-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Creating log search alert rules with no identity leads to incorrect alert creation (last working version 3.97.1) #25995
Comments
This comment was marked as off-topic.
This comment was marked as off-topic.
Hi. The identity field only accepts system assigned and user assigned. There is no option for no identity, which is what a large number of customers want. It should allow for the default option of no identity assignment |
completely agree with @nisreen95 . In the current state, TF provider creates resources which are not working. Which for alerts is quite disturbing because you always understand the hard way - you expect an alert to be triggered when you have an issue but you don't get one.
|
The property shouldn't be mandatory, because we can create log query alerts in the portal without assigning an identity, correct? Terraform is passing type:None, userAssignedIdentities:null in the requestbody, but creating an alert manually in the portal doesn't pass any identity parameters in the requestbody, according the Portal Activity log JSON. The Azure log query docs say when you leave the radio as 'Default' the alert rule permissions are based on the permissions of the last user to edit the rule |
The API doc says identity is optional. The portal/API lets you create log query alerts without identity. The provider change #25365 is wrong for sending identity in the request parameters no matter what, is it not? |
@nisreen95 A workaround is to use the Azure CLI to update the --disabled or --severity properties on the log alert. You don't even need to set disabled true and then re-enable, you can just send a '--disabled false' and the alert will fix itself. Then you can edit the alert in the portal and save like normal as well. This will fix the alert triggering and mine worked again after modifying.
or
|
Exactly, we are using SPNs to authenticate and do not want to add an extra step to use managed identity for all our future alerts. In the meantime, as a workaround for our new alerts, we are using managed identity with log analytics reader access for the app insights resource. |
Is there an existing issue for this?
Community Note
Terraform Version
1.7.5
AzureRM Provider Version
3.103.1
Affected Resource(s)/Data Source(s)
azurerm_monitor_scheduled_query_rules_alert_v2
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
When no identity is included in the configuration, the alert rule should create normally and use the default authentication mechanism, which is not to use identity
Actual Behaviour
Even though the alert rule is created, the authentication does not work and alert rule never fires. The last working version is 3.97.1
Steps to Reproduce
Create a log search alert V2 without any identity specified in any module above 3.97.1
Alert will successfully create, but will be unknown in resource health and never fires as authentication does not work.
Important Factoids
None
References
None
The text was updated successfully, but these errors were encountered: