Azure Storage (Blob, Queue, Table) Logging in Terraform with for

I am writing Terraform code to enable logging on Azure Storage Blob, Queue and Table types. With my current code, I need to fetch data for each Storage type,say for example Blob, and use it to get it's log and metrics details.

Is there any way I could use for_each and locals to avoid repeating the same block of code for each Storage type. Below is what the code looks like now for Blob type,

data "azurerm_monitor_diagnostic_categories" "storage_blob" {
  resource_id = "${azurerm_storage_account.stamp.id}/blobServices/default/"
}

resource "azurerm_monitor_diagnostic_setting" "storage_blob" {
  name                       = "storageblobladiagnostics"
  target_resource_id         = "${azurerm_storage_account.stamp.id}/blobServices/default/"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.stamp.id

  dynamic "log" {
    iterator = entry
    for_each = data.azurerm_monitor_diagnostic_categories.storage_blob.logs

    content {
      category = entry.value
      enabled  = true

      retention_policy {
        enabled = true
        days    = 30
      }
    }
  }

  dynamic "metric" {
    iterator = entry
    for_each = data.azurerm_monitor_diagnostic_categories.storage_blob.metrics

    content {
      category = entry.value
      enabled  = true

      retention_policy {
        enabled = true
        days    = 30
      }
    }
  }
}

The below implementation doesn't seem to work as the data block is not able handle the for_each expression in the dynamic block

locals {
storage = ["blobServices", "tableServices", "queueServices"]
}

data "azurerm_monitor_diagnostic_categories" "storage_blob" {
  resource_id = "${azurerm_storage_account.stamp.id}/${each.key}/default/"
}



resource "azurerm_monitor_diagnostic_setting" "storage_blob" {
  for_each                   = toset(local.storage)
  name                       = "storageblobladiagnostics"
  target_resource_id         = "${azurerm_storage_account.stamp.id}/${each.key}/default/"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.stamp.id

  dynamic "log" {
    iterator = entry
    for_each = data.azurerm_monitor_diagnostic_categories.storage_blob.logs

    content {
      category = entry.value
      enabled  = true

      retention_policy {
        enabled = true
        days    = 30
      }
    }
  }

  dynamic "metric" {
    iterator = entry
    for_each = data.azurerm_monitor_diagnostic_categories.storage_blob.metrics

    content {
      category = entry.value
      enabled  = true

      retention_policy {
        enabled = true
        days    = 30
      }
    }
  }
}

CodePudding user response：

In order for this to work, you would have to adjust the code slightly. In your example, the data source is not using for_each, so it cannot be used the way you want. The adjustment is as follows:

locals {
storage = ["blobServices", "tableServices", "queueServices"]
}

data "azurerm_monitor_diagnostic_categories" "storage_blob" {
  for_each    = toset(local.storage)
  resource_id = "${azurerm_storage_account.stamp.id}/${each.key}/default/"
}

resource "azurerm_monitor_diagnostic_setting" "storage_blob" {
  for_each                   = toset(local.storage)
  name                       = "storageblobladiagnostics"
  target_resource_id         = "${azurerm_storage_account.stamp.id}/${each.key}/default/"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.stamp.id

  dynamic "log" {
    iterator = entry
    for_each = "${data.azurerm_monitor_diagnostic_categories.storage_blob[each.key].logs}"
    content {
      category = entry.value
      enabled  = true

      retention_policy {
        enabled = true
        days    = 30
      }
    }
  }

  dynamic "metric" {
    iterator = entry
    for_each = "${data.azurerm_monitor_diagnostic_categories.storage_blob[each.key].metrics}"

    content {
      category = entry.value
      enabled  = true

      retention_policy {
        enabled = true
        days    = 30
      }
    }
  }
}