sumologic / terraform-provider-sumologic Goto Github PK
View Code? Open in Web Editor NEWTerraform provider for Sumo Logic
Home Page: https://www.terraform.io/docs/providers/sumologic/
License: Mozilla Public License 2.0
terraform-provider-sumologic's Issues
missing " on name = "test-connection"
missing " on name = "test-connection"
sumologic_content error for config
I am using the example on this page https://www.terraform.io/docs/providers/sumologic/r/content.html but I am seeing errors which is pointing to this Line 158. I am using the example straight from the example.
config =
jsonencode({
Error: Invalid expression
On modules/application/sumo/config.tf line 158: Expected the start of an
expression, but found an invalid expression token.
Error: Argument or block definition required
On modules/application/sumo/config.tf line 159: An argument or block
definition is required here. To set an argument, use the equals sign "=" to
introduce the argument value.
I am using Terraform version v0.12.25
Documentation links go to archived repository
https://github.com/SumoLogic/terraform-provider-sumologic/blob/master/website/docs/r/polling_source.html.markdown -> Common Source Properties -> https://github.com/terraform-providers/terraform-provider-sumologic/tree/master/website#common-source-properties
You likely want to do a find replace for:
terraform-providers/terraform-provider-sumologic -> SumoLogic/terraform-provider-sumologic
Unable to observe or modify MetricsSavedSearchSyncDefinition content
Hello,
I've been having a lot of issues trying to use this provider to modify the metricsQueries field of a Sumo metric.
I've noticed that if another field has been changed, the provider can observe a change in the metricsQueries data. For instance, if I update the metricsQueries and name fields simultaneously the provider accurately determines that both fields have changed. However, if I update the metricsQueries without modifying the name field there are no proposed changes.
Any idea what might be happening here?
when using sumologic_cloudwatch_source, fails with 'Invalid IAM role'
Hi Team.. Thanks for the provider.
We are facing an issue while connecting the cloudwatch logs to sumologic.
Our terraform version: 0.11.13
resource "sumologic_cloudwatch_source" "terraform_cloudwatch_source" {
name = "AWS Cloudwatch Logs"
description = "Collect cloudwatch logs"
category = "aws/lambda"
content_type = "AwsCloudWatch"
scan_interval = 300000
paused = false
collector_id = "${sumologic_collector.collector.id}"
authentication {
type = "AWSRoleBasedAuthentication"
role_arn = "${aws_iam_role.sumologic_iam_role.arn}"
}
path {
type = "CloudWatchPath"
}
}
IAM role what we have tried:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "logs:GetLogEvents",
"Resource": "arn:aws:logs:*:<account_id>:log-group:*:log-stream:*"
},
{
"Effect": "Allow",
"Action": [
"logs:ListTagsLogGroup",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:DescribeSubscriptionFilters",
"logs:StartQuery",
"logs:DescribeMetricFilters",
"logs:FilterLogEvents",
"logs:GetLogGroupFields"
],
"Resource": "arn:aws:logs:*:<account_id>:log-group:*"
},
{
"Effect": "Allow",
"Action": [
"logs:DescribeQueries",
"logs:DescribeExportTasks",
"logs:GetLogRecord",
"logs:GetQueryResults",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:DescribeResourcePolicies",
"logs:GetLogDelivery",
"logs:DescribeDestinations",
"logs:ListLogDeliveries"
],
"Resource": "*"
}
]
}
Error:
{
"status" : 400,
"id" : "6PBGC-1R7HG-P2KTO",
"code" : "collectors.validation.fields.invalid",
"message" : "Invalid IAM role: 'errorMessage=null'."
}
Bug: plan for DashboardSyncDefinition content in sumologic_content resource *always* has update in-place diff on `config`
Hello! First, thanks for making and maintaining this provider--it's a big help.
We're using the provider to consolidate our team's saved searches and dashboards. We find that, for dashboards specifically (DashboardSyncDefinition-typed content), without making any changes to the underlying configurations, terraform plan indicates a massive number of changes on the config field of the object. These span numerous layout properties, as well as the underlying queries themselves. When applied, the changes don't have any effect, and the dashboards all seem unchanged.
While it seems that our dashboards are functional, this happens with every terraform plan, and creates a massive amount of noise; for our four dashboards with 2-4 panels apiece, the no-op plan is over 4,700 lines.
We're seeing this behavior on version 2.7.0 of the sumologic provider on terraform 0.12.19. Thanks in advance for any help!
Feature request - it should be possible to import a scheduled view
Feature request: AWS Metadata (Tag) Source support
I'd be great if we could use Terraform to define this kind of source: https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS-Metadata-(Tag)-Source
test issue
Update documentation for monitors
Hello!
It appears there are a few outdated examples for monitors in the documentation.
When using this example for a metrics monitor
resource "sumologic_monitor" "tf_metrics_monitor_1" {
name = "Terraform Metrics Monitor"
description = "tf metrics monitor"
type = "MonitorsLibraryMonitor"
is_disabled = false
content_type = "Monitor"
monitor_type = "Metrics"
queries {
row_id = "A"
query = "metric=CPU_Idle _sourceCategory=event-action"
}
triggers {
threshold_type = "GreaterThanOrEqual"
threshold = 40.0
time_range = "15m"
occurrence_type = "Always"
trigger_source = "AllTimeSeries"
trigger_type = "Critical"
detection_method = "StaticCondition"
}
triggers {
threshold_type = "LessThan"
threshold = 30.0
time_range = "15m"
occurrence_type = "Always"
trigger_source = "AllTimeSeries"
trigger_type = "ResolvedCritical"
detection_method = "StaticCondition"
}
notifications {
notification {
connection_type = "Email"
recipients = ["[email protected]"]
subject = "Triggered {{TriggerType}} Alert on Monitor {{Name}}"
time_zone = "PST"
message_body = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}"
}
run_for_trigger_types = ["Critical","ResolvedCritical"]
}
}
I received this error:
Error: {"id":"SOE4R-3AT8T-XYZL1","errors":[{"code":"monitors:unsupported_trigger_source","message":"Unsupported triggerSource for the given monitorType.","detail":"Unsupported triggerSource for the given monitorType. 'AnyTimeSeries' is the only valid triggerSource for 'Critical' trigger."}]}
After changing the trigger_source to AnyTimeSeries, the monitor was created successfully. I suppose the documentation just needs to be updated to reflect that.
Feature request - support import of existing partitions
It would be nice to be able to import existing partitions already created in SumoLogic manually or by either means so that they can be stored IaC.
It turns out that at the moment it doesn't support it yet.
$ terraform import sumologic_partition.dev 0000000000001F56
sumologic_partition.dev: Importing from ID "0000000000001F56"...
Error: resource sumologic_partition doesn't support import
Listing of partitions is supported via API https://api.eu.sumologic.com/docs/#tag/partitionManagement
- Transferred from old repo ~ @Constantin07
Support Data source for Folders apart from Personal_folder
Currently I see 'sumologic_personal_folder' data source can get you the ID for personal folder and I can pass that as parent id while creating any scheduled search. But it will be useful if we could find ID for any Folder (not just personal folder).
Are you planning to support Data source say 'sumologic_folder' as a generic one to get ID for any folder we pass ?
Otherwise, we have no option but to use Sumologic's REST API to get the ID for the folder first and then pass it while creating scheduled search, which is really not ideal.
Update documentation with support for terraform 0.13
Since PRs are already built with terraform 0.13 let's update README's requirements section to reflect that.
Terraform complains after the users is provisioned using terraform.
I have provisioned the user using terraform as:
provider "sumologic" {
access_id = var.sumologic_access_id
access_key = var.sumologic_access_key
environment = "us1"
version = "= 2.0"
}
resource "sumologic_user" "testuser" {
first_name = "Fname"
last_name = "Lname"
email = "[email protected]"
is_active = "true"
role_ids = split(",", "0000000000ADB3DC,00000000008910E8")
transfer_to = ""
}
However after successfully provisioning the user using terraform plan and then terraform apply, if I run the terraform plan again I am suppose to see the message as:
No changes. Infrastructure is up-to-date.
But instead of the up-to-date message I see the message as:
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# sumologic_user.testuser will be updated in-place
~ resource "sumologic_user" "testuser" {
email = "[email protected]"
first_name = "Fname"
id = "0000000000AZXY95"
is_active = true
last_name = "Lname"
~ role_ids = [
- "00000000008910E8",
"0000000000ADB3DC",
+ "00000000008910E8",
]
}
Plan: 0 to add, 1 to change, 0 to destroy.
------------------------------------------------------------------------
Even if I run the terraform apply, after that I still see the same message.
Is there any bug in terraform code related to sumlogic which is causing this behavior?
Remove vendor dir
Given that officially supported go version is >= 1.13 I gather vendor/ dir can be safely removed.
How to share my sumologic_folder?
I'm creating several content under an specific folder and I want to share my folder to my whole organization so anyone can VIEW it.
Was looking information about the permission capability across the provider, but couldn't find anything.
Is it possible to do this either when creating the folder or afterward by actually sharing it?
Thanks in advance.
sumologic_connection Documentation WebhookDefinition --> WebhookConnection
The documentation here specifies that only the value of WebhookDefinition is acceptable for argument type while in fact only WebhookConnection is allowed.
Polling Source Path Type is not being stored in the state correctly
Code:
path {
type = "S3BucketPathExpression"
bucket_name = "xyz"
path_expression = "a/*"
}
State File:
"path": [
{
"bucket_name": "xyx",
"limit_to_namespaces": [],
"limit_to_regions": [],
"path_expression": "a/*",
"tag_filters": [],
"type": ""
}
],
Hence every time terraform plans, following change pops up -
~ path {
bucket_name = "xyz"
limit_to_namespaces = []
limit_to_regions = []
path_expression = "a/*"
+ type = "S3BucketPathExpression"
}
Terraform version: 0.12.26
[Issue] Terraform states changes to roles when no roles are changed
When importing and updating roles to match Terraform syntax, the second run states all roles need to be updated even though all changes were already completed. Specifically relating to capabilities
Configuration
resource "sumologic_role" "random_role" {
for_each = var.random_roles
name = each.value["name"]
description = each.value["description"]
filter_predicate = each.value["filter_predicate"]
capabilities = [
"viewCollectors",
"viewPartitions",
"viewFieldExtraction",
"viewFields",
"changeDataAccessLevel",
"viewScheduledViews",
"createAccessKeys",
"viewMonitorsV2",
"viewCse"
]
}
Terraform plan output
# sumologic_role.random_role["************"] will be updated in-place
~ resource "sumologic_role" "random_role" {
~ capabilities = [
+ "viewCollectors",
"viewPartitions",
- "viewCse",
"viewFieldExtraction",
"viewFields",
- "viewMonitorsV2",
"changeDataAccessLevel",
"viewScheduledViews",
- "viewCollectors",
"createAccessKeys",
+ "viewMonitorsV2",
+ "viewCse",
]
description = ""
id = "${id}"
name = "role_name"
}
Feature request - ability to manage Admin Recommended content
I'd be great to be able to mark some content as Admin Recommended in Terraform using this feature: https://help.sumologic.com/Manage/Content_Sharing/Content_Sharing_FAQ#i-want-to-create-a-hierarchy-of-folders-for-my-company-so-that-e
Sumologic_user's is_active property is not documented and behaves in a confusing manner
In https://github.com/SumoLogic/terraform-provider-sumologic/blob/master/website/docs/r/user.html.markdown, a property for the user is labeled as active. However, in the code for the resource, there's only one called is_active. Presumably, the code is the source of truth here. However, it also appears to not behave correctly for an optional value. The documentation says that it defaults to true, but if it's not explicitly set, future terraform plans attempt to set it to null, causing an incorrectly dirty state.
~ resource "sumologic_user" "redacted" {
email = "[email protected]"
first_name = "redacted"
id = "redacted"
- is_active = true -> null
last_name = "redacted"
role_ids = [
"redacted",
]
}
Feature request: Local File Source support
Hi,
it would be great if this Terraform provider could add the support for adding Local File sources as documented here:
https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Local-File-Source
Thanks,
Philipp
Bug: plan for sumologic_field_extraction_rule *always* has update in-place diff on `parse_expression`
First, thanks for the helpful provider! :)
Even though we don't change the resource definition of our sumologic_field_extraction_rule, on 100% of our terraform plans we see a diff. The diff reports an update in-place on the parse_expression configuration argument. I have manually diffed to confirm that the argument reported by the plan is exactly the same every time.
While this has yet to cause us functional problems on the Sumo side, it breaks the Terraform abstraction, and creates noise in our plans, making them challenging to read. Also, within the Sumo web UI, the Last Modified time is updated for the Field Extraction Rule every time we do a Terraform apply, even though we haven't made any changes, which is confusing and means it cannot be relied upon.
I found this behavior on version 2.3.0 of the provider (as well as various versions going back at least to 2.1.1), with Terraform 0.12.
sumologic_content not tracking dependencies properly?
Hi all, while using 2.0.1, I've faced the following issue:
Having my sumologic.tf file as follows:
# Configure the Sumo Logic Provider
provider "sumologic" {
access_id = "${var.sumologic_access_id}"
access_key = "${var.sumologic_access_key}"
environment = "us2"
}
data "sumologic_personal_folder" "personalFolder" {}
resource "sumologic_folder" "sub-folder" {
name = "SubFolder"
description = "SubFolder"
parent_id = "${data.sumologic_personal_folder.personalFolder.id}"
}
resource "sumologic_connection" "slack-connection" {
name = "Slack Connection"
type = "WebhookConnection"
description = "slack integration"
url = "MyWebhookUrl"
headers = {}
default_payload = <<JSON
{
"eventType" : "{{SearchName}}",
"description" : "{{SearchDescription}}",
"client" : "Sumo Logic",
"search_url" : "{{SearchQueryUrl}}",
"num_records" : "{{NumRawResults}}",
"search_results" : "{{AggregateResultsJson}}"
}
JSON
webhook_type = "Slack"
}
resource "sumologic_content" "content-to-alert" {
parent_id = "${sumologic_folder.sub-folder.id}"
config = <<JSON
{
"type" : "SavedSearchWithScheduleSyncDefinition",
"name" : "MyQueryError",
"search" : {
"queryText" : "ERROR",
"defaultTimeRange" : "-5m",
"byReceiptTime" : false,
"viewName" : "",
"viewStartTime" : "1970-01-01T00:00:00Z",
"queryParameters" : [],
"parsingMode" : "AutoParse"
},
"searchSchedule" : {
"cronExpression" : "17 * * * * ? *",
"displayableTimeRange" : "-5m",
"parseableTimeRange" : {
"type" : "BeginBoundedTimeRange",
"from" : {
"type" : "RelativeTimeRangeBoundary",
"relativeTime" : "-5m"
},
"to" : null
},
"timeZone" : "America/Los_Angeles",
"threshold" : {
"thresholdType": "group",
"operator": "gt",
"count": 0
},
"notification" : {
"taskType" : "WebhookSearchNotificationSyncDefinition",
"webhookId" : "${sumologic_connection.slack-connection.id}",
"payload" : null,
"itemizeAlerts" : false,
"maxItemizedAlerts" : 1
},
"scheduleType" : "RealTime",
"muteErrorEmails" : null,
"parameters" : []
},
"description" : "MyQueryErrorAlert"
}
JSON
}
I'm getting the following output:
sumologic_folder.sub-folder: Creating...
sumologic_connection.slack-connection: Creating...
sumologic_folder.sub-folder: Creation complete after 1s [id=0000000000D2AC59]
sumologic_connection.slack-connection: Creation complete after 1s [id=0000000000017AF2]
Error: Provider produced inconsistent final plan
When expanding the plan for
sumologic_content.content-to-alert to include new
values learned so far during apply, provider "sumologic" produced an invalid
new value for .config: was cty.StringVal(""), but now cty.StringVal("{\n
\"type\" : \"SavedSearchWithScheduleSyncDefinition\",\n \"name\" :
\"MyQueryError\",\n \"search\" : {\n
\"queryText\" : \"ERROR\",\n \"defaultTimeRange\" : \"-5m\",\n
\"byReceiptTime\" : false,\n \"viewName\" : \"\",\n \"viewStartTime\" :
\"1970-01-01T00:00:00Z\",\n \"queryParameters\" : [],\n \"parsingMode\"
: \"AutoParse\"\n },\n \"searchSchedule\" : {\n \"cronExpression\" : \"17
* * * * ? *\",\n \"displayableTimeRange\" : \"-5m\",\n
\"parseableTimeRange\" : {\n \"type\" : \"BeginBoundedTimeRange\",\n
\"from\" : {\n \"type\" : \"RelativeTimeRangeBoundary\",\n
\"relativeTime\" : \"-5m\"\n },\n \"to\" : null\n },\n
\"timeZone\" : \"America/Los_Angeles\",\n \"threshold\" : {\n
\"thresholdType\": \"group\",\n \"operator\": \"gt\",\n \"count\":
0\n },\n \"notification\" : {\n \"taskType\" :
\"WebhookSearchNotificationSyncDefinition\",\n \"webhookId\" :
\"0000000000017AF2\",\n \"payload\" : null,\n \"itemizeAlerts\" :
false,\n \"maxItemizedAlerts\" : 1\n },\n \"scheduleType\" :
\"RealTime\",\n \"muteErrorEmails\" : null,\n \"parameters\" : []\n
},\n \"description\" : \"MyQueryErrorAlert\"\n}\n").
This is a bug in the provider, which should be reported in the provider's own
issue tracker.
But then, if I just re-run it again, the sumologic_content resource is created without any issue.
I've already tried adding the depends_on in the sumologic_content but the result is the same.
Am I doing something wrong?
Handle /v1 suffix in SUMOLOGIC_BASE_URL
When user uses base URL like https://api.sumologic.com/api/v1/ instead of https://api.sumologic.com/api/ then provider instead of handling that prints the following
Error: {"id":"O6SOJ-9BDH3-YQG04","errors":[{"code":"unauthorized","message":"Credential could not be verified."}]}
It would be better to warn the user that the provided API URL doesn't seem right.
CloudWatch polling source considers path.type="CloudWatchPath" to be always changed
Steps to reproduce
Have a CloudWatch polling source defined, e.g.
resource "sumologic_collector" "collector" {
name = "mccartney-2020-06-aws-cloudwatch"
description = "Defined by Terraform"
}
resource "sumologic_polling_source" "terraform_cw_metrics" {
name = "2020-06-mccartney-testing-out-terraform-for-cw"
description = "Testing Terraform"
category = "aws/mccartney-cloudwatch-by-terraform"
content_type = "AwsCloudWatch"
scan_interval = 300000
paused = false
collector_id = sumologic_collector.collector.id
authentication {
type = "S3BucketAuthentication"
access_key = "REDACTED"
secret_key = "REDACTED"
}
path {
type = "CloudWatchPath"
limit_to_regions = ["eu-west-1"]
limit_to_namespaces = ["AWS/EC2"]
}
}
Then run terraform apply multiple times without any changes
Observed
Terraform sees path.type as changed every time I run it.
Plan: 0 to add, 1 to change, 0 to destroy.
[resource_sumologic_role]: No argument "users"
The argument reference seems to differ from the actual resource schema:
resource "sumologic_role" "example_role" {
name = "TestRole123"
description = "Testing resource sumologic_role"
filter_predicate = "_sourceCategory=Test"
users = [
"0000000000000001",
"0000000000000002"
]
capabilities = [
"manageCollectors"
]
}results in:
Error: Unsupported argument
on main.tf line 6, in resource "sumologic_role" "role":
6: users = []
An argument named "users" is not expected here.When using the cloudtrail_source resource using the example fails with a HTTP 500
Hey! Thanks for the great provider, having some issues with the Cloudtrail piece though.
Example configuration:
resource "sumologic_cloudtrail_source" "terraform_cloudtrail_source" {
name = "Amazon Cloudtrail"
description = "Cloudtrail logs from our AWS account"
category = "aws/cloudtrail"
content_type = "AwsCloudTrailBucket"
scan_interval = 300000
paused = false
collector_id = sumologic_collector.aws_collector.id
authentication {
type = "S3BucketAuthentication"
role_arn = aws_iam_role.sumologic_iam_role.arn
}
path {
type = "S3BucketPathExpression"
bucket_name = "cloudtrail"
path_expression = "AWSLogs/xxxxxxxx/CloudTrail/*"
}
}
Example error
Error: {
"status" : 500,
"id" : "BOKTB-T8R2I-HESK0",
"code" : "internal.error",
"message" : "Internal server error."
}
on sumologic.tf line 6, in resource "sumologic_cloudtrail_source" "terraform_cloudtrail_source":
6: resource "sumologic_cloudtrail_source" "terraform_cloudtrail_source" {
Please reach out if you need more information to troubleshoot this.
Thanks!
Feature Request: Add data forwarding resource
I propose adding a data forwarding resource to compliment the sumologic_partition resource. IDs are needed for sumologic_partitions when adding data_forwarding options
Need to have terraform import option to migrate existing resources
We started using SumoLogic by defining roles and adding users manually but want to manage via terraform both roles and users. We did tried to convert existing roles manually to tf and also manipulating state file. I request to provide terraform import module to convert existing roles and users into terraform and manage effectively.
#########################################
Sumologic example_role
#########################################
resource "sumologic_role" "example_role" {
name = "example_role"
description = "Testing resource sumologic_role via terraform"
filter_predicate = "!(_sourceCategory=audit_pci or _source="AuditLog" or sourceCategory=prod*_pci)"
capabilities = ["viewScheduledViews", "manageMonitors", "viewPartitions", "viewFields", "viewFieldExtraction", "changeDataAccessLevel", "viewCollectors"]
}
State file modification:
{
"mode": "managed",
"type": "sumologic_role",
"name": "example_role",
"provider": "provider.sumologic",
"instances": [
{
"schema_version": 0,
"attributes": {
"capabilities": [
"viewScheduledViews",
"manageMonitors",
"viewPartitions",
"viewFields",
"viewFieldExtraction",
"changeDataAccessLevel",
"viewCollectors"
],
"description": "Testing resource sumologic_role via terraform",
"filter_predicate": "!(_sourceCategory=audit_pci or _source=\"AuditLog\" or _sourceCategory=prod_*_pci)",
"id": "XXXXXXX",
"name": "example_role"
},
"private": "YYYYYYY"
}
]
}
- Transferred from old repo ~ @ Preethamraj553
Remove all occurrences of `ForceNew: false`
The primitive behavior fields cannot be set to false. You can opt out of a behavior by omitting it.
ref: https://www.terraform.io/docs/extend/schemas/schema-behaviors.html
Test issue, ignore it
Just testing connectivity. Ignore it
Releases don't include assets
Being able to download the precompiled provider from the assets for the release was very convenient in the old repo https://github.com/SumoLogic/terraform-provider-sumologic/releases. Would be nice if that could be added to this new location
Replace `forceNew=true` in sumo content import with `overwrite=True` in the api
According to docs https://api.us2.sumologic.com/docs/#operation/beginAsyncImport it is possible to update the content without destroying it by flag overwrite=True in the endpoint. Without this, every dashboard link is expiring every terraform run
Monitors and connections should document template variables
In sumologic_monitor resources you can use special variables, e.g. {{NumQueryResults}}. It's hard to guess their names.
They should:
- either be documented inline at https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/monitor
- or at least a link to https://help.sumologic.com/Visualizations-and-Alerts/Alerts/Monitors/Template_Variables should be provided
=====
Similarly when using sumologic_connection it's hard to guess all the variables one can use: {{SearchQueryUrl}} or {{TimeRange}}. They should be documented too.
Feature Request: scheduled searches & alert support
Are there any plans to add a dedicated resource for scheduled searches & alerts based on those searches in the future?
In the meantime, is it possible to leverage scheduled_views for similar purposes?
sumologic_http_source filters and host_name aren't documented
I would expect the documentation here https://www.terraform.io/docs/providers/sumologic/r/http_source.html to meantion host_name and filter arguments. I only know they exist because I imported an existing resource
resource "sumologic_http_source" "http_source" {
name = var.sumologic_source_name
category = var.sumologic_source_category
collector_id = data.sumologic_collector.collector.id
description = var.app_name
host_name = var.host_name
filters {
filter_type = "Mask"
mask = "[FILTERED]"
name = "Mask router log"
regexp = "path=\"\\/api\\/v1\\/(.*)\""
}
Make sumologic_polling_source and sumologic_cloudsyslog_source importable
I noticed that only http sources are currently importable. If possible, can that be updated so all three can be imported?
https://github.com/terraform-providers/terraform-provider-sumologic/blob/master/sumologic/resource_sumologic_polling_source.go#L13-L16
If not, it might be useful to have a note in the documentation for why that can't be done.
https://www.terraform.io/docs/providers/sumologic/r/cloudsyslog_source.html
sumologic_role - capabilities order triggers changes
Looks like the list of capabilities is position dependent and thus is triggering changes if not specified in specific order:
# sumologic_role.developers will be updated in-place
~ resource "sumologic_role" "developers" {
~ capabilities = [
"manageFieldExtractionRules",
"manageConnections",
- "manageMonitors",
"viewCollectors",
+ "manageMonitors",
]
id = "000000000021AC0F"
name = "Developers"
}
- Transferred from old repo ~@ Constantin07
Feature Request: Dashboards (New)
It would be awesome to have support for creating Dashboards!
Feature Request: polling source import
I'd be great if the provider supported importing (terraform import) a polling source resource. Similar to what collectors do.
Currently it fails with:
Error: resource sumologic_polling_source doesn't support import
(I ended up manually hacking the state file)
Cloud to Cloud Sources Cannot be imported by name
Due to different configuraton of c2c sources, where the source name is located in the config block, the current import by name methods do not work.
Documentation is missing a few resources
https://www.terraform.io/docs/providers/sumologic/index.html
only shows 3 data source while the code supports 6
- Transferred from old repo ~ @djsly
Can't create sumologic_content resource using file function
When I'm trying to create a content using file() function, I'm getting an error:
$ terraform apply -auto-approve
sumologic_folder.this: Refreshing state... [id=0000000001230571]
sumologic_content.this: Creating...
Error: {"id":"RADAY-7WDCD-QJ601","errors":[{"code":"service.argument.invalid","message":"The request body you've provided is invalid. Could not resolve type 'null' as a subtype of 'ContentSyncDefinition'"}]}
on main.tf line 9, in resource "sumologic_content" "this":
9: resource "sumologic_content" "this" {
$ cat main.tf
data "sumologic_personal_folder" "this" {}
resource "sumologic_folder" "this" {
parent_id = data.sumologic_personal_folder.this.id
name = "JenkinsErrors"
description = "Jenkins build errors"
}
resource "sumologic_content" "this" {
parent_id = sumologic_folder.this.id
config = jsonencode(file("${path.module}/data.json"))
}
$ cat data.json
{
"type": "SavedSearchWithScheduleSyncDefinition",
"name": "some-query",
"search": {
"queryText": "\"some query\"",
"defaultTimeRange": "-15m",
"byReceiptTime": false,
"viewName": "",
"viewStartTime": "1970-01-01T00:00:00Z",
"queryParameters": [],
"parsingMode": "Manual"
},
"searchSchedule": {
"cronExpression": "17 * * * * ? *",
"displayableTimeRange": "-5m",
"parseableTimeRange": {
"type": "BeginBoundedTimeRange",
"from": {
"type": "RelativeTimeRangeBoundary",
"relativeTime": "-5m"
},
"to": null
},
"timeZone": "Etc/UTC",
"threshold": {
"thresholdType": "group",
"operator": "gt",
"count": 0
},
"notification": {
"taskType": "WebhookSearchNotificationSyncDefinition",
"webhookId": "0000000000015290",
"payload": null,
"itemizeAlerts": true,
"maxItemizedAlerts": 50
},
"scheduleType": "RealTime",
"muteErrorEmails": false,
"parameters": []
},
"description": ""
}
But when I keep the entire json in main.tf file, everything works fine:
$ terraform apply -auto-approve
sumologic_folder.this: Refreshing state... [id=0000000001230571]
sumologic_content.this: Creating...
sumologic_content.this: Creation complete after 4s [id=0000000001226A9B]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
data "sumologic_personal_folder" "this" {}
resource "sumologic_folder" "this" {
parent_id = data.sumologic_personal_folder.this.id
name = "JenkinsErrors"
description = "Jenkins build errors"
}
resource "sumologic_content" "this" {
parent_id = sumologic_folder.this.id
config = jsonencode(
{
"type": "SavedSearchWithScheduleSyncDefinition",
"name": "some-query",
"search": {
"queryText": "\"some query\"",
"defaultTimeRange": "-15m",
"byReceiptTime": false,
"viewName": "",
"viewStartTime": "1970-01-01T00:00:00Z",
"queryParameters": [],
"parsingMode": "Manual"
},
"searchSchedule": {
"cronExpression": "17 * * * * ? *",
"displayableTimeRange": "-5m",
"parseableTimeRange": {
"type": "BeginBoundedTimeRange",
"from": {
"type": "RelativeTimeRangeBoundary",
"relativeTime": "-5m"
},
"to": null
},
"timeZone": "Etc/UTC",
"threshold": {
"thresholdType": "group",
"operator": "gt",
"count": 0
},
"notification": {
"taskType": "WebhookSearchNotificationSyncDefinition",
"webhookId": "0000000000015292",
"payload": null,
"itemizeAlerts": true,
"maxItemizedAlerts": 50
},
"scheduleType": "RealTime",
"muteErrorEmails": false,
"parameters": []
},
"description": ""
}
)
}
terraform 0.14.2
sumologic 2.6.0
Feature request - data forwarding resource
It would be nice to have support in SumoLogic provider for data forwarding so that that it can be setup via IaC instead of manual configuration.
- Transferred from old repo ~ @ Constantin07
Nicely handle authentication errors
When user provides incorrect credentials he gets something like
Error: <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 User could not be found.</title>
</head>
<body><h2>HTTP ERROR 401 User could not be found.</h2>
<table>
<tr><th>URI:</th><td>/api/v1/fields</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>User could not be found.</td></tr>
<tr><th>SERVLET:</th><td>rest</td></tr>
</table>
</body>
</html>
Ideally this should be handled and explicitly stated that the credentials are most likely incorrect.
sumologic_role data source fails with a space in the role name
When using the sumologic_role data source to import a role with a space in the name fails when running terraform plan. Using the following data definition:
data "sumologic_role" "example_role" {
name = "Test Role"
}
will fail with the following error
data.sumologic_role.seceng_role: Refreshing state...
Error: role with name Test Role not found: <h1>Bad Message 400</h1><pre>reason: Illegal character SPACE=' '</pre>
on main.tf line 1, in data "sumologic_role" "example_role":
1: data "sumologic_role" "example_role" {
A workaround for this issue is to encode the space in the role name with url encoding.
Development question - changes to sumologic_user.go
Hi,
At the moment the sumologic_user.go doesn't support finding user by e-mail. This can be useful for user data resource.
How is it supposed to commit/make PR for changes in such files. Sorry, could find documented anything about this.
The rest API has support to list all users but allows query parameters https://api.eu.sumologic.com/docs/#operation/listUsers
I would like to contribute but have no idea what to do next ...
Regards,
Constantin
The use case is simple: we started using SumoLogic by manually defining roles and people belonging to them but we would like to manage and control this using IaC approach. For instance: we have got now at least 3 roles: Developers, Security Team, Admins. I want to manage via terraform members of these teams. I know that that I can reference the user by ID at the moment but that's hacky and not readable at all (you have to make and API query to find it).
Referencing members of role by e-mail address seemed to me a logical thing, once lookup by e-mail is implemented as it's supposed to be unique and also easy to read in config file.
I hope it makes sense.
- Transferred from old repo ~ @Constantin07
Feature request - Metrics Rules
I suggest to support https://help.sumologic.com/Metrics/Metric_Rules_Editor/Create_Metric_Rules
Sumologic monitor folder fails silently
Having issues while trying the new monitor_folder and metrics_monitor resources as documented here:https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/monitor with sumologic provider version 2.2.1
Trying to instantiate a metric monitor fails, giving out non clear errors in the terraform apply.
I tested both creating a new monitor_folder and then a metric monitor, like in the docs:
`resource "sumologic_monitor_folder" "monitor_folder" {
name = "${var.folder_name}-monitors"
description = var.folder_description
}
resource "sumologic_monitor" "metrics_monitor" {
for_each = var.monitor_configs
parent_id = sumologic_monitor_folder.monitor_folder.id
name = format("%s", each.key)
description = each.value.description
type = "MonitorsLibraryMonitor"
is_disabled = false
content_type = "Monitor"
monitor_type = "Metrics"
queries {
row_id = "A"
query = each.value.query
}
triggers {
threshold_type = each.value.triggers.threshold_type
threshold = each.value.triggers.threshold
time_range = each.value.triggers.time_range
occurrence_type = each.value.triggers.occurrence_type
trigger_source = "AllTimeSeries"
trigger_type = "ResolvedCritical"
detection_method = "StaticCondition"
}
notifications {
notification {
action_type = "EmailAction"
recipients = each.value.email_notification_list
subject = "Triggered: ${format("%s", each.key)}"
time_zone = "PST"
message_body = ""
}
run_for_trigger_types = ["Critical", "ResolvedCritical"]
}
}`
And by giving the id of an already existing personal folder to the metric monitor:
`resource "sumologic_monitor" "metrics_monitor" {
for_each = var.monitor_configs
parent_id = data.sumologic_personal_folder.personalFolder.id
name = format("%s", each.key)
description = each.value.description`
In both cases, the apply fails without giving a reason:
Error: {"id":"V3PXX-408CZ-TQHAA","errors":[]}
on .terraform/modules/xinfra-ci-aks-dev.sumologic-kubernetes-cluster-configurations/sumologic-content.tf line 69, in resource "sumologic_monitor_folder" "monitor_folder":
69: resource "sumologic_monitor_folder" "monitor_folder" {
`Error: {"id":"P86EV-M4HY2-MDG42","errors":[]}
on .terraform/modules/matteo-aks-dev.sumologic-kubernetes-cluster-configurations/sumologic-content.tf line 75, in resource "sumologic_monitor" "metrics_monitor":
75: resource "sumologic_monitor" "metrics_monitor" {`
It's also worth noting that the online docs lacks a section about the sumologic_monitor_folder, that might be part of the issue, as I get the impression that a monitor folder is needed in order to deploy metrics monitors correctly.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.