hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.59k stars 4.63k forks source link

azurerm_security_center_storage_defender reports error : /Microsoft.Storage/storageAccounts/****" │ already exists #26766

Open panfilenok-epam opened 3 months ago

panfilenok-epam commented 3 months ago

Is there an existing issue for this?

Community Note

Terraform Version

1.9.0

AzureRM Provider Version

3.113.0

Affected Resource(s)/Data Source(s)

azurerm_security_center_storage_defender

Terraform Configuration Files

resource "azurerm_storage_account" "st_func_consent_synchronization" {
  name                            = local.st_name
  resource_group_name             = local.resource_group
  location                        = var.location
  account_tier                    = "Standard"
  account_replication_type        = "LRS"
  tags                            = local.tags
  allow_nested_items_to_be_public = false
}

resource "azurerm_security_center_storage_defender" "st_func_consent_synchronization" {
  storage_account_id                          = azurerm_storage_account.st_func_consent_synchronization.id
  override_subscription_settings_enabled      = false
  malware_scanning_on_upload_enabled          = false
  sensitive_data_discovery_enabled            = false
  malware_scanning_on_upload_cap_gb_per_month = 1
}

Debug Output/Panic Output

Terraform will perform the following actions:

  # azurerm_security_center_storage_defender.st_func_consent_synchronization will be created
  + resource "azurerm_security_center_storage_defender" "st_func_consent_synchronization" {
      + id                                          = (known after apply)
      + malware_scanning_on_upload_cap_gb_per_month = 1
      + malware_scanning_on_upload_enabled          = false
      + override_subscription_settings_enabled      = false
      + sensitive_data_discovery_enabled            = false
      + storage_account_id                          = "/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
azurerm_security_center_storage_defender.st_func_consent_synchronization: Creating...
Error: -24T08:16:08.894Z [ERROR] provider.terraform-provider-azurerm_v3.113.0_x5: Response contains error diagnostic: @caller=github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/diag/diagnostics.go:58 tf_proto_version=5.4 tf_req_id=63541c9c-528b-543e-7044-e4e42d7f081a @module=sdk.proto diagnostic_detail="A resource with the ID \"/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]\" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for \"azurerm_security_center_storage_defender\" for more information." diagnostic_severity=ERROR diagnostic_summary="A resource with the ID \"/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]\" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for \"azurerm_security_center_storage_defender\" for more information." tf_provider_addr=provider tf_resource_type=azurerm_security_center_storage_defender tf_rpc=ApplyResourceChange timestamp=2024-07-24T08:16:08.894Z
Error: -24T08:16:08.895Z [ERROR] vertex "azurerm_security_center_storage_defender.st_func_consent_synchronization" error: A resource with the ID "/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_security_center_storage_defender" for more information.
╷
│ Error: A resource with the ID "/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_security_center_storage_defender" for more information.
│ 
│   with azurerm_security_center_storage_defender.st_func_consent_synchronization,
│   on fia-consent-synchronization-service.tf line 11, in resource "azurerm_security_center_storage_defender" "st_func_consent_synchronization":
│   11: resource "azurerm_security_center_storage_defender" "st_func_consent_synchronization" {
│ 
│ A resource with the ID
│ "/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]"
│ already exists - to be managed via Terraform this resource needs to be
│ imported into the State. Please see the resource documentation for
│ "azurerm_security_center_storage_defender" for more information.

Expected Behaviour

Terraform applies changes successfully

Actual Behaviour

Terraform returns an error. I can guess that the cloud defender is configured at the storage account level outside of terraform, however, the terraform error clearly says that the "storage account already esists". The error message is confusing

Steps to Reproduce

No response

Important Factoids

No response

References

No response

neil-yechenwei commented 3 months ago

Thanks for raising this issue. I assume it's by TF design since the specified storage account has configured/enabled the defender. As terraform would always check if the target resource is added/created before creating the resource, so TF returns this error.

panfilenok-epam commented 3 months ago

The error text is confusing. I'm not trying to create storage account. Why it tells me that storage accout already exists?