[BUG] Terraform - Failed to get existing workspaces: containers.Client#ListBlobs: Code="ContainerNotFound"

[code-bucket-user]

Describe the bug During the execution of gitops action, it is failure on steps - name: Apply Terraform configuration. Terraform backend configured properly as per the standard. steps -uses: microsoft/nubesgen-actions/gitops-apply-terraform@v0.13.0. But it is throwing bellow error

**Error:** Failed to get existing workspaces: containers.Client#ListBlobs: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ContainerNotFound" Message="The specified container does not exist.\nRequestId:*****

Where as existing backend configuration running perfectly during manual execution using terraform init / terraform init -reconfigure

Observations Actual issue is in the gitops action template code -backend-config="container_name=tfstate" \, if it is take the container name dynamically from backend configuration then it should not be a problem. But for that we need to change in the action template code. So for now if I use tfsate as a container name, it is working perfectly.

To Reproduce Steps to reproduce the behavior:

1. Create an Storage account.

2. Create a Blob Storage Container.

3. Configure backend "azurerm" { resource_group_name = "rg-sample-dev-us" storage_account_name = "st001sampleus" container_name = "sample-container-us-1" key = "terraform.tfstate" access_key = "****" }

4. Run the gitops action.

Expected behavior Initializing the backend...

Successfully configured the backend "azurerm"! Terraform will automatically use this backend unless the backend configuration changes. Initializing modules...

Initializing provider plugins...

• Finding aztfmod/azurecaf versions matching "1.2.26"...
• Finding hashicorp/azurerm versions matching "~> 3.0"...
• Installing aztfmod/azurecaf v1.2.26...
• Installed aztfmod/azurecaf v1.2.26 (self-signed, key ID 3D457F4D69B172D6)
• Installing hashicorp/azurerm v3.78.0...
• Installed hashicorp/azurerm v3.78.0 (signed by HashiCorp)

Screenshots Please find the attached screenshot

Desktop (please complete the following information):

• OS: [e.g. Windows 10]
• Browser [e.g. chrome]

[jdubois]

What you describe is what everybody does with Terraform, then we have a specific configuration that I'm not sure you're aware of: we add a VNet to secure the access to the Blob storage. As the Terraform state stores a lot of sensitive data (like the database password), we believe it's better not to have it available on the Internet directly, so we add this extra layer of security. As you don't write about it in your issue, it seems to me you configured this directly. Can you check if you have a VNet securing your blob storage?

[code-bucket-user]

Yes VNet is configured. I follow the every steps those are mentioned in docs.nubesgen.com.

Not only V-Net along with subnet, network rule, other principal for permission, relevant role such as contributor, owner e.t.c configured properly.

What I observed in gitops workflow log during Run export ARM_CLIENT_SECRET=$(echo $AZURE_CREDENTIALS | jq -r .clientSecret) doterraform init taking wrong resource_group_name & container_name as -backend-config. Although terraform backend is properly configured. As resource_group_name is part of theinputs so I able to override it within workflow yml, but unable to do the same for container_name. As becuase it is not taking any inputs. So only way to resolve it for working propose create a blob container name tfstate.

If anything else required to configure, please let me know.