search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.59k stars 4.62k forks source link

Azure Defender for Data Services settings are not supported on resources of type managedClusters #17918

Closed shgopala1 closed 4 months ago

shgopala1 commented 2 years ago

Is there an existing issue for this?

Community Note

Terraform Version

3.201.18

AzureRM Provider Version

3.17.0

Affected Resource(s)/Data Source(s)

azurerm_advanced_threat_protection

Terraform Configuration Files

module "windowsdefender" {
  source         = "./modules/windowsdefender"
  aks_cluster_id = module.AKS.aks_id
}

resource "azurerm_advanced_threat_protection" "akswindowsdefender" {
  target_resource_id = var.aks_cluster_id
  enabled            = true
}

Debug Output/Panic Output

module.windowsdefender.azurerm_advanced_threat_protection.akswindowsdefender: Creating...
╷
│ Error: checking for presence of existing Advanced Threat Protection for "/subscriptions/8773b64f-bf60-4ae9-b948-5e0f066624e7/resourceGroups/AzureDevops/providers/Microsoft.ContainerService/managedClusters/MSF-ADO-Pipelines-Agents": security.AdvancedThreatProtectionClient#Get: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="Not Supported" Message="Azure Defender for Data Services settings are not supported on resources of type managedClusters"
│ 
│   with module.windowsdefender.azurerm_advanced_threat_protection.akswindowsdefender,
│   on modules/windowsdefender/windowsdefender.tf line 1, in resource "azurerm_advanced_threat_protection" "akswindowsdefender":
│    1: resource "azurerm_advanced_threat_protection" "akswindowsdefender" {
│ 
╵

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

terraform plan:

terraform apply fails

Important Factoids

No response

References

No response

tombuildsstuff commented 2 years ago

hi @shgopala1

Thanks for opening this issue.

Taking a look through here this error message is coming from the Azure API rather than Terraform, as such it appears that Azure Defender for Data Services isn't supported for AKS Clusters at this time. As such I believe this is working as intended at this time since this isn't supported for this resource - if you're expecting this to work have you got a reference to some Azure Documentation highlighting that this should work (which may require bumping the API version)?

Thanks!

shgopala1 commented 2 years ago

@tombuildsstuff This is from Azure portal where the containers are clearly supported now: image

tombuildsstuff commented 2 years ago

@shgopala1 Containers refers to ACI (Azure Container Image) - not AKS unfortunately

shgopala1 commented 2 years ago

@tombuildsstuff Are you sure? These documentation clearly states that it is meant for Kubernetes clusters: https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-kubernetes-introduction

sonaliborikar commented 2 years ago

@tombuildsstuff @shgopala1 @caius @mitchellh any idea about the below issue?? Getting issue for Webapp & KeyVaults

image

image

rcskosir commented 4 months ago

Thanks for taking the time to open this issue. It appears as though this is now deprecated for Kubernetes as can be seen here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-kubernetes-introduction, as such I am going to mark this issue as closed.

github-actions[bot] commented 3 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.