Error in Deployment of PubSec-Info-Assistant: Error: retrieving queue properties for Storage Account

[bhaskarsarkar23]

Before you open an issue, please check if a similar issue already exists or has been closed before.

You can also find details on Troubleshooting Common Issues. You can use these tools to help gather additional logs and details to include in your issue.

⚠️ Please DO NOT include confidential information in your issue on GitHub. ⚠️

Bug Details

I am encountering an issue while deploying the PubSec-Info-Assistant project using Terraform. The deployment fails with the following error:

Error: retrieving queue properties for Storage Account (Subscription: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Resource Group Name: "infoasst-ai-*****"
Storage Account Name: "infoasststoreiovoj"): executing request: unexpected status 403 (403 This request is not authorized to perform this operation using this permission.) with AuthorizationPermissionMismatch: This request is not authorized to perform this operation using this permission.
RequestId:57670ee2-d003-0028-809a-41f00a0000
Time:2024-11-28T13:34:54

  with module.storage.azurerm_storage_account.storage,
  on core/storage/storage-account.tf line 6, in resource "azurerm_storage_account" "storage":
   6: resource "azurerm_storage_account" "storage"

Steps to Reproduce

1. Clone the PubSec-Info-Assistant repository.
2. Open the project in VSCode using the provided devcontainer.
3. Run make deploy to initiate the deployment process.
4. The deployment fails at the azurerm_storage_account resource with the error mentioned above.

Troubleshooting Steps Taken

1. Attempted the deployment using the Azure root account, but the same error persists.
2. Assigned the Storage Queue Data Contributor role to the credentials used for deployment, but it did not resolve the issue.

Observations

• The error indicates an AuthorizationPermissionMismatch.
• The operation fails when Terraform attempts to retrieve queue properties for the storage account.

Request for Help

Could you please provide guidance on the following:

1. Are there any additional roles or permissions required to resolve this issue?
2. Are there specific configurations in Terraform for the azurerm_storage_account module that need to be updated for this tag?
3. Any troubleshooting tips for verifying why the assigned permissions are not being recognized?

Environment Details

• PubSec-Info-Assistant version: 1.2
• Development Environment: VSCode devcontainer

Additional Information

Let me know if you need any more details or debug logs to investigate this issue.

---

Let me know if any further adjustments are required!

Information Assistant details

Please provide the following details. You can simply include a screenshot of your Info panel as well.

GitHub branch: [e.g. main]
version 1.2
Version or Latest commit: [obtained by running git log -n 1 <branchname>

What region is your Azure Open AI Service in?
eastus2 and eastus
What ChatGPT model are you using?
gpt-3.5-turbo, gpt-4, gpt-4o-mini
model name: (i.e. gpt-3.5-turbo, gpt-4)

model version: (i.e. 0613)

What embeddings model are you using?

Additional context
Add any other context about the problem here.

If the bug is confirmed, would you be willing to submit a PR?

• Yes
• No

[bjakems]

Please ensure you've registered all of the necessary providers prior to installation. See https://github.com/microsoft/PubSec-Info-Assistant/blob/main/docs/deployment/deployment.md#azure-resource-provider-registration

[bhaskarsarkar23]

Hi @bjakems,

I have already executed the register for each resource providers .

Here's the output of the subscription's resource providers

Namespace                           RegistrationState    RegistrationPolicy
----------------------------------  -------------------  --------------------
Microsoft.KeyVault                  Registered           RegistrationRequired
Microsoft.OperationalInsights       Registered           RegistrationRequired
microsoft.insights                  Registered           RegistrationRequired
Microsoft.MachineLearningServices   Registered           RegistrationRequired
Microsoft.Storage                   Registered           RegistrationRequired
Microsoft.ManagedIdentity           Registered           RegistrationRequired
Microsoft.ContainerInstance         Registered           RegistrationRequired
Microsoft.Search                    Registered           RegistrationRequired
Microsoft.ServiceBus                Registered           RegistrationRequired
Microsoft.EventGrid                 Registered           RegistrationRequired
Microsoft.SecurityInsights          Registered           RegistrationRequired
Microsoft.Cache                     Registered           RegistrationRequired
Microsoft.ApiManagement             Registered           RegistrationRequired
Microsoft.SignalRService            Registered           RegistrationRequired
Microsoft.AppConfiguration          Registered           RegistrationRequired
Microsoft.MixedReality              Registered           RegistrationRequired
Microsoft.ManagedServices           Registered           RegistrationRequired
Microsoft.DataMigration             Registered           RegistrationRequired
Microsoft.DataFactory               Registered           RegistrationRequired
Microsoft.DataLakeAnalytics         Registered           RegistrationRequired
Microsoft.Maps                      Registered           RegistrationRequired
Microsoft.DataProtection            Registered           RegistrationRequired
Microsoft.Devices                   Registered           RegistrationRequired
Microsoft.Blueprint                 Registered           RegistrationRequired
Microsoft.OperationsManagement      Registered           RegistrationRequired
Microsoft.Databricks                Registered           RegistrationRequired
Microsoft.NotificationHubs          Registered           RegistrationRequired
Microsoft.AVS                       Registered           RegistrationRequired
Microsoft.Cdn                       Registered           RegistrationRequired
Microsoft.Maintenance               Registered           RegistrationRequired
Microsoft.ContainerService          Registered           RegistrationRequired
Microsoft.AppPlatform               Registered           RegistrationRequired
Microsoft.HDInsight                 Registered           RegistrationRequired
Microsoft.EventHub                  Registered           RegistrationRequired
Microsoft.Kusto                     Registered           RegistrationRequired
Microsoft.Sql                       Registered           RegistrationRequired
Microsoft.Notebooks                 Registered           RegistrationRequired
Microsoft.ContainerRegistry         Registered           RegistrationRequired
Microsoft.AlertsManagement          Registered           RegistrationRequired
Microsoft.Web                       Registered           RegistrationRequired
Microsoft.Logic                     Registered           RegistrationRequired
Microsoft.DocumentDB                Registered           RegistrationRequired
Microsoft.CustomProviders           Registered           RegistrationRequired
Microsoft.DBforMariaDB              Registered           RegistrationRequired
Microsoft.PowerBIDedicated          Registered           RegistrationRequired
Microsoft.Automation                Registered           RegistrationRequired
Microsoft.ServiceFabric             Registered           RegistrationRequired
Microsoft.RecoveryServices          Registered           RegistrationRequired
Microsoft.Relay                     Registered           RegistrationRequired
Microsoft.DataLakeStore             Registered           RegistrationRequired
Microsoft.HealthcareApis            Registered           RegistrationRequired
Microsoft.DesktopVirtualization     Registered           RegistrationRequired
Microsoft.Media                     Registered           RegistrationRequired
Microsoft.Management                Registered           RegistrationRequired
Microsoft.StreamAnalytics           Registered           RegistrationRequired
Microsoft.Advisor                   Registered           RegistrationRequired
Microsoft.ChangeAnalysis            Registered           RegistrationRequired
Microsoft.Network                   Registered           RegistrationRequired
Microsoft.ResourceHealth            Registered           RegistrationRequired
Microsoft.SaaS                      Registered           RegistrationRequired
Microsoft.MarketplaceNotifications  Registered           RegistrationRequired
Microsoft.Compute                   Registered           RegistrationRequired
Microsoft.DBforMySQL                Registered           RegistrationRequired
Microsoft.CloudShell                Registered           RegistrationRequired
Microsoft.CognitiveServices         Registered           RegistrationRequired
Microsoft.Diagnostics               Registered           RegistrationRequired
Microsoft.DevTestLab                Registered           RegistrationRequired
Microsoft.Security                  Registered           RegistrationRequired
Microsoft.Capacity                  Registered           RegistrationRequired
Microsoft.BotService                Registered           RegistrationRequired
Microsoft.DBforPostgreSQL           Registered           RegistrationRequired
Microsoft.Migrate                   Registered           RegistrationRequired
Microsoft.PolicyInsights            Registered           RegistrationRequired
Microsoft.GuestConfiguration        Registered           RegistrationRequired
Microsoft.ADHybridHealthService     Registered           RegistrationFree
Microsoft.Authorization             Registered           RegistrationFree
Microsoft.Billing                   Registered           RegistrationFree
Microsoft.ClassicSubscription       Registered           RegistrationFree
Microsoft.Commerce                  Registered           RegistrationFree
Microsoft.Consumption               Registered           RegistrationFree
Microsoft.CostManagement            Registered           RegistrationFree
Microsoft.Features                  Registered           RegistrationFree
Microsoft.MarketplaceOrdering       Registered           RegistrationFree
Microsoft.Portal                    Registered           RegistrationFree
Microsoft.ResourceGraph             Registered           RegistrationFree
Microsoft.ResourceNotifications     Registered           RegistrationFree
Microsoft.Resources                 Registered           RegistrationFree
Microsoft.SerialConsole             Registered           RegistrationFree
microsoft.support                   Registered           RegistrationFree

As you see alL the providers are registered but I am still facing issue.

[nhwkuhns]

The issue here is that you need to have at least Contributor access on the resource group. I ran into this both yesterday and today with a deployment into Azure Gov and had to give myself contributor on the RG to move forward. It is unknown if a lower access would clear the issue or not.

@bhaskarsarkar23 I suggest giving yourself the above access and running make infrastructure to see if it clears the issue.

[bhaskarsarkar23]

@bjakems I am still getting the same error. The region I am using is eastus

[wilson-swo]

I have the same problem, I solved it temporarily edit infra\main.tf add role "Owner"

locals {
tags = { ProjectName = "Information Assistant", BuildNumber = var.buildNumber }
azure_roles = jsondecode(file("${path.module}/azure_roles.json"))
selected_roles = ["CognitiveServicesOpenAIUser",
"CognitiveServicesUser",
"StorageBlobDataOwner",
"StorageQueueDataContributor",
"Owner",
"SearchIndexDataContributor"]
}