Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Subscription variable to the azurerm_monitor_activity_log_alert and azurerm_key_vault_secret #25053

Open
1 task done
williamarobinson opened this issue Feb 27, 2024 · 0 comments
Open
1 task done

Add Subscription variable to the azurerm_monitor_activity_log_alert and azurerm_key_vault_secret #25053

williamarobinson opened this issue Feb 27, 2024 · 0 comments
Labels
enhancement service/key-vault Key Vault service/monitor

Comments

@williamarobinson
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

When utilizing multiple subscriptions, generating a single service principal is beneficial for cross-subscription pipelines. This requires being able to reference the subscription on top-tier settings that can / may affect multiple subscriptions.

I would propose for the following resources:
azurerm_monitor_activity_log_alert
azurerm_key_vault_secret

A previous example is 23673 solved by 24258

If the subscription is Optional, then the client provider is taken, otherwise it uses the specified subscription.

With the azurerm_key_vault_secret, the secret can be created but then it reads it incorrectly so you have to use a provider alias on the module in order to report "no changes". otherwise, it will try to recreate the secret every time. Import was tried and that also failed.

New or Affected Resource(s)/Data Source(s)

azurerm_monitor_activity_log_alert, azurerm_key_vault_secret

Potential Terraform Configuration

-------------------------------------------------------------
azurerm_monitor_activity_log_alert
-------------------------------------------------------------
resource "azurerm_monitor_activity_log_alert" "main" {
  name                = "example-activitylogalert"
  resource_group_name = azurerm_resource_group.example.name
  scopes              = [azurerm_resource_group.example.id]
  description         = "This alert will monitor a specific storage account updates."

  subscription = "00000000-0000-0000-0000-000000000000"

  criteria {
    resource_id    = azurerm_storage_account.to_monitor.id
    operation_name = "Microsoft.Storage/storageAccounts/write"
    category       = "Recommendation"
  }

  action {
    action_group_id = azurerm_monitor_action_group.main.id

    webhook_properties = {
      from = "terraform"
    }
  }
}
-------------------------------------------------------------
azurerm_key_vault_secret
-------------------------------------------------------------

resource "azurerm_key_vault_secret" "example" {
  name         = "secret-sauce"
  value        = "szechuan"
  key_vault_id = azurerm_key_vault.example.id
  subscription = "00000000-0000-0000-0000-000000000000"
}

References

#23673
#24258
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement service/key-vault Key Vault service/monitor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@williamarobinson @rcskosir