azurerm_security_center_storage_defender reports error : /Microsoft.Storage/storageAccounts/****" │ already exists

panfilenok-epam commented 4 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.0

AzureRM Provider Version

3.113.0

Affected Resource(s)/Data Source(s)

azurerm_security_center_storage_defender

Terraform Configuration Files

resource "azurerm_storage_account" "st_func_consent_synchronization" {
  name                            = local.st_name
  resource_group_name             = local.resource_group
  location                        = var.location
  account_tier                    = "Standard"
  account_replication_type        = "LRS"
  tags                            = local.tags
  allow_nested_items_to_be_public = false
}

resource "azurerm_security_center_storage_defender" "st_func_consent_synchronization" {
  storage_account_id                          = azurerm_storage_account.st_func_consent_synchronization.id
  override_subscription_settings_enabled      = false
  malware_scanning_on_upload_enabled          = false
  sensitive_data_discovery_enabled            = false
  malware_scanning_on_upload_cap_gb_per_month = 1
}

Debug Output/Panic Output

Terraform will perform the following actions:

  # azurerm_security_center_storage_defender.st_func_consent_synchronization will be created
  + resource "azurerm_security_center_storage_defender" "st_func_consent_synchronization" {
      + id                                          = (known after apply)
      + malware_scanning_on_upload_cap_gb_per_month = 1
      + malware_scanning_on_upload_enabled          = false
      + override_subscription_settings_enabled      = false
      + sensitive_data_discovery_enabled            = false
      + storage_account_id                          = "/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]"
    }

Plan: 1 to add, 0 to change, 0 to destroy.
azurerm_security_center_storage_defender.st_func_consent_synchronization: Creating...
Error: -24T08:16:08.894Z [ERROR] provider.terraform-provider-azurerm_v3.113.0_x5: Response contains error diagnostic: @caller=github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/diag/diagnostics.go:58 tf_proto_version=5.4 tf_req_id=63541c9c-528b-543e-7044-e4e42d7f081a @module=sdk.proto diagnostic_detail="A resource with the ID \"/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]\" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for \"azurerm_security_center_storage_defender\" for more information." diagnostic_severity=ERROR diagnostic_summary="A resource with the ID \"/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]\" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for \"azurerm_security_center_storage_defender\" for more information." tf_provider_addr=provider tf_resource_type=azurerm_security_center_storage_defender tf_rpc=ApplyResourceChange timestamp=2024-07-24T08:16:08.894Z
Error: -24T08:16:08.895Z [ERROR] vertex "azurerm_security_center_storage_defender.st_func_consent_synchronization" error: A resource with the ID "/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_security_center_storage_defender" for more information.
╷
│ Error: A resource with the ID "/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_security_center_storage_defender" for more information.
│ 
│   with azurerm_security_center_storage_defender.st_func_consent_synchronization,
│   on fia-consent-synchronization-service.tf line 11, in resource "azurerm_security_center_storage_defender" "st_func_consent_synchronization":
│   11: resource "azurerm_security_center_storage_defender" "st_func_consent_synchronization" {
│ 
│ A resource with the ID
│ "/subscriptions/[MY SUBSCRIPTION]/resourceGroups/[MY RESOURCE GROUP]/providers/Microsoft.Storage/storageAccounts/[MY STORAGE ACCOUNT]"
│ already exists - to be managed via Terraform this resource needs to be
│ imported into the State. Please see the resource documentation for
│ "azurerm_security_center_storage_defender" for more information.

Expected Behaviour

Terraform applies changes successfully

Actual Behaviour

Terraform returns an error. I can guess that the cloud defender is configured at the storage account level outside of terraform, however, the terraform error clearly says that the "storage account already esists". The error message is confusing

Steps to Reproduce

No response

Important Factoids

No response

References

No response

neil-yechenwei commented 4 months ago

Thanks for raising this issue. I assume it's by TF design since the specified storage account has configured/enabled the defender. As terraform would always check if the target resource is added/created before creating the resource, so TF returns this error.

panfilenok-epam commented 4 months ago

The error text is confusing. I'm not trying to create storage account. Why it tells me that storage accout already exists?

nickel-tyler commented 3 weeks ago

also encountering this issue with provider version 3.116.0. It seems like the azurerm_security_center_storage_defender resource is getting the same resource id as the storage account it is hooked up to, which causes the error. Seems like this resource wasn't tested at all before being put in.

hashicorp / terraform-provider-azurerm