fix: remove diagnosis setting attributes

clouddrove · Jan 10, 2024 · 29b2f1b · 29b2f1b
1 parent 8a71132
commit 29b2f1b
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 36 deletions.
diff --git a/_example/linux-vm/example.tf b/_example/linux-vm/example.tf
@@ -85,7 +85,7 @@ module "security_group" {
 }
 
 ##-----------------------------------------------------------------------------
-## key-vault module call.
+## key-vault module call for disc encryption of virtual machine with cmk.
 #-----------------------------------------------------------------------------
 module "key_vault" {
   source                      = "clouddrove/key-vault/azure"
@@ -109,6 +109,21 @@ module "key_vault" {
   }
 }
 
+##-----------------------------------------------------------------------------
+## log-analytics module call for diagnosis setting 
+#-----------------------------------------------------------------------------
+module "log-analytics" {
+  source                           = "clouddrove/log-analytics/azure"
+  version                          = "1.0.1"
+  name                             = "app"
+  environment                      = "test"
+  label_order                      = ["name", "environment"]
+  create_log_analytics_workspace   = true
+  log_analytics_workspace_sku      = "PerGB2018"
+  resource_group_name              = module.resource_group.resource_group_name
+  log_analytics_workspace_location = module.resource_group.resource_group_location
+}
+
 ##-----------------------------------------------------------------------------
 ## linux virtual-machine module call.
 ##-----------------------------------------------------------------------------
@@ -186,6 +201,6 @@ module "virtual-machine" {
   }]
 
   #### enable diagnostic setting
-  diagnostic_setting_enable  = false
-  log_analytics_workspace_id = ""
+  diagnostic_setting_enable  = true
+  log_analytics_workspace_id = module.log-analytics.workspace_id ## when diagnostic_setting_enable enable,  add log analytics workspace id
 }
diff --git a/main.tf b/main.tf
@@ -411,39 +411,26 @@ resource "azurerm_virtual_machine_extension" "vm_insight_monitor_agent" {
 ##-----------------------------------------------------------------------------
 resource "azurerm_monitor_diagnostic_setting" "pip_gw" {
   count                          = var.enabled && var.diagnostic_setting_enable && var.public_ip_enabled ? var.machine_count : 0
-  name                           = var.vm_addon_name == null ? format("%s-vm-pip-%s-diagnostic-log", module.labels.id, count.index + 1) : format("%s-vm-pip-%s-diagnostic-log", module.labels.id, var.vm_addon_name)
-  target_resource_id             = join("", azurerm_public_ip.default[0].id)
+  name                           = var.vm_addon_name == null ? format("%s-vm-pip-diagnostic-log-%s", module.labels.id, count.index + 1) : format("%s-vm-pip-%s-diagnostic-log", module.labels.id, var.vm_addon_name)
+  target_resource_id             = azurerm_public_ip.default[0].id
   storage_account_id             = var.storage_account_id
   eventhub_name                  = var.eventhub_name
   eventhub_authorization_rule_id = var.eventhub_authorization_rule_id
   log_analytics_workspace_id     = var.log_analytics_workspace_id
   log_analytics_destination_type = var.log_analytics_destination_type
-  metric {
-    category = "AllMetrics"
-    enabled  = var.Metric_enable
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.diagnostic_log_days
-    }
-  }
-  log {
-    category       = var.category
-    category_group = "AllLogs"
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.diagnostic_log_days
+  dynamic "metric" {
+    for_each = var.metric_enabled ? ["AllMetrics"] : []
+    content {
+      category = metric.value
+      enabled  = true
     }
-    enabled = var.log_enabled
   }
-
-  log {
-    category       = var.category
-    category_group = "Audit"
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.diagnostic_log_days
+  dynamic "enabled_log" {
+    for_each = var.pip_logs.enabled ? var.pip_logs.category != null ? var.pip_logs.category : var.pip_logs.category_group : []
+    content {
+      category       = var.pip_logs.category != null ? enabled_log.value : null
+      category_group = var.pip_logs.category == null ? enabled_log.value : null
     }
-    enabled = var.log_enabled
   }
   lifecycle {
     ignore_changes = [log_analytics_destination_type]
@@ -455,19 +442,18 @@ resource "azurerm_monitor_diagnostic_setting" "pip_gw" {
 ##-----------------------------------------------------------------------------
 resource "azurerm_monitor_diagnostic_setting" "nic_diagnostic" {
   count                          = var.enabled && var.diagnostic_setting_enable ? var.machine_count : 0
-  name                           = var.vm_addon_name == null ? format("%s-network-interface-%s-diagnostic-log", module.labels.id, count.index + 1) : format("%s-network-interface-%s-diagnostic-log", module.labels.id, var.vm_addon_name)
+  name                           = var.vm_addon_name == null ? format("%s-pe-vm-nic-diagnostic-log-%s", module.labels.id, count.index + 1) : format("%s-pe-vm-nic-%s-diagnostic-log-%", module.labels.id, var.vm_addon_name)
   target_resource_id             = azurerm_network_interface.default[0].id
   storage_account_id             = var.storage_account_id
   eventhub_name                  = var.eventhub_name
   eventhub_authorization_rule_id = var.eventhub_authorization_rule_id
   log_analytics_workspace_id     = var.log_analytics_workspace_id
   log_analytics_destination_type = var.log_analytics_destination_type
-  metric {
-    category = "AllMetrics"
-    enabled  = var.Metric_enable
-    retention_policy {
-      enabled = var.retention_policy_enabled
-      days    = var.days
+  dynamic "metric" {
+    for_each = var.metric_enabled ? ["AllMetrics"] : []
+    content {
+      category = metric.value
+      enabled  = true
     }
   }
   lifecycle {

diff --git a/variables.tf b/variables.tf
@@ -521,12 +521,25 @@ variable "diagnostic_log_days" {
   description = " The number of days for which this Retention Policy should apply."
 }
 
-variable "Metric_enable" {
+variable "metric_enabled" {
   type        = bool
   default     = true
   description = "Is this Diagnostic Metric enabled? Defaults to true."
 }
 
+variable "pip_logs" {
+  type = object({
+    enabled        = bool
+    category       = optional(list(string))
+    category_group = optional(list(string))
+  })
+
+  default = {
+    enabled        = true
+    category_group = ["AllLogs"]
+  }
+}
+
 variable "diagnostic_setting_enable" {
   type    = bool
   default = false