Sep 11 2024 04:35 AM
I have several AKS clusters in Azure. When create the clusters with Terraform, I see a default resource group created in the format 'MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>'.
My setup is like this:
I also created a Azure Recovery Services vault. While working with protected items (file shares) in vault where I try to backup file shares, I see that the source file shares' resource group is prefixed with lowercase 'mc_' instead of uppercase as stated in first line. This means:
Instead of 'MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>', it's shown as 'mc_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>' for the file shares.
Can you tell us why is this?
The problem I am having is that, if I have some azure file shares as vault protected items and I try to import those resources in terraform state file, I get an error where terraform wants to re-create the backup items in vault as the resource group name does not match (due to 'mc' letter case). Azure appears to consider this parameter as case-sensitive during API calls (our suspicion), that's why even though the resource group is prefixed with "MC_" (uppercase) everywhere else (other Azure UIs and my terraform import's resource ID stated it in uppercase 'MC_' prefix, resource group UI and even Azure docs), but vault backup item for file share shows it prefixed with '"mc_" (lowercase) in the UI. Can you please explain why is this?
Here's an example where I am trying to import Azure's data into terraform state file, but this should not cause any replacement. Please note down the 'source_storage_account_id' entry where it says is causing replacement, due to case issue.
Case issues occur here ([a] 'mc' & 'MC'; [b]) 'Microsoft.Storage' & 'Microsoft.storage'):
From terraform plan:
# module.main.azurerm_backup_protected_file_share.my_fileshares["STORAGE_ACCOUNT_NAME_pvc-<FILE_SHARE_ID>"] must be replaced
# (imported from "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME")
# Warning: this will destroy the imported resource
-/+ resource "azurerm_backup_protected_file_share" "my_fileshares" {
backup_policy_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupPolicies/CLUSTER_NAME-daily-backup"
~ id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME" -> (known after apply)
recovery_vault_name = "CLUSTER_NAME-vault"
resource_group_name = "CLUSTER_NAME-projectX"
source_file_share_name = "pvc-<FILE_SHARE_ID>"
~ source_storage_account_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME" -> "/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAME" # forces replacement
}
You can verify this case issue from here:
Can you tell us why is this case shown differently? And are api calls for resource IDs case-sensitive?