azurerm_app_service_hybrid_connection: doesn't generate correct service bus connection string for Hybrid Connection Manager to connect hybrid connections

[cacizi41]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

= 0.13

Affected Resource(s)

• azurerm_app_service_hybrid_connection

Terraform Configuration Files

Exactly followed the template of azurerm_app_service_hybrid_connection

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

Panic Output

Expected Behavior

Hybrid Connection generated thru terraform should be able to be recognized in Hybrid Connection Manager

Actual Behavior

Hybrid Connections generated thru terraform can't figure out the endpoints while the they are there in the azure portal. The manualhc was created with same properties manually and was able to resolve the endpoint.

By comparing connection strings from those, I found out that "EntityPath"(which is the name of hc) section is missing from the service bus connection string from the terraform generated hc.

Manual connection string: Endpoint=sb://blah.servicebus.windows.net/;SharedAccessKeyName=defaultListener;SharedAccessKey=blah;EntityPath=manualhc Terraform connection string: Endpoint=sb://blah.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=blah;

Steps to Reproduce

1. Generate azurerm_app_service_hybrid_connection following the template
2. Try to ddd above generated hc in HCM
3. HC added, but endpoint not configured

Important Factoids

References

• 0000

[cacizi41]

Update: If trying to add hc thru azure subscription login on HCM , it turns out that endpoint needs to be populated in user_metadata filed to resolve the "no endpoint configured" error . I would hope for a more clear documentation on that filed. If trying to add hc manually on HCM, the connection string of terraform generated hc is still missing the entitypath part which makes the connection string incomplete with only relay level info. Not sure where the responsibility lays in this case.

[espenekvang]

I can confirm this both when using azurerm_app_service_hybrid_connection and also if you try to describe the app service hybrid connection using ARM combined with azurerm_resource_group_template_deployment results in a connectionstring that is missing EntityPath from the connectionstring. I am not able to add it manually in the Hybrid Connection Manager even though I have set the user_metadata on the hybrid connection on the relay.

[neildonkin]

I can confirm this both when using azurerm_app_service_hybrid_connection and also if you try to describe the app service hybrid connection using ARM combined with azurerm_resource_group_template_deployment results in a connectionstring that is missing EntityPath from the connectionstring. I am not able to add it manually in the Hybrid Connection Manager even though I have set the user_metadata on the hybrid connection on the relay.

I have the exact same issue

[rennu]

Can confirm being still broken in provider version 2.70.0.

[tomaustin700]

This is still broken in provider 3.46.0, how can we get some movement on this issue?

[tomaustin700]

I've managed to get this working, here is some example TF code

resource "azurerm_resource_group" "example" {
  name     = "ta-hc-test"
  location = "West Europe"
}

resource "azurerm_service_plan" "example" {
  name                = "example-plan-tatest"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  os_type             = "Linux"
  sku_name            = "B2"
}

resource "azurerm_relay_namespace" "example" {
  name                = "example-relay-tatest"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku_name            = "Standard"
}

resource "azurerm_relay_namespace_authorization_rule" "example" {
  name                = "RootManageSharedAccessKey"
  resource_group_name = azurerm_resource_group.example.name
  namespace_name      = azurerm_relay_namespace.example.name

  listen = true
  send   = true
  manage = true
}

resource "azurerm_relay_hybrid_connection" "example" {
  name                          = "examplerhc1-tatest"
  resource_group_name           = azurerm_resource_group.example.name
  relay_namespace_name          = azurerm_relay_namespace.example.name
  requires_client_authorization = true
  user_metadata                 = "[{\"key\":\"endpoint\",\"value\":\"sqlserver:1433\"}]"
}

resource "azurerm_windows_web_app" "example" {
  name                = "example-web-app-tatest"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  service_plan_id     = azurerm_service_plan.example.id

  site_config {}
}

resource "azurerm_web_app_hybrid_connection" "example" {
  web_app_id = azurerm_windows_web_app.example.id
  relay_id   = azurerm_relay_hybrid_connection.example.id
  hostname   = "sqlserver"
  port       = 1433
}

resource "azurerm_relay_hybrid_connection_authorization_rule" "example-listen" {
  name                   = "defaultListener"
  resource_group_name    = azurerm_resource_group.example.name
  hybrid_connection_name = azurerm_relay_hybrid_connection.example.name
  namespace_name         = azurerm_relay_namespace.example.name

  listen = true
  send   = false
  manage = false
}

resource "azurerm_relay_hybrid_connection_authorization_rule" "example-send" {
  name                   = "defaultSender"
  resource_group_name    = azurerm_resource_group.example.name
  hybrid_connection_name = azurerm_relay_hybrid_connection.example.name
  namespace_name         = azurerm_relay_namespace.example.name

  listen = false
  send   = true
  manage = false
}