hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.6k stars 4.64k forks source link

The documentation example for Azure Synapse does not work #13060

Closed abhirockzz closed 1 year ago

abhirockzz commented 3 years ago

Tried to use this example to setup Azure Synapse Analytics. It does not work out of the box - requires some changes for it work correctly.

Community Note

Terraform (and AzureRM Provider) Version

$ terraform -v

Terraform v1.0.1
on darwin_amd64

AzureRM Provider

azurerm = {
      source = "hashicorp/azurerm"
      version = "~>2.0"
}

Affected Resource(s)

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

Panic Output

Expected Behaviour

Azure Synapse Analytics service (along with other required Azure resources) should have been created.

Actual Behaviour

Get the following error:

Error: Error checking for existence of existing File System "synapsecontainer" (Account "foosynapsestorageaccount"): datalakestore.Client#GetProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: error response cannot be parsed: "" error: EOF │ │   with azurerm_storage_data_lake_gen2_filesystem.example, │   on main.tf line 29, in resource "azurerm_storage_data_lake_gen2_filesystem" "example": │   29: resource "azurerm_storage_data_lake_gen2_filesystem" "example" {

Steps to Reproduce

Use terraform apply on this example.

The failure could be due to lack of roles (Storage Blob Data Contributor) on the Storage account. Adding the below fixes the issue. If this can be confirmed, it might just be a case of updating the documentation?

resource "azurerm_role_assignment" "example" {
  scope                = azurerm_storage_account.synapse.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = data.azurerm_client_config.example.object_id
}

Important Factoids

References

owenfarrell commented 3 years ago

@abhirockzz - Based on the error message you posted above, it looks like the issue is actually with the azurerm_storage_data_lake_gen2_filesystem resource (which the Synapse workspace depends on).

I suspect this boils down to your specific Azure RBAC configuration.

The Terraform Version you provided above doesn't include the AzureRM Provider version, so it's tough to firmly reproduce this. But I just ran the below configuration on v2.78.0 using a service principal that is an Owner at the subscription level and everything provisioned nicely.

Hope this helps!

provider "azurerm" {
  features {}
}

resource "random_integer" "id" {
  min = 1
  max = 999999999999999
}

locals {
    random_integer = format("%15d", random_integer.id.result)
}

resource "azurerm_resource_group" "test" {
  name     = "acctestsw${local.random_integer}"
  location = "eastus"
}

resource "azurerm_storage_account" "test" {
  name                     = "acctestsw${local.random_integer}"
  resource_group_name      = azurerm_resource_group.test.name
  location                 = azurerm_resource_group.test.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  account_kind             = "StorageV2"
  is_hns_enabled           = "true"
}

resource "azurerm_storage_data_lake_gen2_filesystem" "test" {
  name               = "acctest-${local.random_integer}"
  storage_account_id = azurerm_storage_account.test.id
}

resource "azurerm_synapse_workspace" "test" {
  name                                 = "acctest-${local.random_integer}"
  resource_group_name                  = azurerm_resource_group.test.name
  location                             = azurerm_resource_group.test.location
  storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.test.id
  sql_administrator_login              = "sqladminuser"
  sql_administrator_login_password     = "H@Sh1CoR3!"
  managed_virtual_network_enabled      = true
}
rcskosir commented 1 year ago

Thanks for opening this issue. This was a problem in the 2.x version of the provider which is no longer actively maintained. If this is still an issue with the 3.x version of the provider please do let us know by opening a new issue, thanks!

github-actions[bot] commented 6 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.