From 3b17ac7c5faa9710622f5e92591b3532d85af635 Mon Sep 17 00:00:00 2001 From: Maciej Murawski Date: Fri, 22 Aug 2025 15:15:30 +0100 Subject: [PATCH 1/5] fix: a change to the module definition --- infrastructure/modules/diagnostic-settings/main.tf | 3 +-- infrastructure/modules/diagnostic-settings/variables.tf | 8 +------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/infrastructure/modules/diagnostic-settings/main.tf b/infrastructure/modules/diagnostic-settings/main.tf index 306d7d48..f024adae 100644 --- a/infrastructure/modules/diagnostic-settings/main.tf +++ b/infrastructure/modules/diagnostic-settings/main.tf @@ -14,11 +14,10 @@ resource "azurerm_monitor_diagnostic_setting" "this" { } } - dynamic "metric" { + dynamic "enabled_metric" { for_each = var.metric content { category = metric.value - enabled = var.metric_enabled } } diff --git a/infrastructure/modules/diagnostic-settings/variables.tf b/infrastructure/modules/diagnostic-settings/variables.tf index 86ae07bf..d1de364a 100644 --- a/infrastructure/modules/diagnostic-settings/variables.tf +++ b/infrastructure/modules/diagnostic-settings/variables.tf @@ -31,18 +31,12 @@ variable "log_analytics_workspace_id" { default = null } -variable "metric" { +variable "enabled_metric" { type = list(string) description = "value of the metric" default = [] } -variable "metric_enabled" { - type = bool - description = "True to retain diagnostic setting metrics, false otherwise" - default = true -} - variable "storage_account_id" { type = string description = "value of the storage account id if logging to storage account is being used." From 0f3d9d3a7b53d5e283ea1771403c1a0dae5a253c Mon Sep 17 00:00:00 2001 From: Maciej Murawski Date: Tue, 26 Aug 2025 10:05:02 +0100 Subject: [PATCH 2/5] fix: a change to the rest of the modules to use the new definition of diagnostic settings metrics --- infrastructure/modules/api-management/main.tf | 4 ++-- infrastructure/modules/app-service-plan/main.tf | 2 +- infrastructure/modules/cdn-frontdoor-profile/main.tf | 4 ++-- infrastructure/modules/cdn-frontdoor-profile/variables.tf | 6 ------ infrastructure/modules/container-registry/main.tf | 2 +- infrastructure/modules/diagnostic-settings/examples/main.tf | 2 +- infrastructure/modules/diagnostic-settings/main.tf | 2 +- infrastructure/modules/event-hub/main.tf | 2 +- infrastructure/modules/function-app/main.tf | 2 +- infrastructure/modules/key-vault/main.tf | 3 +-- infrastructure/modules/key-vault/variables.tf | 6 ------ infrastructure/modules/linux-web-app/main.tf | 2 +- infrastructure/modules/log-analytics-workspace/main.tf | 2 +- infrastructure/modules/postgresql-flexible/main.tf | 2 +- infrastructure/modules/sql-server/database.tf | 2 +- infrastructure/modules/sql-server/main.tf | 2 +- infrastructure/modules/storage/main.tf | 2 +- infrastructure/modules/vnet/main.tf | 2 +- 18 files changed, 18 insertions(+), 31 deletions(-) diff --git a/infrastructure/modules/api-management/main.tf b/infrastructure/modules/api-management/main.tf index d1c1cbdd..59e1865f 100644 --- a/infrastructure/modules/api-management/main.tf +++ b/infrastructure/modules/api-management/main.tf @@ -152,6 +152,6 @@ module "diagnostic-settings" { target_resource_id = azurerm_api_management.apim.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_apim_enabled_logs - metric = var.monitor_diagnostic_setting_apim_metrics - metric_enabled = var.metric_enabled + enabled_metric = var.monitor_diagnostic_setting_apim_metrics + } diff --git a/infrastructure/modules/app-service-plan/main.tf b/infrastructure/modules/app-service-plan/main.tf index 782dfa7b..98871e2a 100644 --- a/infrastructure/modules/app-service-plan/main.tf +++ b/infrastructure/modules/app-service-plan/main.tf @@ -28,5 +28,5 @@ module "diagnostic-settings" { target_resource_id = azurerm_service_plan.appserviceplan.id log_analytics_workspace_id = var.log_analytics_workspace_id #enabled_log = var.enabled_log - metric = var.monitor_diagnostic_setting_appserviceplan_metrics + enabled_metric = var.monitor_diagnostic_setting_appserviceplan_metrics } diff --git a/infrastructure/modules/cdn-frontdoor-profile/main.tf b/infrastructure/modules/cdn-frontdoor-profile/main.tf index 5c90f69e..375a4ff3 100644 --- a/infrastructure/modules/cdn-frontdoor-profile/main.tf +++ b/infrastructure/modules/cdn-frontdoor-profile/main.tf @@ -39,6 +39,6 @@ module "diagnostic-settings" { target_resource_id = azurerm_cdn_frontdoor_profile.this.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_frontdoor_enabled_logs - metric = var.monitor_diagnostic_setting_frontdoor_metrics - metric_enabled = var.metric_enabled + enabled_metric = var.monitor_diagnostic_setting_frontdoor_metrics + } diff --git a/infrastructure/modules/cdn-frontdoor-profile/variables.tf b/infrastructure/modules/cdn-frontdoor-profile/variables.tf index 409a5a1b..aa5e1b6c 100644 --- a/infrastructure/modules/cdn-frontdoor-profile/variables.tf +++ b/infrastructure/modules/cdn-frontdoor-profile/variables.tf @@ -19,12 +19,6 @@ variable "log_analytics_workspace_id" { default = null } -variable "metric_enabled" { - type = bool - description = "Enables retention for diagnostic settings metric" - default = true -} - variable "monitor_diagnostic_setting_frontdoor_enabled_logs" { type = list(string) description = "Controls which logs will be enabled for the Front Door profile" diff --git a/infrastructure/modules/container-registry/main.tf b/infrastructure/modules/container-registry/main.tf index 845bf356..03e2740e 100644 --- a/infrastructure/modules/container-registry/main.tf +++ b/infrastructure/modules/container-registry/main.tf @@ -54,6 +54,6 @@ module "diagnostic-settings" { target_resource_id = azurerm_container_registry.acr.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_acr_enabled_logs - metric = var.monitor_diagnostic_setting_acr_metrics + enabled_metric = var.monitor_diagnostic_setting_acr_metrics } diff --git a/infrastructure/modules/diagnostic-settings/examples/main.tf b/infrastructure/modules/diagnostic-settings/examples/main.tf index 6bfe4978..5dc51f96 100644 --- a/infrastructure/modules/diagnostic-settings/examples/main.tf +++ b/infrastructure/modules/diagnostic-settings/examples/main.tf @@ -6,6 +6,6 @@ module "diagnostic-settings" { target_resource_id = "${azurerm_storage_account.example.id}/${each.value}/default" log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id enabled_log = ["StorageWrite", "StorageRead", "StorageDelete"] - metric = ["AllMetrics"] + enabled_metric = ["AllMetrics"] } diff --git a/infrastructure/modules/diagnostic-settings/main.tf b/infrastructure/modules/diagnostic-settings/main.tf index f024adae..fc5ff801 100644 --- a/infrastructure/modules/diagnostic-settings/main.tf +++ b/infrastructure/modules/diagnostic-settings/main.tf @@ -15,7 +15,7 @@ resource "azurerm_monitor_diagnostic_setting" "this" { } dynamic "enabled_metric" { - for_each = var.metric + for_each = var.enabled_metric content { category = metric.value } diff --git a/infrastructure/modules/event-hub/main.tf b/infrastructure/modules/event-hub/main.tf index 1b2a90a5..8ae11dd7 100644 --- a/infrastructure/modules/event-hub/main.tf +++ b/infrastructure/modules/event-hub/main.tf @@ -104,7 +104,7 @@ module "diagnostic-settings" { target_resource_id = azurerm_eventhub_namespace.eventhub_ns.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_eventhub_enabled_logs - metric = var.monitor_diagnostic_setting_eventhub_metrics + enabled_metric = var.monitor_diagnostic_setting_eventhub_metrics } diff --git a/infrastructure/modules/function-app/main.tf b/infrastructure/modules/function-app/main.tf index c74f2905..eef86bc6 100644 --- a/infrastructure/modules/function-app/main.tf +++ b/infrastructure/modules/function-app/main.tf @@ -139,6 +139,6 @@ module "diagnostic-settings" { target_resource_id = azurerm_linux_function_app.function_app.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_function_app_enabled_logs - metric = var.monitor_diagnostic_setting_function_app_metrics + enabled_metric = var.monitor_diagnostic_setting_function_app_metrics } diff --git a/infrastructure/modules/key-vault/main.tf b/infrastructure/modules/key-vault/main.tf index cc6e3128..de1a812f 100644 --- a/infrastructure/modules/key-vault/main.tf +++ b/infrastructure/modules/key-vault/main.tf @@ -59,8 +59,7 @@ module "diagnostic-settings" { target_resource_id = azurerm_key_vault.keyvault.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_keyvault_enabled_logs - metric = var.monitor_diagnostic_setting_keyvault_metrics - metric_enabled = var.metric_enabled + enabled_metric = var.monitor_diagnostic_setting_keyvault_metrics } data "azurerm_client_config" "current" {} diff --git a/infrastructure/modules/key-vault/variables.tf b/infrastructure/modules/key-vault/variables.tf index 4e09fa37..2f586da3 100644 --- a/infrastructure/modules/key-vault/variables.tf +++ b/infrastructure/modules/key-vault/variables.tf @@ -19,12 +19,6 @@ variable "log_analytics_workspace_id" { description = "id of the log analytics workspace to send resource logging to via diagnostic settings" } -variable "metric_enabled" { - type = bool - description = "to enable retention for diagnostic settings metric" - default = true -} - variable "monitor_diagnostic_setting_keyvault_enabled_logs" { type = list(string) description = "Controls what logs will be enabled for the keyvault" diff --git a/infrastructure/modules/linux-web-app/main.tf b/infrastructure/modules/linux-web-app/main.tf index bf9116e0..39ecd0cd 100644 --- a/infrastructure/modules/linux-web-app/main.tf +++ b/infrastructure/modules/linux-web-app/main.tf @@ -173,5 +173,5 @@ module "diagnostic-settings" { target_resource_id = azurerm_linux_web_app.this.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_linux_web_app_enabled_logs - metric = var.monitor_diagnostic_setting_linux_web_app_metrics + enabled_metric = var.monitor_diagnostic_setting_linux_web_app_metrics } diff --git a/infrastructure/modules/log-analytics-workspace/main.tf b/infrastructure/modules/log-analytics-workspace/main.tf index 6825099d..d34ba77a 100644 --- a/infrastructure/modules/log-analytics-workspace/main.tf +++ b/infrastructure/modules/log-analytics-workspace/main.tf @@ -25,6 +25,6 @@ module "diagnostic-settings" { target_resource_id = azurerm_log_analytics_workspace.log_analytics_workspace.id log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id enabled_log = var.monitor_diagnostic_setting_log_analytics_workspace_enabled_logs - metric = var.monitor_diagnostic_setting_log_analytics_workspace_metrics + enabled_metric = var.monitor_diagnostic_setting_log_analytics_workspace_metrics } diff --git a/infrastructure/modules/postgresql-flexible/main.tf b/infrastructure/modules/postgresql-flexible/main.tf index 3f51e20d..736c3b31 100644 --- a/infrastructure/modules/postgresql-flexible/main.tf +++ b/infrastructure/modules/postgresql-flexible/main.tf @@ -135,5 +135,5 @@ module "diagnostic_setting_postgresql_server" { target_resource_id = azurerm_postgresql_flexible_server.postgresql_flexible_server.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_postgresql_server_enabled_logs - metric = var.monitor_diagnostic_setting_postgresql_server_metrics + enabled_metric = var.monitor_diagnostic_setting_postgresql_server_metrics } diff --git a/infrastructure/modules/sql-server/database.tf b/infrastructure/modules/sql-server/database.tf index 9498eee6..e20d999f 100644 --- a/infrastructure/modules/sql-server/database.tf +++ b/infrastructure/modules/sql-server/database.tf @@ -52,7 +52,7 @@ module "azurerm_monitor_diagnostic_setting_db" { target_resource_id = azurerm_mssql_database.defaultdb.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_database_enabled_logs - metric = var.monitor_diagnostic_setting_database_metrics + enabled_metric = var.monitor_diagnostic_setting_database_metrics } diff --git a/infrastructure/modules/sql-server/main.tf b/infrastructure/modules/sql-server/main.tf index 2b129f95..a5bd10fa 100644 --- a/infrastructure/modules/sql-server/main.tf +++ b/infrastructure/modules/sql-server/main.tf @@ -83,7 +83,7 @@ module "diagnostic_setting_sql_server" { target_resource_id = "${azurerm_mssql_server.azure_sql_server.id}/databases/master" log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_sql_server_enabled_logs - metric = var.monitor_diagnostic_setting_sql_server_metrics + enabled_metric = var.monitor_diagnostic_setting_sql_server_metrics # Add dependency on the database we create as the master database will be created by that point too depends_on = [azurerm_mssql_database.defaultdb] diff --git a/infrastructure/modules/storage/main.tf b/infrastructure/modules/storage/main.tf index 926b873f..fbb45e33 100644 --- a/infrastructure/modules/storage/main.tf +++ b/infrastructure/modules/storage/main.tf @@ -126,6 +126,6 @@ module "diagnostic-settings" { target_resource_id = "${azurerm_storage_account.storage_account.id}/${each.value}/default" log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_storage_account_enabled_logs - metric = var.monitor_diagnostic_setting_storage_account_metrics + enabled_metric = var.monitor_diagnostic_setting_storage_account_metrics } diff --git a/infrastructure/modules/vnet/main.tf b/infrastructure/modules/vnet/main.tf index 76017b53..da347c8c 100644 --- a/infrastructure/modules/vnet/main.tf +++ b/infrastructure/modules/vnet/main.tf @@ -20,6 +20,6 @@ module "diagnostic-settings" { target_resource_id = azurerm_virtual_network.vnet.id log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_vnet_enabled_logs - metric = var.monitor_diagnostic_setting_vnet_metrics + enabled_metric = var.monitor_diagnostic_setting_vnet_metrics } From bbeea005ba60a173632ea40ee97bc362f4d0de53 Mon Sep 17 00:00:00 2001 From: Maciej Murawski Date: Tue, 26 Aug 2025 13:29:14 +0100 Subject: [PATCH 3/5] fix: a change to the metrics category name --- infrastructure/modules/diagnostic-settings/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/modules/diagnostic-settings/main.tf b/infrastructure/modules/diagnostic-settings/main.tf index fc5ff801..8532258b 100644 --- a/infrastructure/modules/diagnostic-settings/main.tf +++ b/infrastructure/modules/diagnostic-settings/main.tf @@ -17,7 +17,7 @@ resource "azurerm_monitor_diagnostic_setting" "this" { dynamic "enabled_metric" { for_each = var.enabled_metric content { - category = metric.value + category = enabled_metric.value } } From 2f70fca943db21fc0167243fa106b95e77e071d1 Mon Sep 17 00:00:00 2001 From: Maciej Murawski Date: Thu, 28 Aug 2025 08:58:31 +0100 Subject: [PATCH 4/5] fix: separating the breaking change into another PR --- infrastructure/modules/api-management/main.tf | 1 + infrastructure/modules/cdn-frontdoor-profile/main.tf | 1 + infrastructure/modules/cdn-frontdoor-profile/variables.tf | 6 ++++++ infrastructure/modules/diagnostic-settings/main.tf | 1 + infrastructure/modules/diagnostic-settings/variables.tf | 6 ++++++ infrastructure/modules/key-vault/main.tf | 1 + infrastructure/modules/key-vault/variables.tf | 6 ++++++ 7 files changed, 22 insertions(+) diff --git a/infrastructure/modules/api-management/main.tf b/infrastructure/modules/api-management/main.tf index 59e1865f..0155ea57 100644 --- a/infrastructure/modules/api-management/main.tf +++ b/infrastructure/modules/api-management/main.tf @@ -153,5 +153,6 @@ module "diagnostic-settings" { log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_apim_enabled_logs enabled_metric = var.monitor_diagnostic_setting_apim_metrics + metric_enabled = var.metric_enabled } diff --git a/infrastructure/modules/cdn-frontdoor-profile/main.tf b/infrastructure/modules/cdn-frontdoor-profile/main.tf index 375a4ff3..baf1ff83 100644 --- a/infrastructure/modules/cdn-frontdoor-profile/main.tf +++ b/infrastructure/modules/cdn-frontdoor-profile/main.tf @@ -40,5 +40,6 @@ module "diagnostic-settings" { log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_frontdoor_enabled_logs enabled_metric = var.monitor_diagnostic_setting_frontdoor_metrics + metric_enabled = var.metric_enabled } diff --git a/infrastructure/modules/cdn-frontdoor-profile/variables.tf b/infrastructure/modules/cdn-frontdoor-profile/variables.tf index aa5e1b6c..409a5a1b 100644 --- a/infrastructure/modules/cdn-frontdoor-profile/variables.tf +++ b/infrastructure/modules/cdn-frontdoor-profile/variables.tf @@ -19,6 +19,12 @@ variable "log_analytics_workspace_id" { default = null } +variable "metric_enabled" { + type = bool + description = "Enables retention for diagnostic settings metric" + default = true +} + variable "monitor_diagnostic_setting_frontdoor_enabled_logs" { type = list(string) description = "Controls which logs will be enabled for the Front Door profile" diff --git a/infrastructure/modules/diagnostic-settings/main.tf b/infrastructure/modules/diagnostic-settings/main.tf index 8532258b..6b07cf75 100644 --- a/infrastructure/modules/diagnostic-settings/main.tf +++ b/infrastructure/modules/diagnostic-settings/main.tf @@ -18,6 +18,7 @@ resource "azurerm_monitor_diagnostic_setting" "this" { for_each = var.enabled_metric content { category = enabled_metric.value + enabled = var.metric_enabled } } diff --git a/infrastructure/modules/diagnostic-settings/variables.tf b/infrastructure/modules/diagnostic-settings/variables.tf index d1de364a..2628fc3f 100644 --- a/infrastructure/modules/diagnostic-settings/variables.tf +++ b/infrastructure/modules/diagnostic-settings/variables.tf @@ -37,6 +37,12 @@ variable "enabled_metric" { default = [] } +variable "metric_enabled" { + type = bool + description = "True to retain diagnostic setting metrics, false otherwise" + default = true +} + variable "storage_account_id" { type = string description = "value of the storage account id if logging to storage account is being used." diff --git a/infrastructure/modules/key-vault/main.tf b/infrastructure/modules/key-vault/main.tf index de1a812f..06b2b7d0 100644 --- a/infrastructure/modules/key-vault/main.tf +++ b/infrastructure/modules/key-vault/main.tf @@ -60,6 +60,7 @@ module "diagnostic-settings" { log_analytics_workspace_id = var.log_analytics_workspace_id enabled_log = var.monitor_diagnostic_setting_keyvault_enabled_logs enabled_metric = var.monitor_diagnostic_setting_keyvault_metrics + metric_enabled = var.metric_enabled } data "azurerm_client_config" "current" {} diff --git a/infrastructure/modules/key-vault/variables.tf b/infrastructure/modules/key-vault/variables.tf index 2f586da3..4e09fa37 100644 --- a/infrastructure/modules/key-vault/variables.tf +++ b/infrastructure/modules/key-vault/variables.tf @@ -19,6 +19,12 @@ variable "log_analytics_workspace_id" { description = "id of the log analytics workspace to send resource logging to via diagnostic settings" } +variable "metric_enabled" { + type = bool + description = "to enable retention for diagnostic settings metric" + default = true +} + variable "monitor_diagnostic_setting_keyvault_enabled_logs" { type = list(string) description = "Controls what logs will be enabled for the keyvault" From 66fab957978553899c0330c76741588ddb57d769 Mon Sep 17 00:00:00 2001 From: Maciej Murawski Date: Thu, 28 Aug 2025 09:22:59 +0100 Subject: [PATCH 5/5] fix: separating the breaking change into another PR --- infrastructure/modules/diagnostic-settings/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/infrastructure/modules/diagnostic-settings/main.tf b/infrastructure/modules/diagnostic-settings/main.tf index 6b07cf75..8532258b 100644 --- a/infrastructure/modules/diagnostic-settings/main.tf +++ b/infrastructure/modules/diagnostic-settings/main.tf @@ -18,7 +18,6 @@ resource "azurerm_monitor_diagnostic_setting" "this" { for_each = var.enabled_metric content { category = enabled_metric.value - enabled = var.metric_enabled } }