Getting a 403 issue on the `mssqlvulnerability` container when re-applying locally

Question

Getting a 403 issue on the `mssqlvulnerability` container when re-applying locally

Closed this issue a year ago · 2 comments

Describe the bug
Getting a 403 issue on the mssqlvulnerability container when re-applying locally

╷
│ Error: retrieving Container "mssqlvulnerabilityassessment" (Account "strgflwrgriffdev" / Resource Group "rg-flwrgriff-dev"): containers.Client#GetProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:c5285d54-401e-004a-02bb-72ced1000000\nTime:2023-04-19T12:36:02.2280006Z"
│ 
│   with azurerm_storage_container.mssql_vulnerability_assessment,
│   on feature-data-store.tf line 250, in resource "azurerm_storage_container" "mssql_vulnerability_assessment":
│  250: resource "azurerm_storage_container" "mssql_vulnerability_assessment" {
│

To Reproduce
Steps to reproduce the behavior:

Deploy FlowEHR locally
Re-apply
Because we no longer have public access / ip exception on storage account, this will fail

Expected behavior
Re-apply should work. A solution will likely be having a pre and post hook to add storage ip exceptions or open up the storage account temporarily for local deployments, or we disable this for local entirely (as it should only really be needed for prod data)

Answer 1 · 2023-04-19T12:49:23.000Z

There is an IP exception added on the storage account in local deployments. I wonder if your IP has changed(?)
https://github.com/UCLH-Foundry/FlowEHR/blob/38bfa27ee594354662ac228d06c8a8f43bc929d0/infrastructure/core/main.tf#L35

Answer 2 · 2023-04-19T16:05:59.000Z

Yeah, Microsoft network weirdness. Will close!