Creation of private Endpoint for Container Registry fails with "Private Endpoint needs to be reconfigured with missing memberNames."

[sunilr8]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.4.6

AzureRM Provider Version

3.50.0

Affected Resource(s)/Data Source(s)

azurerm_container_registry private_endpoint_account

Terraform Configuration Files

trying to create a container registry private endpoint with static ip

resource "azurerm_container_registry" "container_reg" {
  resource_group_name           = var.resource_group_name
  location                      = "eastus2"
  name                          = var.resource_nae
  sku                           = "Premium"
  admin_enabled                 = true
  public_network_access_enabled = false

  identity {
    type = "UserAssigned"
    identity_ids = [
      var.user_assigned_identity
    ]
  }
}


data "azurerm_subnet" "subnet" {
  name                 = pep_subnet_name
  virtual_network_name = vnet_name
  resource_group_name  = network_rg_name
}

resource "azurerm_private_endpoint" "private_endpoint" {
  name                = "pep-conreg-dev"
  location            = var.location
  resource_group_name = var.resource_group_name
  subnet_id           = data.azurerm_subnet.subnet.id

  private_service_connection {
    name                           = "pepcon-conreg-dev"
    private_connection_resource_id = azurerm_container_registry.container_reg.id
    subresource_names              = ["registry"]
    is_manual_connection           = false
  }
  private_dns_zone_group {
    name                 = "pepzone-conreg-dev"
    private_dns_zone_ids = [var.dnszone_id]
  }
  ip_configuration {
    name = "pepip-con-dev"
    private_ip_address = "172.21.35.8"
    subresource_name = "registry"
    member_name =   "registry"
  }
  tags = merge(var.default_tags, local.local_tags)
}

Debug Output/Panic Output

https://gist.github.com/sunilr8/19b51b1a65bec9a8f01ecea7eea7b58e

Expected Behaviour

private endpoint with static ip should be created

Actual Behaviour

creating Private Endpoint "pep-conreg-dev" (Resource Group "rg-test-infra-dev-eu2"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PrivateEndpointIpConfigurationMissingMemberNamesRequiredByFps" Message="Private Endpoint /subscriptions/******/resourceGroups/rg-test-infra-dev-eu2/providers/Microsoft.Network/privateEndpoints/pep-conreg-dev contains static ipconfigurations: [PrivateIPAddress: 172.21.35.8, GroupId: registry, MemberName: registry] and its missing these membernames/groupids requested by Private Link service [GroupId: registry, MemberName: registry_data_eastus2]. Private Endpoint needs to be reconfigured with missing memberNames." Details=[]

Steps to Reproduce

please update sample code above with as per your enviroment (network rg ,subnet, zoneid and etc)

terraform init
terraform apply

Important Factoids

na

References

(#19094)

[magodo]

@sunilr8 Thank you for submitting this! From the error message, you probably need to explicitly set the member_name to be registry_data_eastus2?

[sunilr8]

@magodo, thanks looking into this. I am seeing same issue with registry_data_eastus2 also

: creating Private Endpoint "pep-conreg-dev" (Resource Group "rg-test-infra-dev-eu2"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PrivateEndpointIpConfigurationMissingMemberNamesRequiredByFps" Message="Private Endpoint /subscriptions/*****/resourceGroups/rg-test-infra-dev-eu2/providers/Microsoft.Network/privateEndpoints/pep-conreg-dev contains static ipconfigurations: [PrivateIPAddress: 172.21.35.8, GroupId: registry, MemberName: registry_data_eastus2] and its missing these membernames/groupids requested by Private Link service [GroupId: registry, MemberName: registry]. Private Endpoint needs to be reconfigured with missing memberNames." Details=[]

[magodo]

@sunilr8 Per this document: https://learn.microsoft.com/en-us/azure/private-link/manage-private-endpoint?tabs=manage-private-link-cli#determine-groupid-and-membername, what is the output by running the az network private-link-resource list command for your case?

Meanwhile, are you able to create the PE with the static assigned ip via other means? In which case, would you mind to paste the response of the successfully created PE?

[erthalmvp]

I'm facing a similar issue:

ip_configuration {
name = "test-ip"
private_ip_address = xxx.xxx.xxx.xxx
subresource_name = "registry"
member_name = "default"
}

Error:

Error: creating Private Endpoint "xxxxxx" (Resource Group "xxxx"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PrivateEndpointIpConfigurationMissingMemberNamesRequiredByFps" Message="Private Endpoint /subscriptions/xxxxxx/resourceGroups/xxxxx/providers/Microsoft.Network/privateEndpoints/xxxxxxx contains static ipconfigurations: [PrivateIPAddress: xxx.xx.xx.xx, GroupId: registry, MemberName: default] and its missing these membernames/groupids requested by Private Link service [GroupId: registry, MemberName: registry_data_westeurope; GroupId: registry, MemberName: registry]. Private Endpoint needs to be reconfigured with missing memberNames." Details=[]

@magodo, could you please help?

[magodo]

Creating the PE for a container registry, there needs two ip_configuration blocks, e.g.:

  ip_configuration {
    name               = "foo"
    private_ip_address = "10.0.2.123"
    subresource_name   = "registry"
    member_name        = "registry"
  }
  ip_configuration {
    name               = "bar"
    private_ip_address = "10.0.2.124"
    subresource_name   = "registry"
    member_name        = "registry_data_westeurope"
  }

[55octet]

Creating the PE for a container registry, there needs two ip_configuration blocks, e.g.:

  ip_configuration {
    name               = "foo"
    private_ip_address = "10.0.2.123"
    subresource_name   = "registry"
    member_name        = "registry"
  }
  ip_configuration {
    name               = "bar"
    private_ip_address = "10.0.2.124"
    subresource_name   = "registry"
    member_name        = "registry_data_westeurope"
  }

How do you locate the member_name? I can find a subresource name from Microsoft, but it seems like the member_name is only available if you dynamically create the PE first.

[shri0024]

You should able to find it on azure portal. on networking tab while you create private endpoint.