Error when creating Diagnostic Settings with retention rules

[migldasilva]

Describe the bug
It seems that retention rules for Diagnostic Settings changed from Azure side. It triggers an error when Diagnostic Settings for different resources are created.

Diagnostic Settings with retention can be created using Azure Portal, but the Terraform code is failing.

Here goes an example when creating a Base workspace.

On this links it's mentioned that Diagnostic Settings Storage Retention feature is being deprecated.

Steps to reproduce

1. Create a Workspace
2. Review log messages in Resource Processor

Log messages

Error: creating Monitor Diagnostics Setting "diag-kv-myenv-ws-b99e" for Res
ource "/subscriptions/11111111-2222-3333-4444-abcdefghijkl/resourceGroups/rg-myenv-ws-b99e/providers/Microsoft.KeyVault/vaults/kv-myenv-ws-b99e": d
iagnosticsettings.DiagnosticSettingsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service retur
ned an error. Status=400 Code="BadRequest" Message="Diagnostic settings does not support retention for new diagnostic settings." │  │   with azurerm_moni
tor_diagnostic_setting.kv, │   on keyvault.tf line 46, in resource "azurerm_monitor_diagnostic_setting" "kv": │   46: resource "azurerm_monitor_diagnosti
c_setting" "kv"

The offending code is here.

[stefpiatek]

also just hit into this today, removing the retention period lines fixes it

[migldasilva]

I tried editing the following line, just to give a try to a possible workaround that wouldn't disable completely log retention.

for_each = ["AuditEvent", "AzurePolicyEvaluationDetails"]

All the tries failed. So far, the @stefpiatek 's suggestion is a good option.

[marrobi]

We've merged a fix into main as part of #3682 .