Terraform-provider-azurerm: Terraform

The error relates to Azure Resource Providers in the Subscription you are trying to deploy resources to.
Here is a link to the Azure docs on them: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-supported-services

So... This error indicates that either the resource providers you are attempting to use (because you are deploying something that provider covers), is not enabled AND you don't have the authority to enable it... OR you don't have the authority to SEE the provider status, AND don't have the authority to enable it. I'd talk to whom ever your admin is for that subscription, or use an account with the Access rights to enable providers (which by default I believe is covered under Contributor or Owner).

I've occasionally seen provider registration errors as an indicator of a more general authorization error. If you're using service principle credentials, try re-generating your secret key - or check that the Azure AD application entity has the appropriate authorization scope on the subscription you're working with.

I am seeing the exact same error.

But using azurerm version 1.25, I can run both plan and apply.
The error only comes when using 1.26+

@ReddyMalathi can you try adding this in your provider clause?

provider "azurerm" {
  version = ">= 1.25, < 1.26"
}

I have locked the version, - and now I need features from 1.28...

@runecalico this is the only change I need to make to get the error to disappear. So I guess it's a bug introduced in 1.26...

@ReddyMalathi I think I've found a fix.

My scenario is that I have a service principal, which does not have owner privileges.

provider "azurerm" {
  skip_provider_registration = true
}

The docs can be found here: https://www.terraform.io/docs/providers/azurerm/index.html#skip_provider_registration

hi @ReddyMalathi

Thanks for opening this issue :)

Azure's concept of a Resource Provider requires that the Resource Provider is registered before any API's within that Resource Provider can be called. As such, rather than failing during an API call / to improve the user experience Terraform automatically attempts to register any Resource Providers that it supports by default - to ensure that the API's are available when they're needed; and since this list is stored within Terraform, we extend this list from time to time as Terraform is updated to support new functionality (provided in new Resource Providers).

If you'd prefer to manage Resource Provider Registration outside of Terraform (for example you're running in a restricted environment) - it's possible to opt-out of this behaviour by setting this field in the Provider block (as @fracklen has mentioned above).

Since this is working as intended I'm going to close this issue for the moment - but please let us know if disabling this functionality doesn't work for you and we'll take another look.

Thanks!

@tombuildsstuff, I agree that it is working a intended.

Is it possible to check if we have the privileges?

Could we improve the error message?

For instance - if provider registration fails, provide a link to docs about the flag for disabling it?

@fracklen in general limiting access to a Resource Providers is likely to be done by more advanced users who should be able to determine that from the error.

As such whilst I agree there’s a potential UX improvement we could make here I don’t think this is something we should do here (in addition these flags are called out in the documentation as intended for advanced users/scenarios, since the API error messages are harder to diagnose when this flag is enabled).

I partially agree.

If you have a rather large setup, limiting access will be done by the
experienced users. And then they will create a limited service principal
and provide that to more inexperienced users.
That was my use case, and it still required me to read through the source
code to find the fix.

fre. d. 31. maj 2019 22.08 skrev Tom Harvey notifications@github.com:

@fracklen https://github.com/fracklen in general limiting access to a
Resource Providers is likely to be done by more advanced users who should
be able to determine that from the error.

As such whilst I agree there’s a potential UX improvement we could make
here I don’t think this is something we should do here (in addition these
flags are called out in the documentation as intended for advanced
users/scenarios, since the API error messages are harder to diagnose when
this flag is enabled).

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/terraform-providers/terraform-provider-azurerm/issues/3534?email_source=notifications&email_token=AAUUZENZH4JX6NGN4MOXJOLPYGATBA5CNFSM4HQCHVM2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWWH65I#issuecomment-497844085,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAUUZENBA5HIYPC6LL4MDHDPYGATBANCNFSM4HQCHVMQ
.

I am seeing the exact same error.

But using azurerm version 1.25, I can run both plan and apply.
The error only comes when using 1.26+

@ReddyMalathi can you try adding this in your provider clause?

provider "azurerm" {
  version = ">= 1.25, < 1.26"
}

I have locked the version, - and now I need features from 1.28...

@runecalico this is the only change I need to make to get the error to disappear. So I guess it's a bug introduced in 1.26...

Thank you so much @runecalico ... it worked....

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!