Unable to create azurerm_servicebus_namespace_disaster_recovery_config

lukerogers commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.5.1

AzureRM Provider Version

3.62.1

Affected Resource(s)/Data Source(s)

azurerm_servicebus_namespace_disaster_recovery_config

Terraform Configuration Files

resource "azurerm_resource_group" "example" {
  name     = "servicebus-replication"
  location = "West Europe"
}

resource "azurerm_servicebus_namespace" "primary" {
  name                = "servicebus-primary"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "Premium"
  capacity            = "1"
}

resource "azurerm_servicebus_namespace" "secondary" {
  name                = "servicebus-secondary"
  location            = "North Europe"
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "Premium"
  capacity            = "1"
}

resource "azurerm_servicebus_namespace_authorization_rule" "example" {
  name         = "examplerule"
  namespace_id = azurerm_servicebus_namespace.primary.id

  listen = true
  send   = true
  manage = false
}

resource "azurerm_servicebus_namespace_disaster_recovery_config" "example" {
  name                        = "servicebus-alias-name"
  primary_namespace_id        = azurerm_servicebus_namespace.primary.id
  partner_namespace_id        = azurerm_servicebus_namespace.secondary.id
  alias_authorization_rule_id = azurerm_servicebus_namespace_authorization_rule.example.id
}

Debug Output/Panic Output

Error: parsing primary namespace auth rule id error: parsing "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/servicebus-replication/providers/Microsoft.ServiceBus/namespaces/servicebus-primary/authorizationRules/examplerule": parsing the DisasterRecoveryConfigAuthorizationRule ID: the number of segments didn't match

Expected a DisasterRecoveryConfigAuthorizationRule ID that matched (containing 12 segments):

> /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.ServiceBus/namespaces/namespaceValue/disasterRecoveryConfigs/disasterRecoveryConfigValue/authorizationRules/authorizationRuleValue

However this value was provided (which was parsed into 0 segments):

> /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/servicebus-replication/providers/Microsoft.ServiceBus/namespaces/servicebus-primary/authorizationRules/examplerule

The following Segments are expected:

* Segment 0 - this should be the literal value "subscriptions"
* Segment 1 - this should be the UUID of the Azure Subscription
* Segment 2 - this should be the literal value "resourceGroups"
* Segment 3 - this should be the name of the Resource Group
* Segment 4 - this should be the literal value "providers"
* Segment 5 - this should be the name of the Resource Provider [for example 'Microsoft.ServiceBus']
* Segment 6 - this should be the literal value "namespaces"
* Segment 7 - this should be the user specified value for this namespace [for example "namespaceValue"]
* Segment 8 - this should be the literal value "disasterRecoveryConfigs"
* Segment 9 - this should be the user specified value for this disasterRecoveryConfig [for example "disasterRecoveryConfigValue"]
* Segment 10 - this should be the literal value "authorizationRules"
* Segment 11 - this should be the user specified value for this authorizationRule [for example "authorizationRuleValue"]

The following Segments were parsed:

* Segment 0 - not found
* Segment 1 - not found
* Segment 2 - not found
* Segment 3 - not found
* Segment 4 - not found
* Segment 5 - not found
* Segment 6 - not found
* Segment 7 - not found
* Segment 8 - not found
* Segment 9 - not found
* Segment 10 - not found
* Segment 11 - not found

  with azurerm_servicebus_namespace_disaster_recovery_config.example,
  on servicebus.tf line 31, in resource "azurerm_servicebus_namespace_disaster_recovery_config" "example":
  31: resource "azurerm_servicebus_namespace_disaster_recovery_config" "example" {

Expected Behaviour

The disaster recovery is configured and logged as successful

Actual Behaviour

The disaster recovery is setup as requested, but TF reports an error because it can't load the ID correctly.

I used the example from the documentation, but had to correct two errors:

The secondary service bus namespace has to be in a different region than the primary
The authorization rule references azurerm_servicebus_namespace.example.id when setting the namespace_id, but it should be referencing the primary namespace (azurerm_servicebus_namespace.primary.id)

Assuming I did things correctly, the documentation should be updated as well.

Steps to Reproduce

terraform apply

Important Factoids

No response

References

No response

rcskosir commented 1 year ago

@lukerogers Thank you for opening this issue. I was able to reproduce the issue and error messaging that you posted above. I also saw the 2 issues with the documentation that you mentioned. I think the issue is related to the mismatch in the url/endpoint and will look through the go code to see if there were any changes that may have caused this:

Expected a DisasterRecoveryConfigAuthorizationRule ID that matched (containing 12 segments):

> /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/example-resource-group/providers/Microsoft.ServiceBus/namespaces/namespaceValue/disasterRecoveryConfigs/disasterRecoveryConfigValue/authorizationRules/authorizationRuleValue

However this value was provided (which was parsed into 0 segments):

> /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/servicebus-replication/providers/Microsoft.ServiceBus/namespaces/servicebus-primary/authorizationRules/examplerule

rcskosir commented 1 year ago

@lukerogers I haven't found the cause of the error yet, but I found that the same terraform configuration works on 3.58 but starts breaking on 3.59 and forward. So if this is something you need, you could pin to 3.58 until there is a fix.

PhaneendraBandaru commented 1 year ago

I am using 3.66 and getting the same error as DisasterRecoveryConfigAuthorizationRule ID: the number of segments didn't match Expected a DisasterRecoveryConfigAuthorizationRule ID that matched (containing 12 segments) as I see auth rule has only 9 segments.

ShortMVitesse commented 8 months ago

I also have this issue, with the same code as OP.

I am using

Terraform v1.6.6
on darwin_arm64
+ provider registry.terraform.io/hashicorp/azurerm v3.88.0

@rcskosir is this officially accepted as a bug?

winding back the provider version isnt an option for me.

simond-b2 commented 6 months ago

We are also hitting this issue on v3.97.1. Is regressing back to 3.58 the only option at the moment?

bryansan-msft commented 6 months ago

Is there any news regarding this @rcskosir? I'm facing the same issue as well

simond-b2 commented 6 months ago

@rcskosir There is a simple work-around if you can do without a custom authorization_rule. From the documented examples drop the azurerm_servicebus_namespace_authorization_rule resource and the alias_authorization_rule_id attribute from the azurerm_servicebus_namespace_disaster_recovery_config resource and the provider will happily create the geo recovery configuration.

The error logs are explicit in where the problem lies; the documentation tells us to create a azurerm_servicebus_namespace_authorization_rule resource which translates to a resource with 10 segments :

/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ServiceBus/namespaces/{namespaceName}/authorizationRules/{ruleName}

and the azurerm_servicebus_namespace_disaster_recovery_config resource expects a rule with 12 segments:

/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ServiceBus/namespaces/{namespaceName}/disasterRecoveryConfigs/{disaterRecoveryConfigName}/authorizationRules/{ruleName}

Seems to me you're missing a resource that would create a disaster recovery config authorization rule, e.g. "azurerm_servicebus_namespace_disasterrecovery_authorization_rule" or something like that

Looking through the source code for your provider I can't find a 'resource' that uses disasterrecoveryconfigs.NewDisasterRecoveryConfigID from the Azure SDK that would generate a compatible rule for the 'azurerm_servicebus_namespace_disaster_recovery_config' resource.

subria11 commented 3 months ago

version 3.111.0 - issue still reproduced

njglenuk commented 2 months ago

Confirmed this is still an issue in version 3.113

Even if you hardcode the parameter alias_authorization_rule_id ID for the azurerm_servicebus_namespace_authorization_rule in the resource: azurerm_servicebus_namespace_disaster_recovery_config it will complain that there are not enough segements, eg:

resource "azurerm_servicebus_namespace_disaster_recovery_config" "geo_dr" { name = "abc-sbn-0001" primary_namespace_id = data.azurerm_servicebus_namespace.azsbnabcp0001.id partner_namespace_id = module.servicebus_namespace.servicebus_namespace_id alias_authorization_rule_id = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/AZRGPABCP0001/providers/Microsoft.ServiceBus/namespaces/azsbnabcp0001/disasterRecoveryConfigs/disasterRecoveryConfigValue/authorizationRules/abc-asb-auth-rule1" }

hashicorp / terraform-provider-azurerm