Kibana UI seems to enforce "notifyWhen" under alerts actions in "frequency", but Terraform does not import it #590
Labels
bug
Something isn't working
Comments
|
Also, I tried adding the "frequency" setting in Terraform - But Terraform plan resulted in this error - An argument named "frequency" is not expected here. The documentation here : https://registry.terraform.io/providers/elastic/elasticstack/latest/docs/resources/kibana_alerting_rule#notify_when specifies this NOTE: This is a rule level property; if you update the rule in Kibana, it is automatically changed to use action-specific notify_when values. But the action schema itself does not support frequency setting under "actions". |
|
Duplicate of #524 |
|
Fixed by elastic/kibana#186963. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When we started automating the Kibana alerts using Terraform provider: https://registry.terraform.io/providers/elastic/elasticstack/latest/docs, we started checking the basic skeleton of the resource "elasticstack_kibana_alerting_rule" across multiple Kibana alert types like "ElasticSearch Query rule", "Log threshold", "Index threshold" etc. which were created in our ELK manually via UI.
We are now managing alerts using this automation with the Terraform configuration for the resources exactly as specified in the sample here: https://github.com/elastic/terraform-provider-elasticstack/blob/main/examples/resources/elasticstack_kibana_alerting_rule/resource-index-rule.tf
For the above alert types, they required "notifyWhen" field at the rule level: https://github.com/elastic/terraform-provider-elasticstack/blob/main/examples/resources/elasticstack_kibana_alerting_rule/resource-index-rule.tf#L7
This automation was working fine until we upgraded our ELK clusters from ~v8.9 to v8.12.
For the alerts created with "notifyWhen" set on "rule-level", I am currently observing that manual updates to these alerts results in UI enforcing it at "action-level" in the form of "frequency" map as follows -
For context, we have all rules imported to have source of truth, but also allow our teams to test feature via UI.
My apologies for such lengthy issue description, but I have tried to add as much details as possible.
To Reproduce
Steps to reproduce the behavior:
When I try to update from UI, I also tracked the API call it makes to update the alert - PUT API call with following payload :
If I remove the resource from Terraform state just to import it , the following is from the GET API call made by Terraform:
We can see that "notifyWhen" setting is moved to "frequency" map under alert "actions" :
But it is not imported in Terraform resource configuration - It's not present at either places
Additionally, if an alert is created from UI, the "notifyWhen" is set at "action-level" - The following is from "Inspect" browser tool to get the request payload while the UI performs POST API call to create a new rule :
So, our expectation is that for alerts created with UI, we need a means to support the "frequency" setting at "action-level" as well in the Terraform provider. This is also because we would like to use the newer features like "on custom action intervals" which internally uses the "frequency" setting which we are unable as the provider does not support it :
Expected behavior
The provider should import the frequency setting under "frequency" in alert actions as the API call returns it.
Versions (please complete the following information):
The text was updated successfully, but these errors were encountered: