sumologic / terraform-provider-sumologic Goto Github PK
View Code? Open in Web Editor NEWTerraform provider for Sumo Logic
Home Page: https://www.terraform.io/docs/providers/sumologic/
License: Mozilla Public License 2.0
Terraform provider for Sumo Logic
Home Page: https://www.terraform.io/docs/providers/sumologic/
License: Mozilla Public License 2.0
missing " on name = "test-connection"
I am using the example on this page https://www.terraform.io/docs/providers/sumologic/r/content.html but I am seeing errors which is pointing to this Line 158. I am using the example straight from the example.
config =
jsonencode({
Error: Invalid expression
On modules/application/sumo/config.tf line 158: Expected the start of an
expression, but found an invalid expression token.
Error: Argument or block definition required
On modules/application/sumo/config.tf line 159: An argument or block
definition is required here. To set an argument, use the equals sign "=" to
introduce the argument value.
I am using Terraform version v0.12.25
https://github.com/SumoLogic/terraform-provider-sumologic/blob/master/website/docs/r/polling_source.html.markdown -> Common Source Properties -> https://github.com/terraform-providers/terraform-provider-sumologic/tree/master/website#common-source-properties
You likely want to do a find replace for:
terraform-providers/terraform-provider-sumologic
-> SumoLogic/terraform-provider-sumologic
Hello,
I've been having a lot of issues trying to use this provider to modify the metricsQueries
field of a Sumo metric.
I've noticed that if another field has been changed, the provider can observe a change in the metricsQueries
data. For instance, if I update the metricsQueries
and name
fields simultaneously the provider accurately determines that both fields have changed. However, if I update the metricsQueries
without modifying the name
field there are no proposed changes.
Any idea what might be happening here?
Hi Team.. Thanks for the provider.
We are facing an issue while connecting the cloudwatch logs to sumologic.
Our terraform version: 0.11.13
resource "sumologic_cloudwatch_source" "terraform_cloudwatch_source" {
name = "AWS Cloudwatch Logs"
description = "Collect cloudwatch logs"
category = "aws/lambda"
content_type = "AwsCloudWatch"
scan_interval = 300000
paused = false
collector_id = "${sumologic_collector.collector.id}"
authentication {
type = "AWSRoleBasedAuthentication"
role_arn = "${aws_iam_role.sumologic_iam_role.arn}"
}
path {
type = "CloudWatchPath"
}
}
IAM role what we have tried:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "logs:GetLogEvents",
"Resource": "arn:aws:logs:*:<account_id>:log-group:*:log-stream:*"
},
{
"Effect": "Allow",
"Action": [
"logs:ListTagsLogGroup",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:DescribeSubscriptionFilters",
"logs:StartQuery",
"logs:DescribeMetricFilters",
"logs:FilterLogEvents",
"logs:GetLogGroupFields"
],
"Resource": "arn:aws:logs:*:<account_id>:log-group:*"
},
{
"Effect": "Allow",
"Action": [
"logs:DescribeQueries",
"logs:DescribeExportTasks",
"logs:GetLogRecord",
"logs:GetQueryResults",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:DescribeResourcePolicies",
"logs:GetLogDelivery",
"logs:DescribeDestinations",
"logs:ListLogDeliveries"
],
"Resource": "*"
}
]
}
Error:
{
"status" : 400,
"id" : "6PBGC-1R7HG-P2KTO",
"code" : "collectors.validation.fields.invalid",
"message" : "Invalid IAM role: 'errorMessage=null'."
}
Hello! First, thanks for making and maintaining this provider--it's a big help.
We're using the provider to consolidate our team's saved searches and dashboards. We find that, for dashboards specifically (DashboardSyncDefinition
-typed content), without making any changes to the underlying configurations, terraform plan
indicates a massive number of changes on the config
field of the object. These span numerous layout properties, as well as the underlying queries themselves. When applied, the changes don't have any effect, and the dashboards all seem unchanged.
While it seems that our dashboards are functional, this happens with every terraform plan
, and creates a massive amount of noise; for our four dashboards with 2-4 panels apiece, the no-op plan is over 4,700 lines.
We're seeing this behavior on version 2.7.0 of the sumologic provider on terraform 0.12.19. Thanks in advance for any help!
I'd be great if we could use Terraform to define this kind of source: https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services/AWS-Metadata-(Tag)-Source
Hello!
It appears there are a few outdated examples for monitors
in the documentation.
When using this example for a metrics monitor
resource "sumologic_monitor" "tf_metrics_monitor_1" {
name = "Terraform Metrics Monitor"
description = "tf metrics monitor"
type = "MonitorsLibraryMonitor"
is_disabled = false
content_type = "Monitor"
monitor_type = "Metrics"
queries {
row_id = "A"
query = "metric=CPU_Idle _sourceCategory=event-action"
}
triggers {
threshold_type = "GreaterThanOrEqual"
threshold = 40.0
time_range = "15m"
occurrence_type = "Always"
trigger_source = "AllTimeSeries"
trigger_type = "Critical"
detection_method = "StaticCondition"
}
triggers {
threshold_type = "LessThan"
threshold = 30.0
time_range = "15m"
occurrence_type = "Always"
trigger_source = "AllTimeSeries"
trigger_type = "ResolvedCritical"
detection_method = "StaticCondition"
}
notifications {
notification {
connection_type = "Email"
recipients = ["[email protected]"]
subject = "Triggered {{TriggerType}} Alert on Monitor {{Name}}"
time_zone = "PST"
message_body = "Triggered {{TriggerType}} Alert on {{Name}}: {{QueryURL}}"
}
run_for_trigger_types = ["Critical","ResolvedCritical"]
}
}
I received this error:
Error: {"id":"SOE4R-3AT8T-XYZL1","errors":[{"code":"monitors:unsupported_trigger_source","message":"Unsupported triggerSource for the given monitorType.","detail":"Unsupported triggerSource for the given monitorType. 'AnyTimeSeries' is the only valid triggerSource for 'Critical' trigger."}]}
After changing the trigger_source
to AnyTimeSeries
, the monitor was created successfully. I suppose the documentation just needs to be updated to reflect that.
It would be nice to be able to import existing partitions already created in SumoLogic manually or by either means so that they can be stored IaC.
It turns out that at the moment it doesn't support it yet.
$ terraform import sumologic_partition.dev 0000000000001F56
sumologic_partition.dev: Importing from ID "0000000000001F56"...
Error: resource sumologic_partition doesn't support import
Listing of partitions is supported via API https://api.eu.sumologic.com/docs/#tag/partitionManagement
Currently I see 'sumologic_personal_folder' data source can get you the ID for personal folder and I can pass that as parent id while creating any scheduled search. But it will be useful if we could find ID for any Folder (not just personal folder).
Are you planning to support Data source say 'sumologic_folder' as a generic one to get ID for any folder we pass ?
Otherwise, we have no option but to use Sumologic's REST API to get the ID for the folder first and then pass it while creating scheduled search, which is really not ideal.
Since PRs are already built with terraform 0.13 let's update README's requirements section to reflect that.
I have provisioned the user using terraform as:
provider "sumologic" {
access_id = var.sumologic_access_id
access_key = var.sumologic_access_key
environment = "us1"
version = "= 2.0"
}
resource "sumologic_user" "testuser" {
first_name = "Fname"
last_name = "Lname"
email = "[email protected]"
is_active = "true"
role_ids = split(",", "0000000000ADB3DC,00000000008910E8")
transfer_to = ""
}
However after successfully provisioning the user using terraform plan and then terraform apply, if I run the terraform plan again I am suppose to see the message as:
No changes. Infrastructure is up-to-date.
But instead of the up-to-date message I see the message as:
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# sumologic_user.testuser will be updated in-place
~ resource "sumologic_user" "testuser" {
email = "[email protected]"
first_name = "Fname"
id = "0000000000AZXY95"
is_active = true
last_name = "Lname"
~ role_ids = [
- "00000000008910E8",
"0000000000ADB3DC",
+ "00000000008910E8",
]
}
Plan: 0 to add, 1 to change, 0 to destroy.
------------------------------------------------------------------------
Even if I run the terraform apply, after that I still see the same message.
Is there any bug in terraform code related to sumlogic which is causing this behavior?
Given that officially supported go version is >= 1.13
I gather vendor/
dir can be safely removed.
I'm creating several content under an specific folder and I want to share my folder to my whole organization so anyone can VIEW it.
Was looking information about the permission capability across the provider, but couldn't find anything.
Is it possible to do this either when creating the folder or afterward by actually sharing it?
Thanks in advance.
The documentation here specifies that only the value of WebhookDefinition
is acceptable for argument type
while in fact only WebhookConnection
is allowed.
Code:
path {
type = "S3BucketPathExpression"
bucket_name = "xyz"
path_expression = "a/*"
}
State File:
"path": [
{
"bucket_name": "xyx",
"limit_to_namespaces": [],
"limit_to_regions": [],
"path_expression": "a/*",
"tag_filters": [],
"type": ""
}
],
Hence every time terraform plans, following change pops up -
~ path {
bucket_name = "xyz"
limit_to_namespaces = []
limit_to_regions = []
path_expression = "a/*"
+ type = "S3BucketPathExpression"
}
Terraform version: 0.12.26
When importing and updating roles to match Terraform syntax, the second run states all roles need to be updated even though all changes were already completed. Specifically relating to capabilities
Configuration
resource "sumologic_role" "random_role" {
for_each = var.random_roles
name = each.value["name"]
description = each.value["description"]
filter_predicate = each.value["filter_predicate"]
capabilities = [
"viewCollectors",
"viewPartitions",
"viewFieldExtraction",
"viewFields",
"changeDataAccessLevel",
"viewScheduledViews",
"createAccessKeys",
"viewMonitorsV2",
"viewCse"
]
}
Terraform plan output
# sumologic_role.random_role["************"] will be updated in-place
~ resource "sumologic_role" "random_role" {
~ capabilities = [
+ "viewCollectors",
"viewPartitions",
- "viewCse",
"viewFieldExtraction",
"viewFields",
- "viewMonitorsV2",
"changeDataAccessLevel",
"viewScheduledViews",
- "viewCollectors",
"createAccessKeys",
+ "viewMonitorsV2",
+ "viewCse",
]
description = ""
id = "${id}"
name = "role_name"
}
I'd be great to be able to mark some content as Admin Recommended in Terraform using this feature: https://help.sumologic.com/Manage/Content_Sharing/Content_Sharing_FAQ#i-want-to-create-a-hierarchy-of-folders-for-my-company-so-that-e
In https://github.com/SumoLogic/terraform-provider-sumologic/blob/master/website/docs/r/user.html.markdown, a property for the user is labeled as active
. However, in the code for the resource, there's only one called is_active
. Presumably, the code is the source of truth here. However, it also appears to not behave correctly for an optional value. The documentation says that it defaults to true, but if it's not explicitly set, future terraform plan
s attempt to set it to null, causing an incorrectly dirty state.
~ resource "sumologic_user" "redacted" {
email = "[email protected]"
first_name = "redacted"
id = "redacted"
- is_active = true -> null
last_name = "redacted"
role_ids = [
"redacted",
]
}
Hi,
it would be great if this Terraform provider could add the support for adding Local File sources as documented here:
https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Local-File-Source
Thanks,
Philipp
First, thanks for the helpful provider! :)
Even though we don't change the resource definition of our sumologic_field_extraction_rule
, on 100% of our terraform plans we see a diff. The diff reports an update in-place on the parse_expression
configuration argument. I have manually diffed to confirm that the argument reported by the plan is exactly the same every time.
While this has yet to cause us functional problems on the Sumo side, it breaks the Terraform abstraction, and creates noise in our plans, making them challenging to read. Also, within the Sumo web UI, the Last Modified time is updated for the Field Extraction Rule every time we do a Terraform apply, even though we haven't made any changes, which is confusing and means it cannot be relied upon.
I found this behavior on version 2.3.0 of the provider (as well as various versions going back at least to 2.1.1), with Terraform 0.12.
Hi all, while using 2.0.1, I've faced the following issue:
Having my sumologic.tf
file as follows:
# Configure the Sumo Logic Provider
provider "sumologic" {
access_id = "${var.sumologic_access_id}"
access_key = "${var.sumologic_access_key}"
environment = "us2"
}
data "sumologic_personal_folder" "personalFolder" {}
resource "sumologic_folder" "sub-folder" {
name = "SubFolder"
description = "SubFolder"
parent_id = "${data.sumologic_personal_folder.personalFolder.id}"
}
resource "sumologic_connection" "slack-connection" {
name = "Slack Connection"
type = "WebhookConnection"
description = "slack integration"
url = "MyWebhookUrl"
headers = {}
default_payload = <<JSON
{
"eventType" : "{{SearchName}}",
"description" : "{{SearchDescription}}",
"client" : "Sumo Logic",
"search_url" : "{{SearchQueryUrl}}",
"num_records" : "{{NumRawResults}}",
"search_results" : "{{AggregateResultsJson}}"
}
JSON
webhook_type = "Slack"
}
resource "sumologic_content" "content-to-alert" {
parent_id = "${sumologic_folder.sub-folder.id}"
config = <<JSON
{
"type" : "SavedSearchWithScheduleSyncDefinition",
"name" : "MyQueryError",
"search" : {
"queryText" : "ERROR",
"defaultTimeRange" : "-5m",
"byReceiptTime" : false,
"viewName" : "",
"viewStartTime" : "1970-01-01T00:00:00Z",
"queryParameters" : [],
"parsingMode" : "AutoParse"
},
"searchSchedule" : {
"cronExpression" : "17 * * * * ? *",
"displayableTimeRange" : "-5m",
"parseableTimeRange" : {
"type" : "BeginBoundedTimeRange",
"from" : {
"type" : "RelativeTimeRangeBoundary",
"relativeTime" : "-5m"
},
"to" : null
},
"timeZone" : "America/Los_Angeles",
"threshold" : {
"thresholdType": "group",
"operator": "gt",
"count": 0
},
"notification" : {
"taskType" : "WebhookSearchNotificationSyncDefinition",
"webhookId" : "${sumologic_connection.slack-connection.id}",
"payload" : null,
"itemizeAlerts" : false,
"maxItemizedAlerts" : 1
},
"scheduleType" : "RealTime",
"muteErrorEmails" : null,
"parameters" : []
},
"description" : "MyQueryErrorAlert"
}
JSON
}
I'm getting the following output:
sumologic_folder.sub-folder: Creating...
sumologic_connection.slack-connection: Creating...
sumologic_folder.sub-folder: Creation complete after 1s [id=0000000000D2AC59]
sumologic_connection.slack-connection: Creation complete after 1s [id=0000000000017AF2]
Error: Provider produced inconsistent final plan
When expanding the plan for
sumologic_content.content-to-alert to include new
values learned so far during apply, provider "sumologic" produced an invalid
new value for .config: was cty.StringVal(""), but now cty.StringVal("{\n
\"type\" : \"SavedSearchWithScheduleSyncDefinition\",\n \"name\" :
\"MyQueryError\",\n \"search\" : {\n
\"queryText\" : \"ERROR\",\n \"defaultTimeRange\" : \"-5m\",\n
\"byReceiptTime\" : false,\n \"viewName\" : \"\",\n \"viewStartTime\" :
\"1970-01-01T00:00:00Z\",\n \"queryParameters\" : [],\n \"parsingMode\"
: \"AutoParse\"\n },\n \"searchSchedule\" : {\n \"cronExpression\" : \"17
* * * * ? *\",\n \"displayableTimeRange\" : \"-5m\",\n
\"parseableTimeRange\" : {\n \"type\" : \"BeginBoundedTimeRange\",\n
\"from\" : {\n \"type\" : \"RelativeTimeRangeBoundary\",\n
\"relativeTime\" : \"-5m\"\n },\n \"to\" : null\n },\n
\"timeZone\" : \"America/Los_Angeles\",\n \"threshold\" : {\n
\"thresholdType\": \"group\",\n \"operator\": \"gt\",\n \"count\":
0\n },\n \"notification\" : {\n \"taskType\" :
\"WebhookSearchNotificationSyncDefinition\",\n \"webhookId\" :
\"0000000000017AF2\",\n \"payload\" : null,\n \"itemizeAlerts\" :
false,\n \"maxItemizedAlerts\" : 1\n },\n \"scheduleType\" :
\"RealTime\",\n \"muteErrorEmails\" : null,\n \"parameters\" : []\n
},\n \"description\" : \"MyQueryErrorAlert\"\n}\n").
This is a bug in the provider, which should be reported in the provider's own
issue tracker.
But then, if I just re-run it again, the sumologic_content resource is created without any issue.
I've already tried adding the depends_on
in the sumologic_content
but the result is the same.
Am I doing something wrong?
When user uses base URL like https://api.sumologic.com/api/v1/
instead of https://api.sumologic.com/api/
then provider instead of handling that prints the following
Error: {"id":"O6SOJ-9BDH3-YQG04","errors":[{"code":"unauthorized","message":"Credential could not be verified."}]}
It would be better to warn the user that the provided API URL doesn't seem right.
Have a CloudWatch polling source defined, e.g.
resource "sumologic_collector" "collector" {
name = "mccartney-2020-06-aws-cloudwatch"
description = "Defined by Terraform"
}
resource "sumologic_polling_source" "terraform_cw_metrics" {
name = "2020-06-mccartney-testing-out-terraform-for-cw"
description = "Testing Terraform"
category = "aws/mccartney-cloudwatch-by-terraform"
content_type = "AwsCloudWatch"
scan_interval = 300000
paused = false
collector_id = sumologic_collector.collector.id
authentication {
type = "S3BucketAuthentication"
access_key = "REDACTED"
secret_key = "REDACTED"
}
path {
type = "CloudWatchPath"
limit_to_regions = ["eu-west-1"]
limit_to_namespaces = ["AWS/EC2"]
}
}
Then run terraform apply
multiple times without any changes
Terraform sees path.type
as changed every time I run it.
Plan: 0 to add, 1 to change, 0 to destroy.
The argument reference seems to differ from the actual resource schema:
resource "sumologic_role" "example_role" {
name = "TestRole123"
description = "Testing resource sumologic_role"
filter_predicate = "_sourceCategory=Test"
users = [
"0000000000000001",
"0000000000000002"
]
capabilities = [
"manageCollectors"
]
}
results in:
Error: Unsupported argument
on main.tf line 6, in resource "sumologic_role" "role":
6: users = []
An argument named "users" is not expected here.
Hey! Thanks for the great provider, having some issues with the Cloudtrail piece though.
Example configuration:
resource "sumologic_cloudtrail_source" "terraform_cloudtrail_source" {
name = "Amazon Cloudtrail"
description = "Cloudtrail logs from our AWS account"
category = "aws/cloudtrail"
content_type = "AwsCloudTrailBucket"
scan_interval = 300000
paused = false
collector_id = sumologic_collector.aws_collector.id
authentication {
type = "S3BucketAuthentication"
role_arn = aws_iam_role.sumologic_iam_role.arn
}
path {
type = "S3BucketPathExpression"
bucket_name = "cloudtrail"
path_expression = "AWSLogs/xxxxxxxx/CloudTrail/*"
}
}
Example error
Error: {
"status" : 500,
"id" : "BOKTB-T8R2I-HESK0",
"code" : "internal.error",
"message" : "Internal server error."
}
on sumologic.tf line 6, in resource "sumologic_cloudtrail_source" "terraform_cloudtrail_source":
6: resource "sumologic_cloudtrail_source" "terraform_cloudtrail_source" {
Please reach out if you need more information to troubleshoot this.
Thanks!
I propose adding a data forwarding resource to compliment the sumologic_partition resource. IDs are needed for sumologic_partitions when adding data_forwarding options
We started using SumoLogic by defining roles and adding users manually but want to manage via terraform both roles and users. We did tried to convert existing roles manually to tf and also manipulating state file. I request to provide terraform import module to convert existing roles and users into terraform and manage effectively.
#########################################
Sumologic example_role
#########################################
resource "sumologic_role" "example_role" {
name = "example_role"
description = "Testing resource sumologic_role via terraform"
filter_predicate = "!(_sourceCategory=audit_pci or _source="AuditLog" or sourceCategory=prod*_pci)"
capabilities = ["viewScheduledViews", "manageMonitors", "viewPartitions", "viewFields", "viewFieldExtraction", "changeDataAccessLevel", "viewCollectors"]
}
State file modification:
{
"mode": "managed",
"type": "sumologic_role",
"name": "example_role",
"provider": "provider.sumologic",
"instances": [
{
"schema_version": 0,
"attributes": {
"capabilities": [
"viewScheduledViews",
"manageMonitors",
"viewPartitions",
"viewFields",
"viewFieldExtraction",
"changeDataAccessLevel",
"viewCollectors"
],
"description": "Testing resource sumologic_role via terraform",
"filter_predicate": "!(_sourceCategory=audit_pci or _source=\"AuditLog\" or _sourceCategory=prod_*_pci)",
"id": "XXXXXXX",
"name": "example_role"
},
"private": "YYYYYYY"
}
]
}
The primitive behavior fields cannot be set to false
. You can opt out of a behavior by omitting it.
ref: https://www.terraform.io/docs/extend/schemas/schema-behaviors.html
Just testing connectivity. Ignore it
Being able to download the precompiled provider from the assets for the release was very convenient in the old repo https://github.com/SumoLogic/terraform-provider-sumologic/releases. Would be nice if that could be added to this new location
According to docs https://api.us2.sumologic.com/docs/#operation/beginAsyncImport it is possible to update the content without destroying it by flag overwrite=True
in the endpoint. Without this, every dashboard link is expiring every terraform run
In sumologic_monitor
resources you can use special variables, e.g. {{NumQueryResults}}
. It's hard to guess their names.
They should:
=====
Similarly when using sumologic_connection
it's hard to guess all the variables one can use: {{SearchQueryUrl}}
or {{TimeRange}}
. They should be documented too.
Are there any plans to add a dedicated resource for scheduled searches & alerts based on those searches in the future?
In the meantime, is it possible to leverage scheduled_views
for similar purposes?
I would expect the documentation here https://www.terraform.io/docs/providers/sumologic/r/http_source.html to meantion host_name
and filter
arguments. I only know they exist because I imported an existing resource
resource "sumologic_http_source" "http_source" {
name = var.sumologic_source_name
category = var.sumologic_source_category
collector_id = data.sumologic_collector.collector.id
description = var.app_name
host_name = var.host_name
filters {
filter_type = "Mask"
mask = "[FILTERED]"
name = "Mask router log"
regexp = "path=\"\\/api\\/v1\\/(.*)\""
}
I noticed that only http sources are currently importable. If possible, can that be updated so all three can be imported?
https://github.com/terraform-providers/terraform-provider-sumologic/blob/master/sumologic/resource_sumologic_polling_source.go#L13-L16
If not, it might be useful to have a note in the documentation for why that can't be done.
https://www.terraform.io/docs/providers/sumologic/r/cloudsyslog_source.html
Looks like the list of capabilities is position dependent and thus is triggering changes if not specified in specific order:
# sumologic_role.developers will be updated in-place
~ resource "sumologic_role" "developers" {
~ capabilities = [
"manageFieldExtractionRules",
"manageConnections",
- "manageMonitors",
"viewCollectors",
+ "manageMonitors",
]
id = "000000000021AC0F"
name = "Developers"
}
It would be awesome to have support for creating Dashboards!
I'd be great if the provider supported importing (terraform import
) a polling source resource. Similar to what collectors do.
Currently it fails with:
Error: resource sumologic_polling_source doesn't support import
(I ended up manually hacking the state file)
Due to different configuraton of c2c sources, where the source name is located in the config
block, the current import by name methods do not work.
https://www.terraform.io/docs/providers/sumologic/index.html
only shows 3 data source while the code supports 6
When I'm trying to create a content using file() function, I'm getting an error:
$ terraform apply -auto-approve
sumologic_folder.this: Refreshing state... [id=0000000001230571]
sumologic_content.this: Creating...
Error: {"id":"RADAY-7WDCD-QJ601","errors":[{"code":"service.argument.invalid","message":"The request body you've provided is invalid. Could not resolve type 'null' as a subtype of 'ContentSyncDefinition'"}]}
on main.tf line 9, in resource "sumologic_content" "this":
9: resource "sumologic_content" "this" {
$ cat main.tf
data "sumologic_personal_folder" "this" {}
resource "sumologic_folder" "this" {
parent_id = data.sumologic_personal_folder.this.id
name = "JenkinsErrors"
description = "Jenkins build errors"
}
resource "sumologic_content" "this" {
parent_id = sumologic_folder.this.id
config = jsonencode(file("${path.module}/data.json"))
}
$ cat data.json
{
"type": "SavedSearchWithScheduleSyncDefinition",
"name": "some-query",
"search": {
"queryText": "\"some query\"",
"defaultTimeRange": "-15m",
"byReceiptTime": false,
"viewName": "",
"viewStartTime": "1970-01-01T00:00:00Z",
"queryParameters": [],
"parsingMode": "Manual"
},
"searchSchedule": {
"cronExpression": "17 * * * * ? *",
"displayableTimeRange": "-5m",
"parseableTimeRange": {
"type": "BeginBoundedTimeRange",
"from": {
"type": "RelativeTimeRangeBoundary",
"relativeTime": "-5m"
},
"to": null
},
"timeZone": "Etc/UTC",
"threshold": {
"thresholdType": "group",
"operator": "gt",
"count": 0
},
"notification": {
"taskType": "WebhookSearchNotificationSyncDefinition",
"webhookId": "0000000000015290",
"payload": null,
"itemizeAlerts": true,
"maxItemizedAlerts": 50
},
"scheduleType": "RealTime",
"muteErrorEmails": false,
"parameters": []
},
"description": ""
}
But when I keep the entire json in main.tf file, everything works fine:
$ terraform apply -auto-approve
sumologic_folder.this: Refreshing state... [id=0000000001230571]
sumologic_content.this: Creating...
sumologic_content.this: Creation complete after 4s [id=0000000001226A9B]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
data "sumologic_personal_folder" "this" {}
resource "sumologic_folder" "this" {
parent_id = data.sumologic_personal_folder.this.id
name = "JenkinsErrors"
description = "Jenkins build errors"
}
resource "sumologic_content" "this" {
parent_id = sumologic_folder.this.id
config = jsonencode(
{
"type": "SavedSearchWithScheduleSyncDefinition",
"name": "some-query",
"search": {
"queryText": "\"some query\"",
"defaultTimeRange": "-15m",
"byReceiptTime": false,
"viewName": "",
"viewStartTime": "1970-01-01T00:00:00Z",
"queryParameters": [],
"parsingMode": "Manual"
},
"searchSchedule": {
"cronExpression": "17 * * * * ? *",
"displayableTimeRange": "-5m",
"parseableTimeRange": {
"type": "BeginBoundedTimeRange",
"from": {
"type": "RelativeTimeRangeBoundary",
"relativeTime": "-5m"
},
"to": null
},
"timeZone": "Etc/UTC",
"threshold": {
"thresholdType": "group",
"operator": "gt",
"count": 0
},
"notification": {
"taskType": "WebhookSearchNotificationSyncDefinition",
"webhookId": "0000000000015292",
"payload": null,
"itemizeAlerts": true,
"maxItemizedAlerts": 50
},
"scheduleType": "RealTime",
"muteErrorEmails": false,
"parameters": []
},
"description": ""
}
)
}
terraform 0.14.2
sumologic 2.6.0
It would be nice to have support in SumoLogic provider for data forwarding so that that it can be setup via IaC instead of manual configuration.
When user provides incorrect credentials he gets something like
Error: <html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 401 User could not be found.</title>
</head>
<body><h2>HTTP ERROR 401 User could not be found.</h2>
<table>
<tr><th>URI:</th><td>/api/v1/fields</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>User could not be found.</td></tr>
<tr><th>SERVLET:</th><td>rest</td></tr>
</table>
</body>
</html>
Ideally this should be handled and explicitly stated that the credentials are most likely incorrect.
When using the sumologic_role data source to import a role with a space in the name fails when running terraform plan. Using the following data definition:
data "sumologic_role" "example_role" {
name = "Test Role"
}
will fail with the following error
data.sumologic_role.seceng_role: Refreshing state...
Error: role with name Test Role not found: <h1>Bad Message 400</h1><pre>reason: Illegal character SPACE=' '</pre>
on main.tf line 1, in data "sumologic_role" "example_role":
1: data "sumologic_role" "example_role" {
A workaround for this issue is to encode the space in the role name with url encoding.
Hi,
At the moment the sumologic_user.go doesn't support finding user by e-mail. This can be useful for user data resource.
How is it supposed to commit/make PR for changes in such files. Sorry, could find documented anything about this.
The rest API has support to list all users but allows query parameters https://api.eu.sumologic.com/docs/#operation/listUsers
I would like to contribute but have no idea what to do next ...
Regards,
Constantin
The use case is simple: we started using SumoLogic by manually defining roles and people belonging to them but we would like to manage and control this using IaC approach. For instance: we have got now at least 3 roles: Developers, Security Team, Admins. I want to manage via terraform members of these teams. I know that that I can reference the user by ID at the moment but that's hacky and not readable at all (you have to make and API query to find it).
Referencing members of role by e-mail address seemed to me a logical thing, once lookup by e-mail is implemented as it's supposed to be unique and also easy to read in config file.
I hope it makes sense.
I suggest to support https://help.sumologic.com/Metrics/Metric_Rules_Editor/Create_Metric_Rules
Having issues while trying the new monitor_folder and metrics_monitor resources as documented here:https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/monitor with sumologic provider version 2.2.1
Trying to instantiate a metric monitor fails, giving out non clear errors in the terraform apply.
I tested both creating a new monitor_folder and then a metric monitor, like in the docs:
`resource "sumologic_monitor_folder" "monitor_folder" {
name = "${var.folder_name}-monitors"
description = var.folder_description
}
resource "sumologic_monitor" "metrics_monitor" {
for_each = var.monitor_configs
parent_id = sumologic_monitor_folder.monitor_folder.id
name = format("%s", each.key)
description = each.value.description
type = "MonitorsLibraryMonitor"
is_disabled = false
content_type = "Monitor"
monitor_type = "Metrics"
queries {
row_id = "A"
query = each.value.query
}
triggers {
threshold_type = each.value.triggers.threshold_type
threshold = each.value.triggers.threshold
time_range = each.value.triggers.time_range
occurrence_type = each.value.triggers.occurrence_type
trigger_source = "AllTimeSeries"
trigger_type = "ResolvedCritical"
detection_method = "StaticCondition"
}
notifications {
notification {
action_type = "EmailAction"
recipients = each.value.email_notification_list
subject = "Triggered: ${format("%s", each.key)}"
time_zone = "PST"
message_body = ""
}
run_for_trigger_types = ["Critical", "ResolvedCritical"]
}
}`
And by giving the id of an already existing personal folder to the metric monitor:
`resource "sumologic_monitor" "metrics_monitor" {
for_each = var.monitor_configs
parent_id = data.sumologic_personal_folder.personalFolder.id
name = format("%s", each.key)
description = each.value.description`
In both cases, the apply fails without giving a reason:
Error: {"id":"V3PXX-408CZ-TQHAA","errors":[]}
on .terraform/modules/xinfra-ci-aks-dev.sumologic-kubernetes-cluster-configurations/sumologic-content.tf line 69, in resource "sumologic_monitor_folder" "monitor_folder":
69: resource "sumologic_monitor_folder" "monitor_folder" {
`Error: {"id":"P86EV-M4HY2-MDG42","errors":[]}
on .terraform/modules/matteo-aks-dev.sumologic-kubernetes-cluster-configurations/sumologic-content.tf line 75, in resource "sumologic_monitor" "metrics_monitor":
75: resource "sumologic_monitor" "metrics_monitor" {`
It's also worth noting that the online docs lacks a section about the sumologic_monitor_folder, that might be part of the issue, as I get the impression that a monitor folder is needed in order to deploy metrics monitors correctly.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.