Getting a 403 issue on the `mssqlvulnerability` container when re-applying locally
Closed this issue · 2 comments
jjgriff93 commented
Describe the bug
Getting a 403 issue on the mssqlvulnerability
container when re-applying locally
╷
│ Error: retrieving Container "mssqlvulnerabilityassessment" (Account "strgflwrgriffdev" / Resource Group "rg-flwrgriff-dev"): containers.Client#GetProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:c5285d54-401e-004a-02bb-72ced1000000\nTime:2023-04-19T12:36:02.2280006Z"
│
│ with azurerm_storage_container.mssql_vulnerability_assessment,
│ on feature-data-store.tf line 250, in resource "azurerm_storage_container" "mssql_vulnerability_assessment":
│ 250: resource "azurerm_storage_container" "mssql_vulnerability_assessment" {
│
To Reproduce
Steps to reproduce the behavior:
- Deploy FlowEHR locally
- Re-apply
- Because we no longer have public access / ip exception on storage account, this will fail
Expected behavior
Re-apply should work. A solution will likely be having a pre and post hook to add storage ip exceptions or open up the storage account temporarily for local deployments, or we disable this for local entirely (as it should only really be needed for prod data)
t-young31 commented
There is an IP exception added on the storage account in local deployments. I wonder if your IP has changed(?)
https://github.com/UCLH-Foundry/FlowEHR/blob/38bfa27ee594354662ac228d06c8a8f43bc929d0/infrastructure/core/main.tf#L35
jjgriff93 commented
Yeah, Microsoft network weirdness. Will close!