* azurerm_sql_database.main: Error setting database threat detection policy: sql.DatabaseThreatDetectionPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=504 -- Original Error: autorest/azure: Service returned an error. Status=504 Code="GatewayTimeout" Message="The gateway did not receive a response from 'Microsoft.Sql' within the specified time period."
2019/04/08 13:33:17 [TRACE] [walkApply] Exiting eval tree: azurerm_sql_database.main
2019/04/08 13:33:18 [DEBUG] plugin: waiting for all plugin processes to complete...
2019-04-08T13:33:18.014-0400 [DEBUG] plugin.terraform-provider-azurerm_v1.24.0_x4: 2019/04/08 13:33:18 [ERR] plugin: plugin server: accept unix /var/folders/xl/562d600j12lbb1r359lz33vw0000gp/T/plugin753460389: use of closed network connection
2019-04-08T13:33:18.017-0400 [DEBUG] plugin: plugin process exited: path=/Users/XXXXXXXXXX/workarea/terraform/paas/terraform-azure-samples/examples/tf-sqldb/.terraform/plugins/darwin_amd64/terraform-provider-azurerm_v1.24.0_x4

Expected Behavior

It should create SQL Server + Database with correct configuration parameters provided

Actual Behavior

Terraform exits complaining on server timeout:

* azurerm_sql_firewall_rule.main: 1 error(s) occurred:

* azurerm_sql_firewall_rule.main: Error creating SQL Firewall Rule AlllowAzureServices (Resource Group XXXXXXXXXX, Server test-server-mysql-0001): sql.FirewallRulesClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: json: cannot unmarshal array into Go struct field serviceError2.details of type map[string]interface {}
* azurerm_sql_database.main: 1 error(s) occurred:

* azurerm_sql_database.main: Error setting database threat detection policy: sql.DatabaseThreatDetectionPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=504 -- Original Error: autorest/azure: Service returned an error. Status=504 Code="GatewayTimeout" Message="The gateway did not receive a response from 'Microsoft.Sql' within the specified time period."

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Steps to Reproduce

  1. terraform apply

Important Factoids

No

  • #0000
bug dependencies servicfirewall upstream-microsoft
Source
picture akamalov
👍5

Most helpful comment

Not a bug. API expects address only, not CIDR notation.
https://docs.microsoft.com/en-us/rest/api/sql/firewallrules/createorupdate

For my vars I use cidr notation for NSGs but strip away for sql firewall
start_ip_address = "${replace(var.whitemap["location1"], "/32", "")}" end_ip_address = "${replace(var.whitemap["location1"], "/32", "")}"

In my case, I am experiencing the same issue despite using IP addresses only.

picture nickpainter on 5 May 2020
👍12

All 3 comments

Not a bug. API expects address only, not CIDR notation.
https://docs.microsoft.com/en-us/rest/api/sql/firewallrules/createorupdate

For my vars I use cidr notation for NSGs but strip away for sql firewall
start_ip_address = "${replace(var.whitemap["location1"], "/32", "")}" end_ip_address = "${replace(var.whitemap["location1"], "/32", "")}"

cornebester picture cornebester on 13 Jun 2019

Not a bug. API expects address only, not CIDR notation.
https://docs.microsoft.com/en-us/rest/api/sql/firewallrules/createorupdate

For my vars I use cidr notation for NSGs but strip away for sql firewall
start_ip_address = "${replace(var.whitemap["location1"], "/32", "")}" end_ip_address = "${replace(var.whitemap["location1"], "/32", "")}"

In my case, I am experiencing the same issue despite using IP addresses only.

nickpainter picture nickpainter on 5 May 2020
👍12

I'm getting the same "GatewayTimeout" error while creating the threat detection policy. The following issue was closed despite there being no actual solution:

https://github.com/terraform-providers/terraform-provider-azurerm/issues/4590

Any updates to the threat detection problem?

real-oneill picture real-oneill on 18 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

whytoe picture whytoe  路  3Comments
MMollyy picture MMollyy  路  3Comments
tomasaschan picture tomasaschan  路  3Comments
rudolphjacksonm picture rudolphjacksonm  路  3Comments
rolandjohann picture rolandjohann  路  3Comments