add msi_auth_for_monitoring_enabled #446
Conversation
|
@microsoft-github-policy-service agree |
|
@admincasper thanks for your contribution. Could you please run the Thanks |
|
Just ran both pre-commit and pr-check. |
| @@ -446,6 +446,7 @@ resource "azurerm_kubernetes_cluster" "main" { | |||
|
|
|||
| content { | |||
| log_analytics_workspace_id = local.log_analytics_workspace.id | |||
| msi_auth_for_monitoring_enabled = var.msi_auth_for_monitoring_enabled | |||
There was a problem hiding this comment.
This is already present in provider version 3.47.0:
hashicorp/terraform-provider-azurerm#20757
No need to bump versions. All good.
I dont see the new changes. |
variables.tf
Outdated
| @@ -689,6 +689,13 @@ variable "maintenance_window_node_os" { | |||
| EOT | |||
| } | |||
|
|
|||
| variable "msi_auth_for_monitoring_enabled" { | |||
| type = bool | |||
| default = false | |||
There was a problem hiding this comment.
Why you have the default at false and not null ?
There was a problem hiding this comment.
When running module aks with log_analytics_workspace_enabled = true without specifying msi_auth_for_monitoring_enabled the value is false by default. I checked by running az aks addon show --addon monitoring.
So I thought default value was false.
There was a problem hiding this comment.
It is weird, because enabling monitoring addon with az aks CLI the default value is True..
There was a problem hiding this comment.
Also is nullable = false, I interpreted it as only possible values should be either False or True? Correct me if I'm wrong
There was a problem hiding this comment.
I agree with @zioproto, according to the provider schema, this msi_auth_for_monitoring_enabled argument's default value is null, setting default value to false could cause a configuration drift. Would you please set the default value to null?
There was a problem hiding this comment.
@admincasper It is often the case that Terraform has true false and null. But when you read back from the azurerm API the values are just true or false. Now we are interested if this value is explicit in the Terraform state as false. I hope this clarifies why you dont get back null from your az aks show operation.
There was a problem hiding this comment.
Yeah thanks for clarifying! I've pushed up the changes.
There was a problem hiding this comment.
Hi @admincasper thanks for opening this pr! Almost LGTM but some review comments to be solved.
variables.tf
Outdated
| @@ -689,6 +689,13 @@ variable "maintenance_window_node_os" { | |||
| EOT | |||
| } | |||
|
|
|||
| variable "msi_auth_for_monitoring_enabled" { | |||
| type = bool | |||
| default = false | |||
There was a problem hiding this comment.
I agree with @zioproto, according to the provider schema, this msi_auth_for_monitoring_enabled argument's default value is null, setting default value to false could cause a configuration drift. Would you please set the default value to null?
variables.tf
Outdated
| variable "msi_auth_for_monitoring_enabled" { | ||
| type = bool | ||
| default = false | ||
| description = "(Optional) Is managed identity authentication for monitoring enabled? Defaults to `false`" |
There was a problem hiding this comment.
We can remove "Defaults to false" here
There was a problem hiding this comment.
@admincasper on line 695 at the end of the description string, can you remove:
Defaults to `false`
Thanks
There was a problem hiding this comment.
@admincasper on line 695 at the end of the description string, can you remove:
Defaults to `false`Thanks
@zioproto I think it needs to default to null. So I changed it to null.
I think everything should be ok now then?
There was a problem hiding this comment.
@admincasper line 694 is ok, the correct default is null. don't touch it. In line 695 you have to remove the last statement in the description
There was a problem hiding this comment.
@zioproto Done. Removed "Defaults to 'null'" in description.
variables.tf
Outdated
| type = bool | ||
| default = false | ||
| description = "(Optional) Is managed identity authentication for monitoring enabled? Defaults to `false`" | ||
| nullable = false |
There was a problem hiding this comment.
This variable could be set to null, we can just remove this setting.
|
@admincasper did you manage to resolve all the issues? Looking forward to the feature |
I thought I had already done so.. I couldn't figure out what @lonegunmanb meant..
|
|
@lonegunmanb could you please take a look? |
|
@admincasper @zioproto Apology for the confusion.
My representation was incorrect, as @admincasper pointed out.
I've checked the current logic: dynamic "oms_agent" {
for_each = var.log_analytics_workspace_enabled ? ["oms_agent"] : []
content {
log_analytics_workspace_id = local.log_analytics_workspace.id
}
}I think it is possible that I'd like to open a separate pr to add a |
|
@admincasper Only one issue left, modify your new |
Done |
Have you run again the |
Done |
|
@lonegunmanb could you please merge it? without this feature we can't control metrics scrape period time |
|
@zioproto could you please merge those changes? @lonegunmanb is clearly not around and this tiny PR from a volunteer has already taken a month |
* add msi_auth_for_monitoring_enabled
admincasper
had a problem deploying
to
acctests
GitHub Actions
Failure
No description provided.