Question 104468 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – Error: Failed to get existing workspaces: containers.Client#ListBlobs:

Error: Failed to get existing workspaces: containers.Client#ListBlobs: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.nRequestId:XXX"

I am using azure storage as Terraform backend. It was working fine. I removed a private endpoint for the storage from configuration and did terraform apply. It starts giving me this error. Is there need of Private endpoint for storing Terraform state in Azure storage? Also not sure why got above error. I am unable to do terraform init with this error.

Tags:

2

Answers


  1. 0

    I tried in my environment and got below results:

    Main

    provider  "azurerm" {
features{
resource_group {
prevent_deletion_if_contains_resources  =  false
}
}
}
provider  "azuread" {
}

data  "azurerm_resource_group"  "example" {
name  =  "< Resource group name >"
}
data  "azurerm_storage_account"  "example" {
name  =  "venkat123"
resource_group_name  =  data.azurerm_resource_group.example.name
}
terraform {
backend  "azurerm" {
resource_group_name  =  "< Resource group name >"
storage_account_name  =  "venkat123"
container_name  =  "test"
key  =  "terraform.tfstate"
}
}

    Before running the code make sure you have make sure you were logged in with your credentials:

    az login --tenant <tenant ID>
az account set --subscription <subscription ID>

    Console:
    enter image description here

    Yes, you can access the storage account without private endpoints.

    Portal:

    enter image description here

    containers.Client#ListBlobs: Failure responding to request:
StatusCode=403 -- Original Error: autorest/azure: Service returned an
error. Status=403 Code="AuthorizationFailure" Message="This request is
not authorized to perform this operation.nRequestId:XXX"

    The above error shows that doesn’t has proper permission to authorize the azure blob storage.

    Check the firewall settings whether, In networking

    • If you are access in public enable the select all network
    • If you enabled selected networks add the virtual networks. and add your add your client iP address and also enable "Allow trusted Microsoft services to access this storage account" allows you to access storage account.

    enter image description here

    • Make sure that you have the necessary permission, such as the Contributor and User Access Administrator roles and the Storage Blob Data Owner role.

    Reference:
    Creating Azure Storage Containers in a storage account with network rules, with Terraform by Ansuman Bal

    Login or Signup to reply.
  2. 0

    I had the same issue, Terraform was working locally and saving the state file in the storage container but failed with a similar error in AzureDevop using the TerraformTaskV3@3 task:

    │ Error: Failed to get existing workspaces: containers.Client#ListBlobs: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationPermissionMismatch"

    So I assigned the Storage Blob Data Contributor role to the service principal I used to connect DevOps to the azure container.

    Reference: Azure Blob Storage "Authorization Permission Mismatch" error for get request with AD token

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search