Open tissem31 opened 7 months ago
For possibly good reasons my company limits ability to purge accounts, this paints me into a corner when I go to recreate a resource as it complains it already exists. Why not just do what keyvault did and have something similar to recover_soft_deleted_key_vaults? This would get me out of the corner I am forced into.
Hello everyone, if you're still keen on incorporating this feature into the AzureRM provider, kindly follow the setup provided and check if it meets your requirements.
provider "azurerm" {
features {
cognitive_account {
purge_soft_delete_on_destroy = true
}
}
}
Property purge_soft_delete_on_destroy
defaults to true
and I tested with following template.
provider "azurerm" {
features {
cognitive_account {
purge_soft_delete_on_destroy = true
}
}
}
resource "azurerm_resource_group" "example" {
name = "yunliutest"
location = "eastus"
}
resource "azurerm_cognitive_account" "example" {
name = "yunliutest222"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
kind = "SpeechServices"
sku_name = "S0"
}
I executed terraform apply
to set up the cognitive account, followed by terraform destroy
to completely remove it. Subsequently, I ran terraform apply
once more and encountered no errors.
This setup is globally enabled and will apply to all of your cognitive accounts. The reason we haven't implemented purge_protection_enabled
similar to Key Vault for now is because the Cognitive REST API does not have a corresponding property to KeyVault's EnablePurgeProtection.
If you hope to restore the soft-deleted accounts, please refer to https://learn.microsoft.com/en-us/azure/ai-services/recover-purge-resources?tabs=rest-api#recover-a-deleted-resource
Is there an existing issue for this?
Community Note
Description
Description
Using Terraform with a service principal to create OpenAI resources, I noticed a problem when deleting and recreating these resources.
Currently, when I delete a resource via Terraform, it is moved to OpenAI's "Manage Deleted Resources", requiring manual action to purge or recover it from the Azure portal.
I suggest adding a new attribute, for example "purge_protection_enable", to the Cognitive_accoutn Terraform resource. This would allow users to choose to enable or disable purge protection when deleting a resource, offering greater flexibility in resource management.
This feature would be aligned with similar practices seen in other resources, such as Azure's Key Vault Terraform resource.
Recource Key vault
resource "azurerm_key_vault" "aml_kv" { name = "keyvault01" location = var.location resource_group_name = var.resource_group tenant_id = data.azurerm_client_config.current.tenant_id sku_name = "standard" purge_protection_enabled = false <----- #SUCH AS THIS ATTRIBUTE }
Manage deleted resources "Azure Portal"
Terraform Configuration Files
Terraform Version
v1.4
AzureRM Provider Version
v3.88.0
Provider
provider "azurerm" { subscription_id = var.subscription_id skip_provider_registration = true features { cognitive_account { purge_soft_delete_on_destroy = false } key_vault { purge_soft_delete_on_destroy = false recover_soft_deleted_key_vaults = false } } }
example of a cognitive service resource
resource "random_integer" "this" { max = 999999 min = 100000 }
resource "azurerm_cognitive_account" "OpenAI" { name = var.openai_name location = var.location resource_group_name = var.resource_group kind = "OpenAI" custom_subdomain_name = "azure-openai-${random_integer.this.result}"
sku_name = "S0" }
Error Terraform
│ Error: creating Account (Subscription: "XXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXXX" │ Resource Group Name: "rg-test" │ Account Name: "openai01-ic-pe"): unexpected status 409 with error: FlagMustBeSetForRestore: An existing resource with ID '/****s/XXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/rg-test/providers/Microsoft.CognitiveServices/accounts/openai01-ic-pe' has been soft-deleted. To restore the resource, you must specify 'restore' to be 'true' in the property. If you don't want to restore existing resource, please purge it first. │ │ with azurerm_cognitive_account.Cognitives["Language_Service"], │ on main.tf line 438, in resource "azurerm_cognitive_account" "Cognitives": │ 438: resource "azurerm_cognitive_account" "Cognitives" {
New or Affected Resource(s)/Data Source(s)
azurerm_cognitive_account
Potential Terraform Configuration
References
No response