Error: deleting Azure Firewall #271

krowlandson · 2022-02-16T16:05:21Z

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Versions

terraform: Terraform v1.1.5

azure provider: + provider registry.terraform.io/hashicorp/azurerm v2.83.0

module: v1.1.2

Description

Describe the bug

When running terraform destroy with a configuration which has deployed one or more Azure Firewall resources, we get the following error:

╷
│ Error: deleting Azure Firewall Firewall: (Azure Firewall Name "12345-fw-northeurope" / Resource Group "12345-connectivity-northeurope") : network.AzureFirewallsClient#Delete: Failure sending request: StatusCode=415 -- Original Error: Code="UnsupportedMediaType" Message="The content media type '<null>' is not supported. Only 'application/json' is supported."
│
│
╵

This results in multiple resources failing to be destroyed due to dependencies.

Steps to Reproduce

Create a module configuration which deploys at least 1 virtual network using hub_networks or vwan_hub_networks with the Azure Firewall enabled.
Run terraform apply and confirm.
Once deployment is completed, run terraform destroy and confirm.
Take note of the error message and resources which are still to be destroyed.

Screenshots

Additional context

This appears to be an Azure API related breaking change which has impacted multiple 3rd party tooling, including the Azure provider for Terraform.

Please refer to the following issue for reference:

Cannot destroy Azure Firewall hashicorp/terraform-provider-azurerm#14966

NOTE: This issue is fixed in v2.96.0 of the Terraform Provider.

The text was updated successfully, but these errors were encountered:

krowlandson · 2022-02-16T16:06:52Z

This is an upstream issue which will impact all versions of the Azure provider for Terraform prior to release v2.96.0.

Proposed fix will be to update the minimum supported Azure provider for Terraform to release v2.96.0 onwards.

* Refactor test deployments * Update minimum supported provider version * Fix linting error * Update root_name * Update unit test pipeline * Fix certificate path error * Rename job display names * Update e2e test pipeline * Update location variable * Remove unused TF_PLAN_OUT variable * Update parallelism environment variable * Update path for terraform destroy * Increase job timeouts for e2e * Update OPA value generator for pwsh * Add `planned_values.json` for each test case * Remove trailing whitespace * Update OPA tests script for new framework * Add OPA tasks to Unit Tests job * Remove `.sh` script (to be unified with `.ps1` version) * Refactor OPA installation scripts * Update execution bit * Update task names * Add readme to test framework * Add VWAN config to connectivity settings * Remove unsupported tags object from config * Update minimum supported version to fix #271 * Fix #271 error deleting firewall * Updates to fix #272 * Fix formatting error on fix for #273 * Fix to prevent lock file versions error * Update rego files to reflect changes for #272 * Updated for latest test framework plans

* Add VWAN capabilities to upstream branch (#250) * Initial MVP for virtual wan and hub resources * Update resource dependencies * Refactor to create dedicated resources for vwan * Refactor to simplify for management resources * Replace `try()` with `lookup()` * Update custom settings for Virtual WAN * Add DNS links for spokes connected to Virtual Hubs * Add virtual hub connections * Fix incorrect VPN gateway name (#251) * Fix incorrect VPN gateway name * Refactor test framework for VWAN additions (#265) * Refactor test deployments * Update minimum supported provider version * Fix linting error * Update root_name * Update unit test pipeline * Fix certificate path error * Rename job display names * Update e2e test pipeline * Update location variable * Remove unused TF_PLAN_OUT variable * Update parallelism environment variable * Update path for terraform destroy * Increase job timeouts for e2e * Update OPA value generator for pwsh * Add `planned_values.json` for each test case * Remove trailing whitespace * Update OPA tests script for new framework * Add OPA tasks to Unit Tests job * Remove `.sh` script (to be unified with `.ps1` version) * Refactor OPA installation scripts * Update execution bit * Update task names * Add readme to test framework * Add VWAN config to connectivity settings * Remove unsupported tags object from config * Update minimum supported version to fix #271 * Fix #271 error deleting firewall * Updates to fix #272 * Fix formatting error on fix for #273 * Fix to prevent lock file versions error * Update rego files to reflect changes for #272 * Updated for latest test framework plans * Update conftest baseline * Add opt-out for `terraform destroy` * Update for remote backend configuration * Update dependsOn for test jobs * Update execution bit on script file * Output variables to pipeline * Update auth config for backend * Update backend config for SPN auth * Update comment * Move random `root_id` generation to strategy job * Add SPN credentials to backend configuration * Do not try to overwrite readonly variable * Rename function for linting error * Remove `use_microsoft_graph` due to error * Add `az logout` step * Troubleshoot `terraform init` error * Map dependent variables * Add `az cli` login to init step * Troubleshoot auth issue for `terraform init` * Add `ARM_CLIENT_SECRET` to `terraform init` steps * Add dependent variables to e2e test jobs * Split e2e tests into multiple jobs * Update condition in test loop * Rename jobs * Update timeout on clean-up * Update condition format * Update dependencies * Update conditions * Update conditions * Update timeout and conditions for e2e tests * Rename tasks * Update logic for `terraform destroy` * Update logic for `terraform destroy` * Update condition * Rename e2e clean-up job

ghost added the Needs: Triage 🔍 Needs triaging by the team label Feb 16, 2022

krowlandson self-assigned this Feb 16, 2022

ghost removed the Needs: Triage 🔍 Needs triaging by the team label Feb 16, 2022

krowlandson added the external bug label Feb 16, 2022

krowlandson added this to the v1.2.0 release milestone Feb 16, 2022

krowlandson changed the title ~~Error~~ Error: deleting Azure Firewall Feb 16, 2022

krowlandson mentioned this issue Feb 16, 2022

Argument management_group_name deprecated in favour of management_group_id #272

Closed

krowlandson pushed a commit to krowlandson/terraform-azurerm-caf-enterprise-scale that referenced this issue Feb 17, 2022

Update minimum supported version to fix Azure#271

35a2210

krowlandson pushed a commit to krowlandson/terraform-azurerm-caf-enterprise-scale that referenced this issue Feb 18, 2022

Fix Azure#271 error deleting firewall

eb70516

krowlandson mentioned this issue Mar 1, 2022

Add VWAN deployment capability #287

Merged

6 tasks

ghost added the PR-referenced label Mar 1, 2022

krowlandson closed this as completed in #287 Mar 9, 2022

ghost added PR-merged and removed PR-referenced labels Mar 9, 2022

ghost locked as resolved and limited conversation to collaborators Apr 8, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error: deleting Azure Firewall #271

Error: deleting Azure Firewall #271

krowlandson commented Feb 16, 2022

krowlandson commented Feb 16, 2022

Error: deleting Azure Firewall #271

Error: deleting Azure Firewall #271

Comments

krowlandson commented Feb 16, 2022

Community Note

Versions

Description

krowlandson commented Feb 16, 2022