search

Azure / azure-quickstart-templates

Azure Quickstart Templates
https://aka.ms/azqst
MIT License
13.85k stars 16.02k forks source link

Error while enabling the Object Replication in Storage account v2 via ARM template #8775

Open anchit003 opened 3 years ago

anchit003 commented 3 years ago

Giving error while deploying the storage account v2 with ObjectReplicationPolicy enabled. Error: InvalidRequestPropertyValue: The value 'default' is not allowed for property policyId.

Since in the documentation it is mentioned to pass 'default' in name parameter. (https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/2019-06-01/storageaccounts/objectreplicationpolicies)

Here is the snippet of ARM template { "type": "Microsoft.Storage/storageAccounts/objectReplicationPolicies", "apiVersion": "2019-06-01", "name": "[concat(parameters('storageAccountName'), '/default')]", "dependsOn": [ "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]", "[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('storageAccountName'), 'default')]" ], "properties": { "sourceAccount": "[parameters('storageAccountName')]", "destinationAccount": "[parameters('destinationAccountName')]", "rules": [ { "sourceContainer": "[parameters('conatinerName')]", "destinationContainer": "[parameters('destinationConatinerName')]", "filters": {} } ] } }

mslot commented 3 years ago

I am seeing the same with this ARM (sorry for the naming):

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-06-01",
      "name": "sttestoneoneone",
      "location": "West europe",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "StorageV2",
      "properties": {},
      "resources": [
        {
          "type": "blobServices/containers",
          "apiVersion": "2019-06-01",
          "name": "[concat('default/', 'privatecontainer')]",
          "dependsOn": [
            "sttestoneoneone"
          ]
        }
      ]
    },
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-06-01",
      "name": "sttestoneoneonebackup",
      "dependsOn": [
        "sttestoneoneone"
      ],
      "location": "West US",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "StorageV2",
      "properties": {},
      "resources": [
        {
          "type": "blobServices/containers",
          "apiVersion": "2019-06-01",
          "name": "[concat('default/', 'privatecontainer')]",
          "dependsOn": [
            "sttestoneoneonebackup"
          ]
        }
      ]
    },
    {
      "name": "sttestoneoneone/default",
      "type": "Microsoft.Storage/storageAccounts/objectReplicationPolicies",
      "apiVersion": "2019-06-01",
      "dependsOn": [
        "sttestoneoneone",
        "sttestoneoneonebackup"
      ],
      "properties": {
        "sourceAccount": "sttestoneoneone",
        "destinationAccount": "sttestoneoneonebackup",
        "rules": [
          {
            "sourceContainer": "privatecontainer",
            "destinationContainer": "privatecontainer",
            "filters": {
              "minCreationTime": "1601-01-01T00:00:00Z"
            }
          }
        ]
      }
    }
  ],
  "outputs": {}
}

As I read the documentation: https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts/objectreplicationpolicies?tabs=json, the name should be /default, when the policy id isn't known.

I get the same error as above

11:27:46 - Template deployment returned the following errors: 11:27:46 - 11:27:45 - Resource Microsoft.Storage/storageAccounts/objectReplicationPolicies 'sttestoneoneone/default' failed with message '{ 11:27:46 - "error": { 11:27:46 - "code": "InvalidRequestPropertyValue", 11:27:46 - "message": "The value 'default' is not allowed for property policyId." 11:27:46 - } 11:27:46 - }'

When deploying from Visual Studio 2019, version 16.4.3.

shawnweisfeld commented 3 years ago

Please take a look at the ARM templates/process outlined in this article and see if it resolves your issue https://azure.github.io/Storage/docs/application-and-user-data/basics/azure-blob-storage-object-replication-arm/

mslot commented 3 years ago

Please take a look at the ARM templates/process outlined in this article and see if it resolves your issue https://azurestorage.com/docs/application-and-user-data/basics/azure-blob-storage-object-replication-arm

If you compare https://azurestorage.com/docs/application-and-user-data/basics/azure-blob-storage-object-replication-arm/step02.json with mine, it is exactly the same (except the rules). I have tried without the rules, and it didnt work.

Have you tried the ARM from the article, @shawnweisfeld?

shawnweisfeld commented 3 years ago

Please note this is a three step process, that you cannot complete in a single ARM template. Step 1 deploy the storage accounts including the Change Feed and Versioning features (and give them time to deploy). Step 2 deploy the destination OR endpoint (with /default). Step 3 query the IDs of the destination and deploy the source OR endpoint using those IDs.

I might be missing something, but in @mslot 's template I don't see deployment of the Change Feed and Versioning features, and the OR endpoint is using /default for the source. Moreover, I dont see any OR endpoint for the destination. . .

mslot commented 3 years ago

Please note this is a three step process, that you cannot complete in a single ARM template. Step 1 deploy the storage accounts including the Change Feed and Versioning features (and give them time to deploy). Step 2 deploy the destination OR endpoint (with /default). Step 3 query the IDs of the destination and deploy the source OR endpoint using those IDs.

I might be missing something, but in @mslot 's template I don't see deployment of the Change Feed and Versioning features, and the OR endpoint is using /default for the source. Moreover, I dont see any OR endpoint for the destination. . .

As i understand it this should be possible to do in one ARM template. It don't see the point in doing it automatically if i need to break it up. It is possible to do this with other policies on the storage account, so i don't see why this should be any different.

I am getting errors that i can't use /default even though the docs specifically mentions that it can be used if i dont know the policy id. It seems like the link you refers to get around this by pooling the ids in the last step.

mslot commented 3 years ago

@shawnweisfeld i actually agree with you. I forgot to include versioning and change feed. I have done that now, and i still get the same error:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {
    "stname": "stpolreptest",
    "stbackupname": "[concat(variables('stname'),'backup')]"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-06-01",
      "name": "[variables('stname')]",
      "location": "West europe",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "StorageV2",
      "properties": {
      },
      "resources": [
        {
          "type": "blobServices/containers",
          "apiVersion": "2019-06-01",
          "name": "[concat('default/', 'privatecontainer')]",
          "dependsOn": [
            "[variables('stname')]"
          ]
        }
      ]
    },
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-06-01",
      "name": "[variables('stbackupname')]",
      "dependsOn": [
        "[variables('stname')]"
      ],
      "location": "West US",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "StorageV2",
      "properties": {},
      "resources": [
        {
          "type": "blobServices/containers",
          "apiVersion": "2019-06-01",
          "name": "[concat('default/', 'privatecontainer')]",
          "dependsOn": [
            "[variables('stbackupname')]"
          ]
        }
      ]
    },
    {
      "type": "Microsoft.Storage/storageAccounts/blobServices",
      "apiVersion": "2019-04-01",
      "name": "[concat(variables('stname'),'/default')]",
      "dependsOn": [
        "[variables('stname')]"
      ],
      "properties": {
        "IsVersioningEnabled": true,
        "changeFeed": {
          "enabled": true
        }
      }
    },
    {
      "type": "Microsoft.Storage/storageAccounts/blobServices",
      "apiVersion": "2019-04-01",
      "name": "[concat(variables('stbackupname'),'/default')]",
      "dependsOn": [
        "[variables('stbackupname')]"
      ],
      "properties": {
        "IsVersioningEnabled": true,
        "changeFeed": {
          "enabled": true
        }
      }
    },
    {
      "name": "[concat(variables('stname'),'/default')]",
      "type": "Microsoft.Storage/storageAccounts/objectReplicationPolicies",
      "apiVersion": "2019-06-01",
      "dependsOn": [
        "[variables('stname')]",
        "[variables('stbackupname')]"
      ],
      "properties": {
        "sourceAccount": "[variables('stname')]",
        "destinationAccount": "[variables('stbackupname')]",
        "rules": [
          {
            "sourceContainer": "privatecontainer",
            "destinationContainer": "privatecontainer",
            "filters": {
              "minCreationTime": "1601-01-01T00:00:00Z"
            }
          }
        ]
      }
    }
  ],
  "outputs": {}
}

Still i get the same error:

09:17:21 - Template deployment returned the following errors: 09:17:21 - 09:17:20 - Resource Microsoft.Storage/storageAccounts/objectReplicationPolicies 'stpolreptest/default' failed with message '{ 09:17:21 - "error": { 09:17:21 - "code": "InvalidRequestPropertyValue", 09:17:21 - "message": "The value 'default' is not allowed for property policyId." 09:17:21 - } 09:17:21 - }'

According to the documentation here: https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts/objectreplicationpolicies?tabs=json

The ID of object replication policy or 'default' if the policy ID is unknown.

This should be possible to use /default. I am refering to the name row under here: https://docs.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts/objectreplicationpolicies?tabs=json#microsoftstoragestorageaccountsobjectreplicationpolicies-object.

shawnweisfeld commented 3 years ago

NOTE: the URL to the 3 step process has changed, here is the new URL https://azure.github.io/Storage/docs/application-and-user-data/basics/azure-blob-storage-object-replication-arm/

@mslot I understand the desire to be able to do it in one step, however that is not possible currently.

jhoops88 commented 3 years ago

@shawnweisfeld are there any future plans to reduce to a singular step for deployment?

We'd like to automate the creation of our storage accounts and their object replication, to match the rest of our infrastructure creation in our pipeline, without having to run a chronological "triathlon". The waiting for application of the change-feed/versioning makes this difficult, even with segmentation of the 3 steps.

mit2nil commented 2 years ago

We also ran into this issue. It would be great to see some solution on the roadmap @shawnweisfeld.

I understand creation of storage is different than creation of object replication policy but the fact that we need to run two step to link A -> B and B <- A is very strange design choice. Logically we are linking two accounts together for replication and that's should be visible to both A and B regardless of whether we went from A -> B or B <- A

This is already working cleanly with object replication policy is setup in Azure Portal or using CLI/Powershell.

simaotwx commented 4 weeks ago

I'm still getting "The value 'default' is not allowed for property policyId." even with "/default" as well as just "default", and that appears in the Azure Portal UI when uploading a policy file like such:

{
  "properties": {
    "policyId": "/default",
    "sourceAccount": "***",
    "destinationAccount": "***",
    "rules": [
      {
        "ruleId": "...",
        "sourceContainer": "...",
        "destinationContainer": "...",
        "filters": {
           "minCreationTime": "1601-01-01T00:00:00Z"
        }
      }
    ]
  }
}

image

simaotwx commented 4 weeks ago

~~Turns out the policyId needs to be a UUID. If you generate one, the error goes away.~~

Turns out, you can use "default" on the destination for policyId and "" for ruleId. See https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-overview#specify-the-policy-and-rule-ids

On the source side you're supposed to use the JSON downloaded from the destination. See https://learn.microsoft.com/en-us/azure/storage/blobs/object-replication-configure?tabs=portal#configure-object-replication-with-access-to-both-storage-accounts