Same issue with latest terraform provider. Reference issue closed without resolution Error reading queue properties for AzureRM Storage Account #3997

[nirengithub]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.3.7

AzureRM Provider Version

3.39.1

Affected Resource(s)/Data Source(s)

azurerm_storage_account

Terraform Configuration Files

Trying to create a synapse workspace with datalake storage as per documentation. This was working previously, but then started giving error , tried the resolution given in other forums and links but no luck.

 Error: reading queue properties for AzureRM Storage Account "powepjlbgour": queues.Client#GetServiceProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. 
Status=403 Code="AuthenticationFailed" Message="Server failed to authenticate the request. Make sure the value 
of Authorization header is formed correctly including the signature.\nRequestId:f75358b5-f003-0016-7881-53652d000000\nTime:2023-03-10T18:51:53.1331606Z"
│
│   with module.synapse-workspace.azurerm_storage_account.synapse_storage_account,
│   on module-synapse-workspace\synapse-ws\synapse-workspace.tf line 3, in resource "azurerm_storage_account" "synapse_storage_account":
│    3: resource "azurerm_storage_account" "synapse_storage_account" {

1. Tried with updating the version
2. Tried adding queue properties

Reference suggestion tried 

https://github.com/hashicorp/terraform-provider-azurerm/pull/16557

https://github.com/hashicorp/terraform-provider-azurerm/pull/4099

For debugging sharing the template I am using :

resource "azurerm_storage_account" "synapse_storage_account" {
  name                = var.synapse_storage_account
  location            = var.location
  resource_group_name = var.resource_group_name

  account_tier             = "Standard"
  account_replication_type = "LRS"
  account_kind             = "StorageV2"
  is_hns_enabled           = "true"
  tags = var.taggs

}

resource "azurerm_storage_data_lake_gen2_filesystem" "synapse_filesystem" {
  name               = "synapse-filesystem"
  storage_account_id = azurerm_storage_account.synapse_storage_account.id

    depends_on = [

              azurerm_storage_account.synapse_storage_account
    ]

}

resource "azurerm_synapse_workspace" "synapse_workspace" {
  name                = var.synapse_workspace_name
  location            = var.location
  resource_group_name = var.resource_group_name
  storage_data_lake_gen2_filesystem_id = azurerm_storage_data_lake_gen2_filesystem.synapse_filesystem.id
  sql_administrator_login              = "sqladminuser"
  sql_administrator_login_password     = "H@Sh1CoR3!"

  aad_admin {
    login     = "AzureAD Admin"
    object_id = "5dfc07db-f24d-44cd-9c86-78ac0c55c80a"
    tenant_id = "8c4850c4-d96e-409c-a09e-3446a7629232"
  }

  identity {
    type = "SystemAssigned"
  }

  tags = var.taggs

  depends_on = [

              azurerm_storage_account.synapse_storage_account
    ]

}

Debug Output/Panic Output

Error: reading queue properties for AzureRM Storage Account "powepjlbgour": queues.Client#GetServiceProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. 
Status=403 Code="AuthenticationFailed" Message="Server failed to authenticate the request. Make sure the value 
of Authorization header is formed correctly including the signature.\nRequestId:f75358b5-f003-0016-7881-53652d000000\nTime:2023-03-10T18:51:53.1331606Z"
│
│   with module.synapse-workspace.azurerm_storage_account.synapse_storage_account,
│   on module-synapse-workspace\synapse-ws\synapse-workspace.tf line 3, in resource "azurerm_storage_account" "synapse_storage_account":
│    3: resource "azurerm_storage_account" "synapse_storage_account" {

Expected Behaviour

It should create the storage account and the file system, it does create the store account only with no filesystem but the message shows error creating storage account.

Actual Behaviour

it creates the store account only with no filesystem and the message shows error creating storage account.

Steps to Reproduce

terraform apply

Important Factoids

NA

References

https://github.com/hashicorp/terraform-provider-azurerm/pull/4099 https://github.com/hashicorp/terraform-provider-azurerm/pull/16557 https://github.com/hashicorp/terraform-provider-azurerm/issues/4081

[magodo]

@nirengithub Is this systematic happening? Since the error occurs when reacing to the queue data plane API, it might be due to some service side issue. Alternatively, you can try setting storage_use_azuread = true.

[SteveDevOps]

This is happening to me as well, intermittently (not every time) on plans and applies. Continues to happen with the above provider setting @magodo recommends. I my case it's post creation phase, the queues exist, and intermittent when interrogating metadata surrounding the queues. During the plan/apply run we communicate to the storage account privately through its private endpoint.
Error: retrieving Queue "xxx" (Account "xxx-queue"): queues.Client#GetMetaData: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:7b9f3ff5-b003-0081-0f37-fed107000000\nTime:2023-10-14T00:42:11.0594659Z"

[srivastavaprashant]

Downgrading to 3.97.1 didn't help.

│ Error: retrieving queue properties for Storage Account (Subscription: "xxx" │ Resource Group Name: "xxx" │ Storage Account Name: "openaistdev"): unmarshalling response: could not parse response body │ │ with module.storage_account.azurerm_storage_account.storage_account, │ on ../../modules/storage_account/main.tf line 13, in resource "azurerm_storage_account" "storage_account": │ 13: resource "azurerm_storage_account" "storage_account" {

[michasacuer]

Same error with private Storage Account