This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Detection as code - issue when deploying deployment of rule

Posted on 02-11-2025 05:11 AM
keso
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Amazing news with the detection as code!!!

 https://medium.com/google-cloud/detection-as-code-in-google-secops-with-terraform-646de8967278

I have a question regarding this, when I'm deploying a rule, I'm getting the following error:

 

Error: Error creating RuleDeployment: googleapi: Error 409: run frequency already set to RUN_FREQUENCY_REALTIME

 

 

The error is referring to these pieces of code:

Main file:

resource "google_chronicle_rule_deployment" "rule_deployment" {
  for_each      = local.secops_rule_deployment
  provider      = google-beta
  project       = var.secops_config.project
  location      = var.secops_config.location
  instance      = var.secops_config.instance
  rule          = google_chronicle_rule.rule[each.key].rule_id
  enabled       = each.value.enabled
  alerting      = each.value.alerting
  archived      = each.value.archived
  run_frequency = each.value.run_frequency
}

And secops_rules.yaml:

se_999_rule_test:
  enabled: false
  alerting: false
  archived: false
  run_frequency: LIVE

 

Do you know what could be happening? I'm able to deploy the google_chronicle_rule resource (which means the connection is ok) but not the deployment resource ๐Ÿ˜ž

Solved Solved
0 2 276
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
keso
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

[edit 26 Feb 2025] The issue was fixed ๐Ÿ˜„ 

 

I just found out what is happening. When the enabled flag is set to FALSE, the issue happens. When it is set to TRUE, it works. This seems as a bug in the terraform code itself. Anyhow,  the terraform resource is still in BETA, so it is expected this kind of behaviors. If you have the same issue: 

https://github.com/hashicorp/terraform-provider-google/issues/21346

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
keso
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

[edit 26 Feb 2025] The issue was fixed ๐Ÿ˜„ 

 

I just found out what is happening. When the enabled flag is set to FALSE, the issue happens. When it is set to TRUE, it works. This seems as a bug in the terraform code itself. Anyhow,  the terraform resource is still in BETA, so it is expected this kind of behaviors. If you have the same issue: 

https://github.com/hashicorp/terraform-provider-google/issues/21346

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
bruzzechesse
Bronze 2
Bronze 2
In response to keso
Reply posted on --/--/---- --:-- AM

Hi, sorry for late reply but I have just seen your question. Latest version of the provider should have fixed couple of those issues, just give it a try and let me know if it works fine now! ๐Ÿ™‚

Jump to Solution
0 Likes
Top Solution Authors
View all