search

logicmonitor / terraform-provider-logicmonitor

Terraform LogicMonitor provider.
https://registry.terraform.io
Mozilla Public License 2.0
23 stars 17 forks source link

logicmonitor_device_group configuration drift #85

Open ChrisCAG opened 3 months ago

ChrisCAG commented 3 months ago

I have the following configuration set on a device group.

resource "logicmonitor_device_group" "xxxx" {
  name           = "xxxx"
  parent_id      = 1
  enable_netflow = true
  group_type     = "Normal"
  custom_properties = [
    {
      name  = "esx.pass"
      value = data.azurerm_key_vault_secret.internal_service_account_password.value
    },
    {
      name  = "esx.user"
      value = "${data.azurerm_key_vault_secret.service_account_username.value}@internal.xxxx.com"
    },
  ]
}

When ever I run a plan for terraform, its constantly trying to remove configuration I've not specified

  # logicmonitor_device_group.xxxx will be updated in-place
  ~ resource "logicmonitor_device_group" "xxxx" {
      ~ custom_properties             = [
          ~ {
                name  = "esx.pass"
              ~ value = (sensitive value)
            },
            {
                name  = "esx.user"
                value = (sensitive value)
            },
        ]
        id                            = "19"
        name                          = "xxxx"
        # (30 unchanged attributes hidden)

      - extra {
          - devices = [] -> null
        }
    }

As you can see from the output, its trying to change a sensitive value constantly, (even though the vault is not updated) and its constantly trying to strip out the extra block.

if i add the following block to my configuration 

  extra{
    devices = null
    account {

    }
    default {
      use_default = true
    }
    services {

    }
  }

I get the following error after an apply. 

│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-logicmonitor_v2.0.14.exe plugin:

panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 167 [running]:
terraform-provider-logicmonitor/logicmonitor/schemata.CloudAccountExtraModel(0x14a21dc0)
        terraform-provider-logicmonitor/logicmonitor/schemata/cloud_account_extra_schema.go:64 +0x231
terraform-provider-logicmonitor/logicmonitor/schemata.DeviceGroupModel(0x140008c0)
        terraform-provider-logicmonitor/logicmonitor/schemata/device_group_schema.go:500 +0x1e6
terraform-provider-logicmonitor/logicmonitor/resources.updateDeviceGroupById({0x12110c0, 0x1413e880}, 0x140008c0, {0x100d720, 0x14066240})
        terraform-provider-logicmonitor/logicmonitor/resources/device_group_resource.go:176 +0x36
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0x146e9ab0, {0x1211080, 0x144aa4e0}, 0x140008c0, {0x100d720, 0x14066240})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.6.1/helper/schema/resource.go:364 +0x11f
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x146e9ab0, {0x1211080, 0x144aa4e0}, 0x1413e340, 0x1440a948, {0x100d720, 0x14066240})
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.6.1/helper/schema/resource.go:464 +0x52d
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x14092090, {0x1211080, 0x144aa4e0}, 0x144aa510)
        github.com/hashicorp/terraform-plugin-sdk/v2@v2.6.1/helper/schema/grpc_provider.go:955 +0xaff
github.com/hashicorp/terraform-plugin-go/tfprotov5/server.(*server).ApplyResourceChange(0x1429ef18, {0x12110e0, 0x14482108}, 0x1413e180)
        github.com/hashicorp/terraform-plugin-go@v0.3.0/tfprotov5/server/server.go:332 +0x8e
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x10a4fa0, 0x1429ef18}, {0x12110e0, 0x14482108}, 0x144aa3f0, 0x0)
        github.com/hashicorp/terraform-plugin-go@v0.3.0/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:380 +0x18a
google.golang.org/grpc.(*Server).processUnaryRPC(0x14108240, {0x1212bcc, 0x1422e000}, 0x149ba140, 0x1429ef30, 0x1745c40, 0x0)
        google.golang.org/grpc@v1.43.0/server.go:1282 +0xc13
google.golang.org/grpc.(*Server).handleStream(0x14108240, {0x1212bcc, 0x1422e000}, 0x149ba140, 0x0)
        google.golang.org/grpc@v1.43.0/server.go:1616 +0xa2b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
        google.golang.org/grpc@v1.43.0/server.go:921 +0xb1
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/grpc@v1.43.0/server.go:919 +0x25f

Error: The terraform-provider-logicmonitor_v2.0.14.exe plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Expected outcome here is "your environment matches configuration"

AntonSynchrofazatron commented 2 months ago

hey @ChrisCAG . i've faced similar issue with other resources when pass and some value for password are used. The problem is LM api returns password as ** so it always thinks that you try to change it. eg for my psql devices i have custom properties like

    custom_properties = flatten([
    [for key, value in local.pws_for_properties[each.value.instance_key].psql_cred : {
      name  = "jdbc.postgres.${key}.pass"
      value = value
    }],
    [
      {
        name  = "system.categories"
        value = each.value.system_categories
      }
    ],
  ])

so i had to use

lifecycle {
    ignore_changes = [
      custom_properties,
      host_group_ids,
    ]
  }

this makes my plan clean.. but if i want to add more users / passwords i need to comment custom_properties in lifecycle block apply a code and uncomment it back..

for extra in logicmonitor_device_group basically i had to use the same approach.. 

    ignore_changes = [
      extra,
    ]
  }

because it was constantly spamming with changes i've never made

ChrisCAG commented 2 months ago

Yeah, my aim is to incorporate this all into an automated CI/CD Pipeline to avoid state drift, keeping main as a good state only.

obviously not being able to automate changes to properties or host groups isnt ideal.

cnagamor commented 2 months ago

I used a combination of ignore_changes + replace_triggered_by to get over this issue. Cumbersome, but hopefully this is a helpful workaround: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by

ChrisCAG commented 1 month ago

could I get an example of the code you've used for the above? forcing a replacement may mean we lose device specific configuration & tuning each time we replace it?