Add support for the categories property of azurerm_security_center_as…

…sessment_metadata (#12278) Currently, azurerm_security_center_assessment_metadata cannot set the categories of resource that is at risk when the Security Center Assessment is unhealthy. So submitted this PR to support it. --- PASS: TestAccSecurityCenterAssessmentMetadata_complete (164.20s) --- PASS: TestAccSecurityCenterAssessmentMetadata_basic (165.24s) --- PASS: TestAccSecurityCenterAssessmentMetadata_categories (166.01s) --- PASS: TestAccSecurityCenterAssessmentMetadata_update (270.68s)
hashicorp · Jun 23, 2021 · acb6588 · acb6588
1 parent 3c98880
commit acb6588
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 4 deletions.
diff --git a/azurerm/internal/services/securitycenter/security_center_assessment_metadata_resource.go b/azurerm/internal/services/securitycenter/security_center_assessment_metadata_resource.go
@@ -60,6 +60,26 @@ func resourceArmSecurityCenterAssessmentMetadata() *pluginsdk.Resource {
 				}, false),
 			},
 
+			// API would return `Unknown` when `categories` isn't set.
+			// After synced with service team, they confirmed will add `Unknown` as possible value to this property and it will be published as a new version of this API.
+			// https://github.com/Azure/azure-rest-api-specs/issues/14918
+			"categories": {
+				Type:     pluginsdk.TypeSet,
+				Optional: true,
+				Computed: true,
+				Elem: &pluginsdk.Schema{
+					Type: pluginsdk.TypeString,
+					ValidateFunc: validation.StringInSlice([]string{
+						"Unknown",
+						string(security.Compute),
+						string(security.Data),
+						string(security.IdentityAndAccess),
+						string(security.IoT),
+						string(security.Networking),
+					}, false),
+				},
+			},
+
 			"implementation_effort": {
 				Type:     pluginsdk.TypeString,
 				Optional: true,
@@ -104,10 +124,6 @@ func resourceArmSecurityCenterAssessmentMetadata() *pluginsdk.Resource {
 				}, false),
 			},
 
-			// The `category` property doesn't take effect at the service side since the property name is incorrect and it should be `categories`.
-			// To implement this property once the bug is fixed.
-			// BUG: https://github.com/Azure/azure-rest-api-specs/issues/12297
-
 			"name": {
 				Type:     pluginsdk.TypeString,
 				Computed: true,
@@ -146,6 +162,14 @@ func resourceArmSecurityCenterAssessmentMetadataCreate(d *pluginsdk.ResourceData
 		},
 	}
 
+	if v, ok := d.GetOk("categories"); ok {
+		categories := make([]security.Categories, 0)
+		for _, item := range v.(*pluginsdk.Set).List() {
+			categories = append(categories, (security.Categories)(item.(string)))
+		}
+		params.AssessmentMetadataProperties.Categories = &categories
+	}
+
 	if v, ok := d.GetOk("threats"); ok {
 		threats := make([]security.Threats, 0)
 		for _, item := range v.(*pluginsdk.Set).List() {
@@ -205,6 +229,14 @@ func resourceArmSecurityCenterAssessmentMetadataRead(d *pluginsdk.ResourceData,
 		d.Set("remediation_description", props.RemediationDescription)
 		d.Set("user_impact", string(props.UserImpact))
 
+		categories := make([]string, 0)
+		if props.Categories != nil {
+			for _, item := range *props.Categories {
+				categories = append(categories, string(item))
+			}
+		}
+		d.Set("categories", utils.FlattenStringSlice(&categories))
+
 		threats := make([]string, 0)
 		if props.Threats != nil {
 			for _, item := range *props.Threats {
@@ -247,6 +279,14 @@ func resourceArmSecurityCenterAssessmentMetadataUpdate(d *pluginsdk.ResourceData
 		existing.AssessmentMetadataProperties.Severity = security.Severity(d.Get("severity").(string))
 	}
 
+	if d.HasChange("categories") {
+		categories := make([]security.Categories, 0)
+		for _, item := range d.Get("categories").(*pluginsdk.Set).List() {
+			categories = append(categories, (security.Categories)(item.(string)))
+		}
+		existing.AssessmentMetadataProperties.Categories = &categories
+	}
+
 	if d.HasChange("threats") {
 		threats := make([]security.Threats, 0)
 		for _, item := range d.Get("threats").(*pluginsdk.Set).List() {

diff --git a/...erm/internal/services/securitycenter/security_center_assessment_metadata_resource_test.go b/...erm/internal/services/securitycenter/security_center_assessment_metadata_resource_test.go
@@ -67,6 +67,21 @@ func TestAccSecurityCenterAssessmentMetadata_update(t *testing.T) {
 	})
 }
 
+func TestAccSecurityCenterAssessmentMetadata_categories(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_security_center_assessment_metadata", "test")
+	r := SecurityCenterAssessmentMetadataResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.categories(),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (r SecurityCenterAssessmentMetadataResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	assessmentMetadataClient := client.SecurityCenter.AssessmentsMetadataClient
 	id, err := parse.AssessmentMetadataID(state.ID)
@@ -135,3 +150,18 @@ resource "azurerm_security_center_assessment_metadata" "test" {
 }
 `
 }
+
+func (r SecurityCenterAssessmentMetadataResource) categories() string {
+	return `
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_security_center_assessment_metadata" "test" {
+  display_name = "Test Display Name"
+  severity     = "Medium"
+  description  = "Test Description"
+  categories   = ["Data"]
+}
+`
+}
diff --git a/website/docs/r/security_center_assessment_metadata.html.markdown b/website/docs/r/security_center_assessment_metadata.html.markdown
@@ -34,6 +34,8 @@ The following arguments are supported:
 
 ---
 
+* `categories` - (Optional) A list of the categories of resource that is at risk when the Security Center Assessment is unhealthy. Possible values are `Unknown`, `Compute`, `Data`, `IdentityAndAccess`, `IoT` and `Networking`.
+
 * `implementation_effort` - (Optional) The implementation effort which is used to remediate the Security Center Assessment. Possible values are `Low`, `Moderate` and `High`.
 
 * `remediation_description` - (Optional) The description which is used to mitigate the security issue.
-Original file line number
+Diff line change
@@ Expand Up / @@ -34,6 +34,8 @@ The following arguments are supported: @@
     ---
+    * `categories` - (Optional) A list of the categories of resource that is at risk when the Security Center Assessment is unhealthy. Possible values are `Unknown`, `Compute`, `Data`, `IdentityAndAccess`, `IoT` and `Networking`.
     * `implementation_effort` - (Optional) The implementation effort which is used to remediate the Security Center Assessment. Possible values are `Low`, `Moderate` and `High`.
     * `remediation_description` - (Optional) The description which is used to mitigate the security issue.
@@ Expand Down @@