Unable to update premium Redis configuration when geo-replicated

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.8.5

AzureRM Provider Version

3.107.0

Affected Resource(s)/Data Source(s)

azurerm_redis_cache

Terraform Configuration Files

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.0"
    }
  }
}

variable "keyspace_events" {
    type = string
    default = ""
}

provider "azurerm" {
  features {}
}

resource "random_pet" "this" {
    length = 2
}

resource "azurerm_resource_group" "this" {
    name = random_pet.this.id
    location = "East US 2"
}

resource "azurerm_redis_cache" "this" {
    name = random_pet.this.id
    location = azurerm_resource_group.this.location
    resource_group_name = azurerm_resource_group.this.name

    sku_name = "Premium"
    family = "P"
    capacity = 1
    enable_non_ssl_port = false
    minimum_tls_version = "1.2"
    redis_version = "6"

    redis_configuration {
      enable_authentication = true
      active_directory_authentication_enabled = true
      notify_keyspace_events = var.keyspace_events
    }
}

resource "azurerm_redis_cache" "secondary" {
    name = "${random_pet.this.id}-secondary"
    location = "Central US"
    resource_group_name = azurerm_resource_group.this.name

    sku_name = "Premium"
    family = "P"
    capacity = 1
    enable_non_ssl_port = false
    minimum_tls_version = "1.2"
    redis_version = "6"

    redis_configuration {
      enable_authentication = true
      active_directory_authentication_enabled = true
      notify_keyspace_events = var.keyspace_events
    }
}

resource "azurerm_redis_linked_server" "this" {
    target_redis_cache_name = azurerm_redis_cache.this.name
    resource_group_name = azurerm_redis_cache.this.resource_group_name
    linked_redis_cache_id = azurerm_redis_cache.secondary.id
    linked_redis_cache_location = azurerm_redis_cache.secondary.location
    server_role = "Secondary"
}

Debug Output/Panic Output

N/A

Expected Behaviour

Updates to the Redis configuration that are permitted should successfully apply. The same changes can occur in the Azure portal with no issue. The example shared is using notify_keyspace_events as the configuration to change, but in my light testing this also occurred when attempting to disable Entra/AD auth.

Actual Behaviour

A bad request HTTP status code is returned stating that properties.redisConfiguration.rdb,properties.redisConfiguration.aof cannot be modified.

│ Error: updating Redi (Subscription: redacted"
│ Resource Group Name: "redacted"
│ Redis Name: "redacted"): unexpected status 400 (400 Bad Request) with error: BadRequest: The requested update to the resource is not permitted. The following properties(s) cannot be modified: 'properties.redisConfiguration.rdb,properties.redisConfiguration.aof'.
│ RequestID=44320386e-b7fe-4b89-9a66-7927d7597869

When looking at the Azure activity logs for an update to notify_keyspace_events on a single Redis cache instance, I see that when Terraform is doing an update, it also updates the values of properties.redisConfiguration.aof-backup-enabled and properties.redisConfiguration.rdb-backup-enabled.

Steps to Reproduce

Apply the Terraform configuration with an empty value for the input keyspace_events
Reapply the Terraform configuration with any valid Redis keyspace notifications configuration set for the input keyspace_events; e.g. A
Terraform should fail apply with a 400 status code

Important Factoids

No response

References

No response

hashicorp / terraform-provider-azurerm