Skip to content

Commit

Permalink
azurerm_senitnel_alert_rule_nrt - update docs and test cases for 4.0 (
Browse files Browse the repository at this point in the history
  • Loading branch information
ziyeqf authored Sep 3, 2024
1 parent b6ca2d6 commit afe4e46
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
"github.com/hashicorp/terraform-provider-azurerm/helpers/validate"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/features"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
Expand Down Expand Up @@ -83,9 +82,7 @@ func resourceSentinelAlertRuleNrt() *pluginsdk.Resource {
// lintignore:S013
"event_grouping": {
Type: pluginsdk.TypeList,
Required: features.FourPointOhBeta(),
Optional: !features.FourPointOhBeta(),
Computed: !features.FourPointOhBeta(), // the service will default it to `SingleAlert`.
Required: true,
MaxItems: 1,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,11 @@ resource "azurerm_sentinel_alert_rule_nrt" "test" {
log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.test.workspace_id
display_name = "Some Rule"
severity = "High"
query = <<QUERY
event_grouping {
aggregation_method = "SingleAlert"
}
query = <<QUERY
AzureActivity |
where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
where ActivityStatus == "Succeeded" |
Expand Down Expand Up @@ -196,6 +200,9 @@ resource "azurerm_sentinel_alert_rule_nrt" "test" {
by_custom_details = ["OperatingSystemType", "OperatingSystemName"]
}
}
event_grouping {
aggregation_method = "SingleAlert"
}
query = "Heartbeat"
suppression_enabled = true
suppression_duration = "PT40M"
Expand Down Expand Up @@ -250,6 +257,9 @@ resource "azurerm_sentinel_alert_rule_nrt" "test" {
OperatingSystemType = "OSType"
}
event_grouping {
aggregation_method = "SingleAlert"
}
}
`, r.template(data), data.RandomInteger)
}
Expand All @@ -264,6 +274,9 @@ resource "azurerm_sentinel_alert_rule_nrt" "import" {
display_name = azurerm_sentinel_alert_rule_nrt.test.display_name
severity = azurerm_sentinel_alert_rule_nrt.test.severity
query = azurerm_sentinel_alert_rule_nrt.test.query
event_grouping {
aggregation_method = "SingleAlert"
}
}
`, r.basic(data))
}
Expand All @@ -284,6 +297,9 @@ resource "azurerm_sentinel_alert_rule_nrt" "test" {
severity = "Low"
alert_rule_template_guid = data.azurerm_sentinel_alert_rule_template.test.name
query = "Heartbeat"
event_grouping {
aggregation_method = "SingleAlert"
}
}
`, r.template(data), data.RandomInteger)
}
Expand Down
6 changes: 2 additions & 4 deletions website/docs/r/sentinel_alert_rule_nrt.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,8 @@ The following arguments are supported:

* `display_name` - (Required) The friendly name of this Sentinel NRT Alert Rule.

* `event_grouping` - (Required) A `event_grouping` block as defined below.

* `severity` - (Required) The alert severity of this Sentinel NRT Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.

* `query` - (Required) The query of this Sentinel NRT Alert Rule.
Expand All @@ -77,10 +79,6 @@ The following arguments are supported:

* `entity_mapping` - (Optional) A list of `entity_mapping` blocks as defined below.

* `event_grouping` - (Optional) A `event_grouping` block as defined below.

-> **NOTE:** `event_grouping` will be required in the next major version of the AzureRM Provider.

* `sentinel_entity_mapping` - (Optional) A list of `sentinel_entity_mapping` blocks as defined below.

-> **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
Expand Down

0 comments on commit afe4e46

Please sign in to comment.