Authentication for azurerm module with environment usgovernment uses incorrect AAD endpoint

[gsacavdm]

Terraform Version

10.8.0

Expected Behavior

terraform init should complete successfully when being initialized with environment=usgovernment

Actual Behavior

terraform init fails with the following message:

Error configuring the backend "azurerm": Error retrieving keys for storage account "XX": azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.usgovcloudapi.net/subscriptions/XX/resourceGroups/XX/providers/Microsoft.Storage/storageAccounts/XX/listKeys?api-version=2016-12-01: StatusCode=0 -- Original Error: adal: Refresh request failed. Status Code = '400'

Steps to Reproduce

Will add shortly.

Additional Context

This is due to an update in the Azure AD auth endpoint for Azure US Government. See announcement. go-autorest made the appropriate update in v9.7.0 however terraform is still using an older version of go-autorest, thus the solution to this issue is to update go-autorest.

Also, according the go-autorest's changelog notes on v9.0.0:

IMPORTANT: This release was initially labeled incorrectly as v8.4.0. From the time it was released, it should have been marked v9.0.0 because it contains breaking changes to the MSI packages. We apologize for any inconvenience this causes.

Since upgrading from v8.3.0 to v.8.4.0 isn't a major update and based on the note above, upgrading from v8.4.0/v9.0.0 to v9.7.0 isn't upgrading across major releases either, this should be a low risk upgrade. Also, no breaking changes are indicated in the release that occurred between these versions.

References

Will add shortly.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.