search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.59k stars 4.63k forks source link

Terraform to create Appinsight Named value from Keyvault while creating the APIM ligger #25951

Closed vivuu1989 closed 2 months ago

vivuu1989 commented 5 months ago

Is there an existing issue for this?

Community Note

We have below terraform code to create AzureAPIM logger configuration for the appinsight during the appinsight creation itself. But here we are facing challenge to configure the Appinsight Instrumentation Key as named value from one of existing keyvault.

Looking for both the appinsight and logger addition with namedvalue of instrumentation key (from kv) as part of the application insight creation itself and not through manual task of creating secret in Keyvault after creating the Appinsight.

Terraform Version

1.2

AzureRM Provider Version

3.4.0

Affected Resource(s)/Data Source(s)

APIM Logger

Terraform Configuration Files

resource "azurerm_application_insights" "appinsights" {
      name                       = var.appinsights_name
      location                   = var.location
      resource_group_name        = var.rg_name
      application_type           = var.application_type
      retention_in_days          = var.retention_in_days
      workspace_id               = data.azurerm_log_analytics_workspace.laworkspace.id
      internet_ingestion_enabled = var.internet_ingestion_enabled
      disable_ip_masking         = var.disable_ip_masking

      tags = var.appinsights_tags

      lifecycle {
        ignore_changes = [
          tags,
          disable_ip_masking
        ]
      }
    }

    resource "azurerm_api_management_logger" "logger" {
      count = var.add_to_apim ? 1 : 0

      api_management_name = var.apim_name
      resource_group_name = var.apim_rg
      name                = azurerm_application_insights.appinsights.name
      resource_id         = azurerm_application_insights.appinsights.id

      application_insights {
        instrumentation_key = azurerm_application_insights.appinsights.instrumentation_key
      }

      lifecycle {
        ignore_changes = [
          resource_id
        ]
      }
    }

Debug Output/Panic Output

No solution found to directly integrate to Keyvault for named values

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

teowa commented 5 months ago

Hi @vivuu1989 , thanks for submitting this! Do you mean to reference the Key Vault Secret in the azurerm_api_management_logger.application_insights.instrumentation_key field, for example in below code:

resource "azurerm_key_vault_secret" "example" {
  name         = "examplesecret"
  value        = azurerm_application_insights.appinsights.instrumentation_key
  key_vault_id = azurerm_key_vault.example.id
}
# additional access policy is needed
resource "azurerm_api_management_logger" "logger" {
   ...
  application_insights {
    instrumentation_key = azurerm_application_insights.appinsights.instrumentation_key
  }
}

Or if it is not, could you please provide more context, is there any docs for the use cases? Thanks.

capetrei commented 3 months ago

hi, i had the same question, is there any way to not add 'instrumentation_key' as a string? in the azure portal, the named value can be pulled from vault directly

what i did is to create a named value 

resource "azurerm_api_management_named_value" "example" {
  name                = "instrumentation-key"
  display_name        = "instrumentation-key"
...
  secret = true
  value_from_key_vault {
    secret_id = var.vault_key_secret_id
  }
}

and reference it in the logger as var (in the end, the api/terraform is doing the same, i kinda figure it out because i clicked on it in Monitoring -> Application Insights -> your_logger_name -> Instrumentation key )

resource "azurerm_api_management_logger" "example" {

...

  application_insights {
    instrumentation_key = "{{instrumentation-key}}"
  }
}
rcskosir commented 2 months ago

Thank you for taking the time to raise this! We use Issues in this repository to track feature enhancements and bugs in the Azure Provider. So that we can maintain focus on that, we instead ask that broader questions are raised using one of the Community Resources, such as the Azure Provider forum. With that in mind, I'm going to close this issue.

github-actions[bot] commented 1 month ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.