Since v2.61: azurerm_monitor_diagnostic_categories returns empty list, causes deletion of all diagnostic settings

[derSchtefan]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.15.4
on windows_amd64
+ provider registry.terraform.io/hashicorp/azuread v1.5.0
+ provider registry.terraform.io/hashicorp/azurerm v2.62.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.3.1
+ provider registry.terraform.io/hashicorp/random v3.1.0

Affected Resource(s)

• azurerm_monitor_diagnostic_categories

Terraform Configuration Files

data "azurerm_monitor_diagnostic_categories" "xxx_eventhub_diagcats" {
  resource_id = azurerm_eventhub_namespace.xxxxxx.id
}

# enable diagnostic logging on ADX
resource "azurerm_monitor_diagnostic_setting" "telemetry_ingest_eventhub_ns_diagsettings" {
  name                       = "DiagSetting"
  target_resource_id         = azurerm_eventhub_namespace.xxxxxx.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.yyyyyyy.id

  # log all categories
  dynamic "log" {
    for_each = toset(data.azurerm_monitor_diagnostic_categories.xxx_eventhub_diagcats.logs)

    content {
      category = log.key
      enabled  = true

      retention_policy {
        enabled = false
      }
    }
  }

  metric {
    category = "AllMetrics"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }
}

Expected Behaviour

Upgrade from 2.60 to 2.61: Nothing changed. When I run terraform plan or apply I expect nothing to change.

Actual Behaviour

A data block for azurerm_monitor_diagnostic_categories in versions > 2.60 returns an empty list, causing all diagnostic settings to be removed on each resource.

This was checked in 2.61 and 2.62. It happens for all our relevant resources (Event Hubs, Kusto, etc.)

<= data "azurerm_monitor_diagnostic_categories" "xxx_eventhub_diagcats"  {
    ~ id          = "/subscriptions/aaaaaaaaaa/resourceGroups/bbbbbbb/providers/Microsoft.EventHub/namespaces/xxxxxxxx" -> (known after apply)
    ~ logs        = [
        - "ArchiveLogs",
        - "AutoScaleLogs",
        - "CustomerManagedKeyUserLogs",
        - "EventHubVNetConnectionEvent",
        - "KafkaCoordinatorLogs",
        - "KafkaUserErrorLogs",
        - "OperationalLogs",
    ] -> (known after apply)
    ~ metrics     = [
        - "AllMetrics",
    ] -> (known after apply)
    # (1 unchanged attribute hidden)

    + timeouts {
        + read = (known after apply)
    }
}

Steps to Reproduce

1. Use provider version 2.60.
2. Add an azure monitor diag setting like in the config file above
3. Execute plan / apply
4. Observe the target resource has all diag settings activated
5. Switch to provider version 2.61 or 2.62
6. Observe that all diag settings got removed

[rcskosir]

Thanks for opening this issue. This was a problem in the 2.x version of the provider which is no longer actively maintained. If this is still an issue with the 3.x version of the provider please do let us know by opening a new issue, thanks!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.