Unable to provision Application Insight resource using Terraform - azure

I am facing an issue while trying to provision an Application Insight resource in our subscription using Terraform.
Terraform spits the following error
azurerm_application_insights.global_app_function_insight: Error
creating Application Insights "hub-deployer-insight-globalsg"
(Resource Group "hub-globalsg-rg"):
insights.ComponentsClient#CreateOrUpdate: Failure sending request:
StatusCode=409 -- Original Error: autorest/azure: Service returned an
error. Status= Code="MissingRegistrationForLocation" Message="The
subscription is not registered for the resource type 'components' in
the location 'northcentralus'. Please re-register for this provider in
order to have access to this location."
I have tried unregistering then re-registering the provider in the subscription in question, but the issue remains. Have anyone experienced similar issue so far?
I've research the issue a bit, but none were related to Terraform. Some were releted to the .NET SDK version people were using, so maybe an issue with the Azure SDK for Go... or maybe an issue with our subscription...
terraform_version: 0.11.8
provider-azurerm_version: 1.19.0

This issue is not terraform related. I've seen this happen sometimes. Try deploying application insights to the northcentralus region from the portal and then try using terraform.

Related

Terraform azure automation fails after the first deployment

I have a silly question.
I am trying to deploy an azure web app using terraform. I have a task to build the code and drop it as a artefact, this works just fine. So I moved to the release process as follow
My code has a backend configuration in which I am saving my terraform.tfstate to be able to access this I create a azure resource manager service principle
Now this works just perfectly for all my stages. I am able to create the resource group and the web app, and the terraform.tfstate get saved in the container which is under the azure resource manager
But here is my problem. If I update my code local and push it to GitHub the pipeline builds the artefact and the release triggers, but at the plan stage it fails with the following error.
reading resource group: resources.GroupsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'XXXX' with object id 'XXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/XXXX/resourcegroups/rg-hri-stg-eur-configurations' or the scope is invalid. If access was recently granted, please refresh your credentials."[0m
I do understand that once the resource group exists, I don't have permission to perform any action on it, such as plan, apply or Destroy.
I was wondering how can I set a azure resource manager for those pipeline to access this specific resource group once it has been created?
Thank you very much for any advice or help you can provide me with.
I found the issue. A silly one to be honest. My ARM resource was target a specific resource group(the one in which I keep my terraform states), so it was not working when trying to update a resource. I change the scope of the ARM resource to subscription level and everything works fine now. Thank you so much for your help guys

Azure terraform storage account permission

I want to learn more about azure open vpn configurations and how it work. So looking around I found a open source project on GitHub, at the following link:
https://github.com/terraform-azurerm-examples/example-hub.git (Thank you for your code)
I set all the variable I wanted, and removed the version from azure provider.
but when I run terraform apply, I got an error on azure Storage account.
the error is this one:
Error: reading queue properties for AzureRM Storage Account "examplehubw6sr1wyncn": queues.Client#GetServiceProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationPermissionMismatch" Message="This request is not authorized to perform this operation using this permission.\nRequestId:cce5a313-b003-005c-2bb2-9d8a2f000000\nTime:2021-08-30T15:19:07.9036073Z"
As far as I understand, the error is due to setting secret permissions, which I did updated giving Get, List and Set but the error keeps showing up.
I am using terraform version 0.14.5
and my azurerm version is 2.74.0
I never had this type of error, on my subscription I have administrator role.
Did anyone get this error and know how to solve it, I would really appreciate you help
The error is probably because your user does not have data plane permissions on your storage account - which is where Terraform wants to put the statefile. Give your user Storage Blob Data Contributor role: https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal

Azure Data Explorer error when creating cluster: subscription '' is not registered

While working on this official tutorial Create an Azure Data Explorer cluster and database, I am getting the following error when creating a Cluster. Question: What I may be missing and how the issue can be resolved?
Remarks:
I'm using Visual Studio Enterprise Subscription - MPN
My online search shows similar error here but the context seems different since those error messages are related to The subscription not registered to use namespace. Not sure if there is a relevance to my error.
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"SubscriptionNotRegistered","message":"The subscription 'a86d7e9f-210d-48e8-8f5e-528015d1c998' is not registered."}]}
Using the link provided in the error, I got the following:
When I click on the 'write cluster resource' link from the above screen:
The error is because you did not register the Kusto resource provider as described here
However, once you create a new cluster for the first time on a given subscription and it fails because the provider is not registered, Kusto tries to register it for you. So if you try again it should just work, if not please follow the process in the link.

Terraform Azure Application Insights failing with 401 on random resources after Azure AD issues

I have a terraform library of different azure resources that were working fine the other day. Since the Azure AD failure I can't run a terraform plan anymore without random application insight resources failing due to 401 Unauthorized
Tried re-running az login but unfortunately still receiving issues.
Every plan is resulting in a different application insight resource throwing a 401.
Error: Error making Read request on AzureRM Application Insights
'{resource-name}': insights.ComponentsClient#Get: Failure responding
to request: StatusCode=401 -- Original Error: autorest/azure: Service
returned an error. Status=401 Code="Unauthorized"
Message="Unauthorized"
InnerError={"diagnosticcontext":"1b8e2cf0-5fd5-4a0d-9b75-1093e63ecd18","time":"2020-09-29T16:32:34.3731943Z"}
Have you tried re-initializing your Terraform backend? Doing this sequence just resolved the issue for me.
az login
terraform init
terraform plan

Where to find logs for databricks workspace?

I created a databricks component with an vnet based on this template and documentation. The problem is that we receive an error when trying to launch a workspace.
"We've encountered an error creating your workspace. Please wait a few minutes and try again."
In the documentation, there is a similar error in troubleshooting section but it's not the same.
The problem could be a network problem as the documentation suggests, but the ARM has been probed in other azure environments and it works properly.
The problem is creating a workspace but we don't know why.
Does anyone know where to find any kind of logs about workspace creation or know anything about this error message?
Thanks.
This error means that your workspace failed to be provisioned. We had this when a Policy on our subscription blocked the resource from being created. The policy was to ensure that Tags were set. Check to see if you have any Policies enabled.
Any logs you can see will be in the resource group under the deployments blade. But it probably won't show anything useful. You should raise a support ticket if you cannot track the problem yourself.

Resources