Workspace deploy fails because storage account is not unique #2893
Comments
|
Very unlucky - depends how many TRE workspaces have been deployed. Maybe we can add the TRE ID into some of these identifiers. |
thats a good idea! |
|
Just to mention, we have also come across this issue three times in the last week! |
|
FYI this is where we generate that name: https://github.com/microsoft/AzureTRE/blob/main/templates/workspaces/base/terraform/locals.tf#L4 We currently take the last 8 characters from a string that already includes the TRE ID. If we took more than 8 (e.g. like we do for the KV name) then we'd pick up the TRE ID as part of the storage account name. However, we have a limit of 24 characters....but that should still be fine. |
|
The root cause of this is using last 4 chars of a uuid (v4=random) for azure resources that need to be globally unique. The complicated factor is that templates make naming assumptions on resources they reference that were created by a parent template. This is also true for some of our python code mainly around the airlock (but is easier to fix). We discussed a couple of options to resolve this:
|
|
Hit this again today... |
|
@tamirkamara where are we with this? Is #3243 a solution? People keep hitting it, would be good to get a fix in - if no 2 above is to complex, then can we maybe get a more random ID as per 1? |
We have implemented no2 and it's merged. |
|
This is coming up again as an issue. I think will look at a temporary fix just to check the last 4 digits is unique, then longer term when time allows, we can go through and update all the templates. What was the conversation about the ID being a property? A property of the workspace service? |
github-project-automation
bot
moved this from Done
to In Progress
in Azure TRE - Engineering
|
@SvenAelterman I think we need a short term workaround for this, I have tested something like: async def is_workspace_with_last_4_id(self, workspace_id: str) -> bool:
from azure.mgmt.storage import StorageManagementClient
storage_client = StorageManagementClient(credentials.get_credential(), config.SUBSCRIPTION_ID)
# check for storage account with last 4 digits of workspace_id
availability_result = storage_client.storage_accounts.check_name_availability(
{
"name": f"stgws{workspace_id[-4:]}"
}
)
return not availability_result.name_availableWhich works, but as per the discussion above we need to have a more robust solution. Which could be as you suggested in #3862, use the
But we also need to adjust templates to use outputs of parent templates, such as the workspace storage account name, rather than a hardcoded format. There is also the airlock to consider as per #3243. I propose a workaround, then we schedule getting this sorted for good, which will be a breaking change on the base workspace and child templates. |
|
PR #3863 |
|
Had a chat with people about this and the view is using unique IDs for the full name - all characters, and then tags for the descriptions might be the best approach. If we use the TRE ID then we are going to start running out of characters. |
Describe the bug
A clear and concise description of what the bug is.
I've just deployed a workspace and get
looks like the last 4 chars are maybe not unique enough. Seems odd though if it's ~1/10^6 chance
Steps to reproduce
The text was updated successfully, but these errors were encountered: