Unable to locate Account "myaccount" for Storage Table "myTable"

Terraform Providers Azure
1

Hello Terraform Team,

I am trying to add entities to an existing table storage in Azure:

resource "azurerm_storage_table_entity" "entry" {
  #storage_account_name = var.storage_account_name
  storage_table_id = "https://myaccount.table.core.windows.net/Tables('myTable')"
  #table_name           = var.table_name

  partition_key = "Partition"
  row_key       = var.entity_common.id

  entity = {
    Name       = var.entity_common.name
  }
}

This results in the following error during the “apply” phase. terraform plan works properly.

Error: locating Storage Account "myaccount" for Table "myTable"

Via Portal or Azure Storage Explorer I can access this table, so there is no problem with IP addresses. My user has the role “Storage Table Contributor” for the whole storage account and the storage account additionally allows access via Account Keys.

I am using provider azurerm Version 3.96.

Debug Logs on level Trace provide the following information (info is stripped due to sensitive data):

2024-03-15T10:08:22.835+0100 [DEBUG] provider.terraform-provider-azurerm_v3.96.0_x5: AzureRM Response for https://management.azure.com/subscriptions/subId/providers/Microsoft.Storage/storageAccounts?api-version=2021-09-01:
HTTP/2.0 200 OK
Content-Length: 6951
Cache-Control: no-cache
Content-Type: application/json
Date: Fri, 15 Mar 2024 09:08:22 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-Azure-Storage-Resource-Provider/1.0,Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Ms-Correlation-Request-Id: ..
X-Ms-Ratelimit-Remaining-Subscription-Reads: 11999
X-Ms-Request-Id: ..
X-Ms-Routing-Request-Id: ..

{
  "value": [
    {
      "sku": {
        "name": "Standard_RAGRS",
        "tier": "Standard"
      },
      "kind": "StorageV2",
      "id": "id of my terraform state storage account",
      # info about storage account containing terraform state
    },
    {
      "identity": {
        "principalId": "managed identity of the account 'myaccount'",
        "tenantId": "our_tenant",
        "type": "SystemAssigned"
      },
      "sku": {
        "name": "Standard_LRS",
        "tier": "Standard"
      },
      "kind": "StorageV2",
      "id": "id to myaccount",
      "name": "myaccount",
      "type": "Microsoft.Storage/storageAccounts",
      "location": "westeurope",
      "tags": {
        "creator": "terraform"
      },
      "properties": {
        "defaultToOAuthAuthentication": false,
        "publicNetworkAccess": "Enabled",
        "keyCreationTime": {
          "key1": "2023-05-11T08:41:40.7574340Z",
          "key2": "2023-05-11T08:41:40.7574340Z"
        },
        "allowCrossTenantReplication": true,
        "privateEndpointConnections": [],
        "isNfsV3Enabled": false,
        "isSftpEnabled": false,
        "minimumTlsVersion": "TLS1_2",
        "allowBlobPublicAccess": false,
        "allowSharedKeyAccess": true,
        "isHnsEnabled": false,
        "networkAcls": {
          "resourceAccessRules": [],
          "bypass": "Logging, Metrics, AzureServices",
          "virtualNetworkRules": [
           # our rules, contains my ip address and some vnets
          ],
          "defaultAction": "Deny"
        },
        "supportsHttpsTrafficOnly": true,
        "encryption": {
          "services": {
            "file": {
              "keyType": "Account",
              "enabled": true,
              "lastEnabledTime": "2023-05-11T08:41:40.9761558Z"
            },
            "blob": {
              "keyType": "Account",
              "enabled": true,
              "lastEnabledTime": "2023-05-11T08:41:40.9761558Z"
            }
          },
          "keySource": "Microsoft.Storage"
        },
        "accessTier": "Hot",
        "provisioningState": "Succeeded",
        "creationTime": "2023-05-11T08:41:40.6011913Z",
        "primaryEndpoints": {
          # several endpoints. includes tableendpoint
        },
        "primaryLocation": "westeurope",
        "statusOfPrimary": "available"
      }
    },
    {
      "identity": {
        "principalId": "managed id of account",
        "tenantId": "our tenant",
        "type": "SystemAssigned"
      },
      "sku": {
        "name": "Standard_LRS",
        "tier": "Standard"
      },
      "kind": "StorageV2",
      "id": "id to one of our prod storage accounts. ",
      # I don't know why this is here, but this account is located in the same subscription as our state file
      }
    }
  ]
}

# I mixed 2 logs, so this is why the timestamps are different from here
# there are now other messages in between
2024-03-15T10:23:45.360+0100 [TRACE] provider.terraform-provider-azurerm_v3.96.0_x5: Called downstream: @module=sdk.helper_schema tf_req_id=d8e05e4f-f984-1fff-73de-ca30a1d9abd2 tf_resource_type=azurerm_storage_table_entity @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.29.0/helper/schema/resource.go:910 tf_provider_addr=provider tf_rpc=ApplyResourceChange timestamp="2024-03-15T10:23:45.354+0100"
2024-03-15T10:23:45.362+0100 [TRACE] maybeTainted: module.project_map_dev["Tf_TestKunde"].azurerm_storage_table_entity.entry encountered an error during creation, so it is now marked as tainted

AdditionalInfo:

  • myAccount is in one subscribtion
  • the accounts for the statefile and the mentioned prod are in another subscription
2 Likes
2

Me and my colleagues are facing the same issue over a week now. The thing that we also try “az storage account list” command and it returns an empty list as well. To us, it seems like an az api problem more than Terraform’s problem

1 Like
3

Facing exactly the same issue :face_with_symbols_over_mouth:

1 Like
4

This is at least not the case for us.
I used az login --service-principal ... in with the same credentials and az account list yields the storage account.