DTOSS-12524: Add opt-in log-based exception alert to app-insights module

Adds use_log_based_exception_alert variable (default false) to the
app-insights module. When enabled, replaces the metric-based exceptions
alert with a scheduled query rule that projects exception type, message,
affected URL, and operation_Id — giving downstream processors (e.g. a
Slack transformer Logic App) the fields needed to build rich notifications.

The metric alert is preserved and unchanged for existing consumers.
Also exposes app_id output for use with the App Insights REST API.

Author: josielsouzanordcloud

infrastructure/modules/app-insights/alerts.tf

@@ -1,5 +1,7 @@
+# Metric alert — retained for backward compatibility with existing consumers.
+# Suppressed when use_log_based_exception_alert = true to avoid duplicate notifications.
 resource "azurerm_monitor_metric_alert" "exceptions" {
-  count = var.enable_alerting ? 1 : 0
+  count = var.enable_alerting && !var.use_log_based_exception_alert ? 1 : 0
 
   auto_mitigate       = true
   description         = "Triggered by any Exception"
@@ -24,3 +26,48 @@ resource "azurerm_monitor_metric_alert" "exceptions" {
     threshold              = 0
   }
 }
+
+# Log-based alert — opt-in replacement for the metric alert.
+# Projects exception type, message, URL, and operation_Id so that downstream
+# processors (e.g. a Slack transformer Logic App) can surface those fields
+# directly in notifications without a secondary query.
+resource "azurerm_monitor_scheduled_query_rules_alert_v2" "exceptions" {
+  count = var.enable_alerting && var.use_log_based_exception_alert ? 1 : 0
+
+  auto_mitigation_enabled          = true
+  description                      = "Application exception detected in ${var.name}"
+  enabled                          = true
+  evaluation_frequency             = var.alert_frequency
+  location                         = var.location
+  name                             = "${var.name}-exceptions-alert"
+  resource_group_name              = var.resource_group_name
+  scopes                           = [azurerm_application_insights.appins.id]
+  severity                         = 1
+  skip_query_validation            = false
+  target_resource_types            = ["microsoft.insights/components"]
+  window_duration                  = local.alert_window_size
+  workspace_alerts_storage_enabled = false
+
+  action {
+    action_groups = [var.action_group_id]
+  }
+
+  criteria {
+    operator                = "GreaterThan"
+    threshold               = 0
+    time_aggregation_method = "Count"
+
+    # Projects the fields needed for rich Slack notifications.
+    # The alert fires whenever any exception appears in the evaluation window.
+    query = <<-QUERY
+      exceptions
+      | where timestamp > ago(5m)
+      | project timestamp, type, outerMessage, url = tostring(customDimensions["url"]), operation_Id
+    QUERY
+
+    failing_periods {
+      minimum_failing_periods_to_trigger_alert = 1
+      number_of_evaluation_periods             = 1
+    }
+  }
+}

infrastructure/modules/app-insights/output.tf

@@ -6,6 +6,11 @@ output "id" {
   value = azurerm_application_insights.appins.id
 }
 
+output "app_id" {
+  description = "The Application ID (GUID) used to authenticate with the App Insights REST API."
+  value       = azurerm_application_insights.appins.app_id
+}
+
 output "name" {
   value = azurerm_application_insights.appins.name
 }

infrastructure/modules/app-insights/variables.tf

@@ -57,6 +57,17 @@ variable "action_group_id" {
   default     = null
 }
 
+variable "use_log_based_exception_alert" {
+  description = <<EOT
+    Replace the default metric-based exceptions alert with a log-based scheduled query alert.
+    The log-based alert projects exception type, message, affected URL, and operation ID,
+    which enables the Slack notification transformer to include those fields directly.
+    Existing consumers of this module are unaffected — the default retains the metric alert.
+  EOT
+  type        = bool
+  default     = false
+}
+
 locals {
   alert_window_size = var.alert_frequency
 }