Skip to content

Commit

Permalink
new resource: azurerm_sentinel_data_connector_aws_cloud_trail
Browse files Browse the repository at this point in the history
  • Loading branch information
magodo committed Feb 23, 2021
1 parent 461557b commit a35b495
Show file tree
Hide file tree
Showing 4 changed files with 249 additions and 0 deletions.
1 change: 1 addition & 0 deletions azurerm/internal/services/sentinel/registration.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,6 @@ func (r Registration) SupportedResources() map[string]*schema.Resource {
"azurerm_sentinel_alert_rule_fusion": resourceSentinelAlertRuleFusion(),
"azurerm_sentinel_alert_rule_ms_security_incident": resourceSentinelAlertRuleMsSecurityIncident(),
"azurerm_sentinel_alert_rule_scheduled": resourceSentinelAlertRuleScheduled(),
"azurerm_sentinel_data_connector_aws_cloud_trail": resourceSentinelDataConnectorAwsCloudTrail(),
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
package sentinel

import (
"fmt"
"log"
"time"

"github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
loganalyticsParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse"
loganalyticsValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/validate"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse"
azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

func resourceSentinelDataConnectorAwsCloudTrail() *schema.Resource {
return &schema.Resource{
Create: resourceSentinelDataConnectorAwsCloudTrailCreateUpdate,
Read: resourceSentinelDataConnectorAwsCloudTrailRead,
Update: resourceSentinelDataConnectorAwsCloudTrailCreateUpdate,
Delete: resourceSentinelDataConnectorAwsCloudTrailDelete,

Importer: azSchema.ValidateResourceIDPriorToImportThen(func(id string) error {
_, err := parse.DataConnectorID(id)
return err
}, importSentinelDataConnector(securityinsight.DataConnectorKindAmazonWebServicesCloudTrail)),

Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(30 * time.Minute),
Read: schema.DefaultTimeout(5 * time.Minute),
Update: schema.DefaultTimeout(30 * time.Minute),
Delete: schema.DefaultTimeout(30 * time.Minute),
},

Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"log_analytics_workspace_id": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: loganalyticsValidate.LogAnalyticsWorkspaceID,
},

"aws_role_arn": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},
},
}
}

func resourceSentinelDataConnectorAwsCloudTrailCreateUpdate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Sentinel.DataConnectorsClient
ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
defer cancel()

workspaceId, err := loganalyticsParse.LogAnalyticsWorkspaceID(d.Get("log_analytics_workspace_id").(string))
if err != nil {
return err
}
name := d.Get("name").(string)
id := parse.NewDataConnectorID(workspaceId.SubscriptionId, workspaceId.ResourceGroup, workspaceId.WorkspaceName, name)

if d.IsNewResource() {
resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, name)
if err != nil {
if !utils.ResponseWasNotFound(resp.Response) {
return fmt.Errorf("checking for existing Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err)
}
}

id := dataConnectorID(resp.Value)
if id != nil && *id != "" {
return tf.ImportAsExistsError("azurerm_sentinel_data_connector_aws_cloud_trail", *id)
}
}

param := securityinsight.AwsCloudTrailDataConnector{
Name: &name,
AwsCloudTrailDataConnectorProperties: &securityinsight.AwsCloudTrailDataConnectorProperties{
AwsRoleArn: utils.String(d.Get("aws_role_arn").(string)),
DataTypes: &securityinsight.AwsCloudTrailDataConnectorDataTypes{
Logs: &securityinsight.AwsCloudTrailDataConnectorDataTypesLogs{
State: securityinsight.Enabled,
},
},
},
Kind: securityinsight.KindAmazonWebServicesCloudTrail,
}

// Service avoid concurrent updates of this resource via checking the "etag" to guarantee it is the same value as last Read.
if !d.IsNewResource() {
resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, name)
if err != nil {
return fmt.Errorf("retrieving Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err)
}

if err := assertDataConnectorKind(resp.Value, securityinsight.DataConnectorKindAmazonWebServicesCloudTrail); err != nil {
return fmt.Errorf("asserting Sentinel Data Connector of %q: %+v", id, err)
}
param.Etag = resp.Value.(securityinsight.AwsCloudTrailDataConnector).Etag
}

_, err = client.CreateOrUpdate(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name, param)
if err != nil {
return fmt.Errorf("creating Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err)
}

d.SetId(id.ID())

return resourceSentinelDataConnectorAwsCloudTrailRead(d, meta)
}

func resourceSentinelDataConnectorAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Sentinel.DataConnectorsClient
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
defer cancel()

id, err := parse.DataConnectorID(d.Id())
if err != nil {
return err
}
workspaceId := loganalyticsParse.NewLogAnalyticsWorkspaceID(id.SubscriptionId, id.ResourceGroup, id.WorkspaceName)

resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name)
if err != nil {
if utils.ResponseWasNotFound(resp.Response) {
log.Printf("[DEBUG] Sentinel Data Connector AWS Cloud Trail %q was not found - removing from state!", id)
d.SetId("")
return nil
}

return fmt.Errorf("retrieving Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err)
}

if err := assertDataConnectorKind(resp.Value, securityinsight.DataConnectorKindAmazonWebServicesCloudTrail); err != nil {
return fmt.Errorf("asserting Sentinel Data Connector AWS Cloud Trail of %q: %+v", id, err)
}
dc := resp.Value.(securityinsight.AwsCloudTrailDataConnector)

d.Set("name", id.Name)
d.Set("log_analytics_workspace_id", workspaceId.ID())
if prop := dc.AwsCloudTrailDataConnectorProperties; prop != nil {
d.Set("aws_role_arn", prop.AwsRoleArn)
}

return nil
}

func resourceSentinelDataConnectorAwsCloudTrailDelete(d *schema.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Sentinel.DataConnectorsClient
ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d)
defer cancel()

id, err := parse.DataConnectorID(d.Id())
if err != nil {
return err
}

_, err = client.Delete(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name)
if err != nil {
return fmt.Errorf("deleting Sentinel Data Connector AWS Cloud Trail %q: %+v", id, err)
}

return nil
}
4 changes: 4 additions & 0 deletions website/azurerm.erb
Original file line number Diff line number Diff line change
Expand Up @@ -2850,6 +2850,10 @@
<li>
<a href="/docs/providers/azurerm/r/sentinel_alert_rule_scheduled.html">azurerm_sentinel_alert_rule_scheduled</a>
</li>

<li>
<a href="/docs/providers/azurerm/r/sentinel_data_connector_aws_cloud_trail.html">azurerm_sentinel_data_connector_aws_cloud_trail</a>
</li>
</ul>
</li>

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
---
subcategory: "Sentinel"
layout: "azurerm"
page_title: "Azure Resource Manager: azurerm_sentinel_data_connector_aws_cloud_trail"
description: |-
Manages a AWS CloudTrail Data Connector.
---

# azurerm_sentinel_data_connector_aws_cloud_trail

Manages a AWS CloudTrail Data Connector.

## Example Usage

```hcl
resource "azurerm_resource_group" "example" {
name = "example-rg"
location = "west europe"
}
resource "azurerm_log_analytics_workspace" "example" {
name = "example-workspace"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku = "PerGB2018"
}
resource "azurerm_sentinel_data_connector_aws_cloud_trail" "example" {
name = "example"
log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
aws_role_arn = "arn:aws:iam::000000000000:role/role1"
}
```

## Arguments Reference

The following arguments are supported:

- `aws_role_arn` - (Required) The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.

- `log_analytics_workspace_id` - (Required) The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.

- `name` - (Required) The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.

## Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

- `id` - The ID of the AWS CloudTrail Data Connector.

## Timeouts

The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:

- `create` - (Defaults to 30 minutes) Used when creating the AWS CloudTrail Data Connector.
- `read` - (Defaults to 5 minutes) Used when retrieving the AWS CloudTrail Data Connector.
- `update` - (Defaults to 30 minutes) Used when updating the AWS CloudTrail Data Connector.
- `delete` - (Defaults to 30 minutes) Used when deleting the AWS CloudTrail Data Connector.

## Import

AWS CloudTrail Data Connectors can be imported using the `resource id`, e.g.

```shell
terraform import azurerm_sentinel_data_connector_aws_cloud_trail.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1
```

0 comments on commit a35b495

Please sign in to comment.