Terraform-provider-azurerm: azurerm_sql_database.webdb: Error setting database threat detection policy

Created on 25 Sep 2018 · 13Comments · Source: terraform-providers/terraform-provider-azurerm

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Hello,
When i try to apply threat_detection_policy on sql-azure database, i reach an issue.

Terraform Version

terraform -v
Terraform v0.11.7
+ provider.azurerm v1.15.0

Affected Resource(s)

azurerm_sql_database

Terraform Configuration Files

resource "azurerm_sql_database" "webdb" {
  name                = "sql-${random_id.sqlnameId.hex}-web-db"
  resource_group_name = "${azurerm_resource_group.mainRG.name}"
  location            = "${azurerm_resource_group.mainRG.location}"
  server_name         = "${azurerm_sql_server.srv_sql.name}"
  edition             = "Standard"

  threat_detection_policy {
    state = "Enabled"
  }


}

Debug Output

azurerm_sql_database.webdb: Error setting database threat detection policy: sql.DatabaseThreatDetectionPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: json: cannot unmarshal array into Go struct field serviceError2.details of type map[string]interface {}

Steps to Reproduce

terraform apply

bug servicmssql

Source

seitosan

👍18

Most helpful comment

Hello everyone.

While building an Azure SQL Module I stumbled upon the same errors this issue details.
But for one thing, even when populating my email_addresses variable with a list, I still encounter the issue.

Config:
Terraform v0.12.2

provider.azurerm v1.30.1

variable "email_addresses" {
description = "A list of email addresses which alerts should be sent to."
type = list(any)
}

resource "azurerm_sql_database" "sql" {
....

threat_detection_policy {
  state                      = var.state
  email_account_admins       = var.email_account_admins
  email_addresses            = var.email_addresses
  retention_days             = var.retention_days
  storage_account_access_key = var.storage_account_access_key
  storage_endpoint           = var.storage_endpoint
  use_server_default        = var.use_server_default

}

}

system.auto.tfvars
email_addresses = ["[email protected]",]

error:
Error: Error setting database threat detection policy: sql.DatabaseThreatDetectionPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=400 -- Original Error: json: cannot unmarshal array into Go struct field serviceError2.details of type map[string]interface {}

chfrodin on 19 Jun 2019

👍9

All 13 comments

I also have this issue on the following versions:
Terraform v0.11.10

provider.azurerm v1.19.0

jameswhinn on 25 Nov 2018

👍2

I have the same issue.

Here's my code:

resource "azurerm_sql_database" "sqlDatamartDB" {
  name                             = "${var.nameenv == "D" ? "DEV" : var.nameenv == "Q" ? "QA" :var.nameenv == "E" ? "Demo" : upper(var.nameenv)}"
  resource_group_name              = "${var.resource_group_name}"
  location                         = "${var.resource_group_location}"
  server_name                      = "${var.sql_server_name}"
  edition                          = "Standard"
  requested_service_objective_name = "S3"

  threat_detection_policy {
    state = "New"
    retention_days = "10"
    storage_account_access_key = "${var.storage_account_primary_access_key}"
    storage_endpoint = "${var.storage_account_primary_blob_endpoint}"
  }
}

Terraform v0.11.10

provider.azurerm: version = "~> 1.19"

AresiusXP on 5 Dec 2018

Hello dude,

I solved it, with this version and with this code :

Terraform v0.11.10
+ provider.azurerm v1.19.0

 threat_detection_policy = {
    state                      = "Enabled"
    email_addresses            = "${var.threat_email_notification}"
    storage_endpoint           = "${azurerm_storage_account.threat.primary_blob_endpoint}"
    storage_account_access_key = "${azurerm_storage_account.threat.secondary_access_key}"
    retention_days             = "${var.threat_retention_logs}"
  }

Tell me if it's works for you.

seitosan on 6 Dec 2018

👍3

Thanks for the info.

After some testing, I found that the field giving errors is email_addresses. Lack of this field throws an error. There's no way to implement Threat Detection Policy without this field being filled. However, documentation states that it's optional.

Either documentation should be changed, or some fix is needed.

As a byproduct of this issue, there should also be a fix for error management for this setting. Main problem we had is that the error is not being thrown correctly. There's no descriptive error message because there's an unmarshal error with sql.DatabaseThreatDetectionPoliciesClient#CreateOrUpdate.

AresiusXP on 6 Dec 2018

🎉1

hello @AresiusXP

I can propose this modification in a PR so that others do not have this problem

best regards

seitosan on 6 Dec 2018

Sure, if you think that'll help, I'm all for it. Thank you!

AresiusXP on 6 Dec 2018

After some testing, I found that the field giving errors is email_addresses. Lack of this field throws an error. There's no way to implement Threat Detection Policy without this field being filled.

Populating email_addresses worked for me and applied the plan successfully. Thanks!

jlucktay on 17 Dec 2018

Hello everyone.

While building an Azure SQL Module I stumbled upon the same errors this issue details.
But for one thing, even when populating my email_addresses variable with a list, I still encounter the issue.

Config:
Terraform v0.12.2

provider.azurerm v1.30.1

variable "email_addresses" {
description = "A list of email addresses which alerts should be sent to."
type = list(any)
}

resource "azurerm_sql_database" "sql" {
....

threat_detection_policy {
  state                      = var.state
  email_account_admins       = var.email_account_admins
  email_addresses            = var.email_addresses
  retention_days             = var.retention_days
  storage_account_access_key = var.storage_account_access_key
  storage_endpoint           = var.storage_endpoint
  use_server_default        = var.use_server_default

}

}

system.auto.tfvars
email_addresses = ["[email protected]",]

chfrodin on 19 Jun 2019

👍9

Like @chfrodin, I am also running into this same error still. Any updates on this??

davidtom on 10 Sep 2019

👍5

Just ran into this issue myself, any updates?

nezoic on 19 Jun 2020

Same here. I didn't get this issue as long as only one email address was in this list. As soon as I added another one, the error popped up. I'm using tf 0.14.3 and azurerm 2.41.0.

mikemowgli on 23 Dec 2020

@yupwei68 is this something you could kindly look into?

mikemowgli on 23 Dec 2020

Hello,

In my case i have finally solved this issue by use the following code :

Hello dude,

I solved it, with this version and with this code :

Terraform v0.11.10
+ provider.azurerm v1.19.0
 threat_detection_policy = {
    state                      = "Enabled"
    email_addresses            = "${var.threat_email_notification}"
    storage_endpoint           = "${azurerm_storage_account.threat.primary_blob_endpoint}"
    storage_account_access_key = "${azurerm_storage_account.threat.secondary_access_key}"
    retention_days             = "${var.threat_retention_logs}"
  }
Tell me if it's works for you.

But it's with old terraform version. I hope it can help you :)

seitosan on 23 Dec 2020

Was this page helpful?

0 / 5 - 0 ratings