Merge pull request #70 from Ontotext-AD/GDB-10224_fix_deployment_vaul…

…t_diagnostic_settings GDB-10224 Fixed the deployment of key vault diagnostic settings when monitoring is enabled
Ontotext-AD · May 9, 2024 · 3b43a74 · 3b43a74
2 parents ab23978 + 4b62165
commit 3b43a74
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,8 @@
   * Added check for total quorum availability before node joining the cluster.
   * Removed useless if check before waiting for the raft folder existence.
 
+* Fixed the deployment of `azurerm_monitor_diagnostic_setting` for the key vault when monitoring is enabled
+
 ## 1.0.1
 
 Updated GraphDB version to [10.6.3](https://graphdb.ontotext.com/documentation/10.6/release-notes.html#graphdb-10-6-3)

diff --git a/main.tf b/main.tf
@@ -208,8 +208,9 @@ module "monitoring" {
   ag_notifications_email_list = var.notification_recipients_email_list
 
   # Diagnostic settings
-  app_configuration_id = module.appconfig.app_configuration_id
-  key_vault_id         = var.tls_certificate_id != null ? null : module.vault[0].key_vault_id
+  app_configuration_id                 = module.appconfig.app_configuration_id
+  key_vault_id                         = var.tls_certificate_id != null ? null : module.vault[0].key_vault_id
+  create_key_vault_diagnostic_settings = var.tls_certificate_id == null ? true : false
 }
 
 # Creates a VM scale set for GraphDB and GraphDB cluster proxies

diff --git a/modules/monitoring/diagnostic_settings.tf b/modules/monitoring/diagnostic_settings.tf
@@ -13,7 +13,7 @@ resource "azurerm_monitor_diagnostic_setting" "application_config_diagnostic_set
 # Key Vault Audit log monitoring
 
 resource "azurerm_monitor_diagnostic_setting" "key_vault_diagnostic_settings" {
-  count = var.key_vault_id != null ? 1 : 0
+  count = var.create_key_vault_diagnostic_settings ? 1 : 0
 
   name                       = "Key Vault diagnostic settings"
   target_resource_id         = var.key_vault_id

diff --git a/modules/monitoring/variables.tf b/modules/monitoring/variables.tf
@@ -147,3 +147,8 @@ variable "key_vault_id" {
   description = "ID of the Key Vault resource, required for diagnostic settings"
   type        = string
 }
+
+variable "create_key_vault_diagnostic_settings" {
+  description = "Boolean variable to determine whether to create Key Vault diagnostic settings."
+  type        = bool
+}