azurerm_monitor_diagnostic_setting always showing drift.

[markusbecker]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.3.7

AzureRM Provider Version

3.41.0

Affected Resource(s)/Data Source(s)

azurerm_monitor_diagnostic_setting

Terraform Configuration Files

resource "azurerm_monitor_diagnostic_setting" "diagnostics-vnets" {
  name                       = "diag-vnet-log-operations"
  log_analytics_destination_type = "AzureDiagnostics"
  target_resource_id         = azurerm_virtual_network.vnet.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.operation_log.id

  enabled_log {
      category = "VMProtectionAlerts"

      retention_policy {
        enabled = false
        days    = 0
      }
    }

  metric {
    category = "AllMetrics"
    enabled = false

    retention_policy {
      enabled = false
      days    = 0
    }
  }
  }

Debug Output/Panic Output

# azurerm_monitor_diagnostic_setting.diagnostics-vnets will be updated in-place
  ~ resource "azurerm_monitor_diagnostic_setting" "diagnostics-vnets" {
        id                             = "/subscriptions/xxx/resourceGroups/rg-westeurope-connectivity/providers/Microsoft.Network/virtualNetworks/vnet-westeurope-main|diag-vnet-log-operations"
      + log_analytics_destination_type = "AzureDiagnostics"
        name                           = "diag-vnet-log-operations"
        # (2 unchanged attributes hidden)
        # (3 unchanged blocks hidden)
    }

Expected Behaviour

No property changed, so no update should be planned and applied.

Actual Behaviour

Terraform is always trying to update the diagnostic_settings in-place, without any actual change to the resource.

What i found out so far:

This behaviour was introduced probably with azurerm v3.40.0. With e.g. 3.38.0 and 3.39.1 it was working fine for me. The root cause seems to be mentioned here (Azure/azure-rest-api-specs#9281) where Azure resources are reporting back the destination_type very inconsistent.

With azurerm 3.40.0 a default value was introduced for that field (v3.39.1...v3.40.0#diff-a63d5b7afa0481d351b89b738291b612e9bbf364bc1edf6ce8c2ed3d66c735bbR104) , that introduces this updating loop for resources that dont report back the destination_type (which is then also not stored in the state file).

Is it possible to remove this default value again without breaking anything? I think in the current situation with the Azure Rest API thats the best configuration.

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[Klaas-]

Duplicate of #20140

[Klaas-]

Potentially fixed by #20203

[markusbecker]

@Klaas- you are correct. the search really fooled me here. I guess we can close is then.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.