Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_security_center_setting - Support for Sentinel security setting in resource azurerm_security_center_setting #16882

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -44,12 +44,23 @@ func resourceSecurityCenterSetting() *pluginsdk.Resource {
ValidateFunc: validation.StringInSlice([]string{
"MCAS",
"WDATP",
"Sentinel",
}, false),
},
"enabled": {
Type: pluginsdk.TypeBool,
Required: true,
},
"kind": {
Type: pluginsdk.TypeString,
Optional: true,
ForceNew: true,
Default: security.KindDataExportSettings,
ValidateFunc: validation.StringInSlice([]string{
string(security.KindDataExportSettings),
string(security.KindAlertSyncSettings),
}, false),
},
Comment on lines +54 to +63
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rather than exposing a kind field this wants to be split into two different resources - as the discriminator implementations have different validation requirements etc

can you take a look into splitting these out @sinbai?

},
}
}
Expand All @@ -76,11 +87,23 @@ func resourceSecurityCenterSettingUpdate(d *pluginsdk.ResourceData, meta interfa
}

enabled := d.Get("enabled").(bool)
setting := security.DataExportSettings{
DataExportSettingProperties: &security.DataExportSettingProperties{
Enabled: &enabled,
},
Kind: security.KindDataExportSettings,
var setting security.BasicSetting

switch d.Get("kind").(string) {
case string(security.KindDataExportSettings):
setting = security.DataExportSettings{
DataExportSettingProperties: &security.DataExportSettingProperties{
Enabled: &enabled,
},
Kind: security.KindDataExportSettings,
}
case string(security.KindAlertSyncSettings):
setting = security.AlertSyncSettings{
AlertSyncSettingProperties: &security.AlertSyncSettingProperties{
Enabled: &enabled,
},
Kind: security.KindAlertSyncSettings,
}
}

if _, err := client.Update(ctx, id.Name, setting); err != nil {
Expand Down Expand Up @@ -111,6 +134,7 @@ func resourceSecurityCenterSettingRead(d *pluginsdk.ResourceData, meta interface
if properties := resp.DataExportSettingProperties; properties != nil {
d.Set("enabled", properties.Enabled)
}
d.Set("kind", resp.Kind)
d.Set("setting_name", id.Name)

return nil
Expand All @@ -126,11 +150,27 @@ func resourceSecurityCenterSettingDelete(d *pluginsdk.ResourceData, meta interfa
return err
}

setting := security.DataExportSettings{
DataExportSettingProperties: &security.DataExportSettingProperties{
Enabled: utils.Bool(false),
},
Kind: security.KindDataExportSettings,
resp, err := azuresdkhacks.GetSecurityCenterSetting(ctx, client, id.Name)
if err != nil {
return fmt.Errorf("retrieving %s: %+v", *id, err)
}

var setting security.BasicSetting
switch string(resp.Kind) {
case string(security.KindDataExportSettings):
setting = security.DataExportSettings{
DataExportSettingProperties: &security.DataExportSettingProperties{
Enabled: utils.Bool(false),
},
Kind: security.KindDataExportSettings,
}
case string(security.KindAlertSyncSettings):
setting = security.AlertSyncSettings{
AlertSyncSettingProperties: &security.AlertSyncSettingProperties{
Enabled: utils.Bool(false),
},
Kind: security.KindAlertSyncSettings,
}
}

if _, err := client.Update(ctx, id.Name, setting); err != nil {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,40 @@ import (

type SecurityCenterSettingResource struct{}

func TestAccSecurityCenterSetting_basic(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_security_center_setting", "test")
r := SecurityCenterSettingResource{}

//lintignore:AT001
data.ResourceSequentialTest(t, r, []acceptance.TestStep{
{
Config: r.basic("MCAS", true),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("setting_name").HasValue("MCAS"),
check.That(data.ResourceName).Key("enabled").HasValue("true"),
),
},
data.ImportStep(),
{
Config: r.basic("MCAS", false),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).Key("setting_name").HasValue("MCAS"),
check.That(data.ResourceName).Key("enabled").HasValue("false"),
),
},
data.ImportStep(),
})
}

func TestAccSecurityCenterSetting_update(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_security_center_setting", "test")
r := SecurityCenterSettingResource{}

//lintignore:AT001
data.ResourceSequentialTest(t, r, []acceptance.TestStep{
{
Config: r.cfg("MCAS", true),
Config: r.cfg("MCAS", true, "DataExportSettings"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("setting_name").HasValue("MCAS"),
Expand All @@ -33,15 +59,15 @@ func TestAccSecurityCenterSetting_update(t *testing.T) {
},
data.ImportStep(),
{
Config: r.cfg("MCAS", false),
Config: r.cfg("MCAS", false, "DataExportSettings"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).Key("setting_name").HasValue("MCAS"),
check.That(data.ResourceName).Key("enabled").HasValue("false"),
),
},
data.ImportStep(),
{
Config: r.cfg("WDATP", true),
Config: r.cfg("WDATP", true, "DataExportSettings"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("setting_name").HasValue("WDATP"),
Expand All @@ -50,13 +76,30 @@ func TestAccSecurityCenterSetting_update(t *testing.T) {
},
data.ImportStep(),
{
Config: r.cfg("WDATP", false),
Config: r.cfg("WDATP", false, "DataExportSettings"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).Key("setting_name").HasValue("WDATP"),
check.That(data.ResourceName).Key("enabled").HasValue("false"),
),
},
data.ImportStep(),
{
Config: r.cfg("Sentinel", true, "AlertSyncSettings"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("setting_name").HasValue("Sentinel"),
check.That(data.ResourceName).Key("enabled").HasValue("true"),
),
},
data.ImportStep(),
{
Config: r.cfg("Sentinel", false, "AlertSyncSettings"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).Key("setting_name").HasValue("Sentinel"),
check.That(data.ResourceName).Key("enabled").HasValue("false"),
),
},
data.ImportStep(),
})
}

Expand All @@ -66,7 +109,7 @@ func TestAccSecurityCenterSetting_requiresImport(t *testing.T) {

data.ResourceSequentialTest(t, r, []acceptance.TestStep{
{
Config: r.cfg("MCAS", true),
Config: r.cfg("MCAS", true, "DataExportSettings"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
Expand Down Expand Up @@ -98,11 +141,27 @@ func (SecurityCenterSettingResource) Destroy(ctx context.Context, clients *clien
return nil, err
}

setting := security.DataExportSettings{
DataExportSettingProperties: &security.DataExportSettingProperties{
Enabled: utils.Bool(false),
},
Kind: security.KindDataExportSettings,
resp, err := azuresdkhacks.GetSecurityCenterSetting(ctx, client, id.Name)
if err != nil {
return nil, fmt.Errorf("checking for presence of existing %s: %v", id, err)
}

var setting security.BasicSetting
switch string(resp.Kind) {
case string(security.KindDataExportSettings):
setting = security.DataExportSettings{
DataExportSettingProperties: &security.DataExportSettingProperties{
Enabled: utils.Bool(false),
},
Kind: security.KindDataExportSettings,
}
case string(security.KindAlertSyncSettings):
setting = security.AlertSyncSettings{
AlertSyncSettingProperties: &security.AlertSyncSettingProperties{
Enabled: utils.Bool(false),
},
Kind: security.KindAlertSyncSettings,
}
}

if _, err := client.Update(ctx, id.Name, setting); err != nil {
Expand All @@ -111,7 +170,7 @@ func (SecurityCenterSettingResource) Destroy(ctx context.Context, clients *clien

// TODO: switch back when Swagger/API bug has been fixed:
// https://github.com/Azure/azure-sdk-for-go/issues/12724 (`Enabled` field missing)
resp, err := azuresdkhacks.GetSecurityCenterSetting(ctx, client, id.Name)
resp, err = azuresdkhacks.GetSecurityCenterSetting(ctx, client, id.Name)
if err != nil {
return nil, fmt.Errorf("checking for presence of existing %s: %v", id, err)
}
Expand All @@ -123,7 +182,21 @@ func (SecurityCenterSettingResource) Destroy(ctx context.Context, clients *clien
return utils.Bool(true), nil
}

func (SecurityCenterSettingResource) cfg(settingName string, enabled bool) string {
func (SecurityCenterSettingResource) cfg(settingName string, enabled bool, kind string) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}

resource "azurerm_security_center_setting" "test" {
setting_name = "%s"
enabled = "%t"
kind = "%s"
}
`, settingName, enabled, kind)
}

func (SecurityCenterSettingResource) basic(settingName string, enabled bool) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
Expand All @@ -144,5 +217,5 @@ resource "azurerm_security_center_setting" "import" {
setting_name = azurerm_security_center_setting.test.setting_name
enabled = azurerm_security_center_setting.test.enabled
}
`, r.cfg("MCAS", true))
`, r.cfg("MCAS", true, "DataExportSettings"))
}
3 changes: 2 additions & 1 deletion website/docs/r/security_center_setting.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,9 @@ resource "azurerm_security_center_setting" "example" {

The following arguments are supported:

* `setting_name` - (Required) The setting to manage. Possible values are `MCAS` and `WDATP`. Changing this forces a new resource to be created.
* `setting_name` - (Required) The setting to manage. Possible values are `MCAS`, `WDATP` and `Sentinel`. Changing this forces a new resource to be created.
* `enabled` - (Required) Boolean flag to enable/disable data access.
* `kind` - (Optional) The kind of the settings string. Possible values are `DataExportSettings` and `AlertSyncSettings`. Defaults to `DataExportSettings`.

## Attributes Reference

Expand Down