env:usgovernment Error: Cannot import non-existent remote object
JCW-USDA opened this issue ยท 8 comments
Using this command - aztfexport rg --log-level DEBUG --log-path log.txt --env usgovernment xxxxxxxx-backup-rsg
I have managed to get to the import interface with a list of 20 resources to import, thus assuming I have successfully authenticated and retrieved a list of resource within the target resource group. However, once the status line has reached 50%, the application bails.
The text output is here:
Microsoft Azure Export for Terraform
โกฟ Importing /subscriptions/5de351cf-24fa-47b5-80f4-85652fd6732a/resourceGroups/ekr-cec-backup-rsg/providers/Microsoft.RecoveryServi
โ /subscriptions/5dexxxx-2xxx-47xx-xxf4-xxxxxfd6732a/resourceGroups/xxxx-backup-rsg/providers/Microsoft.Network/privateEndpoints
๐ฅ /subscriptions/5dexxxx-2xxx-47xx-xxf4-xxxxxfd6732a/resourceGroups/xxxx-backup-rsg/providers/Microsoft.Network/privateEndpoints
โ /subscriptions/5dexxxx-2xxx-47xx-xxf4-xxxxxfd6732a/resourceGroups/xxxx-backup-rsg/providers/Microsoft.RecoveryServices/vaults/
โ /subscriptions/5dexxxx-2xxx-47xx-xxf4-xxxxxfd6732a/resourceGroups/xxxx-backup-rsg/providers/Microsoft.RecoveryServices/vaults/
โ /subscriptions/5dexxxx-2xxx-47xx-xxf4-xxxxxfd6732a/resourceGroups/xxxx-backup-rsg/providers/Microsoft.RecoveryServices/vaults/
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ 50%
When I hit "e" to display error I get:
exit status 1
Error: Cannot import non-existent remote object
While attempting to import an existing object to
"azurerm_resource_group.res-0", the provider detected that no object exists
with the given id. Only pre-existing objects can be imported; check that the
id is correct and that it is associated with the provider's configured region
or endpoint, or use "terraform apply" to create a new remote object for this
resource.
Any insight would be greatly appreciated, this appears to be a promising utility!
Would you mind to provide the log.txt (redacted) so that we can further look into what's going on?
@JCW-USDA Sorry, i forgot to mention that we need --log-level TRACE so that we can see the API sequences.
@JCW-USDA From the log, I saw that the resource group is actually imported, together with some other resources like azurerm_network_interface. There are some failures around the storage account nested resources, which seems due to lack of permission, e.g.:
Error: shares.Client#GetProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:4c44fa1b-b01a-0090-4908-29fdf6000000\nTime:2023-12-07T12:24:42.9905813Z"
Thank you for finding that in the log. I skipped those resources and have a successful import of RG, NIC, and Recovery Services Vault. I am using an APP ID to authenticate with contributor access. The storage account has public access disabled and uses a private endpoint. I am guessing this could be the authentication issue. Any suggestions on how to get around this?
@JCW-USDA In that case, you'll have to run the tool from the vnet has access to the storage account via PE.
That makes sense. Thank you for your help, all good information.