Detection as code - issue when deploying deployment of rule

Question

Amazing news with the detection as code!!!

https://medium.com/google-cloud/detection-as-code-in-google-secops-with-terraform-646de8967278

I have a question regarding this, when I'm deploying a rule, I'm getting the following error:

Error: Error creating RuleDeployment: googleapi: Error 409: run frequency already set to RUN_FREQUENCY_REALTIME

The error is referring to these pieces of code:

Main file:

resource "google_chronicle_rule_deployment" "rule_deployment" {
  for_each      = local.secops_rule_deployment
  provider      = google-beta
  project       = var.secops_config.project
  location      = var.secops_config.location
  instance      = var.secops_config.instance
  rule          = google_chronicle_rule.rule[each.key].rule_id
  enabled       = each.value.enabled
  alerting      = each.value.alerting
  archived      = each.value.archived
  run_frequency = each.value.run_frequency
}

And secops_rules.yaml:

se_999_rule_test:
  enabled: false
  alerting: false
  archived: false
  run_frequency: LIVE

Do you know what could be happening? I'm able to deploy the google_chronicle_rule resource (which means the connection is ok) but not the deployment resource 😞

keso · Accepted Answer

[edit 26 Feb 2025] The issue was fixed &#128516;  I just found out what is happening. When the enabled flag is set to FALSE, the issue happens. When it is set to TRUE, it works. This seems as a bug in the terraform code itself. Anyhow,  the terraform resource is still in BETA, so it is expected this kind of behaviors. If you have the same issue: https://github.com/hashicorp/terraform-provider-google/issues/21346

bruzzechesse · Answer

[edit 26 Feb 2025] The issue was fixed &#128516;  I just found out what is happening. When the enabled flag is set to FALSE, the issue happens. When it is set to TRUE, it works. This seems as a bug in the terraform code itself. Anyhow,  the terraform resource is still in BETA, so it is expected this kind of behaviors. If you have the same issue: https://github.com/hashicorp/terraform-provider-google/issues/21346Hi, sorry for late reply but I have just seen your question. Latest version of the provider should have fixed couple of those issues, just give it a try and let me know if it works fine now! &#128578;

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded