-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Application Insights feature block hanging and Failure Anomalies Still Auto-Generated #18026
Application Insights feature block hanging and Failure Anomalies Still Auto-Generated #18026
Comments
This seems like a major oversight on Microsoft's part for Azure. Even if an Application Insights resource is deleted in the Portal, the automatically created Smart Detector alerts do not get removed. Link to feedback provided to Azure for upvoting on the Azure side: https://feedback.azure.com/d365community/idea/cdb1fc68-bb4f-ed11-a81b-000d3adfeb99 |
I wonder, why AzureRM creates the Failure alert rule in the first place? 🤔 |
We are using this to mitigate the issue:
|
upd: this answer appeared to be wrongAnd it seems we also managed to find a workaround for the issue by declaring the resource explicitly:resource "azurerm_monitor_smart_detector_alert_rule" "failureAnomalies" {
count = var.isProd ? 1 : 0
name = "Failure Anomalies"
resource_group_name = azurerm_resource_group.resourceGroup.name
detector_type = "FailureAnomaliesDetector"
scope_resource_ids = [azurerm_application_insights.appInsights.id]
severity = "Sev3"
frequency = "PT1M"
action_group {
ids = [one(azurerm_monitor_action_group.actionGroup).id]
}
} The funny thing is that you can see this alert is conditional, so it is provisioned for prod only, but somehow this declaration fixes the non-prod environments as well |
Even with "prevent_deletion_if_contains_resources = false" the destroy fails. |
We have the same problem too. When I run destroy pipeline, it's creates "Application Insights Smart Detection" resorce and sometimes "Failure Anomalies", so it is block resource group destruction. That really looks like a bug. |
I have the same issue. Even if you add "prevent_deletion_if_contains_resources = false" destroy fails. Indeed, a bug. Hoping Microsoft resolves this sooner. This resorts to "Click Ops," whereby one has to manually go and delete the resource and then rerun terraform for it to destroy the resource group. |
I had also the same issue. "prevent_deletion_if_contains_resources = false" works for me. With this flag set to false, destroy deletes, as it says in the documentation, all the nested resources and the resource group even if some resources are not in the tf state. _"When that feature flag is set, Terraform will skip checking for any Resources within the Resource Group and delete this using the Azure API directly (which will clear up any nested resources)." After I added this flag to my tf code, I manually deleted the old state and all the resources in Azure and redeployed everything. After this, destroy runs without any errors. |
To prevent of creation "Application Insights smart detection rules" and action group I added into my observability package this code: In that case, I have my custom Action group and Azure do not create its own Action group and rule In the documentation, I didn't find any information about this approach but it works for me. Update: Do we know how to prevent of creation these two resources? |
Hello, Thanks. |
Workaround for this resource "azurerm_application_insights" "application_insights" {
name = local.name
resource_group_name = var.resource_group_name
...
}
# This resource sits here just to have it imported in the state
resource "azurerm_monitor_action_group" "this" {
name = join("-", ["amag", local.name])
resource_group_name = var.resource_group_name
short_name = "amag" # used only for sms
}
resource "azurerm_monitor_smart_detector_alert_rule" "failure_anomalies" {
name = "Failure Anomalies - ${local.name}"
resource_group_name = var.resource_group_name
detector_type = "FailureAnomaliesDetector"
scope_resource_ids = [azurerm_application_insights.application_insights.id]
severity = "Sev0"
frequency = "PT1M"
action_group {
ids = [azurerm_monitor_action_group.this.id]
}
} In this way we have this in state, and when destroying, it gets destroyed automatically before resource group is. |
@DenisBalan This does not work for me; the |
It looks like there is some kind of policy that automatically creates Failure-Anomalies-Alert-Rule for new created Application Insights instance. I face this issue by creating Application Insights with Bicep/Arm. |
@stas-sultanov I tried using the portal and the azure cli and it doesnt auto-create these alerts; so thats a bit weird |
@danpetitt there is some kind of glitch in Azure. |
Nope! I also have this issue, lurking around going for a fix... |
unfortunately, I do not have support plan from MS to rise an Issue via Azure portal.. I just wonder how low qualified people in Microsoft are who implemented this automatic provision of Failure Anomalies Detector.. |
@stas-sultanov I have a support plan, I will create some obvious steps and log a ticket and see what they say ... probably not a lot, but we can hope. I can understand the first-experience that its useful to have this happen by default, but we should at least be able to opt-out especially for those using IaaC solutions and not the portal. I will report back if they say anything |
@danpetitt , thank you very much! |
…ate an open bug in Terraform. or instance, the Resource Group is not deleted when a `Failure Anomalies` resource is present. Reference: hashicorp/terraform-provider-azurerm#18026
… with Terraform. (#63) * Update APIM type to use api version `2023-03-01-preview` which does not have the issue when deleting the APIM. * Added dependency (`depends_on`) with for `azurerm_api_management_named_value.tenant_id` for the `azurerm_api_management_api_policy.policy` which is required when deleting the APIM due to an indirect dependency with the Tenant ID value. * Add `prevent_deletion_if_contains_resources` flag as `false` to mitigate an open bug in Terraform. or instance, the Resource Group is not deleted when a `Failure Anomalies` resource is present. Reference: hashicorp/terraform-provider-azurerm#18026
Still an issue for me |
Yes, same. Why would this be marked solved? Multiple people here have stated that the proposed fix in that merge does not work? |
The problem is that Microsoft states in the documentation that this behavior is by design. |
@danpetitt how did it go with the support ticket? |
Is there an existing issue for this?
Community Note
Terraform Version
1.2.7
AzureRM Provider Version
3.11.0
Affected Resource(s)/Data Source(s)
provider azurerm
Terraform Configuration Files
Debug Output/Panic Output
Expected Behaviour
I would expect if the
disable_generated_rule
was set totrue
, then the Smart Detector Rule that's auto-created would not be generated and/or the autocreated failure anomalies smart detector alert rule would also be turned off. The creation of an app insights resource would take about 30 seconds max. Ability to destroy a resource group not impeded.Actual Behaviour
In the
terraform apply
step of our pipeline, the App insights resource will seemingly hit a 10 minute timeout. The resource will have already been created and visible in the Azure portal, but will bestill creating
according to the pipeline, which feels unnecessary. Waiting for this step to complete when it has completed... but terraform doesn't get that message?The rule for
Failure Anomalies - {{name of App insights resource}}
still is created (as a hidden resource)Which then causes our
terraform destroy
step to fail:My theory is that in the time that the app insights sat waiting (10 minutes) it was enough time for the auto-generated, hidden alert to come online.
First issue: Setting that feature flag makes the build time take (up to) 10 minutes as it waits... even if the resource is in fact finished being created.
If we explicitly call out a smart detection rule to disable and remove the feature block:
Then in the
terraform apply
stage:App insights does not hang, and usually we can delete the resource group before the Failure Anomalies gets generated.
** Second Issue:** Failure Anomalies are "Smart Detection Alert Rules" and not "Smart Detection Rules" are seemingly not under the purview of "disable_generated_rule" flag - ... see the note at this documentation section
The Request / The Ask
disable_generated_rule
flag istrue
This documentation describes creating it explicitly. However it feels counterintuitive to explicitly create the resource in terraform (that we don't even get told is there because it's a hidden resource) just so we can have the control to delete it. We never define this hidden resource to be included in our builds in the first place, so we don't have the means to explicitly destroy it.
All this may stem from a recent change under the hood for Azure, but if the terraform equivalents could match, that would be great.
Steps to Reproduce
Important Factoids
No response
References
PR #16170
On Azure's end, I'm trying to figure out whether some functionality changed under the hood recently that caused this to pop up? Or if it moved to be controlled by something else?
The text was updated successfully, but these errors were encountered: