TonyWildish-BH
commented
3 months ago It's not just namespaces, it's also workspace services. Kelvin Smith had a Gitea deployment failure with Message="The storage account named stgsvcccd8 is already taken."
Describe the bug Each workspace gets it's own GUID identifier. The last four digits of that identifier are used as a slug to name things like storage accounts, key-vaults, and all sort of other stuff in the workspace resources.
This can lead to collisions, just like the Birthday Paradox. It takes only 1527 workspaces to exist before there's a 50% chance of collision, and that's worldwide, not just in our TRE. It also includes deleted resources where the names haven't yet expired from the Azure safety net.
The solution is to increase the number of characters to at least 7 characters (330K workspaces before collision risk > 50%), and/or to add other random characters to the resource names. However, given how poorly the TRE codebase manages its naming convention, this may not be easy. Names are often calculated, instead of being derived from the terraform state for the component in question. Because of the possible knock-on effects in the code, this needs to be considered sooner, rather than later.