-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
new resource:
azurerm_sentinel_data_connector_aws_cloud_trail
- Loading branch information
Showing
4 changed files
with
249 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
178 changes: 178 additions & 0 deletions
178
azurerm/internal/services/sentinel/sentinel_data_connector_aws_cloud_trail.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,178 @@ | ||
package sentinel | ||
|
||
import ( | ||
"fmt" | ||
"log" | ||
"time" | ||
|
||
"github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/validation" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" | ||
loganalyticsParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse" | ||
loganalyticsValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/validate" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse" | ||
azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" | ||
) | ||
|
||
func resourceSentinelDataConnectorAwsCloudTrail() *schema.Resource { | ||
return &schema.Resource{ | ||
Create: resourceSentinelDataConnectorAwsCloudTrailCreateUpdate, | ||
Read: resourceSentinelDataConnectorAwsCloudTrailRead, | ||
Update: resourceSentinelDataConnectorAwsCloudTrailCreateUpdate, | ||
Delete: resourceSentinelDataConnectorAwsCloudTrailDelete, | ||
|
||
Importer: azSchema.ValidateResourceIDPriorToImportThen(func(id string) error { | ||
_, err := parse.DataConnectorID(id) | ||
return err | ||
}, importSentinelDataConnector(securityinsight.DataConnectorKindAmazonWebServicesCloudTrail)), | ||
|
||
Timeouts: &schema.ResourceTimeout{ | ||
Create: schema.DefaultTimeout(30 * time.Minute), | ||
Read: schema.DefaultTimeout(5 * time.Minute), | ||
Update: schema.DefaultTimeout(30 * time.Minute), | ||
Delete: schema.DefaultTimeout(30 * time.Minute), | ||
}, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"name": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
ValidateFunc: validation.StringIsNotEmpty, | ||
}, | ||
|
||
"log_analytics_workspace_id": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
ValidateFunc: loganalyticsValidate.LogAnalyticsWorkspaceID, | ||
}, | ||
|
||
"aws_role_arn": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validation.StringIsNotEmpty, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func resourceSentinelDataConnectorAwsCloudTrailCreateUpdate(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*clients.Client).Sentinel.DataConnectorsClient | ||
ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) | ||
defer cancel() | ||
|
||
workspaceId, err := loganalyticsParse.LogAnalyticsWorkspaceID(d.Get("log_analytics_workspace_id").(string)) | ||
if err != nil { | ||
return err | ||
} | ||
name := d.Get("name").(string) | ||
id := parse.NewDataConnectorID(workspaceId.SubscriptionId, workspaceId.ResourceGroup, workspaceId.WorkspaceName, name) | ||
|
||
if d.IsNewResource() { | ||
resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, name) | ||
if err != nil { | ||
if !utils.ResponseWasNotFound(resp.Response) { | ||
return fmt.Errorf("checking for existing Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err) | ||
} | ||
} | ||
|
||
id := dataConnectorID(resp.Value) | ||
if id != nil && *id != "" { | ||
return tf.ImportAsExistsError("azurerm_sentinel_data_connector_aws_cloud_trail", *id) | ||
} | ||
} | ||
|
||
param := securityinsight.AwsCloudTrailDataConnector{ | ||
Name: &name, | ||
AwsCloudTrailDataConnectorProperties: &securityinsight.AwsCloudTrailDataConnectorProperties{ | ||
AwsRoleArn: utils.String(d.Get("aws_role_arn").(string)), | ||
DataTypes: &securityinsight.AwsCloudTrailDataConnectorDataTypes{ | ||
Logs: &securityinsight.AwsCloudTrailDataConnectorDataTypesLogs{ | ||
State: securityinsight.Enabled, | ||
}, | ||
}, | ||
}, | ||
Kind: securityinsight.KindAmazonWebServicesCloudTrail, | ||
} | ||
|
||
// Service avoid concurrent updates of this resource via checking the "etag" to guarantee it is the same value as last Read. | ||
if !d.IsNewResource() { | ||
resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, name) | ||
if err != nil { | ||
return fmt.Errorf("retrieving Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err) | ||
} | ||
|
||
if err := assertDataConnectorKind(resp.Value, securityinsight.DataConnectorKindAmazonWebServicesCloudTrail); err != nil { | ||
return fmt.Errorf("asserting Sentinel Data Connector of %q: %+v", id, err) | ||
} | ||
param.Etag = resp.Value.(securityinsight.AwsCloudTrailDataConnector).Etag | ||
} | ||
|
||
_, err = client.CreateOrUpdate(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name, param) | ||
if err != nil { | ||
return fmt.Errorf("creating Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err) | ||
} | ||
|
||
d.SetId(id.ID()) | ||
|
||
return resourceSentinelDataConnectorAwsCloudTrailRead(d, meta) | ||
} | ||
|
||
func resourceSentinelDataConnectorAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*clients.Client).Sentinel.DataConnectorsClient | ||
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) | ||
defer cancel() | ||
|
||
id, err := parse.DataConnectorID(d.Id()) | ||
if err != nil { | ||
return err | ||
} | ||
workspaceId := loganalyticsParse.NewLogAnalyticsWorkspaceID(id.SubscriptionId, id.ResourceGroup, id.WorkspaceName) | ||
|
||
resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name) | ||
if err != nil { | ||
if utils.ResponseWasNotFound(resp.Response) { | ||
log.Printf("[DEBUG] Sentinel Data Connector AWS Cloud Trail %q was not found - removing from state!", id) | ||
d.SetId("") | ||
return nil | ||
} | ||
|
||
return fmt.Errorf("retrieving Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err) | ||
} | ||
|
||
if err := assertDataConnectorKind(resp.Value, securityinsight.DataConnectorKindAmazonWebServicesCloudTrail); err != nil { | ||
return fmt.Errorf("asserting Sentinel Data Connector AWS Cloud Trail of %q: %+v", id, err) | ||
} | ||
dc := resp.Value.(securityinsight.AwsCloudTrailDataConnector) | ||
|
||
d.Set("name", id.Name) | ||
d.Set("log_analytics_workspace_id", workspaceId.ID()) | ||
if prop := dc.AwsCloudTrailDataConnectorProperties; prop != nil { | ||
d.Set("aws_role_arn", prop.AwsRoleArn) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func resourceSentinelDataConnectorAwsCloudTrailDelete(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*clients.Client).Sentinel.DataConnectorsClient | ||
ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) | ||
defer cancel() | ||
|
||
id, err := parse.DataConnectorID(d.Id()) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
_, err = client.Delete(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name) | ||
if err != nil { | ||
return fmt.Errorf("deleting Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err) | ||
} | ||
|
||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
66 changes: 66 additions & 0 deletions
66
website/docs/r/sentinel_data_connector_aws_cloud_trail.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
--- | ||
subcategory: "Sentinel" | ||
layout: "azurerm" | ||
page_title: "Azure Resource Manager: azurerm_sentinel_data_connector_aws_cloud_trail" | ||
description: |- | ||
Manages a AWS CloudTrail Data Connector. | ||
--- | ||
|
||
# azurerm_sentinel_data_connector_aws_cloud_trail | ||
|
||
Manages a AWS CloudTrail Data Connector. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
resource "azurerm_resource_group" "example" { | ||
name = "example-rg" | ||
location = "west europe" | ||
} | ||
resource "azurerm_log_analytics_workspace" "example" { | ||
name = "example-workspace" | ||
location = azurerm_resource_group.example.location | ||
resource_group_name = azurerm_resource_group.example.name | ||
sku = "PerGB2018" | ||
} | ||
resource "azurerm_sentinel_data_connector_aws_cloud_trail" "example" { | ||
name = "example" | ||
log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id | ||
aws_role_arn = "arn:aws:iam::000000000000:role/role1" | ||
} | ||
``` | ||
|
||
## Arguments Reference | ||
|
||
The following arguments are supported: | ||
|
||
- `aws_role_arn` - (Required) The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector. | ||
|
||
- `log_analytics_workspace_id` - (Required) The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created. | ||
|
||
- `name` - (Required) The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created. | ||
|
||
## Attributes Reference | ||
|
||
In addition to the Arguments listed above - the following Attributes are exported: | ||
|
||
- `id` - The ID of the AWS CloudTrail Data Connector. | ||
|
||
## Timeouts | ||
|
||
The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: | ||
|
||
- `create` - (Defaults to 30 minutes) Used when creating the AWS CloudTrail Data Connector. | ||
- `read` - (Defaults to 5 minutes) Used when retrieving the AWS CloudTrail Data Connector. | ||
- `update` - (Defaults to 30 minutes) Used when updating the AWS CloudTrail Data Connector. | ||
- `delete` - (Defaults to 30 minutes) Used when deleting the AWS CloudTrail Data Connector. | ||
|
||
## Import | ||
|
||
AWS CloudTrail Data Connectors can be imported using the `resource id`, e.g. | ||
|
||
```shell | ||
terraform import azurerm_sentinel_data_connector_aws_cloud_trail.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1 | ||
``` |