new resource: azurerm_sentinel_data_connector_aws_cloud_trail

azurerm/internal/services/sentinel/registration.go

@@ -32,5 +32,6 @@ func (r Registration) SupportedResources() map[string]*schema.Resource {
 		"azurerm_sentinel_alert_rule_fusion":               resourceSentinelAlertRuleFusion(),
 		"azurerm_sentinel_alert_rule_ms_security_incident": resourceSentinelAlertRuleMsSecurityIncident(),
 		"azurerm_sentinel_alert_rule_scheduled":            resourceSentinelAlertRuleScheduled(),
+		"azurerm_sentinel_data_connector_aws_cloud_trail":  resourceSentinelDataConnectorAwsCloudTrail(),
 	}
 }

azurerm/internal/services/sentinel/sentinel_data_connector.go

@@ -10,10 +10,6 @@ import (
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
 )
 
-// TODO: remove once one of the PR's has been merged
-var _ = importSentinelDataConnector(securityinsight.DataConnectorKindAmazonWebServicesCloudTrail)
-var _ = assertDataConnectorKind(securityinsight.AADDataConnector{}, securityinsight.DataConnectorKindAmazonWebServicesCloudTrail)
-
 func importSentinelDataConnector(expectKind securityinsight.DataConnectorKind) func(d *schema.ResourceData, meta interface{}) (data []*schema.ResourceData, err error) {
 	return func(d *schema.ResourceData, meta interface{}) (data []*schema.ResourceData, err error) {
 		id, err := parse.DataConnectorID(d.Id())

azurerm/internal/services/sentinel/sentinel_data_connector_aws_cloud_trail.go

@@ -0,0 +1,177 @@
+package sentinel
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2019-01-01-preview/securityinsight"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	loganalyticsParse "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/parse"
+	loganalyticsValidate "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/loganalytics/validate"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/sentinel/parse"
+	azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func resourceSentinelDataConnectorAwsCloudTrail() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceSentinelDataConnectorAwsCloudTrailCreateUpdate,
+		Read:   resourceSentinelDataConnectorAwsCloudTrailRead,
+		Update: resourceSentinelDataConnectorAwsCloudTrailCreateUpdate,
+		Delete: resourceSentinelDataConnectorAwsCloudTrailDelete,
+
+		Importer: azSchema.ValidateResourceIDPriorToImportThen(func(id string) error {
+			_, err := parse.DataConnectorID(id)
+			return err
+		}, importSentinelDataConnector(securityinsight.DataConnectorKindAmazonWebServicesCloudTrail)),
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(30 * time.Minute),
+			Read:   schema.DefaultTimeout(5 * time.Minute),
+			Update: schema.DefaultTimeout(30 * time.Minute),
+			Delete: schema.DefaultTimeout(30 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.StringIsNotEmpty,
+			},
+
+			"log_analytics_workspace_id": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: loganalyticsValidate.LogAnalyticsWorkspaceID,
+			},
+
+			"aws_role_arn": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringIsNotEmpty,
+			},
+		},
+	}
+}
+
+func resourceSentinelDataConnectorAwsCloudTrailCreateUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Sentinel.DataConnectorsClient
+	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	workspaceId, err := loganalyticsParse.LogAnalyticsWorkspaceID(d.Get("log_analytics_workspace_id").(string))
+	if err != nil {
+		return err
+	}
+	name := d.Get("name").(string)
+	id := parse.NewDataConnectorID(workspaceId.SubscriptionId, workspaceId.ResourceGroup, workspaceId.WorkspaceName, name)
+
+	if d.IsNewResource() {
+		resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, name)
+		if err != nil {
+			if !utils.ResponseWasNotFound(resp.Response) {
+				return fmt.Errorf("checking for existing %s: %+v", id, err)
+			}
+		}
+
+		if !utils.ResponseWasNotFound(resp.Response) {
+			return tf.ImportAsExistsError("azurerm_sentinel_data_connector_aws_cloud_trail", id.ID())
+		}
+	}
+
+	param := securityinsight.AwsCloudTrailDataConnector{
+		Name: &name,
+		AwsCloudTrailDataConnectorProperties: &securityinsight.AwsCloudTrailDataConnectorProperties{
+			AwsRoleArn: utils.String(d.Get("aws_role_arn").(string)),
+			DataTypes: &securityinsight.AwsCloudTrailDataConnectorDataTypes{
+				Logs: &securityinsight.AwsCloudTrailDataConnectorDataTypesLogs{
+					State: securityinsight.Enabled,
+				},
+			},
+		},
+		Kind: securityinsight.KindAmazonWebServicesCloudTrail,
+	}
+
+	// Service avoid concurrent updates of this resource via checking the "etag" to guarantee it is the same value as last Read.
+	if !d.IsNewResource() {
+		resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, name)
+		if err != nil {
+			return fmt.Errorf("retrieving %s: %+v", id, err)
+		}
+
+		if err := assertDataConnectorKind(resp.Value, securityinsight.DataConnectorKindAmazonWebServicesCloudTrail); err != nil {
+			return fmt.Errorf("asserting %s: %+v", id, err)
+		}
+		param.Etag = resp.Value.(securityinsight.AwsCloudTrailDataConnector).Etag
+	}
+
+	_, err = client.CreateOrUpdate(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name, param)
+	if err != nil {
+		return fmt.Errorf("creating %s: %+v", id, err)
+	}
+
+	d.SetId(id.ID())
+
+	return resourceSentinelDataConnectorAwsCloudTrailRead(d, meta)
+}
+
+func resourceSentinelDataConnectorAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Sentinel.DataConnectorsClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.DataConnectorID(d.Id())
+	if err != nil {
+		return err
+	}
+	workspaceId := loganalyticsParse.NewLogAnalyticsWorkspaceID(id.SubscriptionId, id.ResourceGroup, id.WorkspaceName)
+
+	resp, err := client.Get(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			log.Printf("[DEBUG] %s was not found - removing from state!", id)
+			d.SetId("")
+			return nil
+		}
+
+		return fmt.Errorf("retrieving %s: %+v", id, err)
+	}
+
+	dc, ok := resp.Value.(securityinsight.AwsCloudTrailDataConnector)
+	if !ok {
+		return fmt.Errorf("%s was not an AWS Cloud Trail Data Connector", id)
+	}
+
+	d.Set("name", id.Name)
+	d.Set("log_analytics_workspace_id", workspaceId.ID())
+	if prop := dc.AwsCloudTrailDataConnectorProperties; prop != nil {
+		d.Set("aws_role_arn", prop.AwsRoleArn)
+	}
+
+	return nil
+}
+
+func resourceSentinelDataConnectorAwsCloudTrailDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Sentinel.DataConnectorsClient
+	ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	id, err := parse.DataConnectorID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	_, err = client.Delete(ctx, id.ResourceGroup, operationalInsightsResourceProvider, id.WorkspaceName, id.Name)
+	if err != nil {
+		return fmt.Errorf("deleting %s: %+v", id, err)
+	}
+
+	return nil
+}

website/azurerm.erb

@@ -2850,6 +2850,10 @@
                 <li>
                   <a href="/docs/providers/azurerm/r/sentinel_alert_rule_scheduled.html">azurerm_sentinel_alert_rule_scheduled</a>
                 </li>
+
+                <li>
+                  <a href="/docs/providers/azurerm/r/sentinel_data_connector_aws_cloud_trail.html">azurerm_sentinel_data_connector_aws_cloud_trail</a>
+                </li>
               </ul>
             </li>
 

website/docs/r/sentinel_data_connector_aws_cloud_trail.html.markdown

@@ -0,0 +1,66 @@
+---
+subcategory: "Sentinel"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_sentinel_data_connector_aws_cloud_trail"
+description: |-
+  Manages a AWS CloudTrail Data Connector.
+---
+
+# azurerm_sentinel_data_connector_aws_cloud_trail
+
+Manages a AWS CloudTrail Data Connector.
+
+## Example Usage
+
+```hcl
+resource "azurerm_resource_group" "example" {
+  name     = "example-rg"
+  location = "west europe"
+}
+
+resource "azurerm_log_analytics_workspace" "example" {
+  name                = "example-workspace"
+  location            = azurerm_resource_group.example.location
+  resource_group_name = azurerm_resource_group.example.name
+  sku                 = "PerGB2018"
+}
+
+resource "azurerm_sentinel_data_connector_aws_cloud_trail" "example" {
+  name                       = "example"
+  log_analytics_workspace_id = azurerm_log_analytics_workspace.example.id
+  aws_role_arn               = "arn:aws:iam::000000000000:role/role1"
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+* `aws_role_arn` - (Required) The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
+
+* `log_analytics_workspace_id` - (Required) The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
+
+* `name` - (Required) The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
+
+## Attributes Reference
+
+In addition to the Arguments listed above - the following Attributes are exported:
+
+* `id` - The ID of the AWS CloudTrail Data Connector.
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:
+
+* `create` - (Defaults to 30 minutes) Used when creating the AWS CloudTrail Data Connector.
+* `read` - (Defaults to 5 minutes) Used when retrieving the AWS CloudTrail Data Connector.
+* `update` - (Defaults to 30 minutes) Used when updating the AWS CloudTrail Data Connector.
+* `delete` - (Defaults to 30 minutes) Used when deleting the AWS CloudTrail Data Connector.
+
+## Import
+
+AWS CloudTrail Data Connectors can be imported using the `resource id`, e.g.
+
+```shell
+terraform import azurerm_sentinel_data_connector_aws_cloud_trail.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1
+```