Terraform-provider-azurerm: azurerm_security_center_workspace failed after 30m timeout
azurerm_security_center_workspace failed after 30m timeout
I am creating two azurerm_security_center_workspace in each run, each one is being created in a separate resource group and unique name.
module.omsla.azurerm_security_center_workspace.omssc: Still creating... [29m50s elapsed]
module.omsla.azurerm_security_center_workspace.omssc: Still creating... [30m0s elapsed]
Error: Error waiting: timeout while waiting for state to become 'Populated' (last state: 'Waiting', timeout: 30m0s)
on ../../resources/oms/oms_main.tf line 24, in resource "azurerm_security_center_workspace" "omssc":
24: resource "azurerm_security_center_workspace" "omssc" {
I suspect the Refresh function here https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/securitycenter/resource_arm_security_center_workspace.go#L115
Also the api version is 1.0 https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/securitycenter/resource_arm_security_center_workspace.go#L8 while v3.0 is available https://github.com/Azure/azure-sdk-for-go/tree/master/services/preview/security/mgmt/v3.0/security
I think the workspace ID and everything is populated but terraform don't don't get it not sure why! may be I am wrong...
Any idea how can I get around this problem ?
Community Note
- Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and AzureRM Provider) Version 1.40.0
Affected Resource(s)
azurerm_security_center_workspace
Terraform Configuration Files
# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
resource "azurerm_log_analytics_workspace" "omsla" {
name = var.res_omsla_name
location = var.res_location
resource_group_name = var.res_omsla_rg_name
retention_in_days = var.res_omsla_retention_days
sku = var.res_omsla_sku
tags = var.res_tags
lifecycle {
ignore_changes = [
name
]
}
}
resource "azurerm_security_center_subscription_pricing" "omssc-pricing" {
tier = "Standard"
}
resource "azurerm_security_center_workspace" "omssc" {
scope = "/subscriptions/${var.res_subscription_id}"
workspace_id = azurerm_log_analytics_workspace.omsla.id
depends_on = [
azurerm_security_center_subscription_pricing.omssc-pricing,
azurerm_log_analytics_workspace.omsla
]
}
Debug Output
Panic Output
module.omsla.azurerm_security_center_workspace.omssc: Still creating... [29m50s elapsed]
module.omsla.azurerm_security_center_workspace.omssc: Still creating... [30m0s elapsed]
Error: Error waiting: timeout while waiting for state to become 'Populated' (last state: 'Waiting', timeout: 30m0s)
on ../../resources/oms/oms_main.tf line 24, in resource "azurerm_security_center_workspace" "omssc":
24: resource "azurerm_security_center_workspace" "omssc" {
Expected Behavior
module.omsla.azurerm_security_center_workspace.omssc: Still creating... [15m0s elapsed]
module.omsla.azurerm_security_center_workspace.omssc: Creation complete after 15m5s [id=/subscriptions/xxxx-xxxx-xxxx-xxxx-xxx0003a96/providers/Microsoft.Security/workspaceSettings/default]
Apply complete! Resources: 8 added, 0 changed, 0 destroyed.
Actual Behavior
Steps to Reproduce
terraform apply
Important Factoids
References
- I suspect the Refresh function here https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/securitycenter/resource_arm_security_center_workspace.go#L115
Also the api version is 1.0 https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/internal/services/securitycenter/resource_arm_security_center_workspace.go#L8 while v3.0 is available https://github.com/Azure/azure-sdk-for-go/tree/master/services/preview/security/mgmt/v3.0/security
- #0000
szaher
All 2 comments
Hi, I recognised this bug too. When I use the azurerm_security_center_workspace resource I'm able to assign a workspace to the "default" security center workspace settings with Terraform. But after a Terraform destroy the creation process of the azurerm_security_center_workspace ends with a timeout and Terraform isn't able to finished the job anymore. After that I need set the default security center workspace settings by the Azure cli client tools. I could reproduce this behaviour in multiple subscriptions.
This issue can't be fixed by removing the settings manually (azure cli) or via Web gui.
r0b2g1t
on 12 May 2020
I'm also struggling with this, when I'm bootstrapping new subscriptions and the security center is one of the resources. Sometimes the workspace creation succeeds after 30, 45 or 75 minutes but this is incredibly inconsistent. For me, terraform destroy works sometimes just fine but if I would like to change variables involved with ASC, the workspace just gets stuck for no obvious reason.
anttipo
on 9 Aug 2020
Related issues
mlazowik
路
3Comments
jansepke
路
3Comments
sam-cogan
路
3Comments
bentterp
路
3Comments
whytoe
路
3Comments