Issue when retrieving key information when using CMK with azurerm_servicebus_namespace

[scott1138]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.2, 1.93

AzureRM Provider Version

3.101.0, 3.113.0

Affected Resource(s)/Data Source(s)

azurerm_servicebus_namespace

Terraform Configuration Files

resource "azurerm_servicebus_namespace" "servicebus_namespace" {
  name                = local.servicebus_namespace_name
  location            = var.location
  resource_group_name = var.resource_group_name

  sku      = "Premium"
  capacity = var.capacity
  premium_messaging_partitions = var.partitions
  
  local_auth_enabled = true #Default

  dynamic "identity" {
    for_each = var.identity
    content {
      type         = lookup(identity.value, "type", null)
      identity_ids = lookup(identity.value, "identity_ids", [])
    }
  }

  dynamic "customer_managed_key" {
    for_each = var.customer_managed_key
    content {
      key_vault_key_id                  = lookup(customer_managed_key.value, "key_vault_key_id", null)
      identity_id                       = lookup(customer_managed_key.value, "identity_id", null)
      infrastructure_encryption_enabled = lookup(customer_managed_key.value, "infrastructure_encryption_enabled", null)
    }
  }

  lifecycle {
    ignore_changes = [customer_managed_key]
  }

  public_network_access_enabled = false

  tags = local.all_tags
}

resource "azurerm_servicebus_topic" "topic" {
  for_each = var.topic

  namespace_id = azurerm_servicebus_namespace.servicebus_namespace.id
  name         = lookup(each.value, "topic_name", null)

  max_size_in_megabytes        = lookup(each.value, "topic_maxmb", 1024)
  default_message_ttl          = lookup(each.value, "topic_default_ttl", "P14D")
  enable_batched_operations    = lookup(each.value, "topic_enable_batched_operations", false)
  support_ordering             = lookup(each.value, "topic_support_ordering", false)
  enable_express               = lookup(each.value, "topic_enable_express", false)
  enable_partitioning          = lookup(each.value, "topic_enable_partitioning", false)
  requires_duplicate_detection = lookup(each.value, "topic_requires_duplicate_detection", false)

  depends_on = [azurerm_servicebus_namespace.servicebus_namespace]
}

resource "azurerm_servicebus_subscription" "subscription" {
  for_each = var.topics_sub

  topic_id = format("%s/topics/%s", azurerm_servicebus_namespace.servicebus_namespace.id, each.value["topic_name"])
  name = lookup(each.value, "sub_name", null)

  max_delivery_count                        = lookup(each.value, "sub_max_delivery_count", 10)
  default_message_ttl                       = lookup(each.value, "sub_default_message_ttl", "P14D")
  lock_duration                             = lookup(each.value, "sub_lock_duration", "PT1M")
  dead_lettering_on_filter_evaluation_error = lookup(each.value, "sub_dead_lettering_on_filter_evaluation_error", true)
  enable_batched_operations                 = lookup(each.value, "sub_enable_batched_operations", false)

  depends_on = [azurerm_servicebus_topic.topic]
}

resource "azurerm_servicebus_topic_authorization_rule" "topicRule" {
  for_each = var.topic_authRule

  name     = lookup(each.value, "auth_name", null)
  topic_id = azurerm_servicebus_topic.topic[each.value["topic_name"]].id
  send     = lookup(each.value, "send", false)
  listen   = lookup(each.value, "listen", false)
  manage   = lookup(each.value, "manage", false)
}

resource "azurerm_servicebus_queue" "queue" {
  for_each = var.queue

  namespace_id = azurerm_servicebus_namespace.servicebus_namespace.id
  name         = lookup(each.value, "queue_name", null)

  max_size_in_megabytes        = lookup(each.value, "queue_maxmb", 1024)
  requires_duplicate_detection = lookup(each.value, "queue_duplicate_detection", false)
  requires_session             = lookup(each.value, "queue_requires_session ", false)
  default_message_ttl          = lookup(each.value, "queue_default_ttl", "P14D")

  enable_partitioning = lookup(each.value, "queue_enable_batched_operations", false)

  depends_on = [azurerm_servicebus_namespace.servicebus_namespace]
}

resource "azurerm_servicebus_queue_authorization_rule" "queueRule" {
  for_each = var.queue_authRule

  name     = lookup(each.value, "auth_name", null)
  queue_id = azurerm_servicebus_queue.queue[each.value["queue_name"]].id
  send     = lookup(each.value, "send", false)
  listen   = lookup(each.value, "listen", false)
  manage   = lookup(each.value, "manage", false)
}

resource "azurerm_private_endpoint" "private_endpoint" {
  name                = "${azurerm_servicebus_namespace.servicebus_namespace.name}-pe"
  resource_group_name = var.resource_group_name
  location            = var.location
  subnet_id           = var.subnet_id

  private_dns_zone_group {
    name                 = "sb-zone"
    private_dns_zone_ids = ["/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"]
  }

  private_service_connection {
    name                           = "${azurerm_servicebus_namespace.servicebus_namespace.name}-connection"
    private_connection_resource_id = azurerm_servicebus_namespace.servicebus_namespace.id
    subresource_names              = ["namespace"]
    is_manual_connection           = false
  }
  depends_on = [azurerm_servicebus_namespace.servicebus_namespace]
  tags       = local.all_tags
}

resource "azurerm_private_endpoint" "dr_private_endpoint" {
  for_each            = local.dr_enabled ? { enabled = true } : {}
  name                = "${azurerm_servicebus_namespace.servicebus_namespace.name}-pe"
  resource_group_name = local.dr_resource_group_name
  location            = local.dr_location
  subnet_id           = var.dr_subnet_id

  private_dns_zone_group {
    name                 = "sb-zone"
    private_dns_zone_ids = ["/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net"]
  }

  private_service_connection {
    name                           = "${azurerm_servicebus_namespace.servicebus_namespace.name}-connection"
    private_connection_resource_id = azurerm_servicebus_namespace.servicebus_namespace.id
    subresource_names              = ["namespace"]
    is_manual_connection           = false
  }
  depends_on = [azurerm_servicebus_namespace.servicebus_namespace]
  tags       = local.all_tags
}

Debug Output/Panic Output

2024-07-30T16:02:08.6956876Z {"id":"/subscriptions/***/resourceGroups/gmf-centralus-dev-orig-fund-internal-shared-rg/providers/Microsoft.ServiceBus/namespaces/gmf-centralus-dev-orig-fund-contract-sbus","name":"gmf-centralus-dev-orig-fund-contract-sbus","type":"Microsoft.ServiceBus/Namespaces","location":"centralus","tags":{"business_service":"Originations Funding and Credit","cost_center":"01080","data_classification":"Internal Use Only","description":"Originations Platform","environment":"dev","iac_module_contact":"[email protected]","iac_module_managed_by":"GMF Cloud Automation","iac_module_name":"terraform-azurerm-enablingtech-azurerm-service-bus","iac_module_version":"2.5.1","iac_repo_name":"orig-opm-infra-tf","maintenance_window":"11pm-6am Central","owner":"Brandon Murry","regulatory_compliance":"FFIEC","resource_type":"Infrastructure","technical_contact":"[email protected]","u_sox_system":"false"},"properties":{"premiumMessagingPartitions":1,"minimumTlsVersion":"1.2","publicNetworkAccess":"Disabled","disableLocalAuth":false,"encryption":{"keySource":"Microsoft.KeyVault","keyVaultProperties":[{"keyName":"gmf-centralus-dev-orig-fund-contract-sbus-key","keyVaultUri":"https://gmf-cus-dev-fund-in-kv.vault.azure.net","identity":{"userAssignedIdentity":"/subscriptions/***/resourcegroups/gmf-centralus-dev-orig-fund-internal-shared-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/gmf-centralus-dev-orig-fund-internal-servicebus-cmk-useridentity"}}],"requireInfrastructureEncryption":true},"privateEndpointConnections":[{"id":"/subscriptions/***/resourceGroups/gmf-centralus-dev-orig-fund-internal-shared-rg/providers/Microsoft.ServiceBus/namespaces/gmf-centralus-dev-orig-fund-contract-sbus/privateEndpointConnections/f8a2295f-f3a2-4d2d-ac34-8a7094c59fbe","name":"f8a2295f-f3a2-4d2d-ac34-8a7094c59fbe","type":"Microsoft.ServiceBus/Namespaces/PrivateEndpointConnections","location":"centralus","properties":{"provisioningState":"Succeeded","privateEndpoint":{"id":"/subscriptions/***/resourceGroups/gmf-centralus-dev-orig-fund-internal-shared-rg/providers/Microsoft.Network/privateEndpoints/gmf-centralus-dev-orig-fund-contract-sbus-pe"},"privateLinkServiceConnectionState":{"status":"Approved","description":"Auto-Approved"},"groupIds":["namespace"]}}],"zoneRedundant":false,"metricId":"***:gmf-centralus-dev-orig-fund-contract-sbus","serviceBusEndpoint":"https://gmf-centralus-dev-orig-fund-contract-sbus.servicebus.windows.net:443/","provisioningState":"Succeeded","status":"Active","createdAt":"2024-01-26T20:26:12.142341Z","updatedAt":"2024-07-03T12:41:52.9207643Z"},"identity":{"type":"UserAssigned","userAssignedIdentities":{"/subscriptions/***/resourcegroups/gmf-centralus-dev-orig-fund-internal-shared-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/gmf-centralus-dev-orig-fund-internal-servicebus-cmk-useridentity":{"clientId":"97ae1749-845c-4bb4-a4aa-5f36d42d00b7","principalId":"8f2d5029-b354-4389-a46c-65ed64f0e0c4"}}},"sku":{"name":"Premium","tier":"Premium","capacity":1}}: timestamp=2024-07-30T11:02:06.427-0500
2024-07-30T16:02:08.6976595Z 2024-07-30T11:02:06.428-0500 [TRACE] provider.terraform-provider-azurerm_v3.113.0_x5: Served request: tf_proto_version=5.4 tf_provider_addr=provider tf_req_id=a3c45be8-b84c-733b-2d9e-873225d1d42c tf_resource_type=azurerm_servicebus_namespace @caller=runtime/panic.go:914 @module=sdk.proto tf_rpc=ReadResource timestamp=2024-07-30T11:02:06.428-0500
2024-07-30T16:02:08.6979418Z 2024-07-30T11:02:06.432-0500 [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: panic: runtime error: invalid memory address or nil pointer dereference
2024-07-30T16:02:08.6981181Z 2024-07-30T11:02:06.432-0500 [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6644151]
2024-07-30T16:02:08.6982666Z 2024-07-30T11:02:06.432-0500 [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5
2024-07-30T16:02:08.6983757Z 2024-07-30T11:02:06.432-0500 [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: goroutine 813 [running]:
2024-07-30T16:02:08.6985663Z 2024-07-30T11:02:06.432-0500 [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5: github.com/hashicorp/terraform-provider-azurerm/internal/services/servicebus.flattenServiceBusNamespaceEncryption(0xc004c30810)
2024-07-30T16:02:08.6988133Z 2024-07-30T11:02:06.432-0500 [DEBUG] provider.terraform-provider-azurerm_v3.113.0_x5:   github.com/hashicorp/terraform-provider-azurerm/internal/services/servicebus/servicebus_namespace_resource.go:564 +0x71

Expected Behaviour

API should have returned the version in the namespace object or the code should be able to handle its absence.

Actual Behaviour

Generated a panic.

Steps to Reproduce

No response

Important Factoids

N/A

References

No response

[scott1138]

the json for the namespace from the trace

{ "id": "/subscriptions/***/resourceGroups/REDACTED/providers/Microsoft.ServiceBus/namespaces/REDACTED", "name": "REDACTED", "type": "Microsoft.ServiceBus/Namespaces", "location": "centralus", "tags": { }, "properties": { "premiumMessagingPartitions": 1, "minimumTlsVersion": "1.2", "publicNetworkAccess": "Disabled", "disableLocalAuth": false, "encryption": { "keySource": "Microsoft.KeyVault", "keyVaultProperties": [ { "keyName": "REDACTED-key", "keyVaultUri": "https://REDACTED.vault.azure.net", "identity": { "userAssignedIdentity": "/subscriptions/***/resourcegroups/REDACTED/providers/Microsoft.ManagedIdentity/userAssignedIdentities/REDACTED-cmk-useridentity" } } ], "requireInfrastructureEncryption": true }, "privateEndpointConnections": [ { "id": "/subscriptions/***/resourceGroups/REDACTED/providers/Microsoft.ServiceBus/namespaces/REDACTED/privateEndpointConnections/REDACTED", "name": "REDACTED", "type": "Microsoft.ServiceBus/Namespaces/PrivateEndpointConnections", "location": "centralus", "properties": { "provisioningState": "Succeeded", "privateEndpoint": { "id": "/subscriptions/***/resourceGroups/REDACTED/providers/Microsoft.Network/privateEndpoints/REDACTED-pe" }, "privateLinkServiceConnectionState": { "status": "Approved", "description": "Auto-Approved" }, "groupIds": [ "namespace" ] } } ], "zoneRedundant": false, "metricId": "***:REDACTED", "serviceBusEndpoint": "https://REDACTED.servicebus.windows.net:443/", "provisioningState": "Succeeded", "status": "Active", "createdAt": "2024-01-26T20:26:12.142341Z", "updatedAt": "2024-07-03T12:41:52.9207643Z" }, "identity": { "type": "UserAssigned", "userAssignedIdentities": { "/subscriptions/***/resourcegroups/REDACTED/providers/Microsoft.ManagedIdentity/userAssignedIdentities/REDACTED-cmk-useridentity": { "clientId": "97ae1749-845c-4bb4-a4aa-5f36d42d00b7", "principalId": "8f2d5029-b354-4389-a46c-65ed64f0e0c4" } } }, "sku": { "name": "Premium", "tier": "Premium", "capacity": 1 } }

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.