New Resource: azurerm_sentinel_threat_intelligence_indicator (#20771)

hashicorp · Mar 20, 2023 · b6a8f7d · b6a8f7d
1 parent 5a13d1c
commit b6a8f7d
Show file tree

Hide file tree

Showing 12 changed files with 2,584 additions and 0 deletions.
diff --git a/internal/services/sentinel/azuresdkhacks/threat_intelligence_indicator_models.go b/internal/services/sentinel/azuresdkhacks/threat_intelligence_indicator_models.go
diff --git a/internal/services/sentinel/azuresdkhacks/threatintelligenceindicator.go b/internal/services/sentinel/azuresdkhacks/threatintelligenceindicator.go
diff --git a/internal/services/sentinel/client/client.go b/internal/services/sentinel/client/client.go
@@ -19,6 +19,7 @@ type Client struct {
 	WatchlistItemsClient     *securityinsight.WatchlistItemsClient
 	OnboardingStatesClient   *sentinelonboardingstates.SentinelOnboardingStatesClient
 	AnalyticsSettingsClient  *securityinsight.SecurityMLAnalyticsSettingsClient
+	ThreatIntelligenceClient *securityinsight.ThreatIntelligenceIndicatorClient
 	MetadataClient           *metadata.MetadataClient
 }
 
@@ -47,6 +48,9 @@ func NewClient(o *common.ClientOptions) *Client {
 	analyticsSettingsClient := securityinsight.NewSecurityMLAnalyticsSettingsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
 	o.ConfigureClient(&analyticsSettingsClient.Client, o.ResourceManagerAuthorizer)
 
+	threatIntelligenceClient := securityinsight.NewThreatIntelligenceIndicatorClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
+	o.ConfigureClient(&threatIntelligenceClient.Client, o.ResourceManagerAuthorizer)
+
 	metadataClient := metadata.NewMetadataClientWithBaseURI(o.ResourceManagerEndpoint)
 	o.ConfigureClient(&metadataClient.Client, o.ResourceManagerAuthorizer)
 
@@ -59,6 +63,7 @@ func NewClient(o *common.ClientOptions) *Client {
 		WatchlistItemsClient:     &watchListItemsClient,
 		OnboardingStatesClient:   &onboardingStatesClient,
 		AnalyticsSettingsClient:  &analyticsSettingsClient,
+		ThreatIntelligenceClient: &threatIntelligenceClient,
 		MetadataClient:           &metadataClient,
 	}
 }
diff --git a/internal/services/sentinel/parse/threat_intelligence_indicator.go b/internal/services/sentinel/parse/threat_intelligence_indicator.go
@@ -0,0 +1,81 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
+)
+
+type ThreatIntelligenceIndicatorId struct {
+	SubscriptionId         string
+	ResourceGroup          string
+	WorkspaceName          string
+	ThreatIntelligenceName string
+	IndicatorName          string
+}
+
+func NewThreatIntelligenceIndicatorID(subscriptionId, resourceGroup, workspaceName, threatIntelligenceName, indicatorName string) ThreatIntelligenceIndicatorId {
+	return ThreatIntelligenceIndicatorId{
+		SubscriptionId:         subscriptionId,
+		ResourceGroup:          resourceGroup,
+		WorkspaceName:          workspaceName,
+		ThreatIntelligenceName: threatIntelligenceName,
+		IndicatorName:          indicatorName,
+	}
+}
+
+func (id ThreatIntelligenceIndicatorId) String() string {
+	segments := []string{
+		fmt.Sprintf("Indicator Name %q", id.IndicatorName),
+		fmt.Sprintf("Threat Intelligence Name %q", id.ThreatIntelligenceName),
+		fmt.Sprintf("Workspace Name %q", id.WorkspaceName),
+		fmt.Sprintf("Resource Group %q", id.ResourceGroup),
+	}
+	segmentsStr := strings.Join(segments, " / ")
+	return fmt.Sprintf("%s: (%s)", "Threat Intelligence Indicator", segmentsStr)
+}
+
+func (id ThreatIntelligenceIndicatorId) ID() string {
+	fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.OperationalInsights/workspaces/%s/providers/Microsoft.SecurityInsights/threatIntelligence/%s/indicators/%s"
+	return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.ThreatIntelligenceName, id.IndicatorName)
+}
+
+// ThreatIntelligenceIndicatorID parses a ThreatIntelligenceIndicator ID into an ThreatIntelligenceIndicatorId struct
+func ThreatIntelligenceIndicatorID(input string) (*ThreatIntelligenceIndicatorId, error) {
+	id, err := resourceids.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, err
+	}
+
+	resourceId := ThreatIntelligenceIndicatorId{
+		SubscriptionId: id.SubscriptionID,
+		ResourceGroup:  id.ResourceGroup,
+	}
+
+	if resourceId.SubscriptionId == "" {
+		return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
+	}
+
+	if resourceId.ResourceGroup == "" {
+		return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
+	}
+
+	if resourceId.WorkspaceName, err = id.PopSegment("workspaces"); err != nil {
+		return nil, err
+	}
+	if resourceId.ThreatIntelligenceName, err = id.PopSegment("threatIntelligence"); err != nil {
+		return nil, err
+	}
+	if resourceId.IndicatorName, err = id.PopSegment("indicators"); err != nil {
+		return nil, err
+	}
+
+	if err := id.ValidateNoEmptySegments(input); err != nil {
+		return nil, err
+	}
+
+	return &resourceId, nil
+}
diff --git a/internal/services/sentinel/parse/threat_intelligence_indicator_test.go b/internal/services/sentinel/parse/threat_intelligence_indicator_test.go
@@ -0,0 +1,144 @@
+package parse
+
+// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten
+
+import (
+	"testing"
+
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
+)
+
+var _ resourceids.Id = ThreatIntelligenceIndicatorId{}
+
+func TestThreatIntelligenceIndicatorIDFormatter(t *testing.T) {
+	actual := NewThreatIntelligenceIndicatorID("12345678-1234-9876-4563-123456789012", "resGroup1", "workspace1", "main", "indicator1").ID()
+	expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1"
+	if actual != expected {
+		t.Fatalf("Expected %q but got %q", expected, actual)
+	}
+}
+
+func TestThreatIntelligenceIndicatorID(t *testing.T) {
+	testData := []struct {
+		Input    string
+		Error    bool
+		Expected *ThreatIntelligenceIndicatorId
+	}{
+
+		{
+			// empty
+			Input: "",
+			Error: true,
+		},
+
+		{
+			// missing SubscriptionId
+			Input: "/",
+			Error: true,
+		},
+
+		{
+			// missing value for SubscriptionId
+			Input: "/subscriptions/",
+			Error: true,
+		},
+
+		{
+			// missing ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/",
+			Error: true,
+		},
+
+		{
+			// missing value for ResourceGroup
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/",
+			Error: true,
+		},
+
+		{
+			// missing WorkspaceName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/",
+			Error: true,
+		},
+
+		{
+			// missing value for WorkspaceName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/",
+			Error: true,
+		},
+
+		{
+			// missing ThreatIntelligenceName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/",
+			Error: true,
+		},
+
+		{
+			// missing value for ThreatIntelligenceName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/",
+			Error: true,
+		},
+
+		{
+			// missing IndicatorName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/",
+			Error: true,
+		},
+
+		{
+			// missing value for IndicatorName
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/",
+			Error: true,
+		},
+
+		{
+			// valid
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1",
+			Expected: &ThreatIntelligenceIndicatorId{
+				SubscriptionId:         "12345678-1234-9876-4563-123456789012",
+				ResourceGroup:          "resGroup1",
+				WorkspaceName:          "workspace1",
+				ThreatIntelligenceName: "main",
+				IndicatorName:          "indicator1",
+			},
+		},
+
+		{
+			// upper-cased
+			Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.OPERATIONALINSIGHTS/WORKSPACES/WORKSPACE1/PROVIDERS/MICROSOFT.SECURITYINSIGHTS/THREATINTELLIGENCE/MAIN/INDICATORS/INDICATOR1",
+			Error: true,
+		},
+	}
+
+	for _, v := range testData {
+		t.Logf("[DEBUG] Testing %q", v.Input)
+
+		actual, err := ThreatIntelligenceIndicatorID(v.Input)
+		if err != nil {
+			if v.Error {
+				continue
+			}
+
+			t.Fatalf("Expect a value but got an error: %s", err)
+		}
+		if v.Error {
+			t.Fatal("Expect an error but didn't get one")
+		}
+
+		if actual.SubscriptionId != v.Expected.SubscriptionId {
+			t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId)
+		}
+		if actual.ResourceGroup != v.Expected.ResourceGroup {
+			t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup)
+		}
+		if actual.WorkspaceName != v.Expected.WorkspaceName {
+			t.Fatalf("Expected %q but got %q for WorkspaceName", v.Expected.WorkspaceName, actual.WorkspaceName)
+		}
+		if actual.ThreatIntelligenceName != v.Expected.ThreatIntelligenceName {
+			t.Fatalf("Expected %q but got %q for ThreatIntelligenceName", v.Expected.ThreatIntelligenceName, actual.ThreatIntelligenceName)
+		}
+		if actual.IndicatorName != v.Expected.IndicatorName {
+			t.Fatalf("Expected %q but got %q for IndicatorName", v.Expected.IndicatorName, actual.IndicatorName)
+		}
+	}
+}
diff --git a/internal/services/sentinel/registration.go b/internal/services/sentinel/registration.go
@@ -78,5 +78,6 @@ func (r Registration) Resources() []sdk.Resource {
 		AlertRuleAnomalyBuiltInResource{},
 		MetadataResource{},
 		AlertRuleAnomalyDuplicateResource{},
+		ThreatIntelligenceIndicator{},
 	}
 }
diff --git a/internal/services/sentinel/resourceids.go b/internal/services/sentinel/resourceids.go
@@ -6,3 +6,4 @@ package sentinel
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=Watchlist -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=WatchlistItem -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1/watchlistItems/item1
 //go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=MLAnalyticsSettings -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1
+//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=ThreatIntelligenceIndicator -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1