search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.59k stars 4.63k forks source link

azurerm_private_endpoint private_service_connection subresource_names of type "sites-<slot name>" not supported #23460

Closed chtay1 closed 1 year ago

chtay1 commented 1 year ago

Is there an existing issue for this?

Community Note

Terraform Version

1.5.7

AzureRM Provider Version

3.7.5

Affected Resource(s)/Data Source(s)

azurerm_private_endpoint

Terraform Configuration Files

resource "azurerm_private_endpoint" "appservice_deployment_slot_private_endpoint" {
  name                = "${azurerm_windows_web_app_slot.appservice_deployment_slot.name}-private-endpoint"
  location            = var.location
  resource_group_name = var.resource_group_name
  subnet_id           = var.app_private_endpoint_subnet_id

  private_service_connection {
    name                           = "appservice-deployment-slot-private-service-connection"
    is_manual_connection           = false
    private_connection_resource_id = azurerm_windows_web_app_slot.appservice_deployment_slot.id
    subresource_names              = ["sites-deployment"]

  }

  private_dns_zone_group {
    name                 = "appservice-deployment-slot-private-dns-zone-group"
    private_dns_zone_ids = [var.app_private_dns_zone_id]
  }
}

Debug Output/Panic Output

Error: creating Private Endpoint (Subscription: "xxxxxxxx-xxx-xxxxx-xxxx-xxxxxxxxxxxx" Resource Group Name: "xxxxxx-xxxxxxx-xxx" Private Endpoint Name: "deployment-private-endpoint"): performing CreateOrUpdate: unexpected status 400 with error: InvalidPrivateLinkServiceIdType: Private link service Id /subscriptions/xxxxxxxx-xxx-xxxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxxx-xxxxxxx-xxx/providers/Microsoft.Web/sites/xxxxxx-xxxxxxx-xxx-appservice/slots/deployment has an invalid resource type. Permitted type(s): Microsoft.DocumentDB/databaseAccounts, Microsoft.Sql/servers, Microsoft.Network/privateLinkServices, Microsoft.Web/sites, Microsoft.Web/hostingEnvironments, Microsoft.Storage/storageAccounts, Microsoft.DBforPostgreSQL/servers, Microsoft.DBforMySQL/servers, Microsoft.DBforMariaDB/servers, Microsoft.KeyVault/vaults, Microsoft.Synapse/workspaces, Microsoft.AppConfiguration/configurationStores, Microsoft.Search/searchServices, Microsoft.ContainerService/managedClusters, Microsoft.Attestation/attestationProviders, Microsoft.Devices/IotHubs, Microsoft.Cache/Redis, Microsoft.SignalRService/SignalR, Microsoft.MachineLearningServices/workspaces, Microsoft.Batch/batchAccounts, Microsoft.ContainerRegistry/registries, Microsoft.RecoveryServices/vaults, Microsoft.EventGrid/topics, Microsoft.EventGrid/domains, Microsoft.EventHub/namespaces, Microsoft.ServiceBus/namespaces, Microsoft.Relay/namespaces, Microsoft.StorageSync/storageSyncServices, Microsoft.HealthcareApis/services, Microsoft.Automation/automationAccounts, Microsoft.Insights/privateLinkScopes, Microsoft.CognitiveServices/accounts, Microsoft.Compute/diskAccesses, Microsoft.Network/applicationgateways, Microsoft.Media/mediaservices, Microsoft.Databricks/workspaces, Microsoft.Sql/managedInstances, Microsoft.Migrate/assessmentProjects, Microsoft.Migrate/migrateProjects, Microsoft.DataFactory/factories, Microsoft.Authorization/resourceManagementPrivateLinks, Microsoft.Devices/ProvisioningServices, Microsoft.Synapse/privateLinkHubs, Microsoft.PowerBI/privateLinkServicesForPowerBI, Microsoft.Cache/redisEnterprise, Microsoft.HybridCompute/privateLinkScopes, Microsoft.OffAzure/mastersites, Microsoft.TimeSeriesInsights/environments, Microsoft.DigitalTwins/digitalTwinsInstances, Microsoft.Keyvault/managedHSMs, Microsoft.Kusto/clusters, Microsoft.Purview/accounts, Microsoft.Web/staticSites, Microsoft.SignalRService/webPubSub, Microsoft.DeviceUpdate/accounts, Microsoft.DBforPostgreSQL/serverGroupsv2, Microsoft.HealthcareApis/workspaces, Microsoft.ApiManagement/service, Microsoft.HDInsight/clusters, Microsoft.DesktopVirtualization/hostpools, Microsoft.DesktopVirtualization/workspaces, Microsoft.Media/videoanalyzers, Microsoft.IoTCentral/IoTApps, Microsoft.EventGrid/partnerNamespaces, Microsoft.BotService/botServices, Microsoft.AgFoodPlatform/farmBeats, Microsoft.OpenEnergyPlatform/energyServices, Microsoft.Dashboard/grafana, Microsoft.DBforMySQL/flexibleServers, Microsoft.MachineLearningServices/registries, Microsoft.HardwareSecurityModules/cloudHsmClusters, Microsoft.Monitor/accounts, Microsoft.ElasticSan/elasticSans, Microsoft.CognitiveSearch/indexes.
with module.appservice.azurerm_private_endpoint.appservice_deployment_slot_private_endpoint
on modules/appservice/main.tf line 246, in resource "azurerm_private_endpoint" "appservice_deployment_slot_private_endpoint":
resource "azurerm_private_endpoint" "appservice_deployment_slot_private_endpoint" {

Expected Behaviour

subresource_names of the type "sites-" should be supported

Actual Behaviour

States it's an invalid subresource name I believe before it tries to call ARM

Steps to Reproduce

No response

Important Factoids

No response

References

In the conceptual overview of Using private endpoints for App Services it references this.

https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint#conceptual-overview

neil-yechenwei commented 1 year ago

Thanks for raising this issue. Seems the error you mentioned is returned by service API. TF allowed the "sites-deployment" for subresource_names after checked.

chtay1 commented 1 year ago

Yes, my fault. You actually need to pass the azurerm_windows_web_app.appservice.id not the azurerm_windows_web_app_slot id. If you do that it does work fine.

github-actions[bot] commented 6 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.