azurerm_monitor_diagnostic_setting allways want to change log_analytics_destination_type from empty to AzureDiagnostics starting with 3.40.0

[StefanSchoof]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.3.7

AzureRM Provider Version

3.40.0

Affected Resource(s)/Data Source(s)

azurerm_monitor_diagnostic_setting

Terraform Configuration Files

resource "azurerm_monitor_diagnostic_setting" "subscription" {
  name                       = "Subscription"
  target_resource_id         = data.azurerm_subscription.current.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics.id

  enabled_log {
    category = "Administrative"
  }
  enabled_log {
    category = "Alert"
  }
  enabled_log {
    category = "Recommendation"
  }
  enabled_log {
    category = "ResourceHealth"
  }
  enabled_log {
    category = "Security"
  }
  enabled_log {
    category = "ServiceHealth"
  }
}

Debug Output/Panic Output

{"@level":"info","@message":"azurerm_monitor_diagnostic_setting.subscription: Plan to update","@module":"terraform.ui","@timestamp":"2023-01-20T17:05:28.962335Z","change":{"resource":{"addr":"azurerm_monitor_diagnostic_setting.subscription","module":"","resource":"azurerm_monitor_diagnostic_setting.subscription","implied_provider":"azurerm","resource_type":"azurerm_monitor_diagnostic_setting","resource_name":"subscription","resource_key":null},"action":"update"},"type":"planned_change"}

Expected Behaviour

No changes to the azurerm_monitor_diagnostic_setting is planed

Actual Behaviour

In every plan azurerm_monitor_diagnostic_setting wants to set log_analytics_destination_typeagain to AzureDiagnostics.

Steps to Reproduce

No response

Important Factoids

This starts with 3.40.0. Is working with 3.39.1

References

No response

[tschechniker]

Hi there,

i face the same issue. This is super annoying because we have many resources with diagnostic settings.

+1 for this!

[krelf75]

Don't know if it helps, but I've noticed that keyvault resources happily accept the AzureDiagnostics value. Wasn't expecting that as Microsoft's own documentation in the REST API specifies that the acceptable values are null and Dedicated, but there it is ...

[Dyhr]

I have my setting set to "Dedicated" and I'm getting the same issue. It seems that it's not reading that property from the resource at all.

[roviracarlos]

Same issue here, in terraform the setting is set (logAnalyticsDestinationType) but the Get in Microsoft API Rest return null in this setting for most of the resources, only some of them have this setting applied like API Management.

[teowa]

@roviracarlos is right, for some resource the logAnalyticsDestinationTypeproperty is no longer applicable for now, see Azure/azure-rest-api-specs#22400 for detail. I am still contacting with the service team about the API issue to work out a solution.

The diff caused by logAnalyticsDestinationType should not affect the functionality of diagnostic setting. So we can just ignore it. A temp workaround is using ignore_change to ignore the diff.

[asbjorn-wiik]

This is still an issue in 3.42.0
resource "azurerm_monitor_diagnostic_setting" "datadog" {
for_each = var.enable_datadog_logs ? toset(keys(local.diagnostic_categories)) : toset([])
name = "datadog"
target_resource_id = local.diagnostic_target_resource_ids[each.key]
eventhub_name = local.datadog_eventhub_name
eventhub_authorization_rule_id = local.datadog_eventhub_authorization_rule
log_analytics_destination_type = null
............................

Will still in Terraform Plan or Apply produce a change
module.storage_account_my.azurerm_monitor_diagnostic_setting.datadog["queue"] will be updated in-place
~ resource "azurerm_monitor_diagnostic_setting" "datadog" {
id = "/subscriptions/11111111-2222-3333-4444-123456789012/resourceGroups/weu-stg-rg/providers/Microsoft.Storage/storageAccounts/weustgsa/queueServices/default|datadog"
+ log_analytics_destination_type = "AzureDiagnostics"
name = "datadog"
# (3 unchanged attributes hidden)

    # (8 unchanged blocks hidden)
}

[MarkKharitonov]

We also have this problem.

Is there an idea when this would be fixed?

[laurilarjo]

Still an issue with 3.44.1

[eyenx]

We also have this issue, any news on roadmap?

[indispeq]

Same issue happening for us, using latest, 3.44.1.

[github-actions]

This functionality has been released in v3.45.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.