New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting access denied #4635
Comments
Any update on this? having the same error and cant find a solution |
I'm also seeing this problem when attempting to create an Azure Web App service that uses a Windows Container from a private registry. The problem seems to be the value of the windows_fx_version property. My guess is that the provider is trying to create the App Service first, with the site_config setting, but not with the app_settings. And since the username and password for the private registry are within the app_settings, the App Service seems like it won't provision because it doesn't have the username/password, and the whole script dies. |
Ultimately, the azurerm provider is sending an API call with a body like this... {
"location": "westus",
"properties": {
"enabled": true,
"serverFarmId": "/subscriptions/b9c770d1-cde9-4da3-ae40-95ce1a4fac0c/resourceGroups/cdw-winappcnt-20200410/providers/Microsoft.Web/serverfarms/cdw-winappcnt-20200410-plan",
"siteConfig": {
"defaultDocuments": [],
"netFrameworkVersion": "v4.0",
"phpVersion": "",
"pythonVersion": "",
"linuxFxVersion": "",
"windowsFxVersion": "DOCKER|cdwms.azurecr.io/aspnethelloworld:latest",
"remoteDebuggingEnabled": false,
"remoteDebuggingVersion": "",
"scmType": "None",
"use32BitWorkerProcess": false,
"webSocketsEnabled": false,
"alwaysOn": true,
"javaVersion": "",
"javaContainer": "",
"javaContainerVersion": "",
"appCommandLine": "",
"cors": {},
"autoSwapSlotName": "",
"localMySqlEnabled": false,
"ipSecurityRestrictions": [],
"http20Enabled": false
},
"httpsOnly": false
},
"tags": {}
} ... which fails. However, if it were to pass this... {
"location": "westus",
"properties": {
"enabled": true,
"serverFarmId": "/subscriptions/b9c770d1-cde9-4da3-ae40-95ce1a4fac0c/resourceGroups/cdw-winappcnt-20200410/providers/Microsoft.Web/serverfarms/cdw-winappcnt-20200410-plan",
"siteConfig": {
"defaultDocuments": [],
"netFrameworkVersion": "v4.0",
"phpVersion": "",
"pythonVersion": "",
"linuxFxVersion": "",
"windowsFxVersion": "DOCKER|cdwms.azurecr.io/aspnethelloworld:latest",
"remoteDebuggingEnabled": false,
"remoteDebuggingVersion": "",
"scmType": "None",
"use32BitWorkerProcess": false,
"webSocketsEnabled": false,
"alwaysOn": true,
"javaVersion": "",
"javaContainer": "",
"javaContainerVersion": "",
"appCommandLine": "",
"cors": {},
"autoSwapSlotName": "",
"localMySqlEnabled": false,
"ipSecurityRestrictions": [],
"http20Enabled": false,
"appSettings": [
{
"name": "DOCKER_REGISTRY_SERVER_URL",
"value": "https://something.azurecr.io"
},
{
"name": "DOCKER_REGISTRY_SERVER_USERNAME",
"value": "something"
},
{
"name": "DOCKER_REGISTRY_SERVER_PASSWORD",
"value": "REDACTED"
},
{
"name": "WEBSITES_ENABLE_APP_SERVICE_STORAGE",
"value": "false"
}
],
},
"httpsOnly": false
},
"tags": {}
} ... with the appsettings, then it works as expected. |
@cwiederspan you're on to something because the Schema for Site_config doesnt include the appsettings, its a sibling |
Nope, validation stops it : |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Im also facing this issue. As a temporary workaround I set the windows_fx_version to a public image and changes it with azure cli or manually from the UI. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I'm having the same issue... is there any work around at the moment? @KennyEliasson doesn't it reset back to the public image when you reapply? |
@aldrichang I've ignored windows_fx_version and I set the image via Azure CLI |
We had the exact same issue and followed @KennyEliasson's method as the workaround. I used the
|
馃憢 We recently announced version 3.0 of the Azure Provider which introduces several new features, including new resources for App Service to better represent the service, including the Since these resources better represent App Service in Terraform - we're introducing new functionality to those resources and encourage you to opt-into the Beta, try the new resources and provide feedback - as in version 3.0 these new resources will become GA and will supersede the existing resources. More information on the Beta can be found here. Thanks! |
Community Note
Terraform (and AzureRM Provider) Version
Affected Resource(s)
azurerm_app_service
Terraform Configuration Files
Expected Behavior
Web App for container w/ Windows Container deployed into larger resource group
Actual Behavior
Error: web.AppsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="The parameter WindowsFxVersion has an invalid value. Could not find the specified image name and tag
combination. For private registries, make sure you are prepending the image name with the server hostname. https://mcr.microsoft.com" Details=[{"Message":"The parameter WindowsFxVersion has an invalid value. Could not find t
he specified image name and tag combination. For private registries, make sure you are prepending the image name with the server hostname. https://mcr.microsoft.com"},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest"
,"ExtendedCode":"01007","Message":"The parameter WindowsFxVersion has an invalid value. Could not find the specified image name and tag combination. For private registries, make sure you are prepending the image name with th
e server hostname. https://mcr.microsoft.com","MessageTemplate":"The parameter {0} has an invalid value.","Parameters":["WindowsFxVersion"]}}]
Error: Error creating App Service "rdbuilder02" (Resource Group "rdbuilder02"): web.AppsClient#CreateOrUpdate: Failure sending request: StatusCode=401 -- Original Error: Code="Unauthorized" Message="Access is denied. Not auth
orized. latest" Details=[{"Message":"Access is denied. Not authorized. latest"},{"Code":"Unauthorized"},{"ErrorEntity":{"Code":"Unauthorized","ExtendedCode":"01001","Message":"Access is denied. Not authorized. latest","Messag
eTemplate":"Access is denied.","Parameters":[]}}]
Steps to Reproduce
terraform init
terraform apply
Important Factoids
The snippit is part of a much larger script, all of which deploys without issue.
Can deploy the web app windows container via AzureRM powershell and through console.
If I use a public app, it deploys successfully.
References
The text was updated successfully, but these errors were encountered: