Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AVM Module Issue]: Different Application Insights Instance for staging slot fails #145

Open
1 task done
psimon-sb opened this issue Dec 13, 2024 · 3 comments
Open
1 task done
Labels
Language: Terraform 🌐 This is related to the Terraform IaC language Status: Fixed ✅ Auto label applied when issue fixed by merged PR Type: Feature Request ➕ New feature or request

Comments

@psimon-sb
Copy link

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Issue Type?

I'm not sure

(Optional) Module Version

0.12

(Optional) Correlation Id

No response

Description

Hi there,

We want to use a staging slot with different Application Insights instance. Terraform fails to plan/apply since the connections string is sensitive and can be used when the slot resource is created via for_each.

Error

Sensitive values, or values derived from sensitive values, cannot be used
as for_each arguments. If used, the sensitive value could be exposed as a
resource instance key.

Config:

  deployment_slots = {
    staging = {
      name = "staging"  
      # Same behavior with  app_settings and direct env variables 
      # app_settings = {
      #   APPLICATIONINSIGHTS_CONNECTION_STRING = module.application_insights_staging.connection_string
      #   APPINSIGHTS_INSTRUMENTATIONKEY        = module.application_insights_staging.instrumentation_key
      # }
      site_config = {
        application_insights_connection_string = module.application_insights_staging.connection_string
        application_insights_key               = module.application_insights_staging.instrumentation_key
      }
    }
  }

Any ideas, how to solve this.

@psimon-sb psimon-sb added Language: Terraform 🌐 This is related to the Terraform IaC language Needs: Triage 🔍 Maintainers need to triage still labels Dec 13, 2024
@donovm4
Copy link
Contributor

donovm4 commented Dec 13, 2024

Hi @psimon-sb : I will look into this shortly.

@donovm4 donovm4 removed the Needs: Triage 🔍 Maintainers need to triage still label Dec 13, 2024
@donovm4
Copy link
Contributor

donovm4 commented Dec 19, 2024

@psimon-sb :

As stated in the error message, Terraform does not allow for sensitive values to be used as for_each arguments. The way the slots are created supports an N number of slots via for_each.

I believe the workaround here is possibly to use the nonsensitive function on the module.application_insights_staging.connection_string and module.application_insights_staging.instrumentation_key values.
source: nonsensitive Function

The new configuration could look like this:

deployment_slots = {
    staging = {
      name = "staging" 
      .
      .
      .
      site_config = {
        application_insights_connection_string = nonsensitive(module.application_insights_staging.connection_string)    <---
        application_insights_key               = nonsensitive(module.application_insights_staging.instrumentation_key)  <---
      }
    }
  }

When running my tests, I didn't see any sensitive values exposed in the console, but please test for your own reassurance.

I have a branch titled slot-app-insights that I will be merging soon. In the deployment_slot_with_interfaces example has a configuration with 3 different application insights:

  • AI for the app service (main slot) by default (with enable_application_insights is true)
  • AI for a development slot by creating an AI instance through the avm-res-web-site module with the slot_application_insights variable and setting application_insights_connection_string and application_insights_key
  • AI for a staging slot referencing an AT instance created outside of the avm-res-web-site module

Although the simple fix potentially is the use of the nonsensitive function, use will also be able to bypass this by using the AIs created through the module itself as well.

I will update once I have tested and published the next release, but please do not hesitate to reach out with anymore thoughts/questions/concerns.

@donovm4 donovm4 added the Type: Feature Request ➕ New feature or request label Dec 23, 2024
@donovm4
Copy link
Contributor

donovm4 commented Dec 23, 2024

@psimon-sb : please review the latest version (v0.14.0) and its release notes. Will mark as fixed, but please feel free to provide feedback as needed.

@donovm4 donovm4 added the Status: Fixed ✅ Auto label applied when issue fixed by merged PR label Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Language: Terraform 🌐 This is related to the Terraform IaC language Status: Fixed ✅ Auto label applied when issue fixed by merged PR Type: Feature Request ➕ New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants