[AVM Module Issue]: Disaster recovery cannot be created due to a provider issue

[bryansan-msft]

Check for previous/existing GitHub issues

• [X] I have checked for previous/existing GitHub issues

Issue Type?

Bug

(Optional) Module Version

No version is affected by this as it is a feature we would like to add.

(Optional) Correlation Id

No response

Description

There is currently a bug in the terraform azure provider which provokes an error when creating a disaster recovery configuration for a premium service bus.

It correctly creates the link between multi region service bus but for some reason makes the terraform apply fails

See related issue: https://github.com/hashicorp/terraform-provider-azurerm/issues/22287

Desired code to use: variable:

variable "disaster_recovery_config" {
  type = object({
    dns_alias_name              = string
    partner_namespace_id        = string
    alias_authorization_rule_id = optional(string, null)
  })
  default = null
  description = <<DESCRIPTION
    Defaults to `null`. Ignored for Basic and Standard. Controls if two service bus namespaces should be configured in a disaster recovery way. The following properties can be specified:

    object({
      dns_alias_name              = (Required) - Specifies the name of the Disaster Recovery Config. This is the alias DNS name that will be created. Changing this forces a new resource to be created.
      partner_namespace_id        = (Required) - Second service bus namespace id to pair with this namespace. This will be treated as a secondary replica
      alias_authorization_rule_id = (Optional) - Defaults to `null`. The Shared access policies used to access the connection string for the alias.
    })

    > Note: Primary and secondary namespace cannot be in the same region and both should have either private endpoints or none. 
      If primary namespace has configured a customer managed key the identity of the secondary namespace must be able to access the key

    Example Inputs:
    disaster_recovery_config = {
      dns_alias_name              = "global-alias-name"
      partner_namespace_id        = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ServiceBus/namespaces/{serviceBusNamespaceName}"
      alias_authorization_rule_id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ServiceBus/namespaces/{serviceBusNamespaceName}/authorizationrules/{authorizationRuleName}"
    }
  DESCRIPTION
}

resource:

resource "azurerm_servicebus_namespace_disaster_recovery_config" "this" {
  count = var.sku == "Premium" && var.disaster_recovery_config != null ? 1 : 0

  primary_namespace_id        = azurerm_servicebus_namespace.this.id
  name                        = var.disaster_recovery_config.dns_alias_name
  partner_namespace_id        = var.disaster_recovery_config.partner_namespace_id
  alias_authorization_rule_id = var.disaster_recovery_config.alias_authorization_rule_id
}

[microsoft-github-policy-service[bot]]

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!NOTE] This label was added as per ITA06.

[microsoft-github-policy-service[bot]]

[!NOTE] The "Type: Bug :bug:" label was added as per ITA21.

[microsoft-github-policy-service[bot]]

[!WARNING] Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

[!TIP]

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage :mag:" label must be removed as part of the triage process (when the issue is first responded to)!

[!NOTE] This message was posted as per ITA01TF.