Terraform-provider-azurerm: Error reading queue properties for AzureRM Storage Account

Created on 2 Aug 2019  ·  11Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.12.6

  • provider.azurerm v1.32.1
  • provider.null v2.1.2
  • provider.random v2.1.2

Affected Resource(s)

  • azurerm_storage_account

Terraform Configuration Files

resource "random_string" "appgateway_storageid" {
  length  = 8
  special = false
  upper   = false
  number  = true
}

resource "azurerm_storage_account" "appgateway_storage" {
  name                      = "${var.env}appgwlogs${random_string.appgateway_storageid.result}"
  resource_group_name       = "${azurerm_resource_group.appgateway.name}"
  location                  = "${var.location}"
  account_tier              = "${var.storage_tier}"
  account_replication_type  = "${var.storage_replication}"
  enable_https_traffic_only = "${var.storage_https_only}"
}

Debug Output

Panic Output

Expected Behavior

Terraform should successfully plan

Actual Behavior

During a terraform plan using provider version v1.32.1 or v1.32.0 the following error is thrown

Error: Error reading queue properties for AzureRM Storage Account "removed": azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://removed.queue.core.windows.net?comp=properties&restype=service: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":{"code":"invalid_request","message":"No token found for audience https://storage.azure.com/"}}

Steps to Reproduce

  1. terraform plan

Important Factoids

If i downgrade the provider to v1.31.0 everything works as normal. If i upgrade to v1.32.0 or v1.32.1 then the error occurs

References

  • #0000
bug regression servicstorage
Source
picture mattbowes
👍25

Most helpful comment

This script doesn't work with every single provider version 1.28 and up on an MS internal account or a pay as you go account.

provider "azurerm" {
version = ">= 1.32"
}
terraform {
required_version = ">= 0.12"
}
resource "random_string" "id" {
length = 6
upper = false
lower = true
special = false
}
resource "azurerm_resource_group" "resgroup" {
name = "resgroup"
location = "northeurope"
}
resource "azurerm_storage_account" "storage" {
name = "storage${random_string.id.result}"
resource_group_name = "${azurerm_resource_group.resgroup.name}"
location = "${azurerm_resource_group.resgroup.location}"
account_tier = "Standard"
account_replication_type = "LRS"
}

picture danvy on 4 Aug 2019
👍2

All 11 comments

This script doesn't work with every single provider version 1.28 and up on an MS internal account or a pay as you go account.

provider "azurerm" {
version = ">= 1.32"
}
terraform {
required_version = ">= 0.12"
}
resource "random_string" "id" {
length = 6
upper = false
lower = true
special = false
}
resource "azurerm_resource_group" "resgroup" {
name = "resgroup"
location = "northeurope"
}
resource "azurerm_storage_account" "storage" {
name = "storage${random_string.id.result}"
resource_group_name = "${azurerm_resource_group.resgroup.name}"
location = "${azurerm_resource_group.resgroup.location}"
account_tier = "Standard"
account_replication_type = "LRS"
}

danvy picture danvy on 4 Aug 2019
👍2

This script doesn't work with every single provider version 1.28 and up on an MS internal account or a pay as you go account.

provider "azurerm" {
version = ">= 1.32"
}
terraform {
required_version = ">= 0.12"
}
resource "random_string" "id" {
length = 6
upper = false
lower = true
special = false
}
resource "azurerm_resource_group" "resgroup" {
name = "resgroup"
location = "northeurope"
}
resource "azurerm_storage_account" "storage" {
name = "storage${random_string.id.result}"
resource_group_name = "${azurerm_resource_group.resgroup.name}"
location = "${azurerm_resource_group.resgroup.location}"
account_tier = "Standard"
account_replication_type = "LRS"
}

It works for me with Azurerm provider 1.31 and crashes with azurerm provider version >=1.32

squasta picture squasta on 5 Aug 2019

hi @mattbowes

Thanks for opening this issue.

So that we can take a look into this would it be possible to know which authentication method you're using?

Thanks!

tombuildsstuff picture tombuildsstuff on 7 Aug 2019

hi @mattbowes

Thanks for opening this issue.

So that we can take a look into this would it be possible to know which authentication method you're using?

Thanks!

Same issue at me using azure cli authentication.

deaksa picture deaksa on 7 Aug 2019
👍1

hi @mattbowes

Thanks for opening this issue.

So that we can take a look into this would it be possible to know which authentication method you're using?

Thanks!

I am running this in the Azure Cloud Shell. Terraform authenticates automatically

mattbowes picture mattbowes on 7 Aug 2019

hi @mattbowes

Thanks for opening this issue.

So that we can take a look into this would it be possible to know which authentication method you're using?

Thanks!

I have the same issue using Bash in Azure Cloud Shell.

This is the error message returned in my case

Error reading queue properties for AzureRM Storage Account "mystorageaccount": azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://mystorageaccount.queue.core.windows.net?comp=properties&restype=service: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":{"code":"invalid_request","message":"No token found for audience https://storage.azure.com/"}}

Just to confirm, I can get is to work if I declare the older version

provider "azurerm" {
  version = "= 1.31.0"
}
robdavey555 picture robdavey555 on 9 Aug 2019

Experienced the same behavior. Client is Ubuntu WSL. Authentication is via Azure CLI. Downgrading to azurerm provider v1.31.0 resolved the issue.

doherty100 picture doherty100 on 12 Aug 2019

+1 same issue here (internal MS subscription) while following https://azurecitadel.com/automation/terraform/lab1/

Pinning to 1.31 solves the issue

`provider "azurerm" {
Provider
version = "=1.31"
}

resource "azurerm_resource_group" "lab1" {
name = "terraform-lab1"
location = "West Europe"

tags = {
environment = "training"
}
}

resource "azurerm_storage_account" "lab1sa" {
name = "magarciastor2345tf"
resource_group_name = "${azurerm_resource_group.lab1.name}"
location = "westeurope"
account_tier = "Standard"
account_replication_type = "LRS"
}`

marcosgm picture marcosgm on 13 Aug 2019

Bump. Is this getting resolved? Seems like a pretty fundamental regression gap.

jnevins-gcm picture jnevins-gcm on 15 Aug 2019

This has been released in version 1.33.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 1.33.0"
}
# ... other configuration ...
hashibot[bot] picture hashibot[bot] on 22 Aug 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 16 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tomasaschan picture tomasaschan  ·  3Comments
voyera picture voyera  ·  3Comments
bentterp picture bentterp  ·  3Comments
Lachlan-White picture Lachlan-White  ·  3Comments
akamalov picture akamalov  ·  3Comments