-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
new resource:
azurerm_sentinel_data_connector_threat_intelligence
- Loading branch information
Showing
5 changed files
with
382 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
168 changes: 168 additions & 0 deletions
168
azurerm/internal/services/sentinel/sentinel_data_connector_threat_intelligence.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,168 @@ | ||
| package sentinel | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "log" | ||
| "time" | ||
|
|
||
| "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight" | ||
| "github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
| "github.com/hashicorp/terraform-plugin-sdk/helper/validation" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" | ||
| loganalyticsParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse" | ||
| loganalyticsValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/validate" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse" | ||
| azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" | ||
| ) | ||
|
|
||
| func resourceSentinelDataConnectorThreatIntelligence() *schema.Resource { | ||
| return &schema.Resource{ | ||
| Create: resourceSentinelDataConnectorThreatIntelligenceCreateUpdate, | ||
| Read: resourceSentinelDataConnectorThreatIntelligenceRead, | ||
| Delete: resourceSentinelDataConnectorThreatIntelligenceDelete, | ||
|
|
||
| Importer: azSchema.ValidateResourceIDPriorToImportThen(func(id string) error { | ||
| _, err := parse.DataConnectorID(id) | ||
| return err | ||
| }, importSentinelDataConnector(securityinsight.DataConnectorKindThreatIntelligence)), | ||
|
|
||
| Timeouts: &schema.ResourceTimeout{ | ||
| Create: schema.DefaultTimeout(30 * time.Minute), | ||
| Read: schema.DefaultTimeout(5 * time.Minute), | ||
| Delete: schema.DefaultTimeout(30 * time.Minute), | ||
| }, | ||
|
|
||
| Schema: map[string]*schema.Schema{ | ||
| "name": { | ||
| Type: schema.TypeString, | ||
| Required: true, | ||
| ForceNew: true, | ||
| ValidateFunc: validation.StringIsNotEmpty, | ||
| }, | ||
|
|
||
| "log_analytics_workspace_id": { | ||
| Type: schema.TypeString, | ||
| Required: true, | ||
| ForceNew: true, | ||
| ValidateFunc: loganalyticsValidate.LogAnalyticsWorkspaceID, | ||
| }, | ||
|
|
||
| "tenant_id": { | ||
| Type: schema.TypeString, | ||
| Optional: true, | ||
| Computed: true, | ||
| ForceNew: true, | ||
| ValidateFunc: validation.IsUUID, | ||
| }, | ||
| }, | ||
| } | ||
| } | ||
|
|
||
| func resourceSentinelDataConnectorThreatIntelligenceCreateUpdate(d *schema.ResourceData, meta interface{}) error { | ||
| client := meta.(*clients.Client).Sentinel.DataConnectorsClient | ||
| ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) | ||
| defer cancel() | ||
|
|
||
| workspaceId, err := loganalyticsParse.LogAnalyticsWorkspaceID(d.Get("log_analytics_workspace_id").(string)) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| name := d.Get("name").(string) | ||
| id := parse.NewDataConnectorID(workspaceId.SubscriptionId, workspaceId.ResourceGroup, workspaceId.WorkspaceName, name) | ||
|
|
||
| if d.IsNewResource() { | ||
| resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, name) | ||
| if err != nil { | ||
| if !utils.ResponseWasNotFound(resp.Response) { | ||
| return fmt.Errorf("checking for existing Sentinel Data Connector Threat Intelligence %q: %+v", id, err) | ||
| } | ||
| } | ||
|
|
||
| id := dataConnectorID(resp.Value) | ||
| if id != nil && *id != "" { | ||
| return tf.ImportAsExistsError("azurerm_sentinel_data_connector_threat_intelligence", *id) | ||
| } | ||
| } | ||
|
|
||
| tenantId := d.Get("tenant_id").(string) | ||
| if tenantId == "" { | ||
| tenantId = meta.(*clients.Client).Account.TenantId | ||
| } | ||
|
|
||
| param := securityinsight.TIDataConnector{ | ||
| Name: &name, | ||
| TIDataConnectorProperties: &securityinsight.TIDataConnectorProperties{ | ||
| TenantID: &tenantId, | ||
| DataTypes: &securityinsight.TIDataConnectorDataTypes{ | ||
| Indicators: &securityinsight.TIDataConnectorDataTypesIndicators{ | ||
| State: securityinsight.Enabled, | ||
| }, | ||
| }, | ||
| }, | ||
| Kind: securityinsight.KindThreatIntelligence, | ||
| } | ||
|
|
||
| _, err = client.CreateOrUpdate(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name, param) | ||
| if err != nil { | ||
| return fmt.Errorf("creating Sentinel Data Connector Threat Intelligence %q: %+v", id, err) | ||
| } | ||
|
|
||
| d.SetId(id.ID()) | ||
|
|
||
| return resourceSentinelDataConnectorThreatIntelligenceRead(d, meta) | ||
| } | ||
|
|
||
| func resourceSentinelDataConnectorThreatIntelligenceRead(d *schema.ResourceData, meta interface{}) error { | ||
| client := meta.(*clients.Client).Sentinel.DataConnectorsClient | ||
| ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) | ||
| defer cancel() | ||
|
|
||
| id, err := parse.DataConnectorID(d.Id()) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| workspaceId := loganalyticsParse.NewLogAnalyticsWorkspaceID(id.SubscriptionId, id.ResourceGroup, id.WorkspaceName) | ||
|
|
||
| resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name) | ||
| if err != nil { | ||
| if utils.ResponseWasNotFound(resp.Response) { | ||
| log.Printf("[DEBUG] Sentinel Data Connector Threat Intelligence %q was not found - removing from state!", id) | ||
| d.SetId("") | ||
| return nil | ||
| } | ||
|
|
||
| return fmt.Errorf("retrieving Sentinel Data Connector Threat Intelligence %q: %+v", id, err) | ||
| } | ||
|
|
||
| if err := assertDataConnectorKind(resp.Value, securityinsight.DataConnectorKindThreatIntelligence); err != nil { | ||
| return fmt.Errorf("asserting Sentinel Data Connector Threat Intelligence of %q: %+v", id, err) | ||
| } | ||
| dc := resp.Value.(securityinsight.TIDataConnector) | ||
|
|
||
| d.Set("name", id.Name) | ||
| d.Set("log_analytics_workspace_id", workspaceId.ID()) | ||
| d.Set("tenant_id", dc.TenantID) | ||
|
|
||
| return nil | ||
| } | ||
|
|
||
| func resourceSentinelDataConnectorThreatIntelligenceDelete(d *schema.ResourceData, meta interface{}) error { | ||
| client := meta.(*clients.Client).Sentinel.DataConnectorsClient | ||
| ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) | ||
| defer cancel() | ||
|
|
||
| id, err := parse.DataConnectorID(d.Id()) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| _, err = client.Delete(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name) | ||
| if err != nil { | ||
| return fmt.Errorf("deleting Sentinel Data Connector Threat Intelligence %q: %+v", id, err) | ||
| } | ||
|
|
||
| return nil | ||
| } |
140 changes: 140 additions & 0 deletions
140
azurerm/internal/services/sentinel/sentinel_data_connector_threat_intelligence_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| package sentinel_test | ||
|
|
||
| import ( | ||
| "context" | ||
| "fmt" | ||
| "testing" | ||
|
|
||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse" | ||
|
|
||
| "github.com/hashicorp/terraform-plugin-sdk/helper/resource" | ||
| "github.com/hashicorp/terraform-plugin-sdk/terraform" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance/check" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" | ||
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" | ||
| ) | ||
|
|
||
| type SentinelDataConnectorThreatIntelligenceResource struct{} | ||
|
|
||
| func TestAccAzureRMSentinelDataConnectorThreatIntelligence_basic(t *testing.T) { | ||
| data := acceptance.BuildTestData(t, "azurerm_sentinel_data_connector_threat_intelligence", "test") | ||
| r := SentinelDataConnectorThreatIntelligenceResource{} | ||
|
|
||
| data.ResourceTest(t, r, []resource.TestStep{ | ||
| { | ||
| Config: r.basic(data), | ||
| Check: resource.ComposeTestCheckFunc( | ||
| check.That(data.ResourceName).ExistsInAzure(r), | ||
| ), | ||
| }, | ||
| data.ImportStep(), | ||
| }) | ||
| } | ||
|
|
||
| func TestAccAzureRMSentinelDataConnectorThreatIntelligence_complete(t *testing.T) { | ||
| data := acceptance.BuildTestData(t, "azurerm_sentinel_data_connector_threat_intelligence", "test") | ||
| r := SentinelDataConnectorThreatIntelligenceResource{} | ||
|
|
||
| data.ResourceTest(t, r, []resource.TestStep{ | ||
| { | ||
| Config: r.complete(data), | ||
| Check: resource.ComposeTestCheckFunc( | ||
| check.That(data.ResourceName).ExistsInAzure(r), | ||
| ), | ||
| }, | ||
| data.ImportStep(), | ||
| }) | ||
| } | ||
|
|
||
| func TestAccAzureRMSentinelDataConnectorThreatIntelligence_requiresImport(t *testing.T) { | ||
| data := acceptance.BuildTestData(t, "azurerm_sentinel_data_connector_threat_intelligence", "test") | ||
| r := SentinelDataConnectorThreatIntelligenceResource{} | ||
|
|
||
| data.ResourceTest(t, r, []resource.TestStep{ | ||
| { | ||
| Config: r.basic(data), | ||
| Check: resource.ComposeTestCheckFunc( | ||
| check.That(data.ResourceName).ExistsInAzure(r), | ||
| ), | ||
| }, | ||
| data.RequiresImportErrorStep(r.requiresImport), | ||
| }) | ||
| } | ||
|
|
||
| func (r SentinelDataConnectorThreatIntelligenceResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) { | ||
| client := clients.Sentinel.DataConnectorsClient | ||
|
|
||
| id, err := parse.DataConnectorID(state.ID) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| if resp, err := client.Get(ctx, id.ResourceGroup, "Microsoft.OperationalInsights", id.WorkspaceName, id.Name); err != nil { | ||
| if utils.ResponseWasNotFound(resp.Response) { | ||
| return utils.Bool(false), nil | ||
| } | ||
| return nil, fmt.Errorf("retrieving Sentinel Data Connector Threat Intelligence %q: %+v", id, err) | ||
| } | ||
|
|
||
| return utils.Bool(true), nil | ||
| } | ||
|
|
||
| func (r SentinelDataConnectorThreatIntelligenceResource) basic(data acceptance.TestData) string { | ||
| template := r.template(data) | ||
| return fmt.Sprintf(` | ||
| %s | ||
| resource "azurerm_sentinel_data_connector_threat_intelligence" "test" { | ||
| name = "accTestDC-%d" | ||
| log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id | ||
| } | ||
| `, template, data.RandomInteger) | ||
| } | ||
|
|
||
| func (r SentinelDataConnectorThreatIntelligenceResource) complete(data acceptance.TestData) string { | ||
| template := r.template(data) | ||
| return fmt.Sprintf(` | ||
| %s | ||
| data "azurerm_client_config" "test" {} | ||
| resource "azurerm_sentinel_data_connector_threat_intelligence" "test" { | ||
| name = "accTestDC-%d" | ||
| log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id | ||
| tenant_id = data.azurerm_client_config.test.tenant_id | ||
| } | ||
| `, template, data.RandomInteger) | ||
| } | ||
|
|
||
| func (r SentinelDataConnectorThreatIntelligenceResource) requiresImport(data acceptance.TestData) string { | ||
| template := r.basic(data) | ||
| return fmt.Sprintf(` | ||
| %s | ||
| resource "azurerm_sentinel_data_connector_threat_intelligence" "import" { | ||
| name = azurerm_sentinel_data_connector_threat_intelligence.test.name | ||
| log_analytics_workspace_id = azurerm_sentinel_data_connector_threat_intelligence.test.log_analytics_workspace_id | ||
| } | ||
| `, template) | ||
| } | ||
|
|
||
| func (r SentinelDataConnectorThreatIntelligenceResource) template(data acceptance.TestData) string { | ||
| return fmt.Sprintf(` | ||
| provider "azurerm" { | ||
| features {} | ||
| } | ||
| resource "azurerm_resource_group" "test" { | ||
| name = "acctestRG-sentinel-%d" | ||
| location = "%s" | ||
| } | ||
| resource "azurerm_log_analytics_workspace" "test" { | ||
| name = "acctestLAW-%d" | ||
| location = azurerm_resource_group.test.location | ||
| resource_group_name = azurerm_resource_group.test.name | ||
| sku = "PerGB2018" | ||
| } | ||
| `, data.RandomInteger, data.Locations.Primary, data.RandomInteger) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.