Support for CMK on Geo-backup enabled servers on Flexible Server for PostgreSQL

[korsveien]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Creating a Flexible Server for PostgreSQL where both CMK and Geo-redundant backup is enabled will result in the following error:

Code="CMKNotSupportedForGeoRedundantBackupEnabledServer" Message="Customer Managed Key encryption is not supported for Geo redundant backup enabled server."

If this is to be supported there needs to be a way to define a secondary key id and identity that is used to encrypt the Geo-redundant backup in the paired region.

New or Affected Resource(s)/Data Source(s)

azurerm_postgresql_flexible_server

Potential Terraform Configuration

resource "azurerm_postgresql_flexible_server" "postgres_server" {

...

customer_managed_key {

    // primary
    primary_key_vault_key_id          = azurerm_key_vault_key.primary.id
    primary_user_assigned_identity_id = azurerm_user_assigned_identity.primary.id

    // secondary (this or some version of this needs to be added)
    secondary_key_vault_key_id          = azurerm_key_vault_key.secondary.id
    secondary_user_assigned_identity_id = azurerm_user_assigned_identity.secondary.id
 }

 geo_redundant_backup_enabled = true

...

}

References

Similar issue for mysql: #20408

[neil-yechenwei]

Thanks for raising this issue. Service team confirmed this feature hasn't been supported by Azure Rest API. But it will be released to next API version. After that, we could take another look.

BTW, I filed an issue on azure rest api spec for tracking.

[martinshkrelijerry]

@neil-yechenwei what about the MySQL issue #20408? Will this also be dealt with next API version?

[Danielchui]

@neil-yechenwei any update on this issues? Any timeline for the fix? Thanks.

[patverderrie]

Any update on this open issue would be appreciated!

[baohuynh09-lxp]

any update on this ? we really need this API to migrate from single server -> flexible server with Terraform.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.