-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathdiagnostics.tf
107 lines (86 loc) · 3.84 KB
/
diagnostics.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
locals {
diag_resource_list = (var.diagnostics != null) ? split("/", var.diagnostics.destination) : []
parsed_diag = (var.diagnostics != null) ? {
log_analytics_id = contains(local.diag_resource_list, "Microsoft.OperationalInsights") ? var.diagnostics.destination : null
storage_account_id = contains(local.diag_resource_list, "Microsoft.Storage") ? var.diagnostics.destination : (var.kv_pointer_enable ? data.azurerm_storage_account.pointer_logging_name[0].id : azurerm_storage_account.pgsql[0].id)
event_hub_auth_id = contains(local.diag_resource_list, "Microsoft.EventHub") ? var.diagnostics.destination : null
metric = var.diagnostics.metrics
log = var.diagnostics.logs
} : {
log_analytics_id = null
storage_account_id = null
event_hub_auth_id = null
metric = []
log = []
}
}
data "azurerm_monitor_diagnostic_categories" "postgresql_server" {
count = (var.diagnostics != null) ? 1 : 0
resource_id = azurerm_postgresql_server.pgsql.id
}
resource "azurerm_monitor_diagnostic_setting" "postgresql_server" {
count = (var.diagnostics != null) ? 1 : 0
name = "${var.name}-pgsql-diag"
target_resource_id = azurerm_postgresql_server.pgsql.id
log_analytics_workspace_id = local.parsed_diag.log_analytics_id
eventhub_authorization_rule_id = local.parsed_diag.event_hub_auth_id
eventhub_name = local.parsed_diag.event_hub_auth_id != null ? var.diagnostics.eventhub_name : null
storage_account_id = local.parsed_diag.storage_account_id
dynamic "log" {
for_each = data.azurerm_monitor_diagnostic_categories.postgresql_server[0].logs
content {
category = log.value
enabled = contains(local.parsed_diag.log, "all") || contains(local.parsed_diag.log, log.value)
retention_policy {
enabled = true
days = 90
}
}
}
dynamic "metric" {
for_each = data.azurerm_monitor_diagnostic_categories.postgresql_server[0].metrics
content {
category = metric.value
enabled = contains(local.parsed_diag.metric, "all") || contains(local.parsed_diag.metric, metric.value)
retention_policy {
enabled = true
days = 90
}
}
}
}
data "azurerm_monitor_diagnostic_categories" "key_vault" {
count = (var.diagnostics != null && (var.kv_db_create != null && var.kv_db_create == true)) ? 1 : 0
resource_id = var.kv_db_create ? azurerm_key_vault.pgsql[0].id : data.azurerm_key_vault.db[0].id
}
resource "azurerm_monitor_diagnostic_setting" "key_vault" {
count = (var.diagnostics != null && (var.kv_db_create != null && var.kv_db_create == true)) ? 1 : 0
name = "${var.name}-keyvault-diag"
target_resource_id = var.kv_db_create ? azurerm_key_vault.pgsql[0].id : data.azurerm_key_vault.db[0].id
log_analytics_workspace_id = local.parsed_diag.log_analytics_id
eventhub_authorization_rule_id = local.parsed_diag.event_hub_auth_id
eventhub_name = local.parsed_diag.event_hub_auth_id != null ? var.diagnostics.eventhub_name : null
storage_account_id = local.parsed_diag.storage_account_id
dynamic "log" {
for_each = data.azurerm_monitor_diagnostic_categories.key_vault[0].logs
content {
category = log.value
enabled = contains(local.parsed_diag.log, "all") || contains(local.parsed_diag.log, log.value)
retention_policy {
enabled = true
days = 90
}
}
}
dynamic "metric" {
for_each = data.azurerm_monitor_diagnostic_categories.key_vault[0].metrics
content {
category = metric.value
enabled = contains(local.parsed_diag.metric, "all") || contains(local.parsed_diag.metric, metric.value)
retention_policy {
enabled = true
days = 90
}
}
}
}