You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.
Terraform Version
1.3.9
AzureRM Provider Version
3.98.0
Affected Resource(s)/Data Source(s)
azurerm_sentinel_alert_rule_scheduled
Terraform Configuration Files
provider"azurerm" {
features {}
}
resource"azurerm_resource_group""example" {
name ="example"
location ="West Europe"
}
resource"azurerm_log_analytics_workspace""example" {
name ="example"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku ="PerGB2018"
}
resource"azurerm_sentinel_log_analytics_workspace_onboarding""example" {
workspace_id = azurerm_log_analytics_workspace.example.id
}
resource"azurerm_sentinel_alert_rule_scheduled""example" {
name ="example"
log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.example.workspace_id
alert_rule_template_guid ="173f8699-6af5-484a-8b06-8c47ba89b380"
alert_rule_template_version ="1.0.4"
display_name ="example"
severity ="Medium"
query =<<QUERYAzureActivity | where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" | where ActivityStatus == "Succeeded" | make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by CallerQUERY
}
Debug Output/Panic Output
╷
│ Error: creating Sentinel Alert Rule Scheduled "Alert Rule (Subscription: \"25d04c6b-xxxxxx\"\nResource Group Name: \"example\"\nWorkspace Name: \"example\"\nRule: \"example\")": unexpected status 409 (409 Conflict) with error: Conflict: The rule with id 'example' was recently deleted. You need to allow some time before re-using the same id. Please try again later.
│
│ with azurerm_sentinel_alert_rule_scheduled.example,
│ on main.tf line 21, in resource "azurerm_sentinel_alert_rule_scheduled""example":
│ 21: resource "azurerm_sentinel_alert_rule_scheduled""example" {
│
╵
Expected Behaviour
The alert_rule_template_version is updated, e.g., from "1.0.4" to "1.0.5", and the deployment is successful in one attempt.
Actual Behaviour
The deployment failed with error code 409, output with a message saying it needs some time before re-using the same id.
Essentially, according to the docs, changing the version of the alert rule will force a new Sentinel Scheduled Alert Rule to be created. Previously, creating a newly updated rule will be done immediately after destroying the resources.
Still, now it seems that the time of this process is dramatically extended and will require another apply attempt after almost one hour, which in the meantime introduces the risk of missing the rule that was going to be updated.
Steps to Reproduce
deploy the resource with alert_rule_template_version being "1.0.4"
update alert_rule_template_version being` to "1.0.5" and deploy it again
Important Factoids
none
References
No response
The text was updated successfully, but these errors were encountered:
The 429 error is returned by the Azure backend service. On the provider side we can almost do nothing about it but to obey the service's implementation.
However, we found upgrading the alert_rule_template_version could be done without forcing a new azurerm_sentinel_alert_rule_scheduled to be re-created. I have submitted a PR(#25688) for this. You can subscribe it to keep track on it.
Is there an existing issue for this?
Community Note
Terraform Version
1.3.9
AzureRM Provider Version
3.98.0
Affected Resource(s)/Data Source(s)
azurerm_sentinel_alert_rule_scheduled
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
The
alert_rule_template_version
is updated, e.g., from "1.0.4" to "1.0.5", and the deployment is successful in one attempt.Actual Behaviour
The deployment failed with error code 409, output with a message saying it needs some time before re-using the same id.
Essentially, according to the docs, changing the version of the alert rule will force a new Sentinel Scheduled Alert Rule to be created. Previously, creating a newly updated rule will be done immediately after destroying the resources.
Still, now it seems that the time of this process is dramatically extended and will require another apply attempt after almost one hour, which in the meantime introduces the risk of missing the rule that was going to be updated.
Steps to Reproduce
alert_rule_template_version
being "1.0.4"alert_rule_template_version
being` to "1.0.5" and deploy it againImportant Factoids
none
References
No response
The text was updated successfully, but these errors were encountered: