CosmosDb diagnostics full-text query support to log requests

[TomGudman]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add Cosmos-db support for full-text query for logging query text in the diagnostics logs. In our case, enable this features will log the mongodb json under the piiCommandText attribute.

Unfortunately, this might be an early request because I am not even sure we can do via the azure-cli. I only googled a bit for a doc and couldn't find anything else than the below telling you how to do it through the portal.

A az cosmosdb list does not seem to surface this parameter. Maybe it isn't tied to the cosmos resource. I am unsure.

https://docs.microsoft.com/en-us/azure/cosmos-db/cosmosdb-monitor-resource-logs#full-text-query

New or Affected Resource(s)/Data Source(s)

azurerm_cosmosdb_account

Potential Terraform Configuration

I guess it can either be seen a capability or a flag but that will depends on the underlying implementation in Azure's APIs.

resource "azurerm_cosmosdb_account" "db" {
  name                = "mongodb"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  offer_type          = "Standard"
  kind                = "MongoDB"

  capabilities {
    name = "EnableDiagnosticsFullTextQuery"
  }

or

resource "azurerm_cosmosdb_account" "db" {
  name                = "mongodb"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  offer_type          = "Standard"
  kind                = "MongoDB"

  enable_diagnostics_fulltext_query = true
}

References

https://docs.microsoft.com/en-us/azure/cosmos-db/cosmosdb-monitor-resource-logs#full-text-query

[mickeder]

First of all, this issue is a duplicate of #13809.

Secondly, it's currently impossible to implement this feature using azure-sdk-for-go v65 or even the newest v66, because the underlying code (https://github.com/Azure/azure-sdk-for-go/tree/v66.0.0/services/cosmos-db/mgmt) uses 2021-10-15 REST API for CosmosDB management, while the option to enable Full-Text Query Diagnostics was added in version 2021-11-15-preview (https://docs.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/2021-11-15-preview/database-accounts/update?tabs=HTTP#enablefulltextquery).

[mickeder]

The only workaround I can see right now is to use a null_resource with a local-exec provisioner together with az cli, using below snippet:

resource "null_resource" "example" {
  triggers = {
    trigger = var.enable_diagnostics_fulltext_query
  }
  provisioner "local-exec" {
    command = <<-EOT
      az rest \
        --method PATCH \
        --url 'https://management.azure.com/subscriptions/${var.azure_subscription_id}/resourceGroups/${azurerm_resource_group.rg.name}/providers/Microsoft.DocumentDB/databaseAccounts/${azurerm_cosmosdb_account.db.name}?api-version=2021-11-15-preview' \
        --body '{"properties":{"diagnosticLogSettings":{"enableFullTextQuery":"${var.enable_diagnostics_fulltext_query ? "True" : "False"}"}}}'
      EOT
  }
}

[rcskosir]

@TomGudman Thanks for taking the time to open this feature request and @pszypowicz thank you for helping point out this is a duplicate. We like to try to keep discussions consolidated, so we’re going to close this issue in favor of #13809 which is older, but also has the most recent comments. Thanks again!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.