Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for "preferred_data_persistence_auth_method" in Azure Redis Cache Configuration #24317

Closed
1 task done
YokojimaSkewers opened this issue Dec 22, 2023 · 6 comments · Fixed by #24370
Closed
1 task done

Support for "preferred_data_persistence_auth_method" in Azure Redis Cache Configuration #24317

YokojimaSkewers opened this issue Dec 22, 2023 · 6 comments · Fixed by #24370
Labels
enhancement service/redis
Milestone
v3.93.0

Comments

@YokojimaSkewers
Copy link

YokojimaSkewers commented Dec 22, 2023
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Hello Terraform Provider Team,

I am currently utilizing the Terraform AzureRM provider to manage Azure Redis Cache resources. I've come across a limitation that I believe could benefit from enhancement. Specifically, I am looking to set the preferred-data-persistence-auth-method to managedIdentity for a more streamlined and secure management of my Redis Cache instances.
(Microsoft document)

Issue Description:

The current Terraform AzureRM provider does not seem to support configuring the preferred-data-persistence-auth-method for Azure Redis Cache. This setting is crucial for scenarios where enhanced security and automated identity management are required, especially in production environments.

Suggested Feature:

I propose the addition of support for the preferred_data_persistence_auth_method attribute within the azurerm_redis_cache resource. Ideally, this would allow users to specify the persistence method directly in the Terraform configuration, enhancing the capabilities and security compliance of Terraform-managed Redis instances.

Use Case:

In my use case, setting the preferred-data-persistence-auth-method to managedIdentity is critical for maintaining compliance and automating identity management. Without this feature, manual intervention or additional scripting is required, reducing the effectiveness and benefits of infrastructure as code.

New or Affected Resource(s)/Data Source(s)

azurerm_redis_cache

Potential Terraform Configuration

No response

References

No response
@YokojimaSkewers YokojimaSkewers changed the title Support for "preferred-data-persistence-auth-method" in Azure Redis Cache Configuration Support for "preferred_data_persistence_auth_method" in Azure Redis Cache Configuration Dec 22, 2023
@rcskosir
Copy link
Contributor

Thank you for taking the time to open this feature request!

harshavmb added a commit to AmadeusITGroup/terraform-provider-azurerm that referenced this issue Jan 2, 2024
@harshavmb
hashicorp#24317: Support preferred_data_persistence_auth_method for a…
b47569d 
…zurerm_redis_cache resource
@harshavmb harshavmb mentioned this issue Jan 2, 2024
Merged
harshavmb added a commit to AmadeusITGroup/terraform-provider-azurerm that referenced this issue Jan 10, 2024
@harshavmb
hashicorp#24317: Changes as per review comments
8318985
@MichalSino
Copy link

Do we know when this will come to provider?

harshavmb added a commit to AmadeusITGroup/terraform-provider-azurerm that referenced this issue Feb 12, 2024
@harshavmb
hashicorp#24317: Fix tests
703ad3a
harshavmb added a commit to AmadeusITGroup/terraform-provider-azurerm that referenced this issue Feb 14, 2024
@harshavmb
hashicorp#24317: renaming preferred_data_persistence_auth_method to d…
7c9ab21 
…ata_persistence_authentication_method as per review
harshavmb added a commit to AmadeusITGroup/terraform-provider-azurerm that referenced this issue Feb 16, 2024
@harshavmb
hashicorp#24317: Fix azurerm_redis_cache data source
30fcd62
catriona-m pushed a commit that referenced this issue Feb 16, 2024
@harshavmb
#24317: Support preferred_data_persistence_auth_method for azurerm_re…
2d58bd3 
…dis_cache resource (#24370)

* #24317: Support preferred_data_persistence_auth_method for azurerm_redis_cache resource

* #24317: Changes as per review comments

* #24317: Fix tests

* #24317: renaming preferred_data_persistence_auth_method to data_persistence_authentication_method as per review

* #24317: Fix azurerm_redis_cache data source
@github-actions github-actions bot added this to the v3.93.0 milestone Feb 16, 2024
@MichalSino
Copy link

@catriona-m When we are enabling MI for connection to SA in Portal , in ARM tamplate the parameter "rdb-sttorage-connection-string" contains only storage account endpoint address instead of whole connection string. Will it also be modified in new version? now I got message "unexpected status 400 with error: InvalidRequestBody: The value of the parameter 'properties.redisConfiguration.rdb-storage-connection-string' is invalid."

rizkybiz pushed a commit to rizkybiz/terraform-provider-azurerm that referenced this issue Feb 21, 2024
@harshavmb @rizkybiz
hashicorp#24317: Support preferred_data_persistence_auth_method for a…
b30bcd5 
…zurerm_redis_cache resource (hashicorp#24370)

* hashicorp#24317: Support preferred_data_persistence_auth_method for azurerm_redis_cache resource

* hashicorp#24317: Changes as per review comments

* hashicorp#24317: Fix tests

* hashicorp#24317: renaming preferred_data_persistence_auth_method to data_persistence_authentication_method as per review

* hashicorp#24317: Fix azurerm_redis_cache data source
rizkybiz pushed a commit to rizkybiz/terraform-provider-azurerm that referenced this issue Feb 29, 2024
@harshavmb @rizkybiz
hashicorp#24317: Support preferred_data_persistence_auth_method for a…
f8dc878 
…zurerm_redis_cache resource (hashicorp#24370)

* hashicorp#24317: Support preferred_data_persistence_auth_method for azurerm_redis_cache resource

* hashicorp#24317: Changes as per review comments

* hashicorp#24317: Fix tests

* hashicorp#24317: renaming preferred_data_persistence_auth_method to data_persistence_authentication_method as per review

* hashicorp#24317: Fix azurerm_redis_cache data source
@Xaxetrov
Copy link

Xaxetrov commented Mar 6, 2024
edited
Loading

To users having the error "unexpected status 400 with error: InvalidRequestBody: The value of the parameter 'properties.redisConfiguration.rdb-storage-connection-string' is invalid." (@MichalSino, maybe this will help):

Warning

As the documentation was suggesting, my team had an ignore_changes block on rdb_storage_connection_string.

Because of azurerm_redis_cache update on v3.93 (support for data_persistence_authentication_method), some minor changes on our resources had to be made but could not. Maybe because of a bug, maybe because the connection string actually changed (I checked and am pretty sure it did not).

By removing rdb_storage_connection_string from ignore_changes, I could apply the pipeline successfully. Then I had to restore the ignore_changes block to avoid the documented problem.

Hope this helps and if this is a problem for a lot of users it could be great to amend the patch note or communicate in some way about that. See also (unrelated issue but person having the same problem)

Have a good day.

@MichalSino
Copy link

No, we don't need to do that. We can put blob endpoi t instead of connection string and it works. Tested on azurerm 3.94.

@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement service/redis
Projects
None yet
Milestone
v3.93.0
4 participants
@Xaxetrov @MichalSino @YokojimaSkewers @rcskosir