azurerm_cosmosdb_account with names longer then 37 characters can't be logged in with cassandra client

[daniel-anova]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v1.1.5 on linux_amd64

• provider registry.terraform.io/hashicorp/azurerm v2.94.0

Affected Resource(s)

• azurerm_cosmosdb_account

Terraform Configuration Files

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "example"
  location = "West Europe"
}

resource "azurerm_cosmosdb_account" "example" {
  #name                = "012345678901234567890123456789012345" // 37 chars, login ok
  name                = "0123456789012345678901234567890123456" // 38 chars, login fail
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  offer_type          = "Standard"

  capabilities {
    name = "EnableCassandra"
  }

  consistency_policy {
    consistency_level = "Strong"
  }

  geo_location {
    location          = "West US"
    failover_priority = 0
  }
}

output "connection_strings" {
  value = azurerm_cosmosdb_account.example.connection_strings
  sensitive = true
}

Debug Output

There are no errors in terraform.

Expected Behaviour

Plan should fail with an error if cosmosdb name is longer then 37 characters with cassandra enabled.

Actual Behaviour

Plan and apply complete successfully, when trying to login to cosmosdb with cqlsh it fails with the following error:

cqlsh $COSMOS_HOST 10350 -p $COSMOS_PASS --ssl -u $COSMOS_USER
Connection error: ('Unable to connect to any servers', {'40.112.241.114:10350': AuthenticationFailed('Failed to authenticate to 40.112.241.114:10350: Error from server: code=0100 [Bad credentials] message="Invalid username or password string provided"')})

Steps to Reproduce

1. terraform apply

Important Factoids

I'm assuming this is an AzureRM SDK bug.

[tombuildsstuff]

hi @daniel-anova

Thanks for opening this issue.

The name of the CosmosDB resource is used for a number of things (including iirc the DNS hostname) - unfortunately the behaviour of the CosmosDB API changes depending on the Database Interface (e.g. Cassandra / Mongo / Table etc) being exposed.

Since some of the Database interfaces allow a longer name than others, unfortunately as we have a single resource for CosmosDB at this time that we have had to keep the validation fairly agnostic here - however we should look to include a note about this limitation in the documentation in the interim.

Whilst we're not planning to do so for the CosmosDB resource at this time, it may be worth in the future splitting this resource into smaller resources like we're currently doing for App Service to be able to provide better validation for these edge-cases - which would solve this within the Provider (by having more granular validation) however as mentioned we're not planning to do so at this time.

Ultimately I'd argue the CosmosDB API should either be returning an error when provisioning a Cassandra database with a name that's too long - or provide the ability to specify the DNS Name (which'd be limited like it is for other resources) - however it's hard to confirm from the error message if this issue is coming from the CosmosDB Database interface or from the Cassandra Client for some reason, so I'd suggest opening an issue with Azure Support who should be able to dig into that.

Based on the limitations that we've got right now (one resource supporting multiple databases with different requirements) I believe the best way to solve this for the moment is to update the documentation to call this limitation out - so I'm going to label this as a documentation issue for now, but I believe that Microsoft Support should be able to clarify if this limitation comes from the CosmosDB API / Database Interface or the Cassandra Client.

Thanks!

[daniel-anova]

Just created a Cassandra CosmosDB on Azure portal which allows 44 character long names. Trying to use Data Explorer to work with it results in constant "undefined" errors making it unusable.

So I'll report the issue to Microsoft as well.

[daniel-anova]

Azure supported answered with this documentation link: https://docs.microsoft.com/en-us/azure/cosmos-db/cassandra/create-account-java#create-a-database-account

Where it states cosmosDB cassandra account name should only have up to 31 characters, however portal still allows up to 44.