'azurerm_monitor_metric_alert' attribute 'scopes' behavior is incorrect with 'azurerm_application_insights_web_test'

alexeyauslender commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.13.5 provider registry.terraform.io/hashicorp/azurerm v2.31.0

Affected Resource(s)

azurerm_monitor_metric_alert

Terraform Configuration Files

resource "azurerm_monitor_metric_alert" "availabilty_test_failure" {
  for_each            = azurerm_application_insights_web_test.app_insights_test
  name                = "${each.value.name}-alert"
  resource_group_name = data.terraform_remote_state.product_bootstrap.outputs.product_diag_rg.name
  scopes              = [each.value.id, data.azurerm_application_insights.instance.id]

  application_insights_web_test_location_availability_criteria {
    web_test_id           = each.value.id
    component_id          = data.azurerm_application_insights.instance.id
    failed_location_count = 2
  }
  action {
    action_group_id = data.terraform_remote_state.product_bootstrap.outputs.monitor_action_group.id
  }

  tags = map("hidden-link:${data.azurerm_application_insights.instance.id}", "Resource", "hidden-link:${each.value.id}", "Resource")
}

Debug Output

In fiddler I can see the following payloads sent to Azure api by terraform First alert metric is created properly with webtest as a target, please notice that in 'scopes' test appears to be the first resource

{
  "id": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/Microsoft.Insights/metricAlerts/app508-dfpg-dev3-diag-eastus2-backoffice-ai-test-alert",
  "name": "app508-dfpg-dev3-diag-eastus2-backoffice-ai-test-alert",
  "type": "Microsoft.Insights/metricAlerts",
  "location": "global",
  "tags": {
    "hidden-link:/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai": "Resource",
    "hidden-link:/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-backoffice-ai-test": "Resource"
  },
  "properties": {
    "description": "",
    "severity": 3,
    "enabled": true,
    "scopes": [
      "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-backoffice-ai-test",
      "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai"
    ],
    "evaluationFrequency": "PT1M",
    "windowSize": "PT5M",
    "criteria": {
      "webTestId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-backoffice-ai-test",
      "componentId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai",
      "failedLocationCount": 2,
      "odata.type": "Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria"
    },
    "autoMitigate": true,
    "targetResourceType": "",
    "targetResourceRegion": "",
    "actions": [
      {
        "actionGroupId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-cfg-eastus2/providers/microsoft.insights/actionGroups/app508-dfpg-ne-ag",
        "webHookProperties": {}
      }
    ]
  }
}

Second is created wrong with Appinsights as the target, please notice that in 'scopes' Appinsights appears to be the first resource

{
  "id": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/Microsoft.Insights/metricAlerts/app508-dfpg-dev3-diag-eastus2-gateway-ai-test-alert",
  "name": "app508-dfpg-dev3-diag-eastus2-gateway-ai-test-alert",
  "type": "Microsoft.Insights/metricAlerts",
  "location": "global",
  "tags": {
    "hidden-link:/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai": "Resource",
    "hidden-link:/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-gateway-ai-test": "Resource"
  },
  "properties": {
    "description": "",
    "severity": 3,
    "enabled": true,
    "scopes": [
      "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai",
      "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-gateway-ai-test"
    ],
    "evaluationFrequency": "PT1M",
    "windowSize": "PT5M",
    "criteria": {
      "webTestId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-gateway-ai-test",
      "componentId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai",
      "failedLocationCount": 2,
      "odata.type": "Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria"
    },
    "autoMitigate": true,
    "targetResourceType": "",
    "targetResourceRegion": "",
    "actions": [
      {
        "actionGroupId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-cfg-eastus2/providers/microsoft.insights/actionGroups/app508-dfpg-ne-ag",
        "webHookProperties": {}
      }
    ]
  }
}

Third is created wrong with Appinsights as the target, please notice that in 'scopes' Appinsights appears to be the first resource

{
  "id": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/Microsoft.Insights/metricAlerts/app508-dfpg-dev3-diag-eastus2-portal-ai-test-alert",
  "name": "app508-dfpg-dev3-diag-eastus2-portal-ai-test-alert",
  "type": "Microsoft.Insights/metricAlerts",
  "location": "global",
  "tags": {
    "hidden-link:/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai": "Resource",
    "hidden-link:/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-portal-ai-test": "Resource"
  },
  "properties": {
    "description": "",
    "severity": 3,
    "enabled": true,
    "scopes": [
      "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai",
      "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-portal-ai-test"
    ],
    "evaluationFrequency": "PT1M",
    "windowSize": "PT5M",
    "criteria": {
      "webTestId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/webtests/app508-dfpg-dev3-diag-eastus2-portal-ai-test",
      "componentId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-diag-eastus2/providers/microsoft.insights/components/app508-dfpg-dev3-diag-eastus2-ai",
      "failedLocationCount": 2,
      "odata.type": "Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria"
    },
    "autoMitigate": true,
    "targetResourceType": "",
    "targetResourceRegion": "",
    "actions": [
      {
        "actionGroupId": "/subscriptions/s/resourceGroups/app508-dfpg-ne-cfg-eastus2/providers/microsoft.insights/actionGroups/app508-dfpg-ne-ag",
        "webHookProperties": {}
      }
    ]
  }
}

Panic Output

Expected Behaviour

Create the metric alert for each web test in the list. The availability test should be a target resource in created metric alert.

Actual Behaviour

Some metric alerts created with an Appinsights as a target and some with an availability test resource as a target.

Steps to Reproduce

terraform apply

Important Factoids

References

I think the problem is with 'scopes' argument implementation, which uses hash set data structure instead of using array. Unit test that I am referencing here, works accidently, exactly as a first metric alert created by my code. When the api call make by terraform happens, the first resource in a scope is test and the second is Appinsights. If the hash set order would be different, the result would be the same as mine (for two resources that were created botched) and Appinsights would be a target resource in created metric alert. https://github.com/terraform-providers/terraform-provider-azurerm/blob/1f316b3c34ce16bc423bb87691fb8c5f3c4a7955/azurerm/internal/services/monitor/tests/monitor_metric_alert_resource_test.go#L474

MarkKharitonov commented 3 years ago

Any comments on that? We had to go down the ARM template route, because the TF resource is unusable in its current state and for the web test purpose.

rcskosir commented 1 year ago

Thanks for opening this issue. This was a problem in the 2.x version of the provider which is no longer actively maintained. If this is still an issue with the 3.x version of the provider please do let us know by opening a new issue, thanks!

github-actions[bot] commented 5 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-azurerm