Cloud Volumes ONTAP
Cloud Volumes ONTAP
Hi Team,
Upon running Terraform to successfully stand up CVO connector using a service principal i am unable to create a CVO instance as I receive the following error:
│ Error: code: 400, message: {"message":"subscription xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx is not associated to your credentials","causeMessage":"BadRequestException: subscription xxxxxxxxxxxxxxxxxxxxx is not associated to your credentials"}
the sub id matches the id of where the connector has been deployed and I elevated the service principal out of pure frustration to owner to see if that made a difference but it didn't.
Below is my Terraform resource definition (you can see I am inheriting values from the connector - so it should all just work?):
resource "netapp-cloudmanager_cvo_azure" "cl-azure" {
depends_on = [netapp-cloudmanager_connector_azure.cl-occm-azure]
provider = netapp-cloudmanager
name = "TerraformCVOAzure"
location = netapp-cloudmanager_connector_azure.cl-occm-azure.location
subscription_id = netapp-cloudmanager_connector_azure.cl-occm-azure.subscription_id
subnet_id = netapp-cloudmanager_connector_azure.cl-occm-azure.subnet_id
vnet_id = netapp-cloudmanager_connector_azure.cl-occm-azure.vnet_id
vnet_resource_group = netapp-cloudmanager_connector_azure.cl-occm-azure.resource_group
security_group_id = "/subscriptions/${var.azure_subscription_id}/resourceGroups/${var.prefix}-rg/providers/Microsoft.Network/networkSecurityGroups/${azurerm_network_security_group.demo.name}"
data_encryption_type = "AZURE"
azure_tag {
tag_key = "name"
tag_value = var.prefix
}
storage_type = "Premium_LRS"
svm_password = netapp-cloudmanager_connector_azure.cl-occm-azure.admin_password
client_id = netapp-cloudmanager_connector_azure.cl-occm-azure.client_id
capacity_tier = "Blob"
writing_speed_state = "NORMAL"
is_ha = false
instance_type = "Standard_DS3_v2"
license_type = "capacity-paygo"
capacity_package_name = "Freemium"
disk_size = 500
disk_size_unit = "GB"
}
welcome any suggestions on what I may have missed 🙂
Cheers,
C
Have you checked out this KB? I believe it is the answer you are looking for. https://kb.netapp.com/Advice_and_Troubleshooting/Cloud_Services/Cloud_Manager/%22Your_credentials_are_not_associated_with_any_subscription%22_when_dis...
Thankyou for the KB link. - the service principal is associated at the subscription level.
What surprises me is that the service principal account can create azure resources ie security groups, networks, virtual machines including the cloud connector. When the Terrafrom resource tries to create CVO that's when it falls into a heap with that error.
Had a little look through CloudManager and I was surprised to see:
I have triple checked that I have subscribed with Azure and I can see it associated within CloudManager:
yet oddly when I click on edit credentials (in the first screenshot); I get the following prompt and when i select my subscription the apply button does nothing... tried multiple browsers... same problem 😐
I suspect this is the problem I am having with my Terraform not working... just need to figure out what's broken 😐
Last update before I give up... Tried to add a fresh account as per the steps (https://docs.netapp.com/us-en/cloud-manager-setup-admin/task-adding-azure-accounts.html#adding-the-credentials-to-cloud-manager) and when click "next" I get a blank confirmation page:
Ill give up for now but maybe someone can shed some light on this?
Cheers!