terraform-provider-azurerm: Diagnostic Setting fails to apply if `logAnalyticsDestinationType` is set

Is there an existing issue for this?

I have searched the existing issues

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.3.7

AzureRM Provider Version

3.39.1

Affected Resource(s)/Data Source(s)

azurerm_monitor_diagnostic_setting

Terraform Configuration Files

resource "azurerm_monitor_diagnostic_setting" "i" {
    name = "diags"
    target_resource_id = azurerm_key_vault.i.id
    log_analytics_workspace_id = var.loganalytics_id

    enabled_log {
        category = "AuditEvent"
        retention_policy {
            days = 0
            enabled = false
        }
    }
}

Debug Output/Panic Output

During Plan:
  # module.uksouth_sandbox_environment.azurerm_monitor_diagnostic_setting.add_kv["bink-uksouth-retail"] will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "add_kv" {
        id                             = "<snipped>"
      - log_analytics_destination_type = "AzureDiagnostics" -> null
        name                           = "diags"
        # (2 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }


During Apply:
│ Error: at least one type of Log or Metric must be enabled
│ 
│   with module.uksouth_sandbox_environment.azurerm_monitor_diagnostic_setting.add_kv["bink-uksouth-retail"],
│   on ../tf-azurerm_environment/keyvault_additional.tf line 78, in resource "azurerm_monitor_diagnostic_setting" "add_kv":
│   78: resource "azurerm_monitor_diagnostic_setting" "add_kv" {
│

Expected Behaviour

No change should be applied as the default IS AzureDiagnostics according to Documentation here

Actual Behaviour

We have a single diagnostic setting which has "logAnalyticsDestinationType": "AzureDiagnostics" set, while all other Diagnostics Settings have "logAnalyticsDestinationType": null.

AzureRM Provider appears to be trying to set "AzureDiagnostics" to null during a plan/apply, but the Azure API appears to be rejecting this.

I have destroyed other diagnostics settings, upon recreating them they always get set with "AzureDiagnostics" instead of null, this suggests an API change within Azure that the provider needs to handle better.

Steps to Reproduce

Create a Diagnostic Setting via Terraform
terraform plan on the same Diagnostic Setting

Important Factoids

No response

References

No response

About this issue

Original URL
State: closed
Created a year ago
Reactions: 4
Comments: 15 (3 by maintainers)

Commits related to this issue

`azurerm_monitor_diagnostic_setting` - fix update issue (#20048) Resolves https://github.com/hashicorp/terraform-provider-azurerm/issues/20019 — committed to hashicorp/terraform-provider-azurerm by teowa a year ago

Most upvoted comments

Please see https://github.com/hashicorp/terraform-provider-azurerm/issues/20140

teowa on Feb 3, 2023

By checking the code, this is a bug in the provider when updating the diagnostic setting, I am going to submit PR to fix this.

teowa on Jan 16, 2023

I’ll try deleting a few diagnostics settings this morning - I can confirm they create just fine, but then on a second run they all want to be updated.

cpressland on Jan 16, 2023