azure file share resource group name is in lowercase instead of uppercase prefix ‘mc’
I have several AKS clusters in Azure. When create the clusters with Terraform, I see a default resource group created in the format ‘MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>’.
My setup is like this:
created AKS clusterI have some Azure file shares which are loaded as PV in kubernetesI want to backup those file shares via Azure Recovery Service vault’s backup policy and backup ‘file share’ item.
I also created a Azure Recovery Services vault. While working with protected items (file shares) in vault where I try to backup file shares, I see that the source file shares’ resource group is prefixed with lowercase ‘mc_’ instead of uppercase as stated in first line. This means:
Instead of ‘MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>’, it’s shown as ‘mc_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>’ for the file shares.
Can you tell us why is this?
The problem I am having is that, if I have some azure file shares as vault protected items and I try to import those resources in terraform state file, I get an error where terraform wants to re-create the backup items in vault as the resource group name does not match (due to ‘mc’ letter case). Azure appears to consider this parameter as case-sensitive during API calls (our suspicion), that’s why even though the resource group is prefixed with “MC_” (uppercase) everywhere else (other Azure UIs and my terraform import’s resource ID stated it in uppercase ‘MC_’ prefix, resource group UI and even Azure docs), but vault backup item for file share shows it prefixed with ‘”mc_” (lowercase) in the UI. Can you please explain why is this?
Here’s an example where I am trying to import Azure’s data into terraform state file, but this should not cause any replacement. Please note down the ‘source_storage_account_id’ entry where it says is causing replacement, due to case issue.
Case issues occur here ([a] ‘mc’ & ‘MC’; [b]) ‘Microsoft.Storage’ & ‘Microsoft.storage’):
[a] …/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/… –> /resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/…[b] …providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME –> providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAME
From terraform plan:
# module.main.azurerm_backup_protected_file_share.my_fileshares[“STORAGE_ACCOUNT_NAME_pvc-<FILE_SHARE_ID>”] must be replaced
# (imported from “/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME”)
# Warning: this will destroy the imported resource
-/+ resource “azurerm_backup_protected_file_share” “my_fileshares” {
backup_policy_id = “/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupPolicies/CLUSTER_NAME-daily-backup”
~ id = “/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME” -> (known after apply)
recovery_vault_name = “CLUSTER_NAME-vault”
resource_group_name = “CLUSTER_NAME-projectX”
source_file_share_name = “pvc-<FILE_SHARE_ID>”
~ source_storage_account_id = “/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME” -> “/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAME” # forces replacement
}
You can verify this case issue from here:
any resource group named in this format: ‘MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>’.Check resources under it, some of them have it in lowercase ‘mc_’ prefix, some have uppercase ‘MC_’ prefix. Why is this? For example:lowercase ‘mc_’ prefix for resource group: aks-agentpool nsg (Network security group), aks-agentpool routetable (Route table), kubernetes Load balancer, pvc- prefixed Disks.uppercase ‘MC_’ prefix for resource group: aks-defaultpool (Virtual machine scale set), random ID’d storate account (e.g. STORAGE_ACCOUNT_NAME), Managed Identity
3. Check file share backup item in a recovery services vault. The share is shown in lowercase ‘mc_’ prefix.
Can you tell us why is this case shown differently? And are api calls for resource IDs case-sensitive?
I have several AKS clusters in Azure. When create the clusters with Terraform, I see a default resource group created in the format ‘MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>’.My setup is like this:created AKS clusterI have some Azure file shares which are loaded as PV in kubernetesI want to backup those file shares via Azure Recovery Service vault’s backup policy and backup ‘file share’ item.I also created a Azure Recovery Services vault. While working with protected items (file shares) in vault where I try to backup file shares, I see that the source file shares’ resource group is prefixed with lowercase ‘mc_’ instead of uppercase as stated in first line. This means:Instead of ‘MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>’, it’s shown as ‘mc_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>’ for the file shares.Can you tell us why is this?The problem I am having is that, if I have some azure file shares as vault protected items and I try to import those resources in terraform state file, I get an error where terraform wants to re-create the backup items in vault as the resource group name does not match (due to ‘mc’ letter case). Azure appears to consider this parameter as case-sensitive during API calls (our suspicion), that’s why even though the resource group is prefixed with “MC_” (uppercase) everywhere else (other Azure UIs and my terraform import’s resource ID stated it in uppercase ‘MC_’ prefix, resource group UI and even Azure docs), but vault backup item for file share shows it prefixed with ‘”mc_” (lowercase) in the UI. Can you please explain why is this?Here’s an example where I am trying to import Azure’s data into terraform state file, but this should not cause any replacement. Please note down the ‘source_storage_account_id’ entry where it says is causing replacement, due to case issue.Case issues occur here ([a] ‘mc’ & ‘MC’; [b]) ‘Microsoft.Storage’ & ‘Microsoft.storage’):[a] …/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/… –> /resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/…[b] …providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME –> providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAMEFrom terraform plan:# module.main.azurerm_backup_protected_file_share.my_fileshares[“STORAGE_ACCOUNT_NAME_pvc-<FILE_SHARE_ID>”] must be replaced
# (imported from “/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME”)
# Warning: this will destroy the imported resource
-/+ resource “azurerm_backup_protected_file_share” “my_fileshares” {
backup_policy_id = “/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupPolicies/CLUSTER_NAME-daily-backup”
~ id = “/subscriptions/SUBSCRIPTION_ID/resourceGroups/CLUSTER_NAME-projectX/providers/Microsoft.RecoveryServices/vaults/CLUSTER_NAME-vault/backupFabrics/Azure/protectionContainers/StorageContainer;storage;mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION;STORAGE_ACCOUNT_NAME/protectedItems/AzureFileShare;FILE_SHARE_FRIENDLY_NAME” -> (known after apply)
recovery_vault_name = “CLUSTER_NAME-vault”
resource_group_name = “CLUSTER_NAME-projectX”
source_file_share_name = “pvc-<FILE_SHARE_ID>”
~ source_storage_account_id = “/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.Storage/storageAccounts/STORAGE_ACCOUNT_NAME” -> “/subscriptions/SUBSCRIPTION_ID/resourceGroups/mc_CLUSTER_NAME-aks_CLUSTER_NAME_CLUSTER_REGION/providers/Microsoft.storage/storageAccounts/STORAGE_ACCOUNT_NAME” # forces replacement
}You can verify this case issue from here:any resource group named in this format: ‘MC_<CLUSNER_NAME>-aks_<CLUSNER_NAME>_<CLUSTER_REGION>’.Check resources under it, some of them have it in lowercase ‘mc_’ prefix, some have uppercase ‘MC_’ prefix. Why is this? For example:lowercase ‘mc_’ prefix for resource group: aks-agentpool nsg (Network security group), aks-agentpool routetable (Route table), kubernetes Load balancer, pvc- prefixed Disks.uppercase ‘MC_’ prefix for resource group: aks-defaultpool (Virtual machine scale set), random ID’d storate account (e.g. STORAGE_ACCOUNT_NAME), Managed Identity3. Check file share backup item in a recovery services vault. The share is shown in lowercase ‘mc_’ prefix.Can you tell us why is this case shown differently? And are api calls for resource IDs case-sensitive? Read More
