Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alert level not assigned properly for azure activity log alerts #25757

Open
1 task done
Samantha277 opened this issue Apr 25, 2024 · 1 comment
Open
1 task done

Alert level not assigned properly for azure activity log alerts #25757

Samantha277 opened this issue Apr 25, 2024 · 1 comment
Labels
service/monitor v/3.x waiting-response

Comments

@Samantha277
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.5.5

AzureRM Provider Version

3.57.0

Affected Resource(s)/Data Source(s)

azurerm_monitor_activity_log_alert

Terraform Configuration Files

resource "azurerm_monitor_activity_log_alert" "test" {
  name = "Track-Key Vault update alert"
  resource_group_name = "monitoring-poc"
  scopes              = ["/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/monitoring-poc"]
  description = "This alert will monitor updates to Key Vault"
  criteria {
      resource_id    = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/monitoring-poc/providers/Microsoft.KeyVault/vaults/kv-monitoringpoc"
      operation_name = "Microsoft.KeyVault/vaults/write"
      category       = "Administrative"
      level          = "Warning"
    }
  action {
    action_group_id = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/monitoring-poc/providers/Microsoft.Insights/actiongroups/AG-Terraform"
  }
  depends_on = [ resource.azurerm_monitor_action_group.example ]
}

Debug Output/Panic Output

https://gist.github.com/Samantha277/0f2999f2a6183e282a2870fec2ae3b82

Expected Behaviour

Alert created with level/severity "Warning"

Actual Behaviour

Alert created with severity "Verbose" and alerts are not fired when write occurs in the Key Vault

Steps to Reproduce

terraform apply

Important Factoids

No response

References

No response
@teowa
Copy link
Contributor

teowa commented Apr 28, 2024

Hi @Samantha277 , do you mean in the config the azurerm_monitor_activity_log_alert is set with level= "Warning" but the real resource is created with level = "Verbose"? If so, can you provide logs containing HTTP logs where request contains Warning but response returns Verbose, along with x-ms-requeset-id?

As for alerts are not fired when write occurs in the Key Vault, it might because Microsoft.KeyVault/vaults/write operation only include operations performed directly on the KeyVault, but not write to KeyVault Secret or KeyVault Certificate .

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/monitor v/3.x waiting-response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Samantha277 @teowa @rcskosir