azurerm_monitor_activity_log_alert (Resource Health) does not implement te resource type correctly

cschipper1 commented 2 years ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.1.2

AzureRM Provider Version

2.9.7

Affected Resource(s)/Data Source(s)

azurerm_monitor_activity_log_alert

Terraform Configuration Files

resource "azurerm_monitor_activity_log_alert" "example" {
  name                = "example
  description         = "Resource health alert for subscription"
  resource_group_name = "mon-rg"
  scopes              = [data.azurerm_subscription.current.id]
  criteria {
     category      = "ResourceHealth"
     resource_type = "Microsoft.Web/serverFarms"

  }
}

Potential Terraform Configuration

resource "azurerm_monitor_activity_log_alert" "example" {
  name                = "example"
  description         = "Resource health alert for subscription"
  resource_group_name = "mon-rg"
  scopes              = [data.azurerm_subscription.current.id]
  criteria {
    category = "ResourceHealth"
    resource_health {
      resource_types = ["Microsoft.Web/serverFarms", "microsoft.ContainerService/managedClusters"]
    }
  }
}

Debug Output/Panic Output

na

Expected Behaviour

anyOf should be used with category ResourceHealth and multiple resource type field should be a list:

Azure rest api result:

"condition": { "allOf": [ { "field": "category", "equals": "ResourceHealth", "containsAny": null, "odata.type": null }, { "anyOf": [ { "field": "resourceType", "equals": "Microsoft.Web/serverFarms", "containsAny": null, "odata.type": null } ], "odata.type": null } ], "odata.type": null }

Actual Behaviour

Azure rest api result:

"condition": { "allOf": [ { "field": "category", "equals": "ResourceHealth", "containsAny": null, "odata.type": null }, { "field": "resourceType", "equals": "Microsoft.Web/serverFarms", "containsAny": null, "odata.type": null } ], "odata.type": null }

Steps to Reproduce

No response

Important Factoids

url to create alert: https://portal.azure.com/#blade/Microsoft_Azure_Health/AzureHealthBrowseBlade/resourceHealth

References

No response

ooteniya commented 2 years ago

any updates on this?

rajshares commented 2 years ago

I do have same issue. any update

gpavankumarg commented 1 year ago

Hi Team, any update on this

SimonInOps commented 3 months ago

Hi, It's been over 2 years and I faced a similar issue, that the generated template differs from the one created in an Azure portal - missing "anyOf" entry. For anyone looking for the solution like in my case, check below because the usage is not mentioned in the documentation.

My initial configuration:

TF version: v1.7.2
Provider version: v3.91.0

resource "azurerm_monitor_activity_log_alert" "example1" {
  name                = "example-health"
  resource_group_name = azurerm_resource_group.example.name
  scopes              = [monitored_resource_example.id]

  criteria {
    category        = "ResourceHealth"
    resource_type  = monitored_resource_example.type
    resource_group = monitored_resource_example.rg
    resource_id    = monitored_resource_example.id
  }
}

According to the docs

scopes - A list of strings which could be a resource group , or a subscription, or a resource ID
resource_type - The resource type monitored by the activity log alert
resource_group - The name of resource group monitored by the activity log alert.
resource_id - The specific resource monitored by the activity log alert. It should be within one of the "scopes"

So the configuration is valid, and should work, but the example above generate a template without "anyOf" blocks, which cause broken connection with the resource. In the Azure portal it shows "Target resource type" -> "Any" even though the type, resource group and resource id are specified.

Solution

Criteria block support two instructions that are mutually exclusive and have different behaviour. Change all string criteria to a list of strings, and scope to the subscription like below:

resource_type -> resource_types
resource_group -> resource_groups
resource_id -> resource_ids

Full example

resource "azurerm_monitor_activity_log_alert" "example2" {
  name                = "example-health"
  resource_group_name = azurerm_resource_group.example.name
  scopes              = [monitored_resource_example.subscription.id]

  criteria {
    category        = "ResourceHealth"
    resource_types  = [monitored_resource_example.type]
    resource_groups = [monitored_resource_example.rg]
    resource_ids    = [monitored_resource_example.id]
  }
}

After this change template is generated(with "anyof" blocks) and linked correctly to the destination resource properties. Hope it helps!

[EDIT] It's not "legacy" bug. It's still reproducible using the newest provider version. @catriona-m @cschipper1

hashicorp / terraform-provider-azurerm