Docs for v3.84.0 and below incorrectly claim support for AssessmentsSnapshot and SubAssessmentsSnapshot in azurerm_security_center_automation

[birjj]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

As noted in #23198, AssessmentsSnapshot and SubAssessmentsSnapshot are unsupported in the azurerm provider in version 3.71.0 (and later, until #24156 claims to have fixed it in v3.85.0). I have verified that they also throw an error in v3.75.0:

However, the documentation for the azurerm provider claims to have support from them all the way back from v2.93.0 (published 2 years before the version where they're actually supported!). For anyone depending on a version in-between v2.93.0 and v3.85.0, the documentation is simply lying - causing hard to debug behavior.

Terraform Version

1.7.1

AzureRM Provider Version

3.75.0

Affected Resource(s)/Data Source(s)

azurerm_security_center_automation

Terraform Configuration Files

locals {
  location = "..."
  rg_name = "..."
  loganalytics_id = "..."
  subscription_id = "..."
}

resource "azurerm_security_center_automation" "foobar" {
  name                = "Test Automation"
  location            = local.location
  resource_group_name = local.rg_name

  action {
    type        = "loganalytics"
    resource_id = local.loganalytics_id
  }

  source {
    event_source = "AssessmentsSnapshot"
    rule_set {
      rule {
        expected_value = "1195afff-c881-495e-9bc5-1486211ae03f" # ID of "Machines should have vulnerability findings resolved" recommendation
        operator       = "Contains"
        property_path  = "id"
        property_type  = "String"
      }
    }
  }
  source {
    event_source = "SubAssessmentsSnapshot"
    rule_set {
      rule {
        expected_value = "/assessments/1195afff-c881-495e-9bc5-1486211ae03f/" # ID of "Machines should have vulnerability findings resolved" recommendation
        operator       = "Contains"
        property_path  = "id"
        property_type  = "String"
      }
    }
  }

  scopes = [local.subscription_id]
}

Debug Output/Panic Output

│ Error: expected source.0.event_source to be one of ["Alerts" "Assessments" "RegulatoryComplianceAssessment" "RegulatoryComplianceAssessmentSnapshot" "SecureScoreControls" "SecureScoreControlsSnapshot" "SecureScores" "SecureScoresSnapshot" "SubAssessments"], got AssessmentsSnapshot
│ Error: expected source.1.event_source to be one of ["Alerts" "Assessments" "RegulatoryComplianceAssessment" "RegulatoryComplianceAssessmentSnapshot" "SecureScoreControls" "SecureScoreControlsSnapshot" "SecureScores" "SecureScoresSnapshot" "SubAssessments"], got SubAssessmentsSnapshot

Expected Behaviour

The documentation should accurately reflect the capabilities of the provider.

Actual Behaviour

The documentation lies about the capabilities of the provider.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[neil-yechenwei]

Thanks for raising this issue. Suggest to use the latest azurerm provider v3.89.0 since I assume it supports AssessmentsSnapshot and SubAssessmentsSnapshot.

Note: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_automation#event_source