terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Terraform to create Appinsight Named value from Keyvault while creating the APIM ligger

Open vivuu1989 opened this issue 9 months ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Community Note

We have below terraform code to create AzureAPIM logger configuration for the appinsight during the appinsight creation itself. But here we are facing challenge to configure the Appinsight Instrumentation Key as named value from one of existing keyvault.

Looking for both the appinsight and logger addition with namedvalue of instrumentation key (from kv) as part of the application insight creation itself and not through manual task of creating secret in Keyvault after creating the Appinsight.

Terraform Version

1.2

AzureRM Provider Version

3.4.0

Affected Resource(s)/Data Source(s)

APIM Logger

Terraform Configuration Files

resource "azurerm_application_insights" "appinsights" {
      name                       = var.appinsights_name
      location                   = var.location
      resource_group_name        = var.rg_name
      application_type           = var.application_type
      retention_in_days          = var.retention_in_days
      workspace_id               = data.azurerm_log_analytics_workspace.laworkspace.id
      internet_ingestion_enabled = var.internet_ingestion_enabled
      disable_ip_masking         = var.disable_ip_masking
      
      tags = var.appinsights_tags
    
      lifecycle {
        ignore_changes = [
          tags,
          disable_ip_masking
        ]
      }
    }
    
    
    resource "azurerm_api_management_logger" "logger" {
      count = var.add_to_apim ? 1 : 0
    
      api_management_name = var.apim_name
      resource_group_name = var.apim_rg
      name                = azurerm_application_insights.appinsights.name
      resource_id         = azurerm_application_insights.appinsights.id
    
      application_insights {
        instrumentation_key = azurerm_application_insights.appinsights.instrumentation_key
      }
    
      lifecycle {
        ignore_changes = [
          resource_id
        ]
      }
    }

Debug Output/Panic Output

No solution found to directly integrate to Keyvault for named values

Expected Behaviour

No response

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

vivuu1989 avatar May 13 '24 17:05 vivuu1989

Hi @vivuu1989 , thanks for submitting this! Do you mean to reference the Key Vault Secret in the azurerm_api_management_logger.application_insights.instrumentation_key field, for example in below code:

resource "azurerm_key_vault_secret" "example" {
  name         = "examplesecret"
  value        = azurerm_application_insights.appinsights.instrumentation_key
  key_vault_id = azurerm_key_vault.example.id
}
# additional access policy is needed
resource "azurerm_api_management_logger" "logger" {
   ...
  application_insights {
    instrumentation_key = azurerm_application_insights.appinsights.instrumentation_key
  }
}

Or if it is not, could you please provide more context, is there any docs for the use cases? Thanks.

teowa avatar May 14 '24 06:05 teowa

hi, i had the same question, is there any way to not add 'instrumentation_key' as a string? in the azure portal, the named value can be pulled from vault directly

what i did is to create a named value

resource "azurerm_api_management_named_value" "example" {
  name                = "instrumentation-key"
  display_name        = "instrumentation-key"
...
  secret = true
  value_from_key_vault {
    secret_id = var.vault_key_secret_id
  }
}

and reference it in the logger as var (in the end, the api/terraform is doing the same, i kinda figure it out because i clicked on it in Monitoring -> Application Insights -> your_logger_name -> Instrumentation key )

resource "azurerm_api_management_logger" "example" {

...

  application_insights {
    instrumentation_key = "{{instrumentation-key}}"
  }
}

capetrei avatar Jul 19 '24 12:07 capetrei

Thank you for taking the time to raise this! We use Issues in this repository to track feature enhancements and bugs in the Azure Provider. So that we can maintain focus on that, we instead ask that broader questions are raised using one of the Community Resources, such as the Azure Provider forum. With that in mind, I'm going to close this issue.

rcskosir avatar Aug 27 '24 19:08 rcskosir

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Sep 27 '24 02:09 github-actions[bot]