Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_site_recovery_replicated_vm doesn't work when SAS key is disabled for storage account #27190

Closed
1 task done
pcsrijith opened this issue Aug 26, 2024 · 4 comments
Closed
1 task done

azurerm_site_recovery_replicated_vm doesn't work when SAS key is disabled for storage account #27190

pcsrijith opened this issue Aug 26, 2024 · 4 comments
Labels
question service/recovery-services v/3.x

Comments

@pcsrijith
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.4

AzureRM Provider Version

3.116.0

Affected Resource(s)/Data Source(s)

azurerm_site_recovery_replicated_vm

Terraform Configuration Files

resource "azurerm_site_recovery_replicated_vm" "vm-replication" {
  name                                      = "vm-replication"
  resource_group_name                       = azurerm_resource_group.secondary.name
  recovery_vault_name                       = azurerm_recovery_services_vault.vault.name
  source_recovery_fabric_name               = azurerm_site_recovery_fabric.primary.name
  source_vm_id                              = azurerm_virtual_machine.vm.id
  recovery_replication_policy_id            = azurerm_site_recovery_replication_policy.policy.id
  source_recovery_protection_container_name = azurerm_site_recovery_protection_container.primary.name

  target_resource_group_id                = azurerm_resource_group.secondary.id
  target_recovery_fabric_id               = azurerm_site_recovery_fabric.secondary.id
  target_recovery_protection_container_id = azurerm_site_recovery_protection_container.secondary.id

  managed_disk {
    disk_id                    = azurerm_virtual_machine.vm.storage_os_disk[0].managed_disk_id
    staging_storage_account_id = azurerm_storage_account.primary.id
    target_resource_group_id   = azurerm_resource_group.secondary.id
    target_disk_type           = "Premium_LRS"
    target_replica_disk_type   = "Premium_LRS"
  }

  network_interface {
    source_network_interface_id   = azurerm_network_interface.vm.id
    target_subnet_name            = azurerm_subnet.secondary.name
    recovery_public_ip_address_id = azurerm_public_ip.secondary.id
  }

  depends_on = [
    azurerm_site_recovery_protection_container_mapping.container-mapping,
    azurerm_site_recovery_network_mapping.network-mapping,
  ]
}

Debug Output/Panic Output

Creation of azurerm_site_recovery_replicated_vm fails as SAS Key is disabled.

Status: "28176"
Code: ""
Message: "The storage account "abc" provided does not allow key based authentication"

Expected Behaviour

azurerm_site_recovery_replicated_vm creation should have passed

Actual Behaviour

Creation of azurerm_site_recovery_replicated_vm fails as SAS Key is disabled.

Status: "28176"
Code: ""
Message: "The storage account "abc" provided does not allow key based authentication"

Steps to Reproduce

  • Create storage account with SAS key disabled
  • Create azurerm_site_recovery_replicated_vm using the same storage account.

Important Factoids

No response

References

No response
@pcsrijith pcsrijith changed the title azurerm_site_recovery_replicated_vm doesn't work when SAS key is disabled for storage account azurerm_site_recovery_replicated_vm doesn't work when SAS key is disabled for storage account Aug 26, 2024
@harshavmb
Copy link
Contributor

Hi @pcsrijith ,

This is not an azurerm bug. Azure doesn't support managed identity for cache storage accounts. Here you get more details.

Managed identity |	Not supported | The cached storage account must allow shared key access and Shared Access Signatures (SAS) signed by the shared key.

You must enable access key for this to work. Worth flagging this with MS to support MIs.

@pcsrijith
Copy link
Author

@harshavmb thank you very much for your valuable inputs. Sadly, usage of SAS key is prohibited/blocked. Let me try raising MSFT support ticket and see if this can be taken up by them or not.

@harshavmb
Copy link
Contributor

@rcskosir ,IMO this issue could be closed as MSFT support won't solve this problem. It has to be supported by Azure dev teams. It could be revisited when it's supported.

@rcskosir
Copy link
Contributor

@pcsrijith Thanks for taking the time to open this issue. As state above by @harshavmb we can revisit this if it gets support from MSFT, but until then I am going to mark this issue closed.

@rcskosir rcskosir closed this as not planned Won't fix, can't repro, duplicate, stale Aug 26, 2024
@hashicorp hashicorp deleted a comment Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question service/recovery-services v/3.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@harshavmb @rcskosir @pcsrijith