Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform Provider Crash When Recreating Storage Accounts After Manual Deletion #28362

Open
1 task done
mfejzic opened this issue Dec 21, 2024 · 0 comments
Open
1 task done

Terraform Provider Crash When Recreating Storage Accounts After Manual Deletion #28362

mfejzic opened this issue Dec 21, 2024 · 0 comments
Labels
bug crash service/cdn service/storage v/4.x

Comments

@mfejzic
Copy link

mfejzic commented Dec 21, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5 i think

AzureRM Provider Version

4.14.0

Affected Resource(s)/Data Source(s)

resource "azurerm_cdn_endpoint" "secondary_endpoint" , resource "azurerm_storage_blob" "east_error_blob" , resource "azurerm_storage_blob" "east_blob" , resource "azurerm_storage_account_static_website" "SA_east_static_website" , resource "azurerm_storage_account_static_website" "SA_west_static_website ,

Terraform Configuration Files

data "azurerm_resource_group" "main_RG" {
  name = "main"
}


# ------------------------------------- US West -------------------------------------#

data "azurerm_storage_account" "westus" {
  name                = azurerm_storage_account.SA_west.name
  resource_group_name = data.azurerm_resource_group.main_RG.name
}

resource "azurerm_storage_account" "SA_west" {
  name                     = "mf37west"
  resource_group_name      = data.azurerm_resource_group.main_RG.name
  location                 = "westus"
  account_tier             = "Standard"
  account_replication_type = "RAGRS"

#   static_website {
#     index_document     = "index.html"
#     error_404_document = "error.html"
#   }

  tags = {
    environment = "staging"
  }
}

resource "azurerm_storage_account_static_website" "SA_west_static_website" {
  storage_account_id = azurerm_storage_account.SA_west.id
  error_404_document = "error.html"
  index_document     = "index.html"

  depends_on = [azurerm_storage_account.SA_west]
}

resource "azurerm_storage_container" "west_container" {
  name                  = "$web"
  container_access_type = "blob"
  storage_account_name = azurerm_storage_account.SA_west.name

  depends_on = [ azurerm_storage_account.SA_west ]
}

resource "azurerm_storage_blob" "west_blob" {
  name                   = "index.html"
  storage_account_name   = azurerm_storage_account.SA_west.name
  storage_container_name = "$web"                                               // $web is created by default after enabling static website, its recommended to upload index.html in this container
  type                   = "Block"
  source                 = "index.html"
}

resource "azurerm_storage_blob" "west_error_blob" {
  name                   = "error.html"
  storage_account_name   = azurerm_storage_account.SA_west.name
  storage_container_name = "$web"
  type                   = "Block"
  source                 = "error.html"
}

resource "azurerm_storage_account_network_rules" "west_logs" {
  storage_account_id = azurerm_storage_account.SA_west.id

  default_action             = "Allow"
  ip_rules                   = ["0.0.0.0/0"]
  bypass                     = ["Metrics"]
}


# ------------------------------------- US East 2 -------------------------------------#

# data "azurerm_storage_account" "SA_east" {
#   name                = azurerm_storage_account.SA_east.name
#   resource_group_name = data.azurerm_resource_group.main_RG.name
# }

resource "azurerm_storage_account" "SA_east" {
  name                     = "mf37east"
  resource_group_name      = data.azurerm_resource_group.main_RG.name
  location                 = "eastus2"
  account_tier             = "Standard"
  account_replication_type = "RAGRS"

#   static_website {
#     index_document     = "index.html"
#     error_404_document = "error.html"
#   }

  tags = {
    environment = "staging"
  }
}

resource "azurerm_storage_account_static_website" "SA_east_static_website" {
  storage_account_id = azurerm_storage_account.SA_east.id
  error_404_document = "error.html"
  index_document     = "index.html"

  depends_on = [azurerm_storage_account.SA_east]
}

resource "azurerm_storage_container" "east_container" {
  name                  = "$web"
  storage_account_name = azurerm_storage_account.SA_east.name
  container_access_type = "blob"
}

resource "azurerm_storage_blob" "east_blob" {
  name                   = "index.html"
  storage_account_name   = azurerm_storage_account.SA_east.name
  storage_container_name = "$web"                                         // $web is created by default after enabling static website, its recommended to upload index.html in this container
  type                   = "Block"
  source                 = "index.html"
}

resource "azurerm_storage_blob" "east_error_blob" {
  name                   = "error.html"
  storage_account_name   = azurerm_storage_account.SA_east.name
  storage_container_name = "$web"
  type                   = "Block"
  source                 = "error.html"
}

resource "azurerm_storage_account_network_rules" "east_logs" {
  storage_account_id = azurerm_storage_account.SA_east.id

  default_action             = "Allow"
  ip_rules                   = ["0.0.0.0/0"]
  bypass                     = ["Metrics"]
}


# ------------------------------------- CDN profile & endpoints -------------------------------------#

# Generate a random ID to append to the endpoint name
resource "random_id" "random_id" {
  byte_length = 8
}

# Create Azure CDN profile
resource "azurerm_cdn_profile" "cdn_profile" {
  name                = "cdn-profile"
  resource_group_name = data.azurerm_resource_group.main_RG.name
  location            = "Global"
  sku = "Standard_Microsoft"
}

# Primary CDN Endpoint in US West (points to primary storage)
resource "azurerm_cdn_endpoint" "primary_endpoint" {
  name               = "primary-endpoint-${random_id.random_id.hex}"
  profile_name       = azurerm_cdn_profile.cdn_profile.name
  resource_group_name = data.azurerm_resource_group.main_RG.name
  location = data.azurerm_resource_group.main_RG.location
  optimization_type = "GeneralWebDelivery"
  is_https_allowed = true
  
  origin {
    name      = "primary"
    host_name = replace(replace(azurerm_storage_account.SA_west.primary_web_endpoint, "https://", ""), "/", "")    // use replace regex to remove the https:// and last slash from the host name - went from "https://mf37west.z22.web.core.windows.net/\ to mf37west.z22.web.core.windows.net/ 
  }

  depends_on = [ azurerm_cdn_profile.cdn_profile ]
}

# Secondary CDN Endpoint in US East (points to secondary storage)
resource "azurerm_cdn_endpoint" "secondary_endpoint" {
  name               = "secondary-endpoint-${random_id.random_id.hex}"
  profile_name       = azurerm_cdn_profile.cdn_profile.name
  resource_group_name = data.azurerm_resource_group.main_RG.name
  location = "eastus2"
  optimization_type = "GeneralWebDelivery"

  origin {
    name      = "secondary"
    host_name = replace(replace(azurerm_storage_account.SA_east.secondary_web_endpoint, "https://", ""), "/", "") // enable GRS or RA_GRS in storage account to use the secondary web endpoint as a backup!!! if stil facing issues with secondary, use primary until GRS propogates across regions
  }

  depends_on = [ azurerm_cdn_profile.cdn_profile, azurerm_cdn_endpoint.primary_endpoint ]
}

# resource "azurerm_cdn_endpoint_custom_domain" "primary_endpoint_custom_domain" {
#   name            = "domain"
#   cdn_endpoint_id = azurerm_cdn_endpoint.primary_endpoint.id
#   host_name       = "www.fejzic37.com"
#   cdn_managed_https {
#     certificate_type = "Shared"
#     protocol_type = "IPBased"                                              // manually enable custom https on azure portal - no idea why im getting cert type not supported error
#   }

# #   depends_on = [ azurerm_cdn_endpoint.primary_endpoint ]
# }


# ------------------------------------- Route53 -------------------------------------#

data "aws_route53_zone" "hosted_zone" {
  name = "fejzic37.com"                                                          // your actual domain name managed in Route 53
}

# Primary CNAME Record (points to the Azure CDN endpoint for primary)
resource "aws_route53_record" "primary_cname" {
  zone_id = data.aws_route53_zone.hosted_zone.id
  name    = "www.${data.aws_route53_zone.hosted_zone.name}"
  type    = "CNAME"
  ttl     = 60
  health_check_id = aws_route53_health_check.primary_health_check.id

  records = ["mf37west.z22.web.core.windows.net"]                                // or try azurerm_cdn_endpoint.secondary_endpoint.fqdn

  set_identifier = "primary"
  failover_routing_policy {
    type = "PRIMARY"
  }
}

resource "aws_route53_health_check" "primary_health_check" {
  fqdn = azurerm_cdn_endpoint.primary_endpoint.fqdn                                          // Your primary CDN endpoint

  type = "HTTPS"
  resource_path = "/index.html"
  failure_threshold = 3
  request_interval = 30
  port = 443
}

Debug Output/Panic Output

terraform plan
random_id.random_id: Refreshing state... [id=r2Tszzad-Fk]
data.aws_route53_zone.hosted_zone: Reading...
data.aws_route53_zone.hosted_zone: Read complete after 1s [id=Z01500973PFU2OSGH9ML5]
data.azurerm_resource_group.main_RG: Reading...
data.azurerm_resource_group.main_RG: Read complete after 0s [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main]
azurerm_cdn_profile.cdn_profile: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Cdn/profiles/cdn-profile]
azurerm_storage_account.SA_east: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Storage/storageAccounts/mf37east]
azurerm_storage_account.SA_west: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Storage/storageAccounts/mf37west]
azurerm_storage_account_network_rules.west_logs: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Storage/storageAccounts/mf37west]
azurerm_storage_blob.west_error_blob: Refreshing state... [id=https://mf37west.blob.core.windows.net/$web/error.html]
azurerm_storage_blob.west_blob: Refreshing state... [id=https://mf37west.blob.core.windows.net/$web/index.html]
azurerm_storage_account_static_website.SA_west_static_website: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Storage/storageAccounts/mf37west]
azurerm_storage_account_static_website.SA_east_static_website: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Storage/storageAccounts/mf37east]
azurerm_storage_blob.east_error_blob: Refreshing state... [id=https://mf37east.blob.core.windows.net/$web/error.html]
azurerm_storage_blob.east_blob: Refreshing state... [id=https://mf37east.blob.core.windows.net/$web/index.html]
azurerm_storage_account_network_rules.east_logs: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Storage/storageAccounts/mf37east]
azurerm_cdn_endpoint.primary_endpoint: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Cdn/profiles/cdn-profile/endpoints/primary-endpoint-af64eccf369df859]
aws_route53_health_check.primary_health_check: Refreshing state... [id=a5ec3aee-a5e6-464b-adb8-61622db8c778]
azurerm_cdn_endpoint.secondary_endpoint: Refreshing state... [id=/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Cdn/profiles/cdn-profile/endpoints/secondary-endpoint-af64eccf369df859]
aws_route53_record.primary_cname: Refreshing state... [id=Z01500973PFU2OSGH9ML5_www.fejzic37.com_CNAME_primary]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:

  # azurerm_storage_account.SA_east has been deleted
  - resource "azurerm_storage_account" "SA_east" {
      - id                                = "/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Storage/storageAccounts/mf37east" -> null
      - name                              = "mf37east" -> null
      - secondary_web_endpoint            = "https://mf37east-secondary.z20.web.core.windows.net/" -> null
        tags                              = {
            "environment" = "staging"
        }
        # (51 unchanged attributes hidden)

        # (5 unchanged blocks hidden)
    }

  # azurerm_storage_account.SA_west has been deleted
  - resource "azurerm_storage_account" "SA_west" {
      - id                                = "/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Storage/storageAccounts/mf37west" -> null
      - name                              = "mf37west" -> null
      - primary_web_endpoint              = "https://mf37west.z22.web.core.windows.net/" -> null
        tags                              = {
            "environment" = "staging"
        }
        # (51 unchanged attributes hidden)

        # (5 unchanged blocks hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond 
to these changes.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── 

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform planned the following actions, but then encountered a problem:

  # data.azurerm_storage_account.westus will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "azurerm_storage_account" "westus" {
      + access_tier                        = (known after apply)
      + account_kind                       = (known after apply)
      + account_replication_type           = (known after apply)
      + account_tier                       = (known after apply)
      + allow_nested_items_to_be_public    = (known after apply)
      + azure_files_authentication         = (known after apply)
      + custom_domain                      = (known after apply)
      + dns_endpoint_type                  = (known after apply)
      + https_traffic_only_enabled         = (known after apply)
      + id                                 = (known after apply)
      + identity                           = (known after apply)
      + infrastructure_encryption_enabled  = (known after apply)
      + is_hns_enabled                     = (known after apply)
      + location                           = (known after apply)
      + name                               = "mf37west"
      + nfsv3_enabled                      = (known after apply)
      + primary_access_key                 = (sensitive value)
      + primary_blob_connection_string     = (sensitive value)
      + primary_blob_endpoint              = (known after apply)
      + primary_blob_host                  = (known after apply)
      + primary_blob_internet_endpoint     = (known after apply)
      + primary_blob_internet_host         = (known after apply)
      + primary_blob_microsoft_endpoint    = (known after apply)
      + primary_blob_microsoft_host        = (known after apply)
      + primary_connection_string          = (sensitive value)
      + primary_dfs_endpoint               = (known after apply)
      + primary_dfs_host                   = (known after apply)
      + primary_dfs_internet_endpoint      = (known after apply)
      + primary_dfs_internet_host          = (known after apply)
      + primary_dfs_microsoft_endpoint     = (known after apply)
      + primary_dfs_microsoft_host         = (known after apply)
      + primary_file_endpoint              = (known after apply)
      + primary_file_host                  = (known after apply)
      + primary_file_internet_endpoint     = (known after apply)
      + primary_file_internet_host         = (known after apply)
      + primary_file_microsoft_endpoint    = (known after apply)
      + primary_file_microsoft_host        = (known after apply)
      + primary_location                   = (known after apply)
      + primary_queue_endpoint             = (known after apply)
      + primary_queue_host                 = (known after apply)
      + primary_queue_microsoft_endpoint   = (known after apply)
      + primary_queue_microsoft_host       = (known after apply)
      + primary_table_endpoint             = (known after apply)
      + primary_table_host                 = (known after apply)
      + primary_table_microsoft_endpoint   = (known after apply)
      + primary_table_microsoft_host       = (known after apply)
      + primary_web_endpoint               = (known after apply)
      + primary_web_host                   = (known after apply)
      + primary_web_internet_endpoint      = (known after apply)
      + primary_web_internet_host          = (known after apply)
      + primary_web_microsoft_endpoint     = (known after apply)
      + primary_web_microsoft_host         = (known after apply)
      + queue_encryption_key_type          = (known after apply)
      + resource_group_name                = "main"
      + secondary_access_key               = (sensitive value)
      + secondary_blob_connection_string   = (sensitive value)
      + secondary_blob_endpoint            = (known after apply)
      + secondary_blob_host                = (known after apply)
      + secondary_blob_internet_endpoint   = (known after apply)
      + secondary_blob_internet_host       = (known after apply)
      + secondary_blob_microsoft_endpoint  = (known after apply)
      + secondary_blob_microsoft_host      = (known after apply)
      + secondary_connection_string        = (sensitive value)
      + secondary_dfs_endpoint             = (known after apply)
      + secondary_dfs_host                 = (known after apply)
      + secondary_dfs_internet_endpoint    = (known after apply)
      + secondary_dfs_internet_host        = (known after apply)
      + secondary_dfs_microsoft_endpoint   = (known after apply)
      + secondary_dfs_microsoft_host       = (known after apply)
      + secondary_file_endpoint            = (known after apply)
      + secondary_file_host                = (known after apply)
      + secondary_file_internet_endpoint   = (known after apply)
      + secondary_file_internet_host       = (known after apply)
      + secondary_file_microsoft_endpoint  = (known after apply)
      + secondary_file_microsoft_host      = (known after apply)
      + secondary_location                 = (known after apply)
      + secondary_queue_endpoint           = (known after apply)
      + secondary_queue_host               = (known after apply)
      + secondary_queue_microsoft_endpoint = (known after apply)
      + secondary_queue_microsoft_host     = (known after apply)
      + secondary_table_endpoint           = (known after apply)
      + secondary_table_host               = (known after apply)
      + secondary_table_microsoft_endpoint = (known after apply)
      + secondary_table_microsoft_host     = (known after apply)
      + secondary_web_endpoint             = (known after apply)
      + secondary_web_host                 = (known after apply)
      + secondary_web_internet_endpoint    = (known after apply)
      + secondary_web_internet_host        = (known after apply)
      + secondary_web_microsoft_endpoint   = (known after apply)
      + secondary_web_microsoft_host       = (known after apply)
      + table_encryption_key_type          = (known after apply)
      + tags                               = (known after apply)
    }

  # aws_route53_health_check.primary_health_check will be updated in-place
  ~ resource "aws_route53_health_check" "primary_health_check" {
      ~ fqdn                   = "primary-endpoint-af64eccf369df859.azureedge.net" -> (known after apply)
        id                     = "a5ec3aee-a5e6-464b-adb8-61622db8c778"
        tags                   = {}
        # (14 unchanged attributes hidden)
    }

  # azurerm_cdn_endpoint.primary_endpoint must be replaced
-/+ resource "azurerm_cdn_endpoint" "primary_endpoint" {
      - content_types_to_compress     = [] -> null
      ~ fqdn                          = "primary-endpoint-af64eccf369df859.azureedge.net" -> (known after apply)
      ~ id                            = "/subscriptions/064b2bea-3fc1-4bf7-b067-3d942c23e4dd/resourceGroups/main/providers/Microsoft.Cdn/profiles/cdn-profile/endpoints/primary-endpoint-af64eccf369df859" -> (known after apply)
      - is_compression_enabled        = false -> null
        name                          = "primary-endpoint-af64eccf369df859"
      - tags                          = {} -> null
        # (7 unchanged attributes hidden)

      - origin { # forces replacement
          - host_name  = "mf37west.z22.web.core.windows.net" -> null
          - http_port  = 80 -> null
          - https_port = 443 -> null
          - name       = "primary" -> null
        }
      + origin { # forces replacement
          + host_name  = (known after apply)
          + http_port  = 80
          + https_port = 443
          + name       = "primary"
        }
    }

  # azurerm_storage_account.SA_east will be created
  + resource "azurerm_storage_account" "SA_east" {
      + access_tier                        = (known after apply)
      + account_kind                       = "StorageV2"
      + account_replication_type           = "RAGRS"
      + account_tier                       = "Standard"
      + allow_nested_items_to_be_public    = true
      + cross_tenant_replication_enabled   = false
      + default_to_oauth_authentication    = false
      + dns_endpoint_type                  = "Standard"
      + https_traffic_only_enabled         = true
      + id                                 = (known after apply)
      + infrastructure_encryption_enabled  = false
      + is_hns_enabled                     = false
      + large_file_share_enabled           = (known after apply)
      + local_user_enabled                 = true
      + location                           = "eastus2"
      + min_tls_version                    = "TLS1_2"
      + name                               = "mf37east"
      + nfsv3_enabled                      = false
      + primary_access_key                 = (sensitive value)
      + primary_blob_connection_string     = (sensitive value)
      + primary_blob_endpoint              = (known after apply)
      + primary_blob_host                  = (known after apply)
      + primary_blob_internet_endpoint     = (known after apply)
      + primary_blob_internet_host         = (known after apply)
      + primary_blob_microsoft_endpoint    = (known after apply)
      + primary_blob_microsoft_host        = (known after apply)
      + primary_connection_string          = (sensitive value)
      + primary_dfs_endpoint               = (known after apply)
      + primary_dfs_host                   = (known after apply)
      + primary_dfs_internet_endpoint      = (known after apply)
      + primary_dfs_internet_host          = (known after apply)
      + primary_dfs_microsoft_endpoint     = (known after apply)
      + primary_dfs_microsoft_host         = (known after apply)
      + primary_file_endpoint              = (known after apply)
      + primary_file_host                  = (known after apply)
      + primary_file_internet_endpoint     = (known after apply)
      + primary_file_internet_host         = (known after apply)
      + primary_file_microsoft_endpoint    = (known after apply)
      + primary_file_microsoft_host        = (known after apply)
      + primary_location                   = (known after apply)
      + primary_queue_endpoint             = (known after apply)
      + primary_queue_host                 = (known after apply)
      + primary_queue_microsoft_endpoint   = (known after apply)
      + primary_queue_microsoft_host       = (known after apply)
      + primary_table_endpoint             = (known after apply)
      + primary_table_host                 = (known after apply)
      + primary_table_microsoft_endpoint   = (known after apply)
      + primary_table_microsoft_host       = (known after apply)
      + primary_web_endpoint               = (known after apply)
      + primary_web_host                   = (known after apply)
      + primary_web_internet_endpoint      = (known after apply)
      + primary_web_internet_host          = (known after apply)
      + primary_web_microsoft_endpoint     = (known after apply)
      + primary_web_microsoft_host         = (known after apply)
      + public_network_access_enabled      = true
      + queue_encryption_key_type          = "Service"
      + resource_group_name                = "main"
      + secondary_access_key               = (sensitive value)
      + secondary_blob_connection_string   = (sensitive value)
      + secondary_blob_endpoint            = (known after apply)
      + secondary_blob_host                = (known after apply)
      + secondary_blob_internet_endpoint   = (known after apply)
      + secondary_blob_internet_host       = (known after apply)
      + secondary_blob_microsoft_endpoint  = (known after apply)
      + secondary_blob_microsoft_host      = (known after apply)
      + secondary_connection_string        = (sensitive value)
      + secondary_dfs_endpoint             = (known after apply)
      + secondary_dfs_host                 = (known after apply)
      + secondary_dfs_internet_endpoint    = (known after apply)
      + secondary_dfs_internet_host        = (known after apply)
      + secondary_dfs_microsoft_endpoint   = (known after apply)
      + secondary_dfs_microsoft_host       = (known after apply)
      + secondary_file_endpoint            = (known after apply)
      + secondary_file_host                = (known after apply)
      + secondary_file_internet_endpoint   = (known after apply)
      + secondary_file_internet_host       = (known after apply)
      + secondary_file_microsoft_endpoint  = (known after apply)
      + secondary_file_microsoft_host      = (known after apply)
      + secondary_location                 = (known after apply)
      + secondary_queue_endpoint           = (known after apply)
      + secondary_queue_host               = (known after apply)
      + secondary_queue_microsoft_endpoint = (known after apply)
      + secondary_queue_microsoft_host     = (known after apply)
      + secondary_table_endpoint           = (known after apply)
      + secondary_table_host               = (known after apply)
      + secondary_table_microsoft_endpoint = (known after apply)
      + secondary_table_microsoft_host     = (known after apply)
      + secondary_web_endpoint             = (known after apply)
      + secondary_web_host                 = (known after apply)
      + secondary_web_internet_endpoint    = (known after apply)
      + secondary_web_internet_host        = (known after apply)
      + secondary_web_microsoft_endpoint   = (known after apply)
      + secondary_web_microsoft_host       = (known after apply)
      + sftp_enabled                       = false
      + shared_access_key_enabled          = true
      + table_encryption_key_type          = "Service"
      + tags                               = {
          + "environment" = "staging"
        }
    }

  # azurerm_storage_account.SA_west will be created
  + resource "azurerm_storage_account" "SA_west" {
      + access_tier                        = (known after apply)
      + account_kind                       = "StorageV2"
      + account_replication_type           = "RAGRS"
      + account_tier                       = "Standard"
      + allow_nested_items_to_be_public    = true
      + cross_tenant_replication_enabled   = false
      + default_to_oauth_authentication    = false
      + dns_endpoint_type                  = "Standard"
      + https_traffic_only_enabled         = true
      + id                                 = (known after apply)
      + infrastructure_encryption_enabled  = false
      + is_hns_enabled                     = false
      + large_file_share_enabled           = (known after apply)
      + local_user_enabled                 = true
      + location                           = "westus"
      + min_tls_version                    = "TLS1_2"
      + name                               = "mf37west"
      + nfsv3_enabled                      = false
      + primary_access_key                 = (sensitive value)
      + primary_blob_connection_string     = (sensitive value)
      + primary_blob_endpoint              = (known after apply)
      + primary_blob_host                  = (known after apply)
      + primary_blob_internet_endpoint     = (known after apply)
      + primary_blob_internet_host         = (known after apply)
      + primary_blob_microsoft_endpoint    = (known after apply)
      + primary_blob_microsoft_host        = (known after apply)
      + primary_connection_string          = (sensitive value)
      + primary_dfs_endpoint               = (known after apply)
      + primary_dfs_host                   = (known after apply)
      + primary_dfs_internet_endpoint      = (known after apply)
      + primary_dfs_internet_host          = (known after apply)
      + primary_dfs_microsoft_endpoint     = (known after apply)
      + primary_dfs_microsoft_host         = (known after apply)
      + primary_file_endpoint              = (known after apply)
      + primary_file_host                  = (known after apply)
      + primary_file_internet_endpoint     = (known after apply)
      + primary_file_internet_host         = (known after apply)
      + primary_file_microsoft_endpoint    = (known after apply)
      + primary_file_microsoft_host        = (known after apply)
      + primary_location                   = (known after apply)
      + primary_queue_endpoint             = (known after apply)
      + primary_queue_host                 = (known after apply)
      + primary_queue_microsoft_endpoint   = (known after apply)
      + primary_queue_microsoft_host       = (known after apply)
      + primary_table_endpoint             = (known after apply)
      + primary_table_host                 = (known after apply)
      + primary_table_microsoft_endpoint   = (known after apply)
      + primary_table_microsoft_host       = (known after apply)
      + primary_web_endpoint               = (known after apply)
      + primary_web_host                   = (known after apply)
      + primary_web_internet_endpoint      = (known after apply)
      + primary_web_internet_host          = (known after apply)
      + primary_web_microsoft_endpoint     = (known after apply)
      + primary_web_microsoft_host         = (known after apply)
      + public_network_access_enabled      = true
      + queue_encryption_key_type          = "Service"
      + resource_group_name                = "main"
      + secondary_access_key               = (sensitive value)
      + secondary_blob_connection_string   = (sensitive value)
      + secondary_blob_endpoint            = (known after apply)
      + secondary_blob_host                = (known after apply)
      + secondary_blob_internet_endpoint   = (known after apply)
      + secondary_blob_internet_host       = (known after apply)
      + secondary_blob_microsoft_endpoint  = (known after apply)
      + secondary_blob_microsoft_host      = (known after apply)
      + secondary_connection_string        = (sensitive value)
      + secondary_dfs_endpoint             = (known after apply)
      + secondary_dfs_host                 = (known after apply)
      + secondary_dfs_internet_endpoint    = (known after apply)
      + secondary_dfs_internet_host        = (known after apply)
      + secondary_dfs_microsoft_endpoint   = (known after apply)
      + secondary_dfs_microsoft_host       = (known after apply)
      + secondary_file_endpoint            = (known after apply)
      + secondary_file_host                = (known after apply)
      + secondary_file_internet_endpoint   = (known after apply)
      + secondary_file_internet_host       = (known after apply)
      + secondary_file_microsoft_endpoint  = (known after apply)
      + secondary_file_microsoft_host      = (known after apply)
      + secondary_location                 = (known after apply)
      + secondary_queue_endpoint           = (known after apply)
      + secondary_queue_host               = (known after apply)
      + secondary_queue_microsoft_endpoint = (known after apply)
      + secondary_queue_microsoft_host     = (known after apply)
      + secondary_table_endpoint           = (known after apply)
      + secondary_table_host               = (known after apply)
      + secondary_table_microsoft_endpoint = (known after apply)
      + secondary_table_microsoft_host     = (known after apply)
      + secondary_web_endpoint             = (known after apply)
      + secondary_web_host                 = (known after apply)
      + secondary_web_internet_endpoint    = (known after apply)
      + secondary_web_internet_host        = (known after apply)
      + secondary_web_microsoft_endpoint   = (known after apply)
      + secondary_web_microsoft_host       = (known after apply)
      + sftp_enabled                       = false
      + shared_access_key_enabled          = true
      + table_encryption_key_type          = "Service"
      + tags                               = {
          + "environment" = "staging"
        }
    }

  # azurerm_storage_account_network_rules.east_logs will be created
  + resource "azurerm_storage_account_network_rules" "east_logs" {
      + bypass             = [
          + "Metrics",
        ]
      + default_action     = "Allow"
      + id                 = (known after apply)
      + ip_rules           = [
          + "0.0.0.0/0",
        ]
      + storage_account_id = (known after apply)
    }

  # azurerm_storage_account_network_rules.west_logs will be created
  + resource "azurerm_storage_account_network_rules" "west_logs" {
      + bypass             = [
          + "Metrics",
        ]
      + default_action     = "Allow"
      + id                 = (known after apply)
      + ip_rules           = [
          + "0.0.0.0/0",
        ]
      + storage_account_id = (known after apply)
    }

  # azurerm_storage_blob.west_blob will be created
  + resource "azurerm_storage_blob" "west_blob" {
      + access_tier            = (known after apply)
      + content_type           = "application/octet-stream"
      + id                     = (known after apply)
      + metadata               = (known after apply)
      + name                   = "index.html"
      + parallelism            = 8
      + size                   = 0
      + source                 = "index.html"
      + storage_account_name   = "mf37west"
      + storage_container_name = "$web"
      + type                   = "Block"
      + url                    = (known after apply)
    }

  # azurerm_storage_blob.west_error_blob will be created
  + resource "azurerm_storage_blob" "west_error_blob" {
      + access_tier            = (known after apply)
      + content_type           = "application/octet-stream"
      + id                     = (known after apply)
      + metadata               = (known after apply)
      + name                   = "error.html"
      + parallelism            = 8
      + size                   = 0
      + source                 = "error.html"
      + storage_account_name   = "mf37west"
      + storage_container_name = "$web"
      + type                   = "Block"
      + url                    = (known after apply)
    }

  # azurerm_storage_container.east_container will be created
  + resource "azurerm_storage_container" "east_container" {
      + container_access_type             = "blob"
      + default_encryption_scope          = (known after apply)
      + encryption_scope_override_enabled = true
      + has_immutability_policy           = (known after apply)
      + has_legal_hold                    = (known after apply)
      + id                                = (known after apply)
      + metadata                          = (known after apply)
      + name                              = "$web"
      + resource_manager_id               = (known after apply)
      + storage_account_name              = "mf37east"
    }

  # azurerm_storage_container.west_container will be created
  + resource "azurerm_storage_container" "west_container" {
      + container_access_type             = "blob"
      + default_encryption_scope          = (known after apply)
      + encryption_scope_override_enabled = true
      + has_immutability_policy           = (known after apply)
      + has_legal_hold                    = (known after apply)
      + id                                = (known after apply)
      + metadata                          = (known after apply)
      + name                              = "$web"
      + resource_manager_id               = (known after apply)
      + storage_account_name              = "mf37west"
    }

Plan: 9 to add, 1 to change, 1 to destroy.

Changes to Outputs:
  ~ primary_web_endpoint   = "https://mf37west.z22.web.core.windows.net/" -> (known after apply)
  ~ secondary_web_endpoint = "https://mf37east-secondary.z20.web.core.windows.net/" -> (known after apply)
╷
│ Warning: Argument is deprecated
│
│   with azurerm_storage_container.west_container,
│   on main.tf line 46, in resource "azurerm_storage_container" "west_container":
│   46:   storage_account_name = azurerm_storage_account.SA_west.name
│
│ the `storage_account_name` property has been deprecated in favour of `storage_account_id` and will be removed in version 5.0 of the Provider.
│
│ (and one more similar warning elsewhere)
╵
╷
│ Error: Plugin did not respond
│
│   with azurerm_storage_account_static_website.SA_west_static_website,
│   on main.tf line 35, in resource "azurerm_storage_account_static_website" "SA_west_static_website":
│   35: resource "azurerm_storage_account_static_website" "SA_west_static_website" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵
╷
│ Error: Plugin did not respond
│
│   with azurerm_storage_account_static_website.SA_east_static_website,
│   on main.tf line 100, in resource "azurerm_storage_account_static_website" "SA_east_static_website":
│  100: resource "azurerm_storage_account_static_website" "SA_east_static_website" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵
╷
│ Error: Plugin did not respond
│
│   with azurerm_storage_blob.east_blob,
│   on main.tf line 114, in resource "azurerm_storage_blob" "east_blob":
│  114: resource "azurerm_storage_blob" "east_blob" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵
╷
│ Error: Plugin did not respond
│
│   with azurerm_storage_blob.east_error_blob,
│   on main.tf line 122, in resource "azurerm_storage_blob" "east_error_blob":
│  122: resource "azurerm_storage_blob" "east_error_blob" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵
╷
│ Error: Plugin did not respond
│
│   with azurerm_cdn_endpoint.secondary_endpoint,
│   on main.tf line 172, in resource "azurerm_cdn_endpoint" "secondary_endpoint":
│  172: resource "azurerm_cdn_endpoint" "secondary_endpoint" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-azurerm_v4.14.0_x5.exe plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x715a87d]

goroutine 370 [running]:
github.com/hashicorp/terraform-provider-azurerm/internal/services/storage.(*AccountStaticWebsiteResource).Read.AccountStaticWebsiteResource.Read.func1({0x94d7db0, 0xc000a12930}, {0xc001cb4008, {0x94db700, 0xc0008560d8}, 0xc001940600, 0x0, {0x94dbcb0, 0xec8ab40}})
        github.com/hashicorp/terraform-provider-azurerm/internal/services/storage/storage_account_static_website_data_plane_resource.go:165 +0x31d
github.com/hashicorp/terraform-provider-azurerm/internal/sdk.(*ResourceWrapper).Resource.func3({0x94d7db0, 0xc000a12930}, 0xc000a12930?, {0x7c0a400?, 0xc001cb4008?})
        github.com/hashicorp/terraform-provider-azurerm/internal/sdk/wrapper_resource.go:69 +0x145
github.com/hashicorp/terraform-provider-azurerm/internal/sdk.(*ResourceWrapper).Resource.(*ResourceWrapper).diagnosticsWrapper.diagnosticsWrapper.func11({0x94d7db0?, 0xc000a12930?}, 0x45d964b800?, {0x7c0a400?, 0xc001cb4008?})
        github.com/hashicorp/terraform-provider-azurerm/internal/sdk/wrapper_resource.go:193 +0x59
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc000908a80, {0x94d7d08, 0xc0011901e0}, 0xc001940600, {0x7c0a400, 0xc001cb4008})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.35.0/helper/schema/resource.go:823 +0x119
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc000908a80, {0x94d7d08, 0xc0011901e0}, 0xc0006308f0, {0x7c0a400, 0xc001cb4008})    
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.35.0/helper/schema/resource.go:1117 +0x529
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ReadResource(0xc000985950, {0x94d7d08?, 0xc001190120?}, 0xc00099e180)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.35.0/helper/schema/grpc_provider.go:710 +0x6c5
github.com/hashicorp/terraform-plugin-mux/tf5muxserver.(*muxServer).ReadResource(0xc000999980, {0x94d7d08?, 0xc001ac90e0?}, 0xc00099e180)
        github.com/hashicorp/terraform-plugin-mux@v0.17.0/tf5muxserver/mux_server_ReadResource.go:35 +0x193
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ReadResource(0xc001a86320, {0x94d7d08?, 0xc001ac8780?}, 0xc000a12000)
        github.com/hashicorp/terraform-plugin-go@v0.25.0/tfprotov5/tf5server/server.go:783 +0x309
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ReadResource_Handler({0x89bbb40, 0xc001a86320}, {0x94d7d08, 0xc001ac8780}, 0xc001940000, 0x0)     
        github.com/hashicorp/terraform-plugin-go@v0.25.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:575 +0x1a9
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00014ce00, {0x94d7d08, 0xc001ac86f0}, {0x9506260, 0xc0019aa000}, 0xc000f88000, 0xc00190ab70, 0xebf3a48, 0x0)
        google.golang.org/grpc@v1.67.1/server.go:1394 +0xe49
google.golang.org/grpc.(*Server).handleStream(0xc00014ce00, {0x9506260, 0xc0019aa000}, 0xc000f88000)
        google.golang.org/grpc@v1.67.1/server.go:1805 +0xe8b
google.golang.org/grpc.(*Server).serveStreams.func2.1()
        google.golang.org/grpc@v1.67.1/server.go:1029 +0x8b
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 37
        google.golang.org/grpc@v1.67.1/server.go:1040 +0x125

Error: The terraform-provider-azurerm_v4.14.0_x5.exe plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected Behaviour

Terraform should be able to detect the missing resources and recreate them without causing a crash.
The resources should be properly managed, and Terraform should recreate the storage accounts and their associated resources.

Actual Behaviour

Terraform crashes with a panic error related to invalid memory access or nil pointer dereferencing.
The crash message points to an issue within the azurerm_storage_account_static_website and related resources.

Steps to Reproduce

use aws and azure provider version 4.14.0
dont worry about variables.tf or output

i was trying to host my static website on azure cdn, domain is located in route 53, i was creating a container for my index.html and getting 400 and 404 error, i learned that azure storage accounts by default create a $web container after enabling static website which is private by default, and my endpoints were routing to the container i created not $web which was causing the 400 and 404 issues. i deleted the storage accounts and wrote this code in terraform, "resource "azurerm_storage_container" "west_container" {
name = "$web"
container_access_type = "blob"
storage_account_name = azurerm_storage_account.SA_west.name

depends_on = [ azurerm_storage_account.SA_west ]
}

resource "azurerm_storage_blob" "west_blob" {
name = "index.html"
storage_account_name = azurerm_storage_account.SA_west.name
storage_container_name = "$web"
type = "Block"
source = "index.html"
}"
i was trying to create the $web before azure did, and configured the access type to be blob so i dont have to do it manually, $web is private by default after azure creates it. at first i thought this was why it crashed until i commented these two blocks out and i continued getting the crash, even after trying to destroy everything, terraform plan and refresh causes the crash too.

Important Factoids

No response

References

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug crash service/cdn service/storage v/4.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mfejzic