From 34405d25113f4d2392efeaf9c3be63c2df4967e4 Mon Sep 17 00:00:00 2001 From: sinbai Date: Fri, 20 May 2022 14:18:55 +0800 Subject: [PATCH 1/2] support for Sentinel security setting in azurerm_security_center_setting --- .../security_center_setting_resource.go | 60 +++++++++++++++--- .../security_center_setting_resource_test.go | 62 ++++++++++++++----- .../r/security_center_setting.html.markdown | 3 +- 3 files changed, 100 insertions(+), 25 deletions(-) diff --git a/internal/services/securitycenter/security_center_setting_resource.go b/internal/services/securitycenter/security_center_setting_resource.go index 8ae9c3a1610d..ba8e111ff070 100644 --- a/internal/services/securitycenter/security_center_setting_resource.go +++ b/internal/services/securitycenter/security_center_setting_resource.go @@ -44,12 +44,23 @@ func resourceSecurityCenterSetting() *pluginsdk.Resource { ValidateFunc: validation.StringInSlice([]string{ "MCAS", "WDATP", + "Sentinel", }, false), }, "enabled": { Type: pluginsdk.TypeBool, Required: true, }, + "kind": { + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + Default: security.KindDataExportSettings, + ValidateFunc: validation.StringInSlice([]string{ + string(security.KindDataExportSettings), + string(security.KindAlertSyncSettings), + }, false), + }, }, } } @@ -76,11 +87,23 @@ func resourceSecurityCenterSettingUpdate(d *pluginsdk.ResourceData, meta interfa } enabled := d.Get("enabled").(bool) - setting := security.DataExportSettings{ - DataExportSettingProperties: &security.DataExportSettingProperties{ - Enabled: &enabled, - }, - Kind: security.KindDataExportSettings, + var setting security.BasicSetting + + switch d.Get("kind").(string) { + case string(security.KindDataExportSettings): + setting = security.DataExportSettings{ + DataExportSettingProperties: &security.DataExportSettingProperties{ + Enabled: &enabled, + }, + Kind: security.KindDataExportSettings, + } + case string(security.KindAlertSyncSettings): + setting = security.AlertSyncSettings{ + AlertSyncSettingProperties: &security.AlertSyncSettingProperties{ + Enabled: &enabled, + }, + Kind: security.KindAlertSyncSettings, + } } if _, err := client.Update(ctx, id.Name, setting); err != nil { @@ -111,6 +134,7 @@ func resourceSecurityCenterSettingRead(d *pluginsdk.ResourceData, meta interface if properties := resp.DataExportSettingProperties; properties != nil { d.Set("enabled", properties.Enabled) } + d.Set("kind", resp.Kind) d.Set("setting_name", id.Name) return nil @@ -126,11 +150,27 @@ func resourceSecurityCenterSettingDelete(d *pluginsdk.ResourceData, meta interfa return err } - setting := security.DataExportSettings{ - DataExportSettingProperties: &security.DataExportSettingProperties{ - Enabled: utils.Bool(false), - }, - Kind: security.KindDataExportSettings, + resp, err := azuresdkhacks.GetSecurityCenterSetting(ctx, client, id.Name) + if err != nil { + return fmt.Errorf("retrieving %s: %+v", *id, err) + } + + var setting security.BasicSetting + switch string(resp.Kind) { + case string(security.KindDataExportSettings): + setting = security.DataExportSettings{ + DataExportSettingProperties: &security.DataExportSettingProperties{ + Enabled: utils.Bool(false), + }, + Kind: security.KindDataExportSettings, + } + case string(security.KindAlertSyncSettings): + setting = security.AlertSyncSettings{ + AlertSyncSettingProperties: &security.AlertSyncSettingProperties{ + Enabled: utils.Bool(false), + }, + Kind: security.KindAlertSyncSettings, + } } if _, err := client.Update(ctx, id.Name, setting); err != nil { diff --git a/internal/services/securitycenter/security_center_setting_resource_test.go b/internal/services/securitycenter/security_center_setting_resource_test.go index 3274fbc42c0d..08f510410d2e 100644 --- a/internal/services/securitycenter/security_center_setting_resource_test.go +++ b/internal/services/securitycenter/security_center_setting_resource_test.go @@ -24,7 +24,7 @@ func TestAccSecurityCenterSetting_update(t *testing.T) { //lintignore:AT001 data.ResourceSequentialTest(t, r, []acceptance.TestStep{ { - Config: r.cfg("MCAS", true), + Config: r.cfg("MCAS", true, "DataExportSettings"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), check.That(data.ResourceName).Key("setting_name").HasValue("MCAS"), @@ -33,7 +33,7 @@ func TestAccSecurityCenterSetting_update(t *testing.T) { }, data.ImportStep(), { - Config: r.cfg("MCAS", false), + Config: r.cfg("MCAS", false, "DataExportSettings"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).Key("setting_name").HasValue("MCAS"), check.That(data.ResourceName).Key("enabled").HasValue("false"), @@ -41,7 +41,7 @@ func TestAccSecurityCenterSetting_update(t *testing.T) { }, data.ImportStep(), { - Config: r.cfg("WDATP", true), + Config: r.cfg("WDATP", true, "DataExportSettings"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), check.That(data.ResourceName).Key("setting_name").HasValue("WDATP"), @@ -50,13 +50,30 @@ func TestAccSecurityCenterSetting_update(t *testing.T) { }, data.ImportStep(), { - Config: r.cfg("WDATP", false), + Config: r.cfg("WDATP", false, "DataExportSettings"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).Key("setting_name").HasValue("WDATP"), check.That(data.ResourceName).Key("enabled").HasValue("false"), ), }, data.ImportStep(), + { + Config: r.cfg("Sentinel", true, "AlertSyncSettings"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("setting_name").HasValue("Sentinel"), + check.That(data.ResourceName).Key("enabled").HasValue("true"), + ), + }, + data.ImportStep(), + { + Config: r.cfg("Sentinel", false, "AlertSyncSettings"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("setting_name").HasValue("Sentinel"), + check.That(data.ResourceName).Key("enabled").HasValue("false"), + ), + }, + data.ImportStep(), }) } @@ -66,7 +83,7 @@ func TestAccSecurityCenterSetting_requiresImport(t *testing.T) { data.ResourceSequentialTest(t, r, []acceptance.TestStep{ { - Config: r.cfg("MCAS", true), + Config: r.cfg("MCAS", true, "DataExportSettings"), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), ), @@ -98,11 +115,27 @@ func (SecurityCenterSettingResource) Destroy(ctx context.Context, clients *clien return nil, err } - setting := security.DataExportSettings{ - DataExportSettingProperties: &security.DataExportSettingProperties{ - Enabled: utils.Bool(false), - }, - Kind: security.KindDataExportSettings, + resp, err := azuresdkhacks.GetSecurityCenterSetting(ctx, client, id.Name) + if err != nil { + return nil, fmt.Errorf("checking for presence of existing %s: %v", id, err) + } + + var setting security.BasicSetting + switch string(resp.Kind) { + case string(security.KindDataExportSettings): + setting = security.DataExportSettings{ + DataExportSettingProperties: &security.DataExportSettingProperties{ + Enabled: utils.Bool(false), + }, + Kind: security.KindDataExportSettings, + } + case string(security.KindAlertSyncSettings): + setting = security.AlertSyncSettings{ + AlertSyncSettingProperties: &security.AlertSyncSettingProperties{ + Enabled: utils.Bool(false), + }, + Kind: security.KindAlertSyncSettings, + } } if _, err := client.Update(ctx, id.Name, setting); err != nil { @@ -111,7 +144,7 @@ func (SecurityCenterSettingResource) Destroy(ctx context.Context, clients *clien // TODO: switch back when Swagger/API bug has been fixed: // https://github.com/Azure/azure-sdk-for-go/issues/12724 (`Enabled` field missing) - resp, err := azuresdkhacks.GetSecurityCenterSetting(ctx, client, id.Name) + resp, err = azuresdkhacks.GetSecurityCenterSetting(ctx, client, id.Name) if err != nil { return nil, fmt.Errorf("checking for presence of existing %s: %v", id, err) } @@ -123,7 +156,7 @@ func (SecurityCenterSettingResource) Destroy(ctx context.Context, clients *clien return utils.Bool(true), nil } -func (SecurityCenterSettingResource) cfg(settingName string, enabled bool) string { +func (SecurityCenterSettingResource) cfg(settingName string, enabled bool, kind string) string { return fmt.Sprintf(` provider "azurerm" { features {} @@ -132,8 +165,9 @@ provider "azurerm" { resource "azurerm_security_center_setting" "test" { setting_name = "%s" enabled = "%t" + kind = "%s" } -`, settingName, enabled) +`, settingName, enabled, kind) } func (r SecurityCenterSettingResource) requiresImport(data acceptance.TestData) string { @@ -144,5 +178,5 @@ resource "azurerm_security_center_setting" "import" { setting_name = azurerm_security_center_setting.test.setting_name enabled = azurerm_security_center_setting.test.enabled } -`, r.cfg("MCAS", true)) +`, r.cfg("MCAS", true, "DataExportSettings")) } diff --git a/website/docs/r/security_center_setting.html.markdown b/website/docs/r/security_center_setting.html.markdown index fb61942e0493..8dfa3b0751d8 100644 --- a/website/docs/r/security_center_setting.html.markdown +++ b/website/docs/r/security_center_setting.html.markdown @@ -27,8 +27,9 @@ resource "azurerm_security_center_setting" "example" { The following arguments are supported: -* `setting_name` - (Required) The setting to manage. Possible values are `MCAS` and `WDATP`. Changing this forces a new resource to be created. +* `setting_name` - (Required) The setting to manage. Possible values are `MCAS`, `WDATP` and `Sentinel`. Changing this forces a new resource to be created. * `enabled` - (Required) Boolean flag to enable/disable data access. +* `kind` - (Optional) The kind of the settings string. Possible values are `DataExportSettings` and `AlertSyncSettings`. Defaults to `DataExportSettings`. ## Attributes Reference From a6fc543d99da0f20ea1ca796a8251fcfdc242b1e Mon Sep 17 00:00:00 2001 From: sinbai Date: Fri, 20 May 2022 14:47:51 +0800 Subject: [PATCH 2/2] update code --- .../security_center_setting_resource_test.go | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/internal/services/securitycenter/security_center_setting_resource_test.go b/internal/services/securitycenter/security_center_setting_resource_test.go index 08f510410d2e..2c0dc7013c46 100644 --- a/internal/services/securitycenter/security_center_setting_resource_test.go +++ b/internal/services/securitycenter/security_center_setting_resource_test.go @@ -17,6 +17,32 @@ import ( type SecurityCenterSettingResource struct{} +func TestAccSecurityCenterSetting_basic(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_security_center_setting", "test") + r := SecurityCenterSettingResource{} + + //lintignore:AT001 + data.ResourceSequentialTest(t, r, []acceptance.TestStep{ + { + Config: r.basic("MCAS", true), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("setting_name").HasValue("MCAS"), + check.That(data.ResourceName).Key("enabled").HasValue("true"), + ), + }, + data.ImportStep(), + { + Config: r.basic("MCAS", false), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).Key("setting_name").HasValue("MCAS"), + check.That(data.ResourceName).Key("enabled").HasValue("false"), + ), + }, + data.ImportStep(), + }) +} + func TestAccSecurityCenterSetting_update(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_security_center_setting", "test") r := SecurityCenterSettingResource{} @@ -170,6 +196,19 @@ resource "azurerm_security_center_setting" "test" { `, settingName, enabled, kind) } +func (SecurityCenterSettingResource) basic(settingName string, enabled bool) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_security_center_setting" "test" { + setting_name = "%s" + enabled = "%t" +} +`, settingName, enabled) +} + func (r SecurityCenterSettingResource) requiresImport(data acceptance.TestData) string { return fmt.Sprintf(` %s