Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling traffic analytics on resource azurerm_network_watcher_flow_log crashes terraform #28407

Open
1 task done
keisari-ch opened this issue Jan 3, 2025 · 1 comment · May be fixed by #28416
Open
1 task done

Disabling traffic analytics on resource azurerm_network_watcher_flow_log crashes terraform #28407

keisari-ch opened this issue Jan 3, 2025 · 1 comment · May be fixed by #28416
Labels
bug crash service/network v/4.x

Comments

@keisari-ch
Copy link

keisari-ch commented Jan 3, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.8 & 1.10.3

AzureRM Provider Version

4.14.0

Affected Resource(s)/Data Source(s)

azurerm_network_watcher_flow_log

Terraform Configuration Files

resource "azurerm_network_watcher_flow_log" "flow_log" {
  for_each = { for vnet in local.virtual_networks : vnet.name => vnet }

  network_watcher_name = azurerm_network_watcher.nw.name
  resource_group_name  = each.value.resource_group_name
  name                 = format("flowLogs-%s", each.key)
  tags                 = var.defaults.tags

  target_resource_id = azurerm_virtual_network.virtual_networks[each.key].id
  storage_account_id = var.defaults.logs.storage_account_id
  enabled            = each.value.flow_logs

  retention_policy {
    enabled = true
    days    = 7
  }

  dynamic "traffic_analytics" {
    for_each = each.value.flow_logs_traffic_analytics == true ? [1] : []

    content {
      enabled               = each.value.flow_logs
      workspace_id          = data.azurerm_log_analytics_workspace.ds_laws.workspace_id
      workspace_region      = data.azurerm_log_analytics_workspace.ds_laws.location
      workspace_resource_id = data.azurerm_log_analytics_workspace.ds_laws.id
      interval_in_minutes   = 60
    }
  }
}

Debug Output/Panic Output

Terraform will perform the following actions:

  # module.azure_virtual_network.azurerm_network_watcher_flow_log.flow_log["vnet-random-prod"] will be updated in-place
  ~ resource "azurerm_network_watcher_flow_log" "flow_log" {
        id                   = "/subscriptions/{masked}/resourceGroups/{masked}/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westeurope/flowLogs/flowLogs-vnet-random-prod"
        name                 = "flowLogs-vnet-random-prod"
      ~ tags                 = {
            "Environment"       = "PROD"
            "Service"           = "Core"
          + "ado-pipeline-id"   = "159"
          + "ado-repo-id"       = "DevOps/Network/network-core"
          + "managed-by"        = "terraform"
        }
        # (7 unchanged attributes hidden)

      - traffic_analytics {
          - enabled               = true -> null
          - interval_in_minutes   = 60 -> null
          - workspace_id          = "abcdefgh-1234-4c11-1111-1234567890abcdef" -> null
          - workspace_region      = "westeurope" -> null
          - workspace_resource_id = "/subscriptions/{masked}/resourceGroups/{masked}providers/Microsoft.OperationalInsights/workspaces/{masked}" -> null
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
module.azure_virtual_network.azurerm_network_watcher_flow_log.flow_log["vnet-random-prod"]: Modifying... [id=/subscriptions/{masked}/resourceGroups/{masked}/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westeurope/flowLogs/flowLogs-vnet-random-prod]
╷
│ Error: Plugin did not respond
│ 
│   with module.azure_virtual_network.azurerm_network_watcher_flow_log.flow_log["vnet-random-prod"],
│   on ../../source/azure_virtual_network/main.tf line 272, in resource "azurerm_network_watcher_flow_log" "flow_log":
│  272: resource "azurerm_network_watcher_flow_log" "flow_log" {
│ 
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-azurerm_v4.14.0_x5 plugin:

panic: runtime error: index out of range [0] with length 0

goroutine 43 [running]:
github.com/hashicorp/terraform-provider-azurerm/internal/services/network.expandNetworkWatcherFlowLogTrafficAnalytics(0xe1c6b40?)
        github.com/hashicorp/terraform-provider-azurerm/internal/services/network/network_watcher_flow_log_resource.go:562 +0x3af
github.com/hashicorp/terraform-provider-azurerm/internal/services/network.resourceNetworkWatcherFlowLogUpdate(0xc002e1eb80, {0x71ed100, 0xc001f0d688})
        github.com/hashicorp/terraform-provider-azurerm/internal/services/network/network_watcher_flow_log_resource.go:348 +0x6a5
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0x8ab4548?, {0x8ab4548?, 0xc002e00f60?}, 0xd?, {0x71ed100?, 0xc001f0d688?})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:828 +0x15f
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc0017e49a0, {0x8ab4548, 0xc002e00f60}, 0xc0019744e0, 0xc002e1ea00, {0x71ed100, 0xc001f0d688})
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:947 +0x83a
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc000a075d8, {0x8ab4548?, 0xc002e00ea0?}, 0xc001a08370)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:1155 +0xd5c
github.com/hashicorp/terraform-plugin-mux/tf5muxserver.(*muxServer).ApplyResourceChange(0xc0001bb780, {0x8ab4548?, 0xc002e00bd0?}, 0xc001a08370)
        github.com/hashicorp/[email protected]/tf5muxserver/mux_server_ApplyResourceChange.go:36 +0x193
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc001ae1c20, {0x8ab4548?, 0xc002e001e0?}, 0xc000cf2000)
        github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:865 +0x3d0
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x7f9c8a0, 0xc001ae1c20}, {0x8ab4548, 0xc002e001e0}, 0xc002e1e000, 0x0)
        github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:611 +0x1a6
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001b6e00, {0x8ab4548, 0xc002e00150}, {0x8ae29c0, 0xc001777520}, 0xc002e10000, 0xc0018171d0, 0xe1b8278, 0x0)
        google.golang.org/[email protected]/server.go:1394 +0xe49
google.golang.org/grpc.(*Server).handleStream(0xc0001b6e00, {0x8ae29c0, 0xc001777520}, 0xc002e10000)
        google.golang.org/[email protected]/server.go:1805 +0xe8b
google.golang.org/grpc.(*Server).serveStreams.func2.1()
        google.golang.org/[email protected]/server.go:1029 +0x8b
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 40
        google.golang.org/[email protected]/server.go:1040 +0x125

Error: The terraform-provider-azurerm_v4.14.0_x5 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.


# With TG_LOG=TRACE, i guess it crashes here :

2025-01-03T11:47:37.147+0100 [DEBUG] provider.terraform-provider-azurerm_v4.14.0_x5: {"name":"flowLogs-vnet-random-prod","id":"/subscriptions/{masked}/resourceGroups/{masked}/providers/Microsoft.Network/networkWatchers/NetworkWatcher_westeurope/flowLogs/flowLogs-vnet-random-prod","etag":"W/\"7619c5bc-b942-4ef1-91fe-527fe16c9286\"","properties":{"provisioningState":"Succeeded","targetResourceId":"/subscriptions/{masked}/resourceGroups/{masked}/providers/Microsoft.Network/virtualNetworks/vnet-random-prod","targetResourceGuid":"190a280a-3777-42cb-9238-3aa4b25afebc","storageId":"/subscriptions/{masked}resourceGroups/{masked}/providers/Microsoft.Storage/storageAccounts/{masked}","enabled":true,"flowAnalyticsConfiguration":{"networkWatcherFlowAnalyticsConfiguration":{"enabled":true,"workspaceId":"e18ffa7b-264f-4c10-8f43-cc928d61a0b4","workspaceRegion":"westeurope","workspaceResourceId":"/subscriptions/{masked}resourceGroups/{masked}/providers/Microsoft.OperationalInsights/workspaces/laws-hub-prod","trafficAnalyticsInterval":60}},"retentionPolicy":{"days":7,"enabled":true},"format":{"type":"JSON","version":1},"enabledFilteringCriteria":""},"type":"Microsoft.Network/networkWatchers/flowLogs","location":"westeurope","tags":{"Environment":"PROD","Service":"Core"}}
2025-01-03T11:47:37.147+0100 [DEBUG] provider.terraform-provider-azurerm_v4.14.0_x5: [DEBUG] Locking "/subscriptions/{masked}/resourceGroups/{masked}/providers/Microsoft.Network/virtualNetworks/vnet-random-prod"
2025-01-03T11:47:37.147+0100 [DEBUG] provider.terraform-provider-azurerm_v4.14.0_x5: [DEBUG] Locked "/subscriptions/{masked}/resourceGroups/{masked}/providers/Microsoft.Network/virtualNetworks/vnet-random-prod"
2025-01-03T11:47:37.147+0100 [DEBUG] provider.terraform-provider-azurerm_v4.14.0_x5: [DEBUG] Unlocking "/subscriptions/{masked}/resourceGroups/{masked}/providers/Microsoft.Network/virtualNetworks/vnet-random-prod"
2025-01-03T11:47:37.147+0100 [DEBUG] provider.terraform-provider-azurerm_v4.14.0_x5: [DEBUG] Unlocked "/subscriptions/{masked}/resourceGroups/{masked}/providers/Microsoft.Network/virtualNetworks/vnet-random-prod"
2025-01-03T11:47:37.147+0100 [TRACE] provider.terraform-provider-azurerm_v4.14.0_x5: Served request: tf_proto_version=5.7 @caller=runtime/panic.go:770 @module=sdk.proto tf_provider_addr=registry.terraform.io/hashicorp/azurerm tf_req_id=5bb0ded7-1f73-b57b-31b0-15b9283de9ed tf_resource_type=azurerm_network_watcher_flow_log tf_rpc=ApplyResourceChange timestamp="2025-01-03T11:47:37.147+0100"
2025-01-03T11:47:37.150+0100 [DEBUG] provider.terraform-provider-azurerm_v4.14.0_x5: panic: runtime error: index out of range [0] with length 0

Expected Behaviour

traffic analyrics should be removed, and it would mean traffic analyrics is disabled on the flow log

Actual Behaviour

crash after getting the details of the flow log as detailed in panic log

Steps to Reproduce

terraform apply

Important Factoids

No response

References

#28177
#27389
@neil-yechenwei neil-yechenwei linked a pull request Jan 6, 2025 that will close this issue
Open
14 tasks
@rcskosir
Copy link
Contributor

rcskosir commented Jan 6, 2025

Thank you for taking the time to open this issue. Please subscribe to PR #28416 created for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug crash service/network v/4.x
Projects
None yet
Milestone
No milestone
2 participants
@keisari-ch @rcskosir