Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

terraform test fails for storage account and private endpoint #28375

Open
1 task done
RudyBricks opened this issue Dec 23, 2024 · 2 comments
Open
1 task done

terraform test fails for storage account and private endpoint #28375

RudyBricks opened this issue Dec 23, 2024 · 2 comments

Comments

@RudyBricks
Copy link

RudyBricks commented Dec 23, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.6

AzureRM Provider Version

4.14.0

Affected Resource(s)/Data Source(s)

azurerm_storage_account

Terraform Configuration Files

resource "azurerm_resource_group" "rg_test" {
  location = "westeurope"
  name     = "rg-test-lab"
}

resource "azurerm_storage_account" "storage" {
  access_tier                        = "Hot"
  account_kind                       = "StorageV2"
  account_replication_type           = "LRS"
  account_tier                       = "Standard"
  allow_nested_items_to_be_public    = false
  https_traffic_only_enabled         = true
  location                           = "westeurope"
  name                               = "sttesttsetlab"
  public_network_access_enabled      = false
  resource_group_name                = azurerm_resource_group.rg_test.name

  blob_properties {
    change_feed_enabled      = false
    last_access_time_enabled = false
    versioning_enabled       = false

    container_delete_retention_policy {
      days = 7
    }

    delete_retention_policy {
      days                     = 7
      permanent_delete_enabled = false
    }
  }
}

resource "azurerm_storage_container" "container" {
  container_access_type             = "private"
  name                              = "data-transfer"
  storage_account_name              = azurerm_storage_account.storage.name
}

resource "azurerm_private_endpoint" "private_endpoint" {
  location                 = "westeurope"
  name                     = "pe-pve-sttestlab"
  resource_group_name      = "rg-test-lab"
  subnet_id                = data.azurerm_subnet.subnet_spoke.id
  private_service_connection {
    private_connection_resource_id = azurerm_storage_account.storage.id // just a simple subnet in a private VNet
    is_manual_connection           = false
    name                           = "pce-pve-sttestlab"
    subresource_names              = [
      "blob",
    ]
  }
  lifecycle {
    ignore_changes = [private_dns_zone_group]
  }
}

#### test.tftest.hcl

run "valid_setup" {
  command = apply

  assert {
    condition     = module.shared.rg_test== "rg-test-lab"
    error_message = "Resource group shared name not matching."
  }
}

Debug Output/Panic Output

validations.tftest.hcl... in progress
  run "valid_setup"... pass
validations.tftest.hcl... tearing down
Terraform encountered an error destroying resources created while executing
validations.tftest.hcl/valid_setup.
╷
│ Error: retrieving static website properties for Storage Account (Subscription: "[REDACTED]"
│ Resource Group Name: "rg-test-lab"
│ Storage Account Name: "sttesttsetlab"): executing request: Get "https://sttesttsetlab.blob.core.windows.net/?comp=properties&restype=service": dial tcp: lookup sttesttsetlab.blob.core.windows.net on 127.0.0.53:53: no such host
│ 
│   with module.shared.module.storage_account.azurerm_storage_account.storage,
│   on ../../hubit-modules/storage/azure-storage-account/main.tf line 8, in resource "azurerm_storage_account" "storage":
│    8: resource "azurerm_storage_account" "storage" {
│ 
╵

Terraform left the following resources in state after executing
validations.tftest.hcl/valid_setup, and they need to be cleaned up manually:
  - module.shared.azurerm_resource_group.rg_hertha
  - module.shared.module.storage_account_hertha.azurerm_storage_account.storage
  - module.shared.module.storage_account_hertha.azurerm_storage_container.container["data-transfer"]
  - module.shared.module.storage_account.module.private_endpoint_storage_account[0].azurerm_private_endpoint.private_endpoint
  - module.shared.module.storage_account.module.private_endpoint_storage_account_file[0].azurerm_private_endpoint.private_endpoint
test.tftest.hcl... fail

Failure! 1 passed, 0 failed.

##[error]Terraform encountered an error destroying resources created while executing
validations.tftest.hcl/valid_setup.
╷
│ Error: retrieving static website properties for Storage Account (Subscription: "[REDACTED]"
│ Resource Group Name: "rg-test-lab"
│ Storage Account Name: "sttesttsetlab"): executing request: Get "https://sttesttsetlab.blob.core.windows.net/?comp=properties&restype=service": dial tcp: lookup sttesttsetlab.blob.core.windows.net on 127.0.0.53:53: no such host
│ 
│   with module.shared.module.storage_account.azurerm_storage_account.storage,
│   on ../../hubit-modules/storage/azure-storage-account/main.tf line 8, in resource "azurerm_storage_account" "storage":
│    8: resource "azurerm_storage_account" "storage" {
##[error]Script has output to stderr. Failing as failOnStdErr is set to true.

Expected Behaviour

The tests run through and destroys the resources without problems

Actual Behaviour

terraform tests passes the tests, but then fails to delete the storage account.

Steps to Reproduce

terraform init
terraform test

Important Factoids

No response

References

No response

@magodo
Copy link
Collaborator

magodo commented Dec 24, 2024

@RudyBricks What if you simply apply-then-destroy the same configuration, will the error still occur?

By checking the source code, this error shall have been caught and ignored:

staticWebsiteProps, err := accountsClient.GetServiceProperties(ctx, id.StorageAccountName)
if err != nil {
if !connectionError(err) {
return fmt.Errorf("retrieving static website properties for %s: %+v", *id, err)
}
}

func connectionError(e error) bool {
var pollingDroppedConnectionError pollers.PollingDroppedConnectionError
if errors.As(e, &pollingDroppedConnectionError) {
return true
}
return regexp.MustCompile(`dial tcp`).MatchString(e.Error()) || regexp.MustCompile(`EOF$`).MatchString(e.Error())
}

(As the error message you hit above shall match the regex dial tcp)

@RudyBricks
Copy link
Author

Its true that using terraform apply and a subsequent terraform destroy works. I guess I cannot apply assertions this way, or can I?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants