Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logicmonitor_device_group configuration drift #85

Open
ChrisCAG opened this issue Apr 18, 2024 · 4 comments
Open

logicmonitor_device_group configuration drift #85

ChrisCAG opened this issue Apr 18, 2024 · 4 comments

Comments

@ChrisCAG
Copy link

I have the following configuration set on a device group.

resource "logicmonitor_device_group" "xxxx" {
  name           = "xxxx"
  parent_id      = 1
  enable_netflow = true
  group_type     = "Normal"
  custom_properties = [
    {
      name  = "esx.pass"
      value = data.azurerm_key_vault_secret.internal_service_account_password.value
    },
    {
      name  = "esx.user"
      value = "${data.azurerm_key_vault_secret.service_account_username.value}@internal.xxxx.com"
    },
  ]
}

When ever I run a plan for terraform, its constantly trying to remove configuration I've not specified

  # logicmonitor_device_group.xxxx will be updated in-place
  ~ resource "logicmonitor_device_group" "xxxx" {
      ~ custom_properties             = [
          ~ {
                name  = "esx.pass"
              ~ value = (sensitive value)
            },
            {
                name  = "esx.user"
                value = (sensitive value)
            },
        ]
        id                            = "19"
        name                          = "xxxx"
        # (30 unchanged attributes hidden)

      - extra {
          - devices = [] -> null
        }
    }

As you can see from the output, its trying to change a sensitive value constantly, (even though the vault is not updated) and its constantly trying to strip out the extra block.

if i add the following block to my configuration

  extra{
    devices = null
    account {
      
    }
    default {
      use_default = true
    }
    services {
      
    }
  }

I get the following error after an apply.

│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-logicmonitor_v2.0.14.exe plugin:

panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 167 [running]:
terraform-provider-logicmonitor/logicmonitor/schemata.CloudAccountExtraModel(0x14a21dc0)
        terraform-provider-logicmonitor/logicmonitor/schemata/cloud_account_extra_schema.go:64 +0x231
terraform-provider-logicmonitor/logicmonitor/schemata.DeviceGroupModel(0x140008c0)
        terraform-provider-logicmonitor/logicmonitor/schemata/device_group_schema.go:500 +0x1e6
terraform-provider-logicmonitor/logicmonitor/resources.updateDeviceGroupById({0x12110c0, 0x1413e880}, 0x140008c0, {0x100d720, 0x14066240})
        terraform-provider-logicmonitor/logicmonitor/resources/device_group_resource.go:176 +0x36
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0x146e9ab0, {0x1211080, 0x144aa4e0}, 0x140008c0, {0x100d720, 0x14066240})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:364 +0x11f
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x146e9ab0, {0x1211080, 0x144aa4e0}, 0x1413e340, 0x1440a948, {0x100d720, 0x14066240})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:464 +0x52d
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x14092090, {0x1211080, 0x144aa4e0}, 0x144aa510)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:955 +0xaff
github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(*server).ApplyResourceChange(0x1429ef18, {0x12110e0, 0x14482108}, 0x1413e180)
        github.com/hashicorp/[email protected]/tfprotov5/server/server.go:332 +0x8e
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x10a4fa0, 0x1429ef18}, {0x12110e0, 0x14482108}, 0x144aa3f0, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:380 +0x18a
google.golang.org/grpc.(*Server).processUnaryRPC(0x14108240, {0x1212bcc, 0x1422e000}, 0x149ba140, 0x1429ef30, 0x1745c40, 0x0)
        google.golang.org/[email protected]/server.go:1282 +0xc13
google.golang.org/grpc.(*Server).handleStream(0x14108240, {0x1212bcc, 0x1422e000}, 0x149ba140, 0x0)
        google.golang.org/[email protected]/server.go:1616 +0xa2b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/[email protected]/server.go:921 +0xb1
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:919 +0x25f

Error: The terraform-provider-logicmonitor_v2.0.14.exe plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected outcome here is "your environment matches configuration"
@AntonSynchrofazatron
Copy link

AntonSynchrofazatron commented Apr 24, 2024
edited
Loading

hey @ChrisCAG . i've faced similar issue with other resources when pass and some value for password are used. The problem is LM api returns password as ********** so it always thinks that you try to change it. eg for my psql devices i have custom properties like

    custom_properties = flatten([
    [for key, value in local.pws_for_properties[each.value.instance_key].psql_cred : {
      name  = "jdbc.postgres.${key}.pass"
      value = value
    }],
    [
      {
        name  = "system.categories"
        value = each.value.system_categories
      }
    ],
  ])

so i had to use

lifecycle {
    ignore_changes = [
      custom_properties,
      host_group_ids,
    ]
  }

this makes my plan clean.. but if i want to add more users / passwords i need to comment custom_properties in lifecycle block apply a code and uncomment it back..

for extra in logicmonitor_device_group basically i had to use the same approach..

    ignore_changes = [
      extra,
    ]
  }

because it was constantly spamming with changes i've never made

@ChrisCAG
Copy link
Author

Yeah, my aim is to incorporate this all into an automated CI/CD Pipeline to avoid state drift, keeping main as a good state only.

obviously not being able to automate changes to properties or host groups isnt ideal.

@cnagamor
Copy link

cnagamor commented May 7, 2024

I used a combination of ignore_changes + replace_triggered_by to get over this issue.
Cumbersome, but hopefully this is a helpful workaround:
https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by

@ChrisCAG
Copy link
Author

ChrisCAG commented Jun 4, 2024

could I get an example of the code you've used for the above? forcing a replacement may mean we lose device specific configuration & tuning each time we replace it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cnagamor @ChrisCAG @AntonSynchrofazatron