Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource: azurerm_sentinel_threat_intelligence_indicator #20771

Large diffs are not rendered by default.

Large diffs are not rendered by default.

5 changes: 5 additions & 0 deletions internal/services/sentinel/client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ type Client struct {
WatchlistItemsClient *securityinsight.WatchlistItemsClient
OnboardingStatesClient *sentinelonboardingstates.SentinelOnboardingStatesClient
AnalyticsSettingsClient *securityinsight.SecurityMLAnalyticsSettingsClient
ThreatIntelligenceClient *securityinsight.ThreatIntelligenceIndicatorClient
MetadataClient *metadata.MetadataClient
}

Expand Down Expand Up @@ -47,6 +48,9 @@ func NewClient(o *common.ClientOptions) *Client {
analyticsSettingsClient := securityinsight.NewSecurityMLAnalyticsSettingsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&analyticsSettingsClient.Client, o.ResourceManagerAuthorizer)

threatIntelligenceClient := securityinsight.NewThreatIntelligenceIndicatorClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&threatIntelligenceClient.Client, o.ResourceManagerAuthorizer)

metadataClient := metadata.NewMetadataClientWithBaseURI(o.ResourceManagerEndpoint)
o.ConfigureClient(&metadataClient.Client, o.ResourceManagerAuthorizer)

Expand All @@ -59,6 +63,7 @@ func NewClient(o *common.ClientOptions) *Client {
WatchlistItemsClient: &watchListItemsClient,
OnboardingStatesClient: &onboardingStatesClient,
AnalyticsSettingsClient: &analyticsSettingsClient,
ThreatIntelligenceClient: &threatIntelligenceClient,
MetadataClient: &metadataClient,
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
package parse

// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten

import (
"fmt"
"strings"

"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
)

type ThreatIntelligenceIndicatorId struct {
SubscriptionId string
ResourceGroup string
WorkspaceName string
ThreatIntelligenceName string
IndicatorName string
}

func NewThreatIntelligenceIndicatorID(subscriptionId, resourceGroup, workspaceName, threatIntelligenceName, indicatorName string) ThreatIntelligenceIndicatorId {
return ThreatIntelligenceIndicatorId{
SubscriptionId: subscriptionId,
ResourceGroup: resourceGroup,
WorkspaceName: workspaceName,
ThreatIntelligenceName: threatIntelligenceName,
IndicatorName: indicatorName,
}
}

func (id ThreatIntelligenceIndicatorId) String() string {
segments := []string{
fmt.Sprintf("Indicator Name %q", id.IndicatorName),
fmt.Sprintf("Threat Intelligence Name %q", id.ThreatIntelligenceName),
fmt.Sprintf("Workspace Name %q", id.WorkspaceName),
fmt.Sprintf("Resource Group %q", id.ResourceGroup),
}
segmentsStr := strings.Join(segments, " / ")
return fmt.Sprintf("%s: (%s)", "Threat Intelligence Indicator", segmentsStr)
}

func (id ThreatIntelligenceIndicatorId) ID() string {
fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.OperationalInsights/workspaces/%s/providers/Microsoft.SecurityInsights/threatIntelligence/%s/indicators/%s"
return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroup, id.WorkspaceName, id.ThreatIntelligenceName, id.IndicatorName)
}

// ThreatIntelligenceIndicatorID parses a ThreatIntelligenceIndicator ID into an ThreatIntelligenceIndicatorId struct
func ThreatIntelligenceIndicatorID(input string) (*ThreatIntelligenceIndicatorId, error) {
id, err := resourceids.ParseAzureResourceID(input)
if err != nil {
return nil, err
}

resourceId := ThreatIntelligenceIndicatorId{
SubscriptionId: id.SubscriptionID,
ResourceGroup: id.ResourceGroup,
}

if resourceId.SubscriptionId == "" {
return nil, fmt.Errorf("ID was missing the 'subscriptions' element")
}

if resourceId.ResourceGroup == "" {
return nil, fmt.Errorf("ID was missing the 'resourceGroups' element")
}

if resourceId.WorkspaceName, err = id.PopSegment("workspaces"); err != nil {
return nil, err
}
if resourceId.ThreatIntelligenceName, err = id.PopSegment("threatIntelligence"); err != nil {
return nil, err
}
if resourceId.IndicatorName, err = id.PopSegment("indicators"); err != nil {
return nil, err
}

if err := id.ValidateNoEmptySegments(input); err != nil {
return nil, err
}

return &resourceId, nil
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
package parse

// NOTE: this file is generated via 'go:generate' - manual changes will be overwritten

import (
"testing"

"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
)

var _ resourceids.Id = ThreatIntelligenceIndicatorId{}

func TestThreatIntelligenceIndicatorIDFormatter(t *testing.T) {
actual := NewThreatIntelligenceIndicatorID("12345678-1234-9876-4563-123456789012", "resGroup1", "workspace1", "main", "indicator1").ID()
expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1"
if actual != expected {
t.Fatalf("Expected %q but got %q", expected, actual)
}
}

func TestThreatIntelligenceIndicatorID(t *testing.T) {
testData := []struct {
Input string
Error bool
Expected *ThreatIntelligenceIndicatorId
}{

{
// empty
Input: "",
Error: true,
},

{
// missing SubscriptionId
Input: "/",
Error: true,
},

{
// missing value for SubscriptionId
Input: "/subscriptions/",
Error: true,
},

{
// missing ResourceGroup
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/",
Error: true,
},

{
// missing value for ResourceGroup
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/",
Error: true,
},

{
// missing WorkspaceName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/",
Error: true,
},

{
// missing value for WorkspaceName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/",
Error: true,
},

{
// missing ThreatIntelligenceName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/",
Error: true,
},

{
// missing value for ThreatIntelligenceName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/",
Error: true,
},

{
// missing IndicatorName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/",
Error: true,
},

{
// missing value for IndicatorName
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/",
Error: true,
},

{
// valid
Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1",
Expected: &ThreatIntelligenceIndicatorId{
SubscriptionId: "12345678-1234-9876-4563-123456789012",
ResourceGroup: "resGroup1",
WorkspaceName: "workspace1",
ThreatIntelligenceName: "main",
IndicatorName: "indicator1",
},
},

{
// upper-cased
Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESGROUP1/PROVIDERS/MICROSOFT.OPERATIONALINSIGHTS/WORKSPACES/WORKSPACE1/PROVIDERS/MICROSOFT.SECURITYINSIGHTS/THREATINTELLIGENCE/MAIN/INDICATORS/INDICATOR1",
Error: true,
},
}

for _, v := range testData {
t.Logf("[DEBUG] Testing %q", v.Input)

actual, err := ThreatIntelligenceIndicatorID(v.Input)
if err != nil {
if v.Error {
continue
}

t.Fatalf("Expect a value but got an error: %s", err)
}
if v.Error {
t.Fatal("Expect an error but didn't get one")
}

if actual.SubscriptionId != v.Expected.SubscriptionId {
t.Fatalf("Expected %q but got %q for SubscriptionId", v.Expected.SubscriptionId, actual.SubscriptionId)
}
if actual.ResourceGroup != v.Expected.ResourceGroup {
t.Fatalf("Expected %q but got %q for ResourceGroup", v.Expected.ResourceGroup, actual.ResourceGroup)
}
if actual.WorkspaceName != v.Expected.WorkspaceName {
t.Fatalf("Expected %q but got %q for WorkspaceName", v.Expected.WorkspaceName, actual.WorkspaceName)
}
if actual.ThreatIntelligenceName != v.Expected.ThreatIntelligenceName {
t.Fatalf("Expected %q but got %q for ThreatIntelligenceName", v.Expected.ThreatIntelligenceName, actual.ThreatIntelligenceName)
}
if actual.IndicatorName != v.Expected.IndicatorName {
t.Fatalf("Expected %q but got %q for IndicatorName", v.Expected.IndicatorName, actual.IndicatorName)
}
}
}
1 change: 1 addition & 0 deletions internal/services/sentinel/registration.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,5 +78,6 @@ func (r Registration) Resources() []sdk.Resource {
AlertRuleAnomalyBuiltInResource{},
MetadataResource{},
AlertRuleAnomalyDuplicateResource{},
ThreatIntelligenceIndicator{},
}
}
1 change: 1 addition & 0 deletions internal/services/sentinel/resourceids.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ package sentinel
//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=Watchlist -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1
//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=WatchlistItem -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1/watchlistItems/item1
//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=MLAnalyticsSettings -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1
//go:generate go run ../../tools/generator-resource-id/main.go -path=./ -name=ThreatIntelligenceIndicator -id=/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/indicator1
Loading