Search Service not deleted with azd down command

[doruit]

- [ X ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

After azd up and everything successully deployed, run the azd down command. The Search Service will not be deleted because there are Shared private access sub-resources that needs to be removed first.

Any log messages given by the failure

Using Azure Resource Explorer: { "message": "Unable to delete Search Service: 'REDACTED'. UnableToVerifyLocks: Cannot verify management locks for resource: 'REDACTED'. Please try again later. Message: 'The access token is from the wrong issuer 'REDACTED'. It must match the tenant 'REDACTED' associated with this subscription. Please use the authority (URL) 'REDACTED' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later.\r\nStatus: 401 (Unauthorized)\r\nErrorCode: InvalidAuthenticationTokenTenant\r\n\r\nContent:\r\n{\"error\":{\"code\":\"InvalidAuthenticationTokenTenant\",\"message\":\"The access token is from the wrong issuer 'REDACTED'. It must match the tenant 'REDACTED' associated with this subscription. Please use the authority (URL) 'REDACTED' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later.\"}}\r\n\r\nHeaders:\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nWWW-Authenticate: Bearer authorization_uri=\"REDACTED\", error=\"invalid_token\", error_description=\"The access token is from the wrong issuer. It must match the tenant associated with this subscription. Please use correct authority to get the token.\"\r\nx-ms-failure-cause: REDACTED\r\nx-ms-request-id: REDACTED\r\nx-ms-correlation-request-id: REDACTED\r\nx-ms-routing-request-id: REDACTED\r\nStrict-Transport-Security: REDACTED\r\nX-Content-Type-Options: REDACTED\r\nX-Cache: REDACTED\r\nX-MSEdge-Ref: REDACTED\r\nDate: REDACTED\r\nContent-Length: REDACTED\r\nContent-Type: application/json; charset=utf-8\r\nExpires: -1\r\n' RequestId: REDACTED", } Using portal: "Failed to delete Search Service"

Expected/desired behavior

azd down should be able to delete a Search Service resource, including the sub-resources.

OS and Version?

macOS, however the OS of my laptop seem not relevant to this issue

azd version?

run azd version and copy paste here. azd version 1.10.1 (commit 31409a33266fb4a5fdbb644bc83988e725d6c7c9)

Workaround

Manually delete the Shared private access sub-resources in de Search Service first before running azd down.

[pamelafox]

Hm, do you know what the subresources are? I've been able to run azd down on this repo recently, I think. Do you have integrated vectorization enabled or any other optional search features?

[pamelafox]

Another thing you could try is:

azd config set alpha.deployment.stacks on
azd down

That uses a new feature that removes resources in a different way.

[jpaulo-kumulus]

Hey @doruit, I just solved this issue on my side, the problem is caused because of a sub-resource called Shared private link created inside the Search Service that blocks the resource deletion.

Before you delete the Search Service you need to delete the Shared private link. After that you be able to delete the Search Service

Azure Search Service > "Networking" > "Shared private access"