Failed to Open TCP Connection when resource has been deleted during scan

[jnikles1]

We are currently running into an error when resources have been deleted during the progress of the scan of a subscription. The errors typically look something like this: "Failed to open TCP connection to :443 (getaddrinfo: Name or service not known)".

The connection to this resource is tried 3 times, since our azure_retry_limit is set to 3. Additionally, the connection failure shows up 3 times in our report. Is it possible to catch this error and skip the execution of the resource if the resource no longer exists? We've tried to implement this in our controls, but since it is an HTTP error, the backend failure is reported in our report regardless.

Here are the resources we've been seeing errors on: azure_storage_accounts <- when the resource group or storage account has been deleted during the scan (given that we azure_resource_groups <- when the subscription has been deleted during the scan

Possible Solution

Implement error handling that skips the resource if the resource no longer exists

[clintoncwolfe]

We found that this issue was peculiar to users running very long scans (several hours) and using a one-shot loading cache. We generally advise if you are running scans that long to add .exists? checks prior to your tests to force a re-check of the resource, and to then invalidate the cache.

I'm closing this as handling this with a skip if the resource no longer exists would not be the right thing to do in all circumstances - that could also mean it never existed, unless we make our resources very aware of the cache state, which we can't do without breaking encapsulation.