Terraform-provider-azurerm: Trying to register MariaDB provider unnecessarily

Created on 5 May 2020 · 5Comments · Source: terraform-providers/terraform-provider-azurerm

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

tf --version
Terraform v0.12.24
+ provider.azurerm v2.8.0

Affected Resource(s)

azurerm

Terraform Configuration Files

#Set the terraform required version
terraform {
  required_version = ">= 0.12.6"
}

# Configure the Azure Provider
provider "azurerm" {
  # It is recommended to pin to a given version of the Provider
  version = "~>2.0"
  features {}
}

# Data

# Make client_id, tenant_id, subscription_id and object_id variables
data "azurerm_client_config" "current" {}

Expected Behavior

TF should run w/o issue

Actual Behavior

Original Error: Cannot register provider Microsoft.DBforMariaDB with Azure Resource Manager: resources.ProvidersClient#Register: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'hur....microsoft.com' with object id '84df7bca.....' does not have authorization to perform action 'Microsoft.DBforMariaDB/register/action' over scope '/subscriptions/2bc.....' or the scope is invalid. If access was recently granted, please refresh your credentials.".

Steps to Reproduce

terraform apply

question

Source

brandonh-msft

All 5 comments

@brandonh-msft , thank you for opening this issue. May I double confirm that what you plan to do is to use Terraform Azure Provider to provision an Azure MariaDB resource?
If so, you may wanna leverage TF Azure MariaDB config, which is not provided here. Could you please provide your config for that?
If not so, could you please help me understand why there was MariaDB related error returned but your config parsed here does not contain any MariaDB clue?

mybayern1974 on 6 May 2020

hi @brandonh-msft

Thanks for opening this issue :)

Azure's concept of a Resource Provider requires that the Resource Provider is registered before any API's within that Resource Provider can be called. As such, rather than failing during an API call / to improve the user experience Terraform automatically attempts to register any Resource Providers that it supports by default - to ensure that the API's are available when they're needed; and since this list is stored within Terraform, we extend this list from time to time as Terraform is updated to support new functionality (provided in new Resource Providers).

If you'd prefer to manage Resource Provider Registration outside of Terraform (for example you're running in a restricted environment) - it's possible to opt-out of this behaviour by setting this field in the Provider block.

Since this is working as intended I'm going to close this issue for the moment - but please let us know if disabling this functionality doesn't work for you and we'll take another look.

Thanks!

tombuildsstuff on 6 May 2020

👍1

Thanks for the explanation, Tom.

If one _does_ decide to opt-out, how do RPs get registered to support the resources being deployed? E.g. If we opted out of the auto-registration to avoid this error, and later needed to register an RP on the target sub, how would we do so? Would it need to be done outside Terraform?

brandonh-msft on 6 May 2020

@brandonh-msft

If one does decide to opt-out, how do RPs get registered to support the resources being deployed? E.g. If we opted out of the auto-registration to avoid this error, and later needed to register an RP on the target sub, how would we do so? Would it need to be done outside Terraform?

You can register Resource Providers via the Azure CLI (I think az provider register) and in the Portal - I'm sure there's other options too (PowerShell) but I'm unaware of them

From Terraform's perspective, at this time we don't offer a "Resource Provider Registration" resource (since we register RP's unless users have opted out) - but it's something we could look to do at some point if there's demand/a requirement for it. There's some complexities around testing that (since Registering/Unregistering RP's would mean we couldn't use/test that service at the same time) - but that's one for another issue :)

tombuildsstuff on 6 May 2020

👍1

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!