Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to apply azurerm_sentinel_automation_rule - plan works fine but getting plugin crashed errors on apply #27260

Closed
1 task done
bjarkijonbk opened this issue Sep 2, 2024 · 2 comments · Fixed by #27269
Closed
1 task done

Unable to apply azurerm_sentinel_automation_rule - plan works fine but getting plugin crashed errors on apply #27260

bjarkijonbk opened this issue Sep 2, 2024 · 2 comments · Fixed by #27269
Assignees
@catriona-m
Labels
bug crash service/sentinel v/4.x
Milestone
v4.1.0

Comments

@bjarkijonbk
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.5

AzureRM Provider Version

4.0.1

Affected Resource(s)/Data Source(s)

azurerm_sentinel_automation_rule

Terraform Configuration Files

resource "azurerm_sentinel_automation_rule" "example_name_here" {
  for_each = local.customer_data_dev

  name                       = "XXX"
  log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.sentinel-onboarding-customer_dev[each.value.workspace_name].workspace_id
  display_name               = "automation-rule-display-name-${local.customer_data_dev[each.key].workspace_name}"
  order                      = 11

  condition_json = jsonencode([{
    conditionProperties : {
      propertyName : "IncidentSeverity",
      changeType : "ChangedFrom",
      operator : "Equals",
      propertyValues : [
        "Low",
        "Medium"
      ]
    },
    conditionType : "PropertyChanged"
    },
    {
      conditionProperties : {
        propertyName : "IncidentSeverity",
        changeType : "ChangedTo",
        operator : "Equals",
        propertyValues : [
          "High"
        ]
      },
      conditionType : "PropertyChanged"
  }])



  enabled       = true
  triggers_on   = "Incidents"
  triggers_when = "Updated"
  action_playbook {
    logic_app_id = data.azurerm_logic_app_workflow.logic_app_create_snow_dev.id
    order        = 1
    tenant_id    = "XXX"
  }
}

Debug Output/Panic Output

https://gist.github.com/bjarkijonbk/a60dff8120174c81ad2068bcab07a3e3

Expected Behaviour

Apply complete! Resources: X added, 0 changed, 0 destroyed.

Actual Behaviour

│ Error: Plugin did not respond

│ with azurerm_sentinel_automation_rule.REDACTED["REDACTED"],
│ on REDACTED.tf line 1, in resource "azurerm_sentinel_automation_rule" "REDACTED":
│ 1: resource "azurerm_sentinel_automation_rule" "REDACTED" {

│ The plugin encountered an error, and failed to respond to the
│ plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may
│ contain more details.

Stack trace from the terraform-provider-azurerm_v4.0.0_x5 plugin:

panic: interface conversion: interface {} is nil, not []interface {}

goroutine 84 [running]:
github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel.resourceSentinelAutomationRuleCreateOrUpdate(0xc002c7a600, {0x729db00?, 0xc0015ab680})
github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel/sentinel_automation_rule_resource.go:283 +0xdfd
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x8b0c1d8?, {0x8b0c1d8?, 0xc002d02480?}, 0xd?, {0x729db00?, 0xc0015ab680?})
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:766 +0x163
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc0017f5340, {0x8b0c1d8, 0xc002d02480}, 0xc001c9ab60, 0xc002c7a300, {0x729db00, 0xc0015ab680})
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:909 +0xa89
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc00094bb48, {0x8b0c1d8?, 0xc002d02390?}, 0xc001ae87d0)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:1078 +0xdbc
github.com/hashicorp/terraform-plugin-mux/tf5muxserver.(*muxServer).ApplyResourceChange(0x8b0c210?, {0x8b0c1d8?, 0xc002d02090?}, 0xc001ae87d0)
github.com/hashicorp/[email protected]/tf5muxserver/mux_server_ApplyResourceChange.go:36 +0x193
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc000851400, {0x8b0c1d8?, 0xc002c5b680?}, 0xc001d2f7a0)
github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:865 +0x3d0
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x7fbd580?, 0xc000851400}, {0x8b0c1d8, 0xc002c5b680}, 0xc002b9fb00, 0x0)
github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:518 +0x169
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001cb600, {0x8b0c1d8, 0xc002c5b5f0}, {0x8b38bc0, 0xc0001bfc80}, 0xc002c646c0, 0xc001c21ec0, 0xe173798, 0x0)
google.golang.org/[email protected]/server.go:1369 +0xe23
google.golang.org/grpc.(*Server).handleStream(0xc0001cb600, {0x8b38bc0, 0xc0001bfc80}, 0xc002c646c0)
google.golang.org/[email protected]/server.go:1780 +0x1016
google.golang.org/grpc.(*Server).serveStreams.func2.1()

Steps to Reproduce

  1. terraform apply

It looks like some sort of an issue with the "condition_json"
I've tried multiple ways of using it and I get this error no matter what. Without jsonencode too

Also tried using this format
condition_json = <<CONDITION
{
"conditions": [
{
"field": "AlertName",
"equals": "Suspicious activity from a Tor exit node"
}
]
}
CONDITION

But no matter what I do, the terraform apply just returns a plugin crash.
I'm out of ideas how to format the JSON code. Is there anyone who has a solution?

I've been googling like crazy and no matter how the "condition_json" value is, it just doesn't work.

Important Factoids

No response

References

No response
@catriona-m catriona-m self-assigned this Sep 3, 2024
@catriona-m catriona-m mentioned this issue Sep 3, 2024
Merged
10 tasks
@bjarkijonbk
Copy link
Author

Adding that I copied the panic from 4.0.0 version run, but the issue is the same in 4.0.1

@github-actions github-actions bot added this to the v4.1.0 milestone Sep 5, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 6, 2024

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@catriona-m catriona-m

Labels
bug crash service/sentinel v/4.x
Projects
None yet
Milestone
v4.1.0
2 participants
@catriona-m @bjarkijonbk