Diagnostic setting categories not available

[jantijink]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.3.7

AzureRM Provider Version

3.54.0

Affected Resource(s)/Data Source(s)

azurerm_monitor_diagnostic_setting and azurerm_monitor_diagnostic_categories

Terraform Configuration Files

# logging: get diagnostic settings
data "azurerm_monitor_diagnostic_categories" "this" {
  for_each    = azurerm_container_group.default
  resource_id = each.value.id
}

resource "azurerm_monitor_diagnostic_setting" "default" {
  for_each                       = azurerm_container_group.default
  name                           = format("log-%s", each.value.name)
  target_resource_id             = each.value.id
  log_analytics_workspace_id     = var.azurerm-log-analytics-workspace-id
  log_analytics_destination_type = "AzureDiagnostics"

  dynamic "enabled_log" {
    for_each = [for log_type in data.azurerm_monitor_diagnostic_categories.this[each.key].log_category_types : log_type
    ]
    iterator = entry
    content {
      category = entry.value

      retention_policy {
        enabled = false
        days    = 0
      }
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = true
      days    = 10
    }
  }
}

Debug Output/Panic Output

This provides no Error, but also does not add any `enabled_log` blocks to the plan that is in the output. I have done the same where I replace the log_category_types attribute with the log_category_groups and in the content block replace category with category_group, this also does not work. It seems that the names for the categories have been updated. If I fill in the values:
ContainerInstanceLog_CL and ContainerEvent_CL, as provided by the documentation [here](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-log-analytics#log-schema) it does show up in the plan, but then I get an error when using apply:

Error: updating Monitor Diagnostics Setting "XXXX" for Resource "/subscriptions/xxxxx/resourceGroups/rg-container-instance-mvp-dev/providers/Microsoft.ContainerInstance/containerGroups/ci-xxx-mvp-dev": diagnosticsettings.DiagnosticSettingsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Category 'ContainerInstanceLog_CL' is not supported."
│ 
│   with module.ci-default["xxx"].azurerm_monitor_diagnostic_setting.default,
│   on modules/ci/logging.tf line 9, in resource "azurerm_monitor_diagnostic_setting" "default":
│    9: resource "azurerm_monitor_diagnostic_setting" "default" {
│ 
╵

Expected Behaviour

Creation of diagnostic setting which sends the logs to Log Analytics.

Actual Behaviour

Failure to create this resource succesfully.

Steps to Reproduce

Terraform plan and Terraform apply.

Important Factoids

Azure west europe

References

No response

[teowa]

Hi @jantijink, thanks for submitting this issue. I can reproduce your provided case, and by using the terraform state show data.azurerm_monitor_diagnostic_setting.example it looks like this:

# data.azurerm_monitor_diagnostic_categories.example:
data "azurerm_monitor_diagnostic_categories" "example" {
    id                  = "/subscriptions/xxx/resourceGroups/wt-test-resources/providers/Microsoft.ContainerInstance/containerGroups/example-continst"
    log_category_groups = []
    log_category_types  = []
    logs                = []
    metrics             = [
        "AllMetrics",
    ]
    resource_id         = "/subscriptions/xxx/resourceGroups/wt-test-resources/providers/Microsoft.ContainerInstance/containerGroups/example-continst"
}

from above, the log related field is empty, that's why apply or plan does not add any enabled_log block. By checking the Supported categories for Azure Monitor resource logs, seems the Container Group resource (with resource type Microsoft.ContainerInstance/containerGroups) does not support export resource log through Diagnostic Setting. From this doc, you may try using the diagnostic field to send log to Log Analytics Workspace.