Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Terraform apply fails with zone_redundant flag getting set to false with azurerm v4.7.0 #27822

Closed
1 task done
shetsu01 opened this issue Oct 30, 2024 · 3 comments
Closed
1 task done

Comments

@shetsu01
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.5

AzureRM Provider Version

4.7.0

Affected Resource(s)/Data Source(s)

azurerm_eventhub_namespace

Terraform Configuration Files

resource "azurerm_eventhub_namespace" "eventhub_namespace" {
  for_each = var.eventhub_namespaces_hubs

  name                = lookup(each.value, "custom_name", format("%s-%s-eh", local.default_name, each.key))
  resource_group_name = var.resource_group_name
  location            = var.location
  local_authentication_enabled = var.local_authentication_enabled
  sku                      = lookup(each.value, "sku", "Basic")
  capacity                 = lookup(each.value, "capacity", lookup(each.value, "sku", "Basic") == "Standard" ? 1 : null)
  auto_inflate_enabled     = lookup(each.value, "auto_inflate_enabled", false)
  maximum_throughput_units = lookup(each.value, "maximum_throughput_units", lookup(each.value, "auto_inflate_enabled", false) == true ? 1 : null)
  network_rulesets         = lookup(each.value, "network_rulesets", null)
  # zone_redundant           = lookup(each.value, "zone_redundant", null)
  tags = merge(
    var.extra_tags,
    local.default_tags
  )
}

Debug Output/Panic Output

apply: info: applying Terragrunt configuration in eastus/common/eventhub/namespace
16:17:56.702 INFO   The stack at . will be processed in the following order for command apply:
Group 1
- Module .


16:18:09.494 STDOUT terraform: azurerm_eventhub_namespace.eventhub_namespace["inssre"]: Creating...
16:18:10.019 STDERR terraform: Error: creating Namespace (Subscription: "***"
16:18:10.019 STDERR terraform: Resource Group Name: "app-icstools-dev-eastus"
16:18:10.019 STDERR terraform: Namespace Name: "inssre"): performing CreateOrUpdate: unexpected status 403 (403 Forbidden) with error: RequestDisallowedByPolicy: Resource 'inssre' was disallowed by policy. Reasons: 'This policy enforced due to zoneRedundant set to false'. See error details for policy resource IDs.
16:18:10.020 STDERR terraform:   with azurerm_eventhub_namespace.eventhub_namespace["inssre"],
16:18:10.020 STDERR terraform:   on eventhub-namespace.tf line 1, in resource "azurerm_eventhub_namespace" "eventhub_namespace":
16:18:10.020 STDERR terraform:    1: resource "azurerm_eventhub_namespace" "eventhub_namespace" {
16:18:10.419 STDOUT terraform: Releasing state lock. This may take a few moments...
16:18:10.516 ERROR  terraform invocation failed in ./.terragrunt-cache/qELcAzh6JcALVKMoP7UH7qvHNGY/6F5tq3CYp0nUEeebCgi8Z-9HWiE
16:18:10.516 ERROR  Module . has finished with an error
16:18:10.516 ERROR  error occurred:

* Failed to execute "terraform apply -auto-approve -input=false -auto-approve -input=false -lock=true -no-color ../../../../artifacte/terragrunt.tfplan" in ./.terragrunt-cache/qELcAzh6JcALVKMoP7UH7qvHNGY/6F5tq3CYp0nUEeebCgi8Z-9HWiE
  
  Error: creating Namespace (Subscription: "***"
  Resource Group Name: "app-icstools-dev-eastus"
  Namespace Name: "inssre"): performing CreateOrUpdate: unexpected status 403 (403 Forbidden) with error: RequestDisallowedByPolicy: Resource 'inssre' was disallowed by policy. Reasons: 'This policy enforced due to zoneRedundant set to false'. See error details for policy resource IDs.
  
    with azurerm_eventhub_namespace.eventhub_namespace["inssre"],
    on eventhub-namespace.tf line 1, in resource "azurerm_eventhub_namespace" "eventhub_namespace":
     1: resource "azurerm_eventhub_namespace" "eventhub_namespace" {
  
  
  exit status 1

Error: Process completed with exit code 1.

Expected Behaviour

The zoneRedundant should have be set to true as the eastus region supports AZ

Actual Behaviour

it sets the zoneRedundant to false and fails as we have a policy that does not permit this creation

Steps to Reproduce

run the terraform plan and apply for the block provided and check what the apply does. When we created the resource from UI if set the zoneRedundant to true when the resource was created.

Important Factoids

No response

References

No response

@rcskosir
Copy link
Contributor

Linking to another issue with discussion around zone_redundant: #27239

@rcskosir
Copy link
Contributor

Thank you for taking the time to open this issue. Please see issue #27239 and the comments, this appears to be an upstream issue that will be tackled by the service team. As such I am going to close this issue as a duplicate. Please track the linked issue for updates from the service team.

@rcskosir rcskosir closed this as not planned Won't fix, can't repro, duplicate, stale Nov 15, 2024
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants