azure file share resource group name is in lowercase instead of uppercase prefix 'mc'

Copper Contributor

I have several AKS clusters in Azure. When create the clusters with Terraform, I see a default resource group created in the format 'MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>'.

My setup is like this:

  • created AKS cluster
  • I have some Azure file shares which are loaded as PV in kubernetes
  • I want to backup those file shares via Azure Recovery Service vault's backup policy and backup 'file share' item.

I also created a Azure Recovery Services vault. While working with protected items (file shares) in vault where I try to backup file shares, I see that the source file shares' resource group is prefixed with lowercase 'mc_' instead of uppercase as stated in first line. This means:

Instead of 'MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>', it's shown as 'mc_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>' for the file shares.

Can you tell us why is this?

The problem I am having is that, if I have some azure file shares as vault protected items and I try to import those resources in terraform state file, I get an error where terraform wants to re-create the backup items in vault as the resource group name does not match (due to 'mc' letter case). Azure appears to consider this parameter as case-sensitive during API calls (our suspicion), that's why even though the resource group is prefixed with "MC_" (uppercase) everywhere else (other Azure UIs and my terraform import's resource ID stated it in uppercase 'MC_' prefix, resource group UI and even Azure docs), but vault backup item for file share shows it prefixed with '"mc_" (lowercase) in the UI. Can you please explain why is this?

Here's an example where I am trying to import Azure's data into terraform state file, but this should not cause any replacement. Please note down the 'source_storage_account_id' entry where it says is causing replacement, due to case issue.

Case issues occur here ([a] 'mc' & 'MC'; [b]) 'Microsoft.Storage' & 'Microsoft.storage'):

  • [a] .../resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/... --> /resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/...
  • [b] ...providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME --> providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAME

From terraform plan:

# module.main.azurerm_backup_protected_file_share.my_fileshares["STORAGE_ACCOUNT_NAME_pvc-<FILE_SHARE_ID>"] must be replaced
# (imported from "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME")
# Warning: this will destroy the imported resource
-/+ resource "azurerm_backup_protected_file_share" "my_fileshares" {
backup_policy_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupPolicies/CLUSTER_NAME-daily-backup"
~ id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME" -> (known after apply)
recovery_vault_name = "CLUSTER_NAME-vault"
resource_group_name = "CLUSTER_NAME-projectX"
source_file_share_name = "pvc-<FILE_SHARE_ID>"
~ source_storage_account_id = "/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME" -> "/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAME" # forces replacement
}

You can verify this case issue from here:

  1. any resource group named in this format: 'MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>'.
  2. Check resources under it, some of them have it in lowercase 'mc_' prefix, some have uppercase 'MC_' prefix. Why is this? For example:
    1. lowercase 'mc_' prefix for resource group: aks-agentpool nsg (Network security group), aks-agentpool routetable (Route table), kubernetes Load balancer, pvc- prefixed Disks.
    2. uppercase 'MC_' prefix for resource group: aks-defaultpool (Virtual machine scale set), random ID'd storate account (e.g. STORAGE_ACCOUNT_NAME), Managed Identity
      3. Check file share backup item in a recovery services vault. The share is shown in lowercase 'mc_' prefix.

Can you tell us why is this case shown differently? And are api calls for resource IDs case-sensitive?

0 Replies