terraform-provider-azurerm: AuthorizationPermissionMismatch when creating a storage account in 2.0.0

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

terraform v0.12.21 AzureRM Provider Version 2.0.0

Affected Resource(s)

azurerm_storage_account

Terraform Configuration Files


resource "azurerm_storage_account" "storage" {
  name                              = local.name
  resource_group_name               = data.terraform_remote_state.resource_group.outputs.name
  location                          = var.location
  account_kind                      = var.account_kind
  account_tier                      = var.account_tier
  account_replication_type          = var.account_replication_type
  access_tier                       = var.access_tier
  is_hns_enabled                    = var.is_hns_enabled
  enable_https_traffic_only = true

  dynamic "network_rules" {
    for_each = var.network_rules != null ? ["true"] : []
    content {
      default_action             = "Deny"
      ip_rules                   = var.network_rules.ip_rules
      virtual_network_subnet_ids = var.network_rules.subnet_ids
      bypass                     = var.network_rules.bypass
    }
  }

  tags = var.tags
}

Full code available at https://github.com/krezreb/terraform-modules-azure/tree/master/storage/account

Debug Output

Panic Output

Expected Behavior

the storage account is created, remote state saved

Actual Behavior

the storage account is created, but the following error appears in the console. remote state is saved, but is not correct because terraform destroy does not destroy it, resource must be deleted manually

azurerm_storage_account.storage: Refreshing state... [id=/subscriptions/27aaa3c6-5a24-4a2a-8117-8d4991ec6f07/resourceGroups/infra-dev/providers/Microsoft.Storage/storageAccounts/infradev]

Error: Error reading static website for AzureRM Storage Account "infradev": accounts.Client#GetServiceProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationPermissionMismatch" Message="This request is not authorized to perform this operation using this permission.\nRequestId:a397b17c-a01e-0091-40c1-ec2b03000000\nTime:2020-02-26T16:25:48.5825594Z"

Note: the above command was run using full administrator privileges. I’ll check it it’s working with a previous provider version and add the results in the comments

Steps to Reproduce

terraform apply

Important Factoids

References

#0000

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 9
Comments: 19 (6 by maintainers)

Commits related to this issue

r/storage_account: accessing the data plane api's using Giovanni This allows us to use SharedKey as an authorizer when AzureAD is not enabled which is the case for the majority of users. Fixes #6028... — committed to hashicorp/terraform-provider-azurerm by tombuildsstuff 4 years ago

Most upvoted comments

This has been released in version 2.1.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.1.0"
}
# ... other configuration ...

ghost on Mar 11, 2020

Worth mentioning - running terraform destroy does not destroy any resources due to this error. I have to remove the resources manually.

adrianhall on Feb 26, 2020