Hi,
user used for provisioning has access to both subscriptions and we tested it also with contributor and even owner role on both subscriptions, results is the same.
Regards to resource, we are using: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_hub_connection, and azure provider config:
provider "azurerm" {
features {}
auxiliary_tenant_ids = ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"] # <= tennat_id 2 where vNet to be connected to the vHub is deployed
tenant_id => where vHub is deloyed
subscription_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
tenant_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
client_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
client_secret = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
}
Regards to azapi provider, seems there is not support for auxiliary_tenant_ids, but we can configure more options:
type = "Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2022-01-01"
name = format("vnet-con-%s", lookup(each.value, "vnet_name", null))
parent_id = var.virtual_wan_hub_id
body = jsonencode({
properties = {
allowHubToRemoteVnetTransit = true
allowRemoteVnetToUseHubVnetGateways = true
enableInternetSecurity = false
remoteVirtualNetwork = {
id = data.azurerm_virtual_network.this[each.key].id
}
routingConfiguration = {
associatedRouteTable = {
id = "string"
}
propagatedRouteTables = {
ids = [
{
id = "string"
}
]
labels = [
"string"
]
}
vnetRoutes = {
staticRoutes = [
{
addressPrefixes = [
"string"
]
name = "string"
nextHopIpAddress = "string"
}
]
}
}
}
})
}