Add each available diagnostics category, but enable only those we want

This is a workaround for a know issue: hashicorp/terraform-provider-azurerm#7235
InsulaVentus · Mar 18, 2021 · 39f2130 · 39f2130
1 parent 59dc045
commit 39f2130
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/main.tf b/main.tf
@@ -79,7 +79,11 @@ resource "azurerm_key_vault_access_policy" "main" {
   storage_permissions     = var.access_policies[count.index].storage_permissions
 }
 
-resource "azurerm_monitor_diagnostic_setting" "keyvault" {
+data "azurerm_monitor_diagnostic_categories" "default" {
+  resource_id = azurerm_key_vault.main.id
+}
+
+resource "azurerm_monitor_diagnostic_setting" "namespace" {
   count                          = var.diagnostics != null ? 1 : 0
   name                           = "${var.name}-ns-diag"
   target_resource_id             = azurerm_key_vault.main.id
@@ -88,24 +92,34 @@ resource "azurerm_monitor_diagnostic_setting" "keyvault" {
   eventhub_name                  = local.parsed_diag.event_hub_auth_id != null ? var.diagnostics.eventhub_name : null
   storage_account_id             = local.parsed_diag.storage_account_id
 
+  # For each available log category, check if it should be enabled and set enabled = true if it should.
+  # All other categories are created with enabled = false to prevent TF from showing changes happening with each plan/apply.
+  # Ref: https://github.com/terraform-providers/terraform-provider-azurerm/issues/7235
   dynamic "log" {
-    for_each = local.parsed_diag.log
+    for_each = data.azurerm_monitor_diagnostic_categories.default.logs
     content {
       category = log.value
+      enabled  = contains(local.parsed_diag.log, log.value)
 
       retention_policy {
         enabled = false
+        days    = 0
       }
     }
   }
 
+  # For each available metric category, check if it should be enabled and set enabled = true if it should.
+  # All other categories are created with enabled = false to prevent TF from showing changes happening with each plan/apply.
+  # Ref: https://github.com/terraform-providers/terraform-provider-azurerm/issues/7235
   dynamic "metric" {
-    for_each = local.parsed_diag.metric
+    for_each = data.azurerm_monitor_diagnostic_categories.default.metrics
     content {
       category = metric.value
+      enabled  = contains(local.parsed_diag.metric, metric.value)
 
       retention_policy {
         enabled = false
+        days    = 0
       }
     }
   }