Terraform wants to delete metrics that intentionally are left out. #7235
Comments
|
I'm seeing this for logs too, and have tried to fix it by explicitly disabling them: log {
category = "SSISIntegrationRuntimeLogs"
enabled = false
}Not ideal, but better than seeing these in all my plans. However, this just exacerbates the problem, as now my plans looks like this: - log {
- category = "SSISIntegrationRuntimeLogs" -> null
- enabled = false -> null
- retention_policy {
- days = 0 -> null
- enabled = false -> null
}
}
+ log {
+ category = "SSISIntegrationRuntimeLogs"
+ enabled = false
} |
|
Hi @EndureBlackout Thank you for submitting this! As you know, terraform config is describing the final state of the representation of the resource. This resource ( I can tell that is not the intended behavior, users just want to prefer convention over configuration in this case. I think in this case we can leverage the |
|
@magodo Hey! I appreciate it! Can be closed with PR when merged :) |
magodo
added
the
upstream/terraform
ghost
mentioned this issue
|
Just dropping this here for others. I ran into this some time back and it was very annoying when it showed an update every time. In our case we want logs to go to a Storage Account, and metrics to go to Log Analytics Workspace. This is for cost reasons since Log Analytics is pricey for ingesting logs, but we still want metrics to go here so we can create dashboards and alerts from these. This is what I did to fix this, which lines up to what @magodo had explained as expected behavior above in his #7235 (comment).
This is what my diagnostic setting module looks like: variable resource_id {
description = "ID of Resource to Enable"
}
variable log_analytics_workspace_id {
description = "Log Analytics Workspace ID to store Diagnostic Metrics"
}
variable storage_account_id {
description = "Storage Account ID to store Diagnostic Logs"
}
# https://www.terraform.io/docs/providers/azurerm/d/monitor_diagnostic_categories.html
data azurerm_monitor_diagnostic_categories default {
resource_id = var.resource_id
}
# https://www.terraform.io/docs/providers/azurerm/r/monitor_diagnostic_setting.html
resource azurerm_monitor_diagnostic_setting metrics {
name = "diagnostic_metrics"
target_resource_id = var.resource_id
log_analytics_workspace_id = var.log_analytics_workspace_id
dynamic metric {
for_each = sort(data.azurerm_monitor_diagnostic_categories.default.metrics)
content {
category = metric.value
enabled = true
retention_policy {
enabled = true
days = 180
}
}
}
# this needs to be here with enabled = false to prevent TF from showing changes happening with each plan/apply
dynamic log {
for_each = sort(data.azurerm_monitor_diagnostic_categories.default.logs)
content {
category = log.value
enabled = false
retention_policy {
enabled = false
days = 0
}
}
}
}
# https://www.terraform.io/docs/providers/azurerm/r/monitor_diagnostic_setting.html
resource azurerm_monitor_diagnostic_setting logs {
name = "diagnostic_logs"
target_resource_id = var.resource_id
storage_account_id = var.storage_account_id
dynamic log {
for_each = sort(data.azurerm_monitor_diagnostic_categories.default.logs)
content {
category = log.value
enabled = true
retention_policy {
enabled = true
days = 30
}
}
}
# this needs to be here with enabled = false to prevent TF from showing changes happening with each plan/apply
dynamic metric {
for_each = sort(data.azurerm_monitor_diagnostic_categories.default.metrics)
content {
category = metric.value
enabled = false
retention_policy {
enabled = false
days = 0
}
}
}
}Hope this helps. |
This is a workaround for a know issue: hashicorp/terraform-provider-azurerm#7235
This is a workaround for a know issue: hashicorp/terraform-provider-azurerm#7235
This is a workaround for a know issue: hashicorp/terraform-provider-azurerm#7235
This is a workaround for a know issue: hashicorp/terraform-provider-azurerm#7235
* Add each available diagnostics category, but enable only those we want This is a workaround for a know issue: hashicorp/terraform-provider-azurerm#7235 * Use azurerm v2.51.0 * Run terraform fmt * Don't rename resource name * Use required_providers block to set azurerm version
|
@jonmaestas There is one limitation in your solution, the resource that assigned to |
|
@magodo just replace resource azurerm_key_vault example {...}
# https://www.terraform.io/docs/providers/azurerm/d/monitor_diagnostic_categories.html
data azurerm_monitor_diagnostic_categories default {
resource_id = azurerm_key_vault.example.id
}
...Edit: The above is a module I created to reuse this config. I pass in the resource id, ..., etc to that module. |
|
I have been able to fix this by filling out all the fields even if they are not used. For example with Log Analytics I would see this everytime. Now the Terraform for this would be log {
category = "AuditEvent"
}It was the null that was catching my eye. So in my Terraform code I added in the items like retention policy that I wasn't using anyway so it can't null it out log {
category = "AuditEvent"
retention_policy {
days = 0
enabled = false
}
}Now when I do a plan/apply it says no changes made. Hope that helps! |
|
I wanted to collect logs for only a few categories, |
|
Thanks for opening this issue! Since this issue seems to have been addressed in the latest versions of the provider (or a valid workaround was provided) - I'm going to close it. Please open a new updated bug report if this is still relevant. Thank you. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform (and AzureRM Provider) Version
Terraform: 0.12.26
Affected Resource(s)
azurerm_monitor_diagnostic_settingTerraform Configuration Files
Expected Behavior
Only show the included metrics in the terraform plan
Actual Behavior
Shows metrics that weren't included in the configuration for destroy
Steps to Reproduce
azurerm_monitor_diagnostic_settingterraform planThe text was updated successfully, but these errors were encountered: