Cannot delete Infrastructure after updating to version that contains terraformer@v2.9.0
ialidzhikov opened this issue · comments
/area quality
/kind bug
/priority 3
/platform azure
What happened:
#295 removes the logic that updates the terraform config on deletion.
After #351, Infrastructure deletion fails because the terraform config is never updated with skip_provider_registration = "true".
What you expected to happen:
Shoot in deletion to be successfully deleted after update to v1.22.0-dev.
How to reproduce it (as minimally and precisely as possible):
-
Create a Shoot with gardener-extension-provider-azure@v1.21.2
-
Stop gardenlet
-
Update to gardener-extension-provider-azure@v1.22.0-dev and delete the Shoot
-
Start gardenlet
-
Make sure that the Infrastructure deletion fails with:
status:
lastError:
codes:
- ERR_INFRA_UNAUTHORIZED
description: |-
Error deleting infrastructure: Terraform execution for command 'destroy' could not be completed:
* Error ensuring Resource Providers are registered.
Terraform automatically attempts to register the Resource Providers it supports to
ensure it's able to provision resources.
If you don't have permission to register Resource Providers you may wish to use the
"skip_provider_registration" flag in the Provider block to disable this functionality.
Please note that if you opt out of Resource Provider Registration and Terraform tries
to provision a resource from a Resource Provider which is unregistered, then the errors
may appear misleading - for example:
> API version 2019-XX-XX was not found for Microsoft.Foo
Could indicate either that the Resource Provider "Microsoft.Foo" requires registration,
but this could also indicate that this Azure Region doesn't support this API version.
More information on the "skip_provider_registration" flag can be found here:
https://www.terraform.io/docs/providers/azurerm/index.html#skip_provider_registration
Original Error: Cannnot register providers: Microsoft.DataProtection, Microsoft.AVS. Errors were: Cannot register provider Microsoft.DataProtection with Azure Resource Manager: resources.ProvidersClient#Register: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '<omitted>' with object id '<omitted>' does not have authorization to perform action 'Microsoft.DataProtection/register/action' over scope '/subscriptions/<omitted>' or the scope is invalid. If access was recently granted, please refresh your credentials.".
Cannot register provider Microsoft.AVS with Azure Resource Manager: resources.ProvidersClient#Register: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '<omitted>' with object id '<omitted>' does not have authorization to perform action 'Microsoft.AVS/register/action' over scope '/subscriptions/<omitted>' or the scope is invalid. If access was recently granted, please refresh your credentials.".
on tf/main.tf line 1, in provider "azurerm":
1: provider "azurerm" {
because the terraform config is not updated on deletion after #295 and skip_provider_registration = "true" is never added to main.tf.
Anything else we need to know?:
Environment:
- Gardener version (if relevant):
- Extension version: v1.22.0-dev-ba6d12ffb6fe07a41911ef313723288540191193 (ba6d12f)
- Kubernetes version (use
kubectl version): - Cloud provider or hardware configuration:
- Others:
Thanks @ialidzhikov
I'm able to reproduce it.
I will prepare a PR to reintroduce the generation of the terraform config in the deletion case.