Terraform-provider-azurerm: Not able to create Azure Container Storage after creating an Account Storage having network Rules

Created on 4 Sep 2019  ·  6Comments  ·  Source: terraform-providers/terraform-provider-azurerm

_This issue was originally opened by @Imed-Eden as hashicorp/terraform#22674. It was migrated here as a result of the provider split. The original body of the issue is below._

Hello,

We are trying to create a simple account storage that hosts a container that will have a blog storage in Azure.

Here is the Terraform template we are using :

resource "azurerm_resource_group" "test" {
  name     = "testRep"
  location = "France Central"

  tags = {
    environment = "Production"
  }
}


resource "azurerm_virtual_network" "test" {
  name                = "testVirtualNetwork"
  address_space       = ["10.0.0.0/16"]
  location            = "France Central"
  resource_group_name = "${azurerm_resource_group.test.name}"
}

resource "azurerm_subnet" "test" {
  name                 = "testsubnet"
  resource_group_name  = "${azurerm_resource_group.test.name}"
  virtual_network_name = "${azurerm_virtual_network.test.name}"
  address_prefix       = "10.0.1.0/24"
  service_endpoints    = ["Microsoft.Sql", "Microsoft.Storage"]
}


resource "azurerm_storage_account" "test" {
  name                     = "acctestaccsimedxy"
  resource_group_name      = "${azurerm_resource_group.test.name}"
  location                 = "France Central"
  account_tier             = "Standard"
  account_replication_type = "LRS"

  network_rules {
    default_action             = "Deny"
    ip_rules                   = ["Z.C.Y.X"]
    virtual_network_subnet_ids = ["${azurerm_subnet.test.id}"]
  }


}

resource "azurerm_storage_container" "test" {
  name                  = "vhds"
  resource_group_name   = "${azurerm_resource_group.test.name}"
  storage_account_name  = "${azurerm_storage_account.test.name}"
  container_access_type = "private"
}

resource "azurerm_storage_blob" "test" {
  name = "sample.vhd"

  resource_group_name    = "${azurerm_resource_group.test.name}"
  storage_account_name   = "${azurerm_storage_account.test.name}"
  storage_container_name = "${azurerm_storage_container.test.name}"

  type = "page"
  size = 5120
}

When we deploy :

Resource Group, Vnet, subnet and the account storage seem to be created. However we got the following issue when it comes to the container:

Error:

Error creating Container "vhds" (Account "acctestaccsimedxy" / Resource Group "testRep"): containers.Client#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: error response cannot be parsed: "\ufeffAuthorizationFailureThis request is not authorized to perform this operation.\nRequestId:fcffbee4-401e-003a-6e3c-623125000000\nTime:2019-09-03T09:50:06.3668591Z" error: invalid character 'ï' looking for beginning of value

Terraform (and AzureRM Provider) Version:**

We upgraded terraform : Terraform v0.12.7

  • provider.azurerm v1.33.1

What is the matter? Can you please help us

bug duplicate servicstorage
Source
picture hashibot[bot]

All 6 comments

hi @Imed-Eden

Thanks for opening this issue :)

Taking a look through this appears to be a duplicate of #2977 - rather than having multiple issues open tracking the same thing I'm going to close this issue in favour of that one; would you mind subscribing to #2977 for updates?

Thanks!

tombuildsstuff picture tombuildsstuff on 4 Sep 2019
👍1

Thank you Tom for your feedback.

However the solution in #2977 is a workaround based on ARM that is called by Terraform. It is not a full solution based on Terraform.

We do not want to mix things up. Why Terraform is not able to deploy a container after creating a secured account storage using network rules in Azure knowing that it is doable from the portal?

Thank you in advance :)

Imed-Eden picture Imed-Eden on 4 Sep 2019

@Imed-Eden network rules require a different API to be used (the ARM API's rather than the Data Plane API's) - as such that feature request is being tracked in #2977 :)

tombuildsstuff picture tombuildsstuff on 4 Sep 2019
👍1

All right! Seems clearer right now. I appreciate your help 👍
Thanks again :)

Imed-Eden picture Imed-Eden on 4 Sep 2019

This has been released in version 1.34.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 1.34.0"
}
# ... other configuration ...
hashibot[bot] picture hashibot[bot] on 18 Sep 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 29 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tomasaschan picture tomasaschan  ·  3Comments
mlazowik picture mlazowik  ·  3Comments
pdeva picture pdeva  ·  3Comments
hashibot picture hashibot  ·  3Comments
MMollyy picture MMollyy  ·  3Comments