Support azurerm_eventhub_authorization_rule from a single eventhub on azurerm_monitor_diagnostic_setting

[flmmartins]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I am on terraform 1.02 and azurerm 2.87.0

When trying to configure a diagnostic settings the attribute eventhub_authorization_rule_id only supports namespace policies.

When I try to set it with a non-namespace policy id it gives me parsing errors like:

  Error: parsing "/subscriptions/redatec/resourceGroups/redacted/providers/Microsoft.EventHub/namespaces/redacted/eventhubs/redacted/authorizationRules/diagnostic": parsing segment "staticAuthorizationRules": expected the segment "eventhubs" to be "authorizationRules"

Example:

resource "azurerm_monitor_diagnostic_setting" "this" {
  name                         = "example"
  target_resource_id =  "/susbcription.... "
  eventhub_name      = "myeventhub"
  eventhub_authorization_rule_id = azurerm_eventhub_authorization_rule.this.id
 ....

New or Affected Resource(s)

• azurerm_eventhub_authorization_rule
• azurerm_monitor_diagnostic_setting

[riccardo-di-lorenzo]

I believe the issue is here. Instead of using ParseEventhubAuthorizationRuleIDInsensitively it's still using the case sensitive version in here. It seems to be something very similar to https://github.com/hashicorp/terraform-provider-azurerm/pull/14469 and just fixed in the 2.88.1 version of the provider. It must have slipped through...

[bm77525-kr]

@tombuildsstuff I see the simple fix in #15397 got shot down. Is there any workaround for this until it's fixed? We've been unable to upgrade past 2.85.0 since 2.86.0 introduces this error. We've really been struggling with breaking changes from minor provider upgrades for several months now that force replacements of our resources when nothing changes, but this one just completely breaks the plan stage.

[carolguo-dd]

Hi, we also need this function. Any idea when it will be implemented?

[bm77525-kr]

Hi, we also need this function. Any idea when it will be implemented?

I'm pretty sure this got fixed in v2.92 via #14944. As of that version this was no longer an issue. #15397 got rejected for parsing the resource insensitively, but #14944 got accepted for the same thing 🤷‍♂️

[janekc]

Are there any known workarounds? Still affected

[ddynamight]

This issue is still very much alive in version 3.21.1 and its becoming a pain for a lot of us. Can this be fixed anytime soon?

[ddynamight]

So, I found a fix for this in my case.

I switch from eventhub rule to eventhub namespace rule.

eventhub_authorization_rule_id = azurerm_eventhub_namespace_authorization_rule.default.id

This seems to work for me. I will suggest switching to a namespaced rule if you can.

[ervandenbosch]

The issue with using an Event Hub Namespace authorization rule is that users within an organization get access to the Root key as well which we want to prevent as that contains manage rights.

Is there a workaround by now for using the Event Hub authorization rules instead when deploying diagnostic settings in Terraform?