Terraform-provider-azurerm: Permission Error while getting blob service properties

Created on 24 Feb 2020  ·  11Comments  ·  Source: terraform-providers/terraform-provider-azurerm

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

This is a minimum repo.

Terraform (and AzureRM Provider) Version

Terraform v0.12.21
+ provider.azurerm v2.0.0
+ provider.random v2.2.1

Affected Resource(s)

azurerm_storage_account

Terraform Configuration Files

terraform {
  required_providers {
    azurerm = "= 2.0.0"
    random  = "= 2.2.1"
  }
  required_version = ">= 0.12, < 0.13, < 1.0"
}

provider "azurerm" {
  version = "=2.0.0"
  features {}
}

resource "random_string" "storage_account" {
  length = 16
  special = false
  upper = false
}

resource "azurerm_resource_group" "shared_infrastructure" {
  name = "storage-account-rg"
  location = "canadacentral"
}

resource "azurerm_storage_account" "shared_infrastructure" {
  name = random_string.storage_account.result
  resource_group_name = azurerm_resource_group.shared_infrastructure.name
  location = azurerm_resource_group.shared_infrastructure.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

Debug Output

gist: https://gist.github.com/DSakura207/cc3031461e0af57b423800e18b8f9ab2

See line 4142 - end. Some info are removed due to privacy.

Panic Output

Expected Behavior

Terraform created resources and successfully exits.

Actual Behavior

Storage account is created but terraform throws an error.

Error: Error reading static website for AzureRM Storage Account "eyaggvv6ufy6qsoo": accounts.Client#GetServiceProperties
: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403
 Code="AuthorizationPermissionMismatch" Message="This request is not authorized to perform this operation using this per
mission.\nRequestId:0bbd63b7-201e-001a-0c53-eb19ce000000\nTime:2020-02-24T20:46:46.6855079Z"

  on main.tf line 25, in resource "azurerm_storage_account" "shared_infrastructure":
  25: resource "azurerm_storage_account" "shared_infrastructure" {

Steps to Reproduce

  1. terraform apply

Important Factoids

References

  • #0000
picture DSakura207
👍5

Most helpful comment

I have hit the same issue as well. @tombuildsstuff Can we please reopen this issue?

picture rohrerb on 6 Mar 2020
👍3

All 11 comments

It seems my subscription has some issues, a support request is sent to Microsoft.
Close it for now.

DSakura207 picture DSakura207 on 25 Feb 2020

I've faced absolutely the same issue after upgrade to azurerm v2.0.
@DSakura207 did you manage to resolve it?

AGovorukha picture AGovorukha on 27 Feb 2020

Yes, but in a strange way. I rebooted my PC, switched elevated access (I am global administrator) and refreshed my azure cli login. It seems that if you cannot get an access token to your subscription by "az account get-access-token", you need to refresh your azure session by following the instructions in error message.

OMG, Windows Mail completed messed up the reply. I edited it, if you are seeing strange CSS blocks, please kindly ignore them.

DSakura207 picture DSakura207 on 27 Feb 2020

@AGovorukha It looks similar to #502.

DSakura207 picture DSakura207 on 28 Feb 2020

I've the same problem. Executing az account get-access-token does not change anything. Any workaround for the issue?

wally666 picture wally666 on 1 Mar 2020

In my case (provisioning via service principal) I had to assign additional roles described in this post:

https://gaunacode.com/azure-ad-permissions-to-read-service-principals

wally505526 picture wally505526 on 2 Mar 2020

Got exactly the same problem even after upgrading to 0.12.21, rebooting, login to Azure again, etc.
Kinda annoying that kind of stuffs got broken after such a release.
Just switching to Azure CLI to deliver my customer in time... What a shame.

Cr4zyJoe picture Cr4zyJoe on 4 Mar 2020

I have hit the same issue as well. @tombuildsstuff Can we please reopen this issue?

rohrerb picture rohrerb on 6 Mar 2020
👍3

This issue still occurs on azurerm version 2.0.0. In 1.44.0 it's ok.

Burgyn picture Burgyn on 6 Mar 2020

Does Hashicorp already have a statement or a workaround for this issue?

dbaqoshi-ds picture dbaqoshi-ds on 9 Mar 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 27 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rolandjohann picture rolandjohann  ·  3Comments
whytoe picture whytoe  ·  3Comments
mikemorris picture mikemorris  ·  3Comments
sam-cogan picture sam-cogan  ·  3Comments
jansepke picture jansepke  ·  3Comments