search

Azure / terraform-azurerm-avm-res-storage-storageaccount

This Terraform module is designed to create Azure Storage Accounts and its related resources, including blob containers, queues, tables, and file shares. It also supports the creation of a storage account private endpoint which provides secure and direct connectivity to Azure Storage over a private network.
https://registry.terraform.io/modules/Azure/avm-res-storage-storageaccount
MIT License
19 stars 27 forks source link

Container import fails with azure/azapi provider #114

Closed ZdenekPesek closed 2 months ago

ZdenekPesek commented 2 months ago

Is there an existing issue for this?

Greenfield/Brownfield provisioning

greenfield

Terraform Version

v1.8.5

Module Version

v0.1.3

AzureRM Provider Version

azapi_resource v1.9.0, v1.13.1

Affected Resource(s)/Data Source(s)

azapi_resource

Terraform Configuration Files

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
       version = "3.107.0"
    }
  }
}

locals {
  containers = {
    test = {
      name = "test"
    }
  }
}

module "storage_account" {
  source = "git::https://github.com/Azure/terraform-azurerm-avm-res-storage-storageaccount?ref=v0.1.3"

  name                = var.storage_account_name
  location            = var.location
  resource_group_name = var.resource_group_name

  account_replication_type        = var.account_replication_type
  public_network_access_enabled   = var.public_network_access_enabled
  default_to_oauth_authentication = var.default_to_oauth_authentication

  network_rules = var.network_rules

  enable_telemetry    = false

  containers = local.containers

}

tfvars variables values

none

Debug Output/Panic Output

$ terragrunt import module.storage_account.azapi_resource.containers[\"test\"] "/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storag
e/storageAccounts/bucket/blobServices/default/containers/test"
Acquiring state lock. This may take a few moments...
module.storage_account.azapi_resource.containers["test"]: Importing from ID "/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/storageA
ccounts/bucket/blobServices/default/containers/test"...
module.storage_account.azapi_resource.containers["test"]: Import prepared!
  Prepared azapi_resource for import
module.storage_account.azapi_resource.containers["test"]: Refreshing state... [id=/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/sto
rageAccounts/bucket/blobServices/default/containers/test]
╷
│ Error: Invalid function argument
│ 
│   on .terraform/modules/storage_account/outputs.tf line 9, in output "containers":
│    9:       public_access = jsondecode(container.body).properties.publicAccess
│     ├────────────────
│     │ container.body is object with 1 attribute "properties"
│ 
│ Invalid value for "str" parameter: string required.
╵

╷
│ Error: Invalid function argument
│ 
│   on .terraform/modules/storage_account/outputs.tf line 10, in output "containers":
│   10:       metadata      = jsondecode(container.body).properties.metadata
│     ├────────────────
│     │ container.body is object with 1 attribute "properties"
│ 
│ Invalid value for "str" parameter: string required.
╵
Releasing state lock. This may take a few moments...
ERRO[0010] terraform invocation failed in /home/kosin/Documents/gitrepos/gooddata/iac/azure/devgdc/infra/eastus2/terraform/st/bucket/.terragrunt-cache/XKulLeS1hPzmcqCN4wdhzZKuv_w
/sScitDs5rNAr0bHZ_TZV2DU7dbk  prefix=[/home/kosin/Documents/gitrepos/gooddata/iac/azure/devgdc/infra/eastus2/terraform/st/bucket] 
ERRO[0010] 1 error occurred:
        * [/home/kosin/Documents/gitrepos/gooddata/iac/azure/devgdc/infra/eastus2/terraform/st/bucket/.terragrunt-cache/XKulLeS1hPzmcqCN4wdhzZKuv_w/sScitDs5rNAr0bHZ_TZV2DU7dbk] e
xit status 1

Expected Behaviour

import succeeds

Actual Behaviour

Import fails.

I tested it with direct azapi resource it works with no issue

resource "azapi_resource" "container" {
  for_each = local.containers

  type = "Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01"
  name = each.value.name
  parent_id = "/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/storageAccounts/terraform/blobServices/default"
}
$ terragrunt apply                                                                      
Acquiring state lock. This may take a few moments...                                                                                                                                          
module.storage_account.data.azurerm_client_config.this: Reading...
module.storage_account.data.azurerm_resource_group.rg: Reading...
module.storage_account.data.azurerm_client_config.this: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD0wNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDY7b2JqZWN0SWQ9MmRlNGY1MzktYjg
yMS00MzQ5LThkYzktOGMxMzIyODhhZjJjO3N1YnNjcmlwdGlvbklkPWMzN2ExZGQ5LTFhNDktNDdjZC1hMDg1LThlMGY2NjJiMDA4ODt0ZW5hbnRJZD02OWEzYmVmYy1hODExLTQyZTUtOWZkYy0zYzBmMGQyZDNjNTI=]
module.storage_account.data.azurerm_resource_group.rg: Read complete after 0s [id=/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform]
module.storage_account.azurerm_storage_account.this: Refreshing state... [id=/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/storageA
ccounts/bucket]                                                                                                                                                                   
module.storage_account.azurerm_storage_account_network_rules.this[0]: Refreshing state... [id=/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft
.Storage/storageAccounts/bucket]                                                                                                                                                  

Terraform used the selected providers to generate the following execution                                                                                                                     
plan. Resource actions are indicated with the following symbols:
  + create                                                                                     

Terraform will perform the following actions:

  # azapi_resource.container["test"] will be created
  + resource "azapi_resource" "container" {                                                                                                                                                         
      + body                      = jsonencode({})
      + id                        = (known after apply)           
      + ignore_casing             = false                                                      
      + ignore_missing_property   = true                                                                                                                                                            
      + location                  = (known after apply)                                                                                                                                       
      + name                      = "test"                                                                                                                                                    
      + output                    = (known after apply)
      + parent_id                 = "/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/storageAccounts/bucket/blobServices/
default"
      + removing_special_chars    = false                                                      
      + schema_validation_enabled = true                                                       
      + tags                      = (known after apply)
      + type                      = "Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01"
    }                                                                                                                                                                                         

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?                                                          
  Terraform will perform the actions described above.     
  Only 'yes' will be accepted to approve.                                                      

  Enter a value: yes
azapi_resource.container["test"]: Creating...                                                  
azapi_resource.container["test"]: Creation complete after 3s [id=/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/storageAccounts/t
erraform/blobServices/default/containers/test]
Releasing state lock. This may take a few moments...

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

$ terragrunt state rm 'azapi_resource.container["test"]'
Acquiring state lock. This may take a few moments...
Removed azapi_resource.container["test"]
Successfully removed 1 resource instance(s).
Releasing state lock. This may take a few moments...

$ terragrunt import 'azapi_resource.container["test"]' "/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/storageAccounts/ter
raform/blobServices/default/containers/test"

Acquiring state lock. This may take a few moments...
azapi_resource.container["test"]: Importing from ID "/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/storageAccounts/terraform/blobServices/default/containers/test"...
azapi_resource.container["test"]: Import prepared!
  Prepared azapi_resource for import
azapi_resource.container["test"]: Refreshing state... [id=/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform/providers/Microsoft.Storage/storageAccounts/terrafor
m/blobServices/default/containers/test]
module.storage_account.data.azurerm_client_config.this: Reading...
module.storage_account.data.azurerm_resource_group.rg: Reading...
module.storage_account.data.azurerm_client_config.this: Read complete after 0s [id=Y2xpZW50Q29uZmlncy9jbGllbnRJZD0wNGIwNzc5NS04ZGRiLTQ2MWEtYmJlZS0wMmY5ZTFiZjdiNDY7b2JqZWN0SWQ9MmRlNGY1MzktYjg
yMS00MzQ5LThkYzktOGMxMzIyODhhZjJjO3N1YnNjcmlwdGlvbklkPWMzN2ExZGQ5LTFhNDktNDdjZC1hMDg1LThlMGY2NjJiMDA4ODt0ZW5hbnRJZD02OWEzYmVmYy1hODExLTQyZTUtOWZkYy0zYzBmMGQyZDNjNTI=]
module.storage_account.data.azurerm_resource_group.rg: Read complete after 0s [id=/subscriptions/c37a1dd9-1a49-47cd-a085-xxxxxxxxxxxx/resourceGroups/terraform]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Releasing state lock. This may take a few moments...

$ terraform -v                                                                           
Terraform v1.8.5
on linux_amd64
+ provider registry.terraform.io/azure/azapi v1.9.0
+ provider registry.terraform.io/hashicorp/azuread v2.52.0
+ provider registry.terraform.io/hashicorp/azurerm v3.107.0
+ provider registry.terraform.io/hashicorp/random v3.6.2

Your version of Terraform is out of date! The latest version
is 1.9.0. You can update by downloading from https://www.terraform.io/downloads.html

Steps to Reproduce

No response

Important Factoids

No response

References

No response

chinthakaru commented 2 months ago

@ZdenekPesek Thanks for reaching out. We have just released sub-resources with AzApi provider. Please can you test again?

ZdenekPesek commented 2 months ago

@chinthakaru thank you for a prompt reply. I have re-tested, but error is still the same. Not sure if the sub-resources needs to be propagated somewhere as I still see I am using azapi v1.13.1 and same module version v0.1.3.

chinthakaru commented 2 months ago

@ZdenekPesek I have tested your example code on my environment. it worked without any issues. Please can you share your full configuration files here ?

ZdenekPesek commented 2 months ago

@chinthakaru sorry, my bad. I just realized I need to change the module ref to main. And it works! :) When I can expect it to be released?

chinthakaru commented 2 months ago

@ZdenekPesek Thanks for the update. I'll make a release this week.
Since this issue has been resolved, I'll close this Issue.

ZdenekPesek commented 2 months ago

Thank you. Very appreciated!

ZdenekPesek commented 2 months ago

@chinthakaru sorry to bother again, but situation got quite weird after all.

Container which I was creating by terraform, delete the state and tried to import back works quite well (as a reproducer). But container which was created manually can't still be imported (real life scenario)

╷
│ Error: Unsupported attribute
│ 
│   on .terraform/modules/storage_account/outputs.tf line 8, in output "containers":
│    8:       public_access = container.body.properties.publicAccess
│     ├────────────────
│     │ container.body is "{\"properties\":{\"metadata\":null,\"publicAccess\":\"None\"}}"
│ 
│ Can't access attributes on a primitive-typed value (string).

Seems like jsondecode is still needed? Sorry I did not tested properly both scenarios, I thought it will behave same.

ZdenekPesek commented 2 months ago

@chinthakaru my bad for a second time :) I needed to re-import the storage account from scratch and then also manually created container is able to be imported. Sorry for the false alarm :)