ResourceModules icon indicating copy to clipboard operation
ResourceModules copied to clipboard
verified publisher icon Azure

[Bug Report]: Module Storage Account is not idempotent ; isHnsEnabled parameter

Open SeSeicht opened this issue 3 years ago • 3 comments

Describe the bug

Storage Account cannot be deployed idempotently.

To reproduce

Deploy the SA-Module twice without removal.

Code snippet

https://github.com/Azure/ResourceModules/blob/ec1d408ba000f339cc4660a9a5135b98ad0a220b/arm/Microsoft.Storage/storageAccounts/deploy.bicep#L86

Relevant log output

The property 'isHnsEnabled' was specified in the
     | input, but it cannot be updated as it is read-only

(Code: | DeploymentFailed)  - {   "error": {     "code":
     | "AccountPropertyCannotBeUpdated",     "message": "The
     | property 'isHnsEnabled' was specified in the input, but it
     | cannot be updated as it is read-only. For more information,
     | see - https://aka.ms/storageaccountupdate"   } }

SeSeicht avatar May 25 '22 07:05 SeSeicht

Suggestion: We could implement 2 consecutive deployments to catch these kind of errors. However, if we implement multiple pipeline runs to catch these kind of issues we have to be careful

  • With modules that generate unique resource names (e.g. storage account)
  • With the deployment name

AlexanderSehr avatar May 25 '22 07:05 AlexanderSehr

Regarding the issue itself we might need to use union() to not specify the HNS parameter at all (if it is not allowed to even use null).

AlexanderSehr avatar May 25 '22 07:05 AlexanderSehr

needs a PoC to see if union works

rahalan avatar Jun 02 '22 15:06 rahalan

any progress on resolution of the bug ? bicep module supposed to be idempotent.

htalluri9 avatar Nov 11 '22 09:11 htalluri9

I tried to reconstruct this issue. For me it looks like expected now. The isHnsEnabled has to be set in the initial creation of the SA. Afterwards this is not changeable anymore. Like it's described in the readme

SeSeicht avatar Nov 18 '22 09:11 SeSeicht