"An unexpected error occured while processing the request" when creating MySQL flexible server with redundant backup enabled without identity specified

[vzabawski]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.3

AzureRM Provider Version

3.93.0

Affected Resource(s)/Data Source(s)

azurerm_mysql_flexible_server

Terraform Configuration Files

resource "azurerm_user_assigned_identity" "mysql" {
  name                = "mysql"
  resource_group_name = "myrg"
  location            = "northeurope"
}

resource "azurerm_mysql_flexible_server" "this" {
  name                = "myserver"
  resource_group_name = "myrg"
  location            = "northeurope"

  sku_name = "GP_Standard_D2ads_v5"
  version  = "8.0.21"

  administrator_login    = "myadmin"
  administrator_password = "<password>"

  identity {
    type         = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.mysql.id]
  }

  customer_managed_key {
    primary_user_assigned_identity_id = azurerm_user_assigned_identity.mysql.id
  }

  zone                         = "3"
  geo_redundant_backup_enabled = true
}

Debug Output/Panic Output

│ Error: creating Flexible Server (Subscription: "<redacted>"
│ Resource Group Name: "myrg"
│ Flexible Server Name: "myserver"): polling after Create: polling failed: the Azure API returned the following error:
│ 
│ Status: "InternalServerError"
│ Code: ""
│ Message: "An unexpected error occured while processing the request. Tracking ID: '<redacted>'"
│ Activity Id: ""
│ 
│ ---
│ 
│ API Response:
│ 
│ ----[start]----
│ {"name":"3bec8ee0-a41d-4588-a8g0-75e46109ee1d","status":"Failed","startTime":"2024-02-28T12:49:18.173Z","error":{"code":"InternalServerError","message":"An unexpected error occured while processing the request. Tracking ID: '<redacted>'"}}
│ -----[end]-----
│

Expected Behaviour

Azure provider throws error, because geo_backup_user_assigned_identity_id cannot be empty if geo_redundant_backup_enabled.

Actual Behaviour

"An unexpected error occured while processing the request." And that's all the information I got. It took me a while to figure out what was wrong. I created the server manually with geo redundant backup enabled, imported into Terraform, and tried to finish the configuration with Terraform. And after that, I got an error message that explained what was wrong:

The server 'myserver' is enabled geo redundant backup. Please provide user identity and encryption key for the geo backup storage encryption.

Steps to Reproduce

terraform apply

Important Factoids

No response

References

No response

[vzabawski]

To summarize, I see this issue as a mix of factors:

• Configuration on my side was incorrect.
• AzureRM provider didn't handle this case and submitted incorrect configuration to Azure API.
• Azure API didn't give any concise error messages that might help to understand what's the problem.

[neil-yechenwei]

Thanks for raising this issue. There is already an issue on https://github.com/Azure/azure-rest-api-specs/issues/22980 for tracking the error message improvement.

[kamilzzz]

Yes, this is an upstream issue where Azure doesn't validate inputs nor return any meaningful error for such scenario.

Nevertheless, I think azurerm provider behavior could be improved by simply validating whether geo_backup_user_assigned_identity_id and geo_backup_key_vault_key_id are set when geo_redundant_backup_enabled is set to true and CMK encryption is configured.