queue_properties aren't supported for account kind "Storage" in sku tier "Standard"

[MedFazazi]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.5

AzureRM Provider Version

3.97.1

Affected Resource(s)/Data Source(s)

azurerm_storage_account

Terraform Configuration Files

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.97.1"
    }
  }
}

provider "azurerm" {
  features {}
}


resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_storage_account" "example" {
  name                     = "terraformissuestorage01"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_kind             = "Storage"
  account_replication_type = "LRS"

  queue_properties {
    logging {
      delete                = true
      read                  = true
      version               = "1"
      write                 = true
      retention_policy_days = "10"
    }
  }

  tags = {
    environment = "staging"
  }
}

Debug Output/Panic Output

Plan output : 
azurerm_resource_group.example: Refreshing state... [id=/subscriptions/xxxxxx/resourceGroups/example-resources]
azurerm_storage_account.example: Refreshing state... [id=/subscriptions/xxxxxx/resourceGroups/example-resources/providers/Microsoft.Storage/storageAccounts/terraformissuestorage01]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_storage_account.example will be created
  + resource "azurerm_storage_account" "example" {
      + access_tier                        = (known after apply)
      + account_kind                       = "Storage"
      + account_replication_type           = "LRS"
      + account_tier                       = "Standard"
      + allow_nested_items_to_be_public    = true
      + cross_tenant_replication_enabled   = true
      + default_to_oauth_authentication    = false
      + dns_endpoint_type                  = "Standard"
      + enable_https_traffic_only          = true
      + id                                 = (known after apply)
      + infrastructure_encryption_enabled  = false
      + is_hns_enabled                     = false
      + large_file_share_enabled           = (known after apply)
      + local_user_enabled                 = true
      + location                           = "westeurope"
      + min_tls_version                    = "TLS1_2"
      + name                               = "terraformissuestorage01"
      + nfsv3_enabled                      = false
      + primary_access_key                 = (sensitive value)
      + primary_blob_connection_string     = (sensitive value)
      + primary_blob_endpoint              = (known after apply)
      + primary_blob_host                  = (known after apply)
      + primary_blob_internet_endpoint     = (known after apply)
      + primary_blob_internet_host         = (known after apply)
      + primary_blob_microsoft_endpoint    = (known after apply)
      + primary_blob_microsoft_host        = (known after apply)
      + primary_connection_string          = (sensitive value)
      + primary_dfs_endpoint               = (known after apply)
      + primary_dfs_host                   = (known after apply)
      + primary_dfs_internet_endpoint      = (known after apply)
      + primary_dfs_internet_host          = (known after apply)
      + primary_dfs_microsoft_endpoint     = (known after apply)
      + primary_dfs_microsoft_host         = (known after apply)
      + primary_file_endpoint              = (known after apply)
      + primary_file_host                  = (known after apply)
      + primary_file_internet_endpoint     = (known after apply)
      + primary_file_internet_host         = (known after apply)
      + primary_file_microsoft_endpoint    = (known after apply)
      + primary_file_microsoft_host        = (known after apply)
      + primary_location                   = (known after apply)
      + primary_queue_endpoint             = (known after apply)
      + primary_queue_host                 = (known after apply)
      + primary_queue_microsoft_endpoint   = (known after apply)
      + primary_queue_microsoft_host       = (known after apply)
      + primary_table_endpoint             = (known after apply)
      + primary_table_host                 = (known after apply)
      + primary_table_microsoft_endpoint   = (known after apply)
      + primary_table_microsoft_host       = (known after apply)
      + primary_web_endpoint               = (known after apply)
      + primary_web_host                   = (known after apply)
      + primary_web_internet_endpoint      = (known after apply)
      + primary_web_internet_host          = (known after apply)
      + primary_web_microsoft_endpoint     = (known after apply)
      + primary_web_microsoft_host         = (known after apply)
      + public_network_access_enabled      = true
      + queue_encryption_key_type          = "Service"
      + resource_group_name                = "example-resources"
      + secondary_access_key               = (sensitive value)
      + secondary_blob_connection_string   = (sensitive value)
      + secondary_blob_endpoint            = (known after apply)
      + secondary_blob_host                = (known after apply)
      + secondary_blob_internet_endpoint   = (known after apply)
      + secondary_blob_internet_host       = (known after apply)
      + secondary_blob_microsoft_endpoint  = (known after apply)
      + secondary_blob_microsoft_host      = (known after apply)
      + secondary_connection_string        = (sensitive value)
      + secondary_dfs_endpoint             = (known after apply)
      + secondary_dfs_host                 = (known after apply)
      + secondary_dfs_internet_endpoint    = (known after apply)
      + secondary_dfs_internet_host        = (known after apply)
      + secondary_dfs_microsoft_endpoint   = (known after apply)
      + secondary_dfs_microsoft_host       = (known after apply)
      + secondary_file_endpoint            = (known after apply)
      + secondary_file_host                = (known after apply)
      + secondary_file_internet_endpoint   = (known after apply)
      + secondary_file_internet_host       = (known after apply)
      + secondary_file_microsoft_endpoint  = (known after apply)
      + secondary_file_microsoft_host      = (known after apply)
      + secondary_location                 = (known after apply)
      + secondary_queue_endpoint           = (known after apply)
      + secondary_queue_host               = (known after apply)
      + secondary_queue_microsoft_endpoint = (known after apply)
      + secondary_queue_microsoft_host     = (known after apply)
      + secondary_table_endpoint           = (known after apply)
      + secondary_table_host               = (known after apply)
      + secondary_table_microsoft_endpoint = (known after apply)
      + secondary_table_microsoft_host     = (known after apply)
      + secondary_web_endpoint             = (known after apply)
      + secondary_web_host                 = (known after apply)
      + secondary_web_internet_endpoint    = (known after apply)
      + secondary_web_internet_host        = (known after apply)
      + secondary_web_microsoft_endpoint   = (known after apply)
      + secondary_web_microsoft_host       = (known after apply)
      + sftp_enabled                       = false
      + shared_access_key_enabled          = true
      + table_encryption_key_type          = "Service"
      + tags                               = {
          + "environment" = "staging"
        }

      + queue_properties {
          + logging {
              + delete                = true
              + read                  = true
              + retention_policy_days = 10
              + version               = "1"
              + write                 = true
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Apply output :

Error: `queue_properties` aren't supported for account kind "Storage" in sku tier "Standard"

  with azurerm_storage_account.example,
  on main.tf line 20, in resource "azurerm_storage_account" "example":
  20: resource "azurerm_storage_account" "example" {

Expected Behaviour

According to the documentation, it should be possible to set queue_properties for Azure Storage Accounts with account_kind set to "Storage". Terraform should not throw an error when attempting to configure queue_properties for such accounts.

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#queue_properties

Actual Behaviour

Terraform throws an error indicating that queue_properties are not supported for Azure Storage Accounts with account_kind set to "Storage"

Steps to Reproduce

1. Set up a Terraform configuration file defining an Azure Storage Account with the following attributes:

• account_kind set to "Storage"

• queue_properties defined with logging properties

2. Run terraform init and terraform apply with the provided configuration.
3. Observe the error message indicating that queue_properties are not supported for the specified account_kind.

Important Factoids

No response

References

No response

[magodo]

Per https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json#types-of-storage-accounts, only standard (account_tier) storageV2 (account_kind) supports queue service.

I'll update the document on TF side shortly..

[MedFazazi]

Per https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json#types-of-storage-accounts, only standard (account_tier) storageV2 (account_kind) supports queue service.

I'll update the document on TF side shortly..

Hello @magodo,
According to the documentation, there is no indication of the retirement or discontinuation of 'Diagnostic settings (classic)' for Storage (general purpose v1) accounts. Moreover, it appears that these settings can still be configured using both the Azure CLI and the Azure portal.

[magodo]

@MedFazazi The classic storage is deprecated since Aug.31.2021, and will be retire on Aug.31 this year. We suggest users migrate to using the StorageV2 instead.

See https://learn.microsoft.com/en-us/azure/storage/common/classic-account-migration-overview?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json.

[MedFazazi]

Thank you for sharing the information. It seems there might be a mix-up between classic storage accounts and general-purpose v1 storage accounts. While classic storage accounts have been deprecated and are scheduled for retirement, general-purpose v1 storage accounts are still fully supported by Azure. As stated in the official documentation, Microsoft continues to support general-purpose v1 accounts for new and existing customers. There's no retirement plan announced for them, and Microsoft will provide at least one year's advance notice before deprecating any Azure Storage feature. You can create general-purpose v1 storage accounts in new regions whenever Azure Storage is available in those regions. Microsoft will continue to provide security updates for general-purpose v1 accounts, but no new feature development is expected for this account type.

For new Azure regions that have come online after October 1, 2020, pricing for general-purpose v1 accounts has changed and is equivalent to pricing for general-purpose v2 accounts in those regions. Pricing for general-purpose v1 accounts in Azure regions that existed prior to October 1, 2020 has not changed

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.