Upgrade azurerm from V2 to V3 , errors happen on creating storage account for datalake and on key vault

Terraform Providers Azure
1

Our company need upgrade azurerm from V2 to V3, but errors happen on creating storage account for datalake and on key vault.

image
image1166×407 17 KB

Is there an existing issue for this?
I have searched the existing issues . There is similar one, but no solution is provided. Terraform wants to reach storage account static website endpoint even when none will be created · Issue #20257 · hashicorp/terraform-provider-azurerm · GitHub

Terraform Version
1.5.6

AzureRM Provider Version
no problem with v2.xx, have problem with v3.xx

Affected Resource(s)/Data Source(s)
azurerm_storage_account,azurerm_key_vault

Terraform Configuration Files

resource “azurerm_storage_account” “phn_lockobx_datalake” {
name = “{var.phn_short_name}dl{var.environment_tag}001”
resource_group_name = var.resource_group_name
location = var.resource_location
account_tier = “Standard”
account_replication_type = “GRS”
account_kind = “StorageV2”
is_hns_enabled = “true”

network_rules {
default_action = “Deny”
virtual_network_subnet_ids = [var.workload_subnet_id, var.cicd_subnet_id, var.app_service_subnet_id,var.plink_subnet_id]
bypass = [“Metrics”,“Logging”,“AzureServices”]
}

identity {
type = “SystemAssigned”
}

tags = {
environment = var.environment_tag
}
}

HACK: Sleep is needed to wait for container creation to propagate

resource “time_sleep” “storage_account_sleep” {
create_duration = “60s”

depends_on = [
azurerm_storage_account.phn_lockobx_datalake
]
}

resource “azurerm_storage_data_lake_gen2_filesystem” “datalake_bronze” {
name = “bronze”
storage_account_id = azurerm_storage_account.phn_lockobx_datalake.id

depends_on = [
time_sleep.storage_account_sleep
]
}

resource “azurerm_storage_data_lake_gen2_filesystem” “datalake_silver” {
name = “silver”
storage_account_id = azurerm_storage_account.phn_lockobx_datalake.id

depends_on = [
time_sleep.storage_account_sleep
]
}

resource “azurerm_storage_data_lake_gen2_filesystem” “datalake_gold” {
name = “gold”
storage_account_id = azurerm_storage_account.phn_lockobx_datalake.id

depends_on = [
time_sleep.storage_account_sleep
]
}

private endpoint

resource “azurerm_private_endpoint” “phinsights_datalake_private_endpoint” {
name = “{var.phn_short_name}-datalake-{var.environment_tag}-privatelink”
location = var.resource_location
resource_group_name = var.resource_group_name
subnet_id = var.plink_subnet_id

private_service_connection {
name = “${var.phn_short_name}-datalake-plink-conn”
private_connection_resource_id = azurerm_storage_account.phn_lockobx_datalake.id
is_manual_connection = false
subresource_names = [“dfs”]
}

depends_on = [
azurerm_storage_account.phn_lockobx_datalake
]

tags = {
environment = var.environment_tag
}
}

private endpoint

resource “azurerm_private_endpoint” “phinsights_datalakeblob_private_endpoint” {
name = “{var.phn_short_name}-datalakeblob-{var.environment_tag}-privatelink”
location = var.resource_location
resource_group_name = var.resource_group_name
subnet_id = var.plink_subnet_id

private_service_connection {
name = “${var.phn_short_name}-datalake-plink-conn”
private_connection_resource_id = azurerm_storage_account.phn_lockobx_datalake.id
is_manual_connection = false
subresource_names = [“blob”]
}

depends_on = [
azurerm_storage_account.phn_lockobx_datalake
]

tags = {
environment = var.environment_tag
}
}

Debug Output/Panic Output

Expected Behaviour
The storage account and keyvault get deployed normally.

Actual Behaviour
The following error occurs :

│ Error: retrieving static website for Storage Account (Subscription: “xxxxxx”
│ Resource Group Name: “s11tes-lockbox-prod-rg”
│ Storage Account Name: “s11tesdlprod001”): accounts.Client#GetServiceProperties: Failure sending request: StatusCode=0 – Original Error: context deadline exceeded

│ with module.main.module.lockbox_services.azurerm_storage_account.phn_lockobx_datalake,
│ on …/…/…/modules/lockbox_services/data_lake.tf line 1, in resource “azurerm_storage_account” “phn_lockobx_datalake”:
│ 1: resource “azurerm_storage_account” “phn_lockobx_datalake” {



│ Error: retrieving contact for KeyVault: keyvault.BaseClient#GetCertificateContacts: Failure sending request: StatusCode=0 – Original Error: context deadline exceeded

│ with module.main.module.lockbox_services.azurerm_key_vault.phn_lockobx_lockbox_vault,
│ on …/…/…/modules/lockbox_services/key_vault.tf line 1, in resource “azurerm_key_vault” “phn_lockobx_lockbox_vault”:
│ 1: resource “azurerm_key_vault” “phn_lockobx_lockbox_vault” {


time=2023-09-01T10:27:05Z level=error msg=Terraform invocation failed in /home/cicdAdmin/myagent/_work/437/s/test/2_phn_resources/s11tes
time=2023-09-01T10:27:05Z level=error msg=1 error occurred:
* [/home/cicdAdmin/myagent/_work/437/s/test/2_phn_resources/s11tes] exit status 1

Steps to Reproduce : using azure devops pipeline
terragrunt plan
terragrunt apply

Important Factoids
The DNS A Record for the private endpoint is created separately via Terraform. When check the azure portal, storage account ,private endpoint, dns record for blob are created.