Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_sentinel_alert_rule_scheduled - remove the limit on number of entity_mapping and sentinel_entity_mapping #27832

Closed
wants to merge 4 commits into from
Closed

azurerm_sentinel_alert_rule_scheduled - remove the limit on number of entity_mapping and sentinel_entity_mapping #27832

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
827c41a
`azurerm_sentinel_alert_rule_scheduled` - remove the limit on number …
ziyeqf Oct 31, 2024
8c1561e
Merge branch 'main' into issue/27722
ziyeqf Oct 31, 2024
58ae000
Merge branch 'main' into issue/27722
ziyeqf Nov 8, 2024
624dec7
Merge branch 'main' into issue/27722
ziyeqf Nov 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 1 addition & 10 deletions internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource {
"entity_mapping": {
Type: pluginsdk.TypeList,
Optional: true,
MaxItems: 5,
MaxItems: 10,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"entity_type": {
Expand Down Expand Up @@ -435,20 +435,11 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m
param.Properties.CustomDetails = utils.ExpandPtrMapStringString(v.(map[string]interface{}))
}

entityMappingCount := 0
sentinelEntityMappingCount := 0
if v, ok := d.GetOk("entity_mapping"); ok {
param.Properties.EntityMappings = expandAlertRuleEntityMapping(v.([]interface{}))
entityMappingCount = len(*param.Properties.EntityMappings)
}
if v, ok := d.GetOk("sentinel_entity_mapping"); ok {
param.Properties.SentinelEntitiesMappings = expandAlertRuleSentinelEntityMapping(v.([]interface{}))
sentinelEntityMappingCount = len(*param.Properties.SentinelEntitiesMappings)
}

// the max number of `sentinel_entity_mapping` and `entity_mapping` together is 5
if entityMappingCount+sentinelEntityMappingCount > 5 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Has the limit for the sentinel entity mapping also been affected?

return fmt.Errorf("`entity_mapping` and `sentinel_entity_mapping` together can't exceed 5")
}

if !d.IsNewResource() {
Expand Down
2 changes: 0 additions & 2 deletions website/docs/r/sentinel_alert_rule_scheduled.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,6 @@ The following arguments are supported:

* `sentinel_entity_mapping` - (Optional) A list of `sentinel_entity_mapping` blocks as defined below.

-> **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.

* `tactics` - (Optional) A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.

* `techniques` - (Optional) A list of techniques of attacks by which to classify the rule.
Expand Down
Loading