Error making read requests on protected items (Azure RSV)

IgorOrmus commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.4.6

AzureRM Provider Version

v3.55.0

Affected Resource(s)/Data Source(s)

azurerm_backup_protected_vm

Terraform Configuration Files

resource "azurerm_backup_policy_vm" "vm_backup_policy" {

  name                = var.backup_policy.backup_policy_name
  resource_group_name = var.backup_policy.resource_group_name
  recovery_vault_name = var.backup_policy.recovery_vault_name
  policy_type         = "V2" #required for backing up trusted launch VMs

  backup {
    frequency = var.backup_policy.backup_frequency
    time      = var.backup_policy.backup_time
  }
  retention_daily {
    count = var.backup_policy.backup_retention
  }

}

resource "azurerm_backup_protected_vm" "vm_backup" {
  resource_group_name = var.vm.rsv_resource_group_name
  recovery_vault_name = var.vm.recovery_vault_name
  source_vm_id        = azurerm_windows_virtual_machine.vm.id
  backup_policy_id    = var.backup_policy_id
}

resource "azurerm_recovery_services_vault" "vault" {
  name                         = lower(var.vault_name)
  location                     = var.location
  resource_group_name          = var.resource_group_name
  tags                         = var.tags
  sku                          = var.sku
  storage_mode_type            = var.storage_mode_type // tried both LRS/GRS
  cross_region_restore_enabled = var.cross_region_restore_enabled // set to false
  soft_delete_enabled          = var.soft_delete_enabled
  dynamic "identity" {
    for_each = var.identity != null ? [var.identity] : []
    iterator = i

    content {
      type = i.value.type
    }
  }
  dynamic "encryption" {
    for_each = var.encryption != null ? [var.encryption] : []
    iterator = j

    content {
      key_id                            = j.value.key_id
      infrastructure_encryption_enabled = j.value.infrastructure_encryption_enabled
      use_system_assigned_identity      = j.value.use_system_assigned_identity
    }
  }
}

Debug Output/Panic Output

│ Error: making Read request on Protected Item (Subscription: "xxx"
│ Vault Name: "rsv-xxx"
│ Backup Fabric Name: "Azure"
│ Protection Container Name: "iaasvmcontainer;iaasvmcontainerv2;rg-iam-xxx"
│ Protected Item Name: "VM;iaasvmcontainerv2;xxxx;xxx"): protecteditems.ProtectedItemsClient#Get: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BMSUserErrorCrossRegionRestoreLRSVaultNotPossible" Message="Cross Region Restore cannot be enabled in LRS vault. Cross region Restore cannot be enabled in LRS vault but only in GRS vault."
│ 
│   with module.core_module["region"].module.windows_vm["xxx"].azurerm_backup_protected_vm.vm_backup,
│   on ../modules/resource_modules/windows_vm/main.tf line 146, in resource "azurerm_backup_protected_vm" "vm_backup":
│  146: resource "azurerm_backup_protected_vm" "vm_backup" {
│ 
╵
╷

Expected Behaviour

The error comes up in plan with both GRS and LRS RSV code with cross region restore disabled . Error was introduced in the latest version of provider pinning version to 3.54.0 resolves the issue suspect issue is with new API https://github.com/hashicorp/terraform-provider-azurerm/pull/21575

Actual Behaviour

Panic output during plan stage as detailed above

Steps to Reproduce

terraform plan

Important Factoids

n/a

References

Suspect issue with latest enhancement recoveryservicesbackup - updating to use API Version 2023-02-01 (https://github.com/hashicorp/terraform-provider-azurerm/issues/21575)

garimasingh15 commented 1 year ago

Facing the same issue with the new provider version. Fixing it to a previous version helps as a workaround.

myc2h6o commented 1 year ago

Thanks for reporting! This is already tracked by #21663, please subscribe to it for update.

rcskosir commented 1 year ago

@IgorOrmus Thank you for opening this issue. This issue seems to have effected many and there is a duplicate issue that @myc2h6o linked to here: https://github.com/hashicorp/terraform-provider-azurerm/issues/21663 I am going to go ahead and close this issue, please follow #21663 for an update.

github-actions[bot] commented 3 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-azurerm