From 12d9facac27ea7522d52190cf7eb963b3de71591 Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Fri, 6 Dec 2024 13:22:03 +1100 Subject: [PATCH 01/10] `azurerm_sentinel_alert_rule_scheduled` - upgrade API version --- go.mod | 4 +- go.sum | 8 +- internal/services/sentinel/client/client.go | 9 + .../services/sentinel/sentinel_alert_rule.go | 413 +++++++++++++ .../sentinel_alert_rule_scheduled_resource.go | 36 +- ...inel_alert_rule_scheduled_resource_test.go | 4 +- .../2023-12-01-preview/alertrules/README.md | 90 +++ .../2023-12-01-preview/alertrules/client.go | 26 + .../alertrules/constants.go | 579 ++++++++++++++++++ .../alertrules/id_alertrule.go | 141 +++++ .../alertrules/id_workspace.go | 130 ++++ .../alertrules/method_createorupdate.go | 63 ++ .../alertrules/method_delete.go | 47 ++ .../alertrules/method_get.go | 58 ++ .../alertrules/method_list.go | 117 ++++ .../alertrules/model_alertdetailsoverride.go | 12 + .../alertrules/model_alertpropertymapping.go | 9 + .../alertrules/model_alertrule.go | 122 ++++ .../alertrules/model_entitymapping.go | 9 + .../alertrules/model_eventgroupingsettings.go | 8 + .../alertrules/model_fieldmapping.go | 9 + .../alertrules/model_fusionalertrule.go | 62 ++ .../model_fusionalertruleproperties.go | 36 ++ .../model_fusionscenarioexclusionpattern.go | 9 + .../alertrules/model_fusionsourcesettings.go | 10 + .../model_fusionsourcesubtypesetting.go | 11 + .../model_fusionsubtypeseverityfilter.go | 9 + .../model_fusionsubtypeseverityfiltersitem.go | 9 + .../alertrules/model_groupingconfiguration.go | 14 + .../alertrules/model_incidentconfiguration.go | 9 + ...rosoftsecurityincidentcreationalertrule.go | 62 ++ ...rityincidentcreationalertruleproperties.go | 34 + .../model_mlbehavioranalyticsalertrule.go | 62 ++ ..._mlbehavioranalyticsalertruleproperties.go | 34 + .../alertrules/model_nrtalertrule.go | 62 ++ .../model_nrtalertruleproperties.go | 44 ++ .../alertrules/model_scheduledalertrule.go | 62 ++ .../model_scheduledalertruleproperties.go | 48 ++ .../alertrules/model_sentinelentitymapping.go | 8 + .../model_threatintelligencealertrule.go | 62 ++ ...l_threatintelligencealertruleproperties.go | 34 + .../alertrules/predicates.go | 12 + .../2023-12-01-preview/alertrules/version.go | 10 + vendor/modules.txt | 5 +- ...entinel_alert_rule_scheduled.html.markdown | 2 +- 45 files changed, 2575 insertions(+), 29 deletions(-) create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/README.md create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/client.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/constants.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/id_alertrule.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/id_workspace.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_createorupdate.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_delete.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_get.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_list.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertdetailsoverride.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertpropertymapping.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertrule.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_entitymapping.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_eventgroupingsettings.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fieldmapping.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionalertrule.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionalertruleproperties.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionscenarioexclusionpattern.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsourcesettings.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsourcesubtypesetting.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsubtypeseverityfilter.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsubtypeseverityfiltersitem.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_groupingconfiguration.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_incidentconfiguration.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_microsoftsecurityincidentcreationalertrule.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_microsoftsecurityincidentcreationalertruleproperties.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_mlbehavioranalyticsalertrule.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_mlbehavioranalyticsalertruleproperties.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_nrtalertrule.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_nrtalertruleproperties.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_scheduledalertrule.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_scheduledalertruleproperties.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_sentinelentitymapping.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_threatintelligencealertrule.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_threatintelligencealertruleproperties.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/predicates.go create mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/version.go diff --git a/go.mod b/go.mod index 9bc3f2c982fd..340911dd6de0 100644 --- a/go.mod +++ b/go.mod @@ -17,8 +17,8 @@ require ( github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 github.com/hashicorp/go-azure-helpers v0.71.0 - github.com/hashicorp/go-azure-sdk/resource-manager v0.20241128.1112539 - github.com/hashicorp/go-azure-sdk/sdk v0.20241128.1112539 + github.com/hashicorp/go-azure-sdk/resource-manager v0.20241205.1102105 + github.com/hashicorp/go-azure-sdk/sdk v0.20241205.1102105 github.com/hashicorp/go-hclog v1.6.3 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-uuid v1.0.3 diff --git a/go.sum b/go.sum index 6a72b63d8ca4..0b9a188520ee 100644 --- a/go.sum +++ b/go.sum @@ -94,10 +94,10 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-azure-helpers v0.71.0 h1:ra3aIRzg01g6MLKQ+yABcb6WJtrqRUDDgyuPLmyZ9lY= github.com/hashicorp/go-azure-helpers v0.71.0/go.mod h1:BmbF4JDYXK5sEmFeU5hcn8Br21uElcqLfdQxjatwQKw= -github.com/hashicorp/go-azure-sdk/resource-manager v0.20241128.1112539 h1:rHh2P5qcPObzpfAFafIjle3CowejFAHTfBJAHDkuSGk= -github.com/hashicorp/go-azure-sdk/resource-manager v0.20241128.1112539/go.mod h1:oQAUu+aCHPCM0CDfsQTBnEkfUZ+sLhEW8Ssip9AeCLc= -github.com/hashicorp/go-azure-sdk/sdk v0.20241128.1112539 h1:6Ps2V/DBwBxWEjSx01fM+PqG+uIavHWvxmM2vb1N2Ok= -github.com/hashicorp/go-azure-sdk/sdk v0.20241128.1112539/go.mod h1:oI5R0fTbBx3K/sJBK5R/OlEy8ozdQjvctxVU9v3EDkc= +github.com/hashicorp/go-azure-sdk/resource-manager v0.20241205.1102105 h1:yltOjOr0e1gpVhCMm7NayVqMpsjYk0Fus/AszPlslp0= +github.com/hashicorp/go-azure-sdk/resource-manager v0.20241205.1102105/go.mod h1:4aW1YjpIIXReIqZ5mTnxA4Y4eqPRPybbvMfHms29wMk= +github.com/hashicorp/go-azure-sdk/sdk v0.20241205.1102105 h1:mHboTBOiIpT++fy9vI/F4p0VRDmnDgSaPNaeKBnD7V4= +github.com/hashicorp/go-azure-sdk/sdk v0.20241205.1102105/go.mod h1:oI5R0fTbBx3K/sJBK5R/OlEy8ozdQjvctxVU9v3EDkc= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= diff --git a/internal/services/sentinel/client/client.go b/internal/services/sentinel/client/client.go index ae44b7adf3ec..4412fb5a52bc 100644 --- a/internal/services/sentinel/client/client.go +++ b/internal/services/sentinel/client/client.go @@ -13,6 +13,7 @@ import ( "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/sentinelonboardingstates" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlistitems" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlists" + newalertrules "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/common" securityinsight "github.com/jackofallops/kermit/sdk/securityinsights/2022-10-01-preview/securityinsights" ) @@ -28,6 +29,7 @@ type Client struct { AnalyticsSettingsClient *securityinsight.SecurityMLAnalyticsSettingsClient ThreatIntelligenceClient *securityinsight.ThreatIntelligenceIndicatorClient MetadataClient *metadata.MetadataClient + NewAlertRulesClient *newalertrules.AlertRulesClient } func NewClient(o *common.ClientOptions) (*Client, error) { @@ -79,6 +81,12 @@ func NewClient(o *common.ClientOptions) (*Client, error) { } o.Configure(metadataClient.Client, o.Authorizers.ResourceManager) + newAlertRulesClient, err := newalertrules.NewAlertRulesClientWithBaseURI(o.Environment.ResourceManager) + if err != nil { + return nil, fmt.Errorf("building New Alert Rules Client: %+v", err) + } + o.Configure(newAlertRulesClient.Client, o.Authorizers.ResourceManager) + return &Client{ AlertRulesClient: alertRulesClient, AlertRuleTemplatesClient: &alertRuleTemplatesClient, @@ -90,5 +98,6 @@ func NewClient(o *common.ClientOptions) (*Client, error) { AnalyticsSettingsClient: &analyticsSettingsClient, ThreatIntelligenceClient: &threatIntelligenceClient, MetadataClient: metadataClient, + NewAlertRulesClient: newAlertRulesClient, }, nil } diff --git a/internal/services/sentinel/sentinel_alert_rule.go b/internal/services/sentinel/sentinel_alert_rule.go index 0f8e28d0bca0..ff2b43dcc33a 100644 --- a/internal/services/sentinel/sentinel_alert_rule.go +++ b/internal/services/sentinel/sentinel_alert_rule.go @@ -7,13 +7,36 @@ import ( "context" "fmt" + "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + newalertrules "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/utils" ) +// TODO: after all sentinel alert rules updated to new API version, remove the old function and rename this to `importSentinelAlertRule` +func importNewSentinelAlertRule(expectKind newalertrules.AlertRuleKind) pluginsdk.ImporterFunc { + return func(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) (data []*pluginsdk.ResourceData, err error) { + id, err := newalertrules.ParseAlertRuleID(d.Id()) + if err != nil { + return nil, err + } + + client := meta.(*clients.Client).Sentinel.NewAlertRulesClient + resp, err := client.Get(ctx, *id) + if err != nil { + return nil, fmt.Errorf("retrieving Sentinel Alert Rule %q: %+v", id, err) + } + + if err = assertNewAlertRuleKind(resp.Model, expectKind); err != nil { + return nil, err + } + return []*pluginsdk.ResourceData{d}, nil + } +} + func importSentinelAlertRule(expectKind alertrules.AlertRuleKind) pluginsdk.ImporterFunc { return func(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) (data []*pluginsdk.ResourceData, err error) { id, err := alertrules.ParseAlertRuleID(d.Id()) @@ -80,6 +103,26 @@ func assertAlertRuleKind(rule alertrules.AlertRule, expectKind alertrules.AlertR return nil } +func assertNewAlertRuleKind(rule newalertrules.AlertRule, expectKind newalertrules.AlertRuleKind) error { + if rule == nil { + return fmt.Errorf("model was nil") + } + + var kind newalertrules.AlertRuleKind + switch rule.(type) { + case newalertrules.ScheduledAlertRule: + kind = newalertrules.AlertRuleKindScheduled + case newalertrules.FusionAlertRule: + kind = newalertrules.AlertRuleKindFusion + case newalertrules.MicrosoftSecurityIncidentCreationAlertRule: + kind = newalertrules.AlertRuleKindMicrosoftSecurityIncidentCreation + } + if expectKind != kind { + return fmt.Errorf("Sentinel Alert Rule has mismatched kind, expected: %q, got %q", expectKind, kind) + } + return nil +} + func expandAlertRuleTactics(input []interface{}) *[]alertrules.AttackTactic { result := make([]alertrules.AttackTactic, 0) @@ -90,6 +133,16 @@ func expandAlertRuleTactics(input []interface{}) *[]alertrules.AttackTactic { return &result } +func expandNewAlertRuleTactics(input []interface{}) *[]newalertrules.AttackTactic { + result := make([]newalertrules.AttackTactic, 0) + + for _, e := range input { + result = append(result, newalertrules.AttackTactic(e.(string))) + } + + return &result +} + func flattenAlertRuleTactics(input *[]alertrules.AttackTactic) []interface{} { if input == nil { return []interface{}{} @@ -104,6 +157,20 @@ func flattenAlertRuleTactics(input *[]alertrules.AttackTactic) []interface{} { return output } +func flattenNewAlertRuleTactics(input *[]newalertrules.AttackTactic) []interface{} { + if input == nil { + return []interface{}{} + } + + output := make([]interface{}, 0) + + for _, e := range *input { + output = append(output, string(e)) + } + + return output +} + func expandAlertRuleTechnicals(input []interface{}) *[]string { result := make([]string, 0) @@ -129,6 +196,21 @@ func expandAlertRuleIncidentConfiguration(input []interface{}, createIncidentKey return output } +func expandNewAlertRuleIncidentConfiguration(input []interface{}, createIncidentKey string, withGroupByPrefix bool) *newalertrules.IncidentConfiguration { + if len(input) == 0 || input[0] == nil { + return nil + } + + raw := input[0].(map[string]interface{}) + + output := &newalertrules.IncidentConfiguration{ + CreateIncident: raw[createIncidentKey].(bool), + GroupingConfiguration: expandNewAlertRuleGrouping(raw["grouping"].([]interface{}), withGroupByPrefix), + } + + return output +} + func flattenAlertRuleIncidentConfiguration(input *alertrules.IncidentConfiguration, createIncidentKey string, withGroupByPrefix bool) []interface{} { if input == nil { return []interface{}{} @@ -142,6 +224,19 @@ func flattenAlertRuleIncidentConfiguration(input *alertrules.IncidentConfigurati } } +func flattenNewAlertRuleIncidentConfiguration(input *newalertrules.IncidentConfiguration, createIncidentKey string, withGroupByPrefix bool) []interface{} { + if input == nil { + return []interface{}{} + } + + return []interface{}{ + map[string]interface{}{ + createIncidentKey: input.CreateIncident, + "grouping": flattenNewAlertRuleGrouping(input.GroupingConfiguration, withGroupByPrefix), + }, + } +} + func expandAlertRuleGrouping(input []interface{}, withGroupPrefix bool) *alertrules.GroupingConfiguration { if len(input) == 0 || input[0] == nil { return nil @@ -187,6 +282,51 @@ func expandAlertRuleGrouping(input []interface{}, withGroupPrefix bool) *alertru return output } +func expandNewAlertRuleGrouping(input []interface{}, withGroupPrefix bool) *newalertrules.GroupingConfiguration { + if len(input) == 0 || input[0] == nil { + return nil + } + + raw := input[0].(map[string]interface{}) + + output := &newalertrules.GroupingConfiguration{ + Enabled: raw["enabled"].(bool), + ReopenClosedIncident: raw["reopen_closed_incidents"].(bool), + LookbackDuration: raw["lookback_duration"].(string), + MatchingMethod: newalertrules.MatchingMethod(raw["entity_matching_method"].(string)), + } + + key := "by_entities" + if withGroupPrefix { + key = "group_" + key + } + groupByEntitiesList := raw[key].([]interface{}) + groupByEntities := make([]newalertrules.EntityMappingType, len(groupByEntitiesList)) + for idx, t := range groupByEntitiesList { + groupByEntities[idx] = newalertrules.EntityMappingType(t.(string)) + } + output.GroupByEntities = &groupByEntities + + key = "by_alert_details" + if withGroupPrefix { + key = "group_" + key + } + groupByAlertDetailsList := raw[key].([]interface{}) + groupByAlertDetails := make([]newalertrules.AlertDetail, len(groupByAlertDetailsList)) + for idx, t := range groupByAlertDetailsList { + groupByAlertDetails[idx] = newalertrules.AlertDetail(t.(string)) + } + output.GroupByAlertDetails = &groupByAlertDetails + + key = "by_custom_details" + if withGroupPrefix { + key = "group_" + key + } + output.GroupByCustomDetails = utils.ExpandStringSlice(raw[key].([]interface{})) + + return output +} + func flattenAlertRuleGrouping(input *alertrules.GroupingConfiguration, withGroupPrefix bool) []interface{} { if input == nil { return []interface{}{} @@ -237,6 +377,56 @@ func flattenAlertRuleGrouping(input *alertrules.GroupingConfiguration, withGroup } } +func flattenNewAlertRuleGrouping(input *newalertrules.GroupingConfiguration, withGroupPrefix bool) []interface{} { + if input == nil { + return []interface{}{} + } + + var groupByEntities []interface{} + if input.GroupByEntities != nil { + for _, entity := range *input.GroupByEntities { + groupByEntities = append(groupByEntities, string(entity)) + } + } + + var groupByAlertDetails []interface{} + if input.GroupByAlertDetails != nil { + for _, detail := range *input.GroupByAlertDetails { + groupByAlertDetails = append(groupByAlertDetails, string(detail)) + } + } + + var groupByCustomDetails []interface{} + if input.GroupByCustomDetails != nil { + for _, detail := range *input.GroupByCustomDetails { + groupByCustomDetails = append(groupByCustomDetails, detail) + } + } + + var ( + k1 = "by_entities" + k2 = "by_alert_details" + k3 = "by_custom_details" + ) + + if withGroupPrefix { + k1 = "group_" + k1 + k2 = "group_" + k2 + k3 = "group_" + k3 + } + return []interface{}{ + map[string]interface{}{ + "enabled": input.Enabled, + "lookback_duration": input.LookbackDuration, + "reopen_closed_incidents": input.ReopenClosedIncident, + "entity_matching_method": string(input.MatchingMethod), + k1: groupByEntities, + k2: groupByAlertDetails, + k3: groupByCustomDetails, + }, + } +} + func expandAlertRuleAlertDetailsOverride(input []interface{}) *alertrules.AlertDetailsOverride { if len(input) == 0 || input[0] == nil { return nil @@ -264,6 +454,33 @@ func expandAlertRuleAlertDetailsOverride(input []interface{}) *alertrules.AlertD return output } +func expandNewAlertRuleAlertDetailsOverride(input []interface{}) *newalertrules.AlertDetailsOverride { + if len(input) == 0 || input[0] == nil { + return nil + } + + b := input[0].(map[string]interface{}) + output := &newalertrules.AlertDetailsOverride{} + + if v := b["description_format"]; v != "" { + output.AlertDescriptionFormat = utils.String(v.(string)) + } + if v := b["display_name_format"]; v != "" { + output.AlertDisplayNameFormat = utils.String(v.(string)) + } + if v := b["severity_column_name"]; v != "" { + output.AlertSeverityColumnName = utils.String(v.(string)) + } + if v := b["tactics_column_name"]; v != "" { + output.AlertTacticsColumnName = utils.String(v.(string)) + } + if v := b["dynamic_property"]; v != nil && len(v.([]interface{})) > 0 { + output.AlertDynamicProperties = expandNewAlertRuleAlertDynamicProperties(v.([]interface{})) + } + + return output +} + func flattenAlertRuleAlertDetailsOverride(input *alertrules.AlertDetailsOverride) []interface{} { if input == nil { return []interface{}{} @@ -305,6 +522,47 @@ func flattenAlertRuleAlertDetailsOverride(input *alertrules.AlertDetailsOverride } } +func flattenNewAlertRuleAlertDetailsOverride(input *newalertrules.AlertDetailsOverride) []interface{} { + if input == nil { + return []interface{}{} + } + + var descriptionFormat string + if input.AlertDescriptionFormat != nil { + descriptionFormat = *input.AlertDescriptionFormat + } + + var displayNameFormat string + if input.AlertDisplayNameFormat != nil { + displayNameFormat = *input.AlertDisplayNameFormat + } + + var severityColumnName string + if input.AlertSeverityColumnName != nil { + severityColumnName = *input.AlertSeverityColumnName + } + + var tacticsColumnName string + if input.AlertTacticsColumnName != nil { + tacticsColumnName = *input.AlertTacticsColumnName + } + + var dynamicProperties []interface{} + if input.AlertDynamicProperties != nil { + dynamicProperties = flattenNewAlertRuleAlertDynamicProperties(input.AlertDynamicProperties) + } + + return []interface{}{ + map[string]interface{}{ + "description_format": descriptionFormat, + "display_name_format": displayNameFormat, + "severity_column_name": severityColumnName, + "tactics_column_name": tacticsColumnName, + "dynamic_property": dynamicProperties, + }, + } +} + func expandAlertRuleAlertDynamicProperties(input []interface{}) *[]alertrules.AlertPropertyMapping { if len(input) == 0 || input[0] == nil { return nil @@ -323,6 +581,24 @@ func expandAlertRuleAlertDynamicProperties(input []interface{}) *[]alertrules.Al return &output } +func expandNewAlertRuleAlertDynamicProperties(input []interface{}) *[]newalertrules.AlertPropertyMapping { + if len(input) == 0 || input[0] == nil { + return nil + } + + output := make([]newalertrules.AlertPropertyMapping, 0, len(input)) + for _, v := range input { + b := v.(map[string]interface{}) + property := newalertrules.AlertProperty(b["name"].(string)) + output = append(output, newalertrules.AlertPropertyMapping{ + AlertProperty: &property, + Value: utils.String(b["value"].(string)), + }) + } + + return &output +} + func flattenAlertRuleAlertDynamicProperties(input *[]alertrules.AlertPropertyMapping) []interface{} { if input == nil || len(*input) == 0 { return []interface{}{} @@ -343,6 +619,26 @@ func flattenAlertRuleAlertDynamicProperties(input *[]alertrules.AlertPropertyMap return output } +func flattenNewAlertRuleAlertDynamicProperties(input *[]newalertrules.AlertPropertyMapping) []interface{} { + if input == nil || len(*input) == 0 { + return []interface{}{} + } + + output := make([]interface{}, 0, len(*input)) + for _, i := range *input { + name := "" + if i.AlertProperty != nil { + name = string(*i.AlertProperty) + } + output = append(output, map[string]interface{}{ + "name": name, + "value": i.Value, + }) + } + + return output +} + func expandAlertRuleEntityMapping(input []interface{}) *[]alertrules.EntityMapping { if len(input) == 0 { return nil @@ -361,6 +657,24 @@ func expandAlertRuleEntityMapping(input []interface{}) *[]alertrules.EntityMappi return &result } +func expandNewAlertRuleEntityMapping(input []interface{}) *[]newalertrules.EntityMapping { + if len(input) == 0 { + return nil + } + + result := make([]newalertrules.EntityMapping, 0, len(input)) + for _, e := range input { + b := e.(map[string]interface{}) + mappingType := newalertrules.EntityMappingType(b["entity_type"].(string)) + result = append(result, newalertrules.EntityMapping{ + EntityType: &mappingType, + FieldMappings: expandNewAlertRuleFieldMapping(b["field_mapping"].([]interface{})), + }) + } + + return &result +} + func flattenAlertRuleEntityMapping(input *[]alertrules.EntityMapping) []interface{} { if input == nil { return []interface{}{} @@ -381,6 +695,26 @@ func flattenAlertRuleEntityMapping(input *[]alertrules.EntityMapping) []interfac return output } +func flattenNewAlertRuleEntityMapping(input *[]newalertrules.EntityMapping) []interface{} { + if input == nil { + return []interface{}{} + } + + output := make([]interface{}, 0, len(*input)) + for _, e := range *input { + entityType := "" + if e.EntityType != nil { + entityType = string(*e.EntityType) + } + output = append(output, map[string]interface{}{ + "entity_type": entityType, + "field_mapping": flattenNewAlertRuleFieldMapping(e.FieldMappings), + }) + } + + return output +} + func expandAlertRuleFieldMapping(input []interface{}) *[]alertrules.FieldMapping { if len(input) == 0 { return nil @@ -398,6 +732,23 @@ func expandAlertRuleFieldMapping(input []interface{}) *[]alertrules.FieldMapping return &result } +func expandNewAlertRuleFieldMapping(input []interface{}) *[]newalertrules.FieldMapping { + if len(input) == 0 { + return nil + } + + result := make([]newalertrules.FieldMapping, 0, len(input)) + for _, e := range input { + b := e.(map[string]interface{}) + result = append(result, newalertrules.FieldMapping{ + Identifier: pointer.To(b["identifier"].(string)), + ColumnName: pointer.To(b["column_name"].(string)), + }) + } + + return &result +} + func flattenAlertRuleFieldMapping(input *[]alertrules.FieldMapping) []interface{} { if input == nil { return []interface{}{} @@ -424,6 +775,32 @@ func flattenAlertRuleFieldMapping(input *[]alertrules.FieldMapping) []interface{ return output } +func flattenNewAlertRuleFieldMapping(input *[]newalertrules.FieldMapping) []interface{} { + if input == nil { + return []interface{}{} + } + + output := make([]interface{}, 0, len(*input)) + for _, e := range *input { + var identifier string + if e.Identifier != nil { + identifier = *e.Identifier + } + + var columnName string + if e.ColumnName != nil { + columnName = *e.ColumnName + } + + output = append(output, map[string]interface{}{ + "identifier": identifier, + "column_name": columnName, + }) + } + + return output +} + func expandAlertRuleSentinelEntityMapping(input []interface{}) *[]alertrules.SentinelEntityMapping { if len(input) == 0 { return nil @@ -440,6 +817,22 @@ func expandAlertRuleSentinelEntityMapping(input []interface{}) *[]alertrules.Sen return &result } +func expandNewAlertRuleSentinelEntityMapping(input []interface{}) *[]newalertrules.SentinelEntityMapping { + if len(input) == 0 { + return nil + } + + result := make([]newalertrules.SentinelEntityMapping, 0, len(input)) + for _, e := range input { + b := e.(map[string]interface{}) + result = append(result, newalertrules.SentinelEntityMapping{ + ColumnName: utils.String(b["column_name"].(string)), + }) + } + + return &result +} + func flattenAlertRuleSentinelEntityMapping(input *[]alertrules.SentinelEntityMapping) []interface{} { if input == nil { return []interface{}{} @@ -459,3 +852,23 @@ func flattenAlertRuleSentinelEntityMapping(input *[]alertrules.SentinelEntityMap return output } + +func flattenNewAlertRuleSentinelEntityMapping(input *[]newalertrules.SentinelEntityMapping) []interface{} { + if input == nil { + return []interface{}{} + } + + output := make([]interface{}, 0, len(*input)) + for _, e := range *input { + var columnName string + if e.ColumnName != nil { + columnName = *e.ColumnName + } + + output = append(output, map[string]interface{}{ + "column_name": columnName, + }) + } + + return output +} diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go index 8038c60cb276..8a4524ca2efe 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go @@ -11,7 +11,7 @@ import ( "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-helpers/lang/response" "github.com/hashicorp/go-azure-sdk/resource-manager/operationalinsights/2020-08-01/workspaces" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/helpers/validate" @@ -33,7 +33,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource { Importer: pluginsdk.ImporterValidatingResourceIdThen(func(id string) error { _, err := alertrules.ParseAlertRuleID(id) return err - }, importSentinelAlertRule(alertrules.AlertRuleKindScheduled)), + }, importNewSentinelAlertRule(alertrules.AlertRuleKindScheduled)), Timeouts: &pluginsdk.ResourceTimeout{ Create: pluginsdk.DefaultTimeout(30 * time.Minute), @@ -301,7 +301,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource { "entity_mapping": { Type: pluginsdk.TypeList, Optional: true, - MaxItems: 5, + MaxItems: 10, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ "entity_type": { @@ -352,7 +352,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource { } func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Sentinel.AlertRulesClient + client := meta.(*clients.Client).Sentinel.NewAlertRulesClient ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -398,13 +398,13 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m } } - incident := expandAlertRuleIncidentConfiguration(d.Get("incident").([]interface{}), "create_incident_enabled", false) + incident := expandNewAlertRuleIncidentConfiguration(d.Get("incident").([]interface{}), "create_incident_enabled", false) param := alertrules.ScheduledAlertRule{ Properties: &alertrules.ScheduledAlertRuleProperties{ Description: utils.String(d.Get("description").(string)), DisplayName: d.Get("display_name").(string), - Tactics: expandAlertRuleTactics(d.Get("tactics").(*pluginsdk.Set).List()), + Tactics: expandNewAlertRuleTactics(d.Get("tactics").(*pluginsdk.Set).List()), Techniques: expandAlertRuleTechnicals(d.Get("techniques").(*pluginsdk.Set).List()), IncidentConfiguration: incident, Severity: pointer.To(alertrules.AlertSeverity(d.Get("severity").(string))), @@ -429,7 +429,7 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m param.Properties.EventGroupingSettings = expandAlertRuleScheduledEventGroupingSetting(v.([]interface{})) } if v, ok := d.GetOk("alert_details_override"); ok { - param.Properties.AlertDetailsOverride = expandAlertRuleAlertDetailsOverride(v.([]interface{})) + param.Properties.AlertDetailsOverride = expandNewAlertRuleAlertDetailsOverride(v.([]interface{})) } if v, ok := d.GetOk("custom_details"); ok { param.Properties.CustomDetails = utils.ExpandPtrMapStringString(v.(map[string]interface{})) @@ -438,11 +438,11 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m entityMappingCount := 0 sentinelEntityMappingCount := 0 if v, ok := d.GetOk("entity_mapping"); ok { - param.Properties.EntityMappings = expandAlertRuleEntityMapping(v.([]interface{})) + param.Properties.EntityMappings = expandNewAlertRuleEntityMapping(v.([]interface{})) entityMappingCount = len(*param.Properties.EntityMappings) } if v, ok := d.GetOk("sentinel_entity_mapping"); ok { - param.Properties.SentinelEntitiesMappings = expandAlertRuleSentinelEntityMapping(v.([]interface{})) + param.Properties.SentinelEntitiesMappings = expandNewAlertRuleSentinelEntityMapping(v.([]interface{})) sentinelEntityMappingCount = len(*param.Properties.SentinelEntitiesMappings) } @@ -457,7 +457,7 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m return fmt.Errorf("retrieving Sentinel Alert Rule Scheduled %q: %+v", id, err) } - if err := assertAlertRuleKind(resp.Model, alertrules.AlertRuleKindScheduled); err != nil { + if err := assertNewAlertRuleKind(resp.Model, alertrules.AlertRuleKindScheduled); err != nil { return fmt.Errorf("asserting alert rule of %q: %+v", id, err) } } @@ -472,7 +472,7 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m } func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Sentinel.AlertRulesClient + client := meta.(*clients.Client).Sentinel.NewAlertRulesClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -492,7 +492,7 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte return fmt.Errorf("retrieving Sentinel Alert Rule Scheduled %q: %+v", id, err) } - if err := assertAlertRuleKind(resp.Model, alertrules.AlertRuleKindScheduled); err != nil { + if err := assertNewAlertRuleKind(resp.Model, alertrules.AlertRuleKindScheduled); err != nil { return fmt.Errorf("asserting alert rule of %q: %+v", id, err) } @@ -506,14 +506,14 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte if prop := rule.Properties; prop != nil { d.Set("description", prop.Description) d.Set("display_name", prop.DisplayName) - if err := d.Set("tactics", flattenAlertRuleTactics(prop.Tactics)); err != nil { + if err := d.Set("tactics", flattenNewAlertRuleTactics(prop.Tactics)); err != nil { return fmt.Errorf("setting `tactics`: %+v", err) } if err := d.Set("techniques", prop.Techniques); err != nil { return fmt.Errorf("setting `techniques`: %+v", err) } - if err := d.Set("incident", flattenAlertRuleIncidentConfiguration(prop.IncidentConfiguration, "create_incident_enabled", false)); err != nil { + if err := d.Set("incident", flattenNewAlertRuleIncidentConfiguration(prop.IncidentConfiguration, "create_incident_enabled", false)); err != nil { return fmt.Errorf("setting `incident`: %+v", err) } @@ -532,16 +532,16 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte if err := d.Set("event_grouping", flattenAlertRuleScheduledEventGroupingSetting(prop.EventGroupingSettings)); err != nil { return fmt.Errorf("setting `event_grouping`: %+v", err) } - if err := d.Set("alert_details_override", flattenAlertRuleAlertDetailsOverride(prop.AlertDetailsOverride)); err != nil { + if err := d.Set("alert_details_override", flattenNewAlertRuleAlertDetailsOverride(prop.AlertDetailsOverride)); err != nil { return fmt.Errorf("setting `alert_details_override`: %+v", err) } if err := d.Set("custom_details", utils.FlattenPtrMapStringString(prop.CustomDetails)); err != nil { return fmt.Errorf("setting `custom_details`: %+v", err) } - if err := d.Set("entity_mapping", flattenAlertRuleEntityMapping(prop.EntityMappings)); err != nil { + if err := d.Set("entity_mapping", flattenNewAlertRuleEntityMapping(prop.EntityMappings)); err != nil { return fmt.Errorf("setting `entity_mapping`: %+v", err) } - if err := d.Set("sentinel_entity_mapping", flattenAlertRuleSentinelEntityMapping(prop.SentinelEntitiesMappings)); err != nil { + if err := d.Set("sentinel_entity_mapping", flattenNewAlertRuleSentinelEntityMapping(prop.SentinelEntitiesMappings)); err != nil { return fmt.Errorf("setting `sentinel_entity_mapping`: %+v", err) } } @@ -552,7 +552,7 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte } func resourceSentinelAlertRuleScheduledDelete(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Sentinel.AlertRulesClient + client := meta.(*clients.Client).Sentinel.NewAlertRulesClient ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go index 88fe1b2f9fa8..2f06cb9b7ccf 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" @@ -157,7 +157,7 @@ func (t SentinelAlertRuleScheduledResource) Exists(ctx context.Context, clients return nil, err } - resp, err := clients.Sentinel.AlertRulesClient.Get(ctx, *id) + resp, err := clients.Sentinel.NewAlertRulesClient.Get(ctx, *id) if err != nil { return nil, fmt.Errorf("reading Sentinel Alert Rule Scheduled %q: %v", id, err) } diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/README.md b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/README.md new file mode 100644 index 000000000000..b4aad4699868 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/README.md @@ -0,0 +1,90 @@ + +## `github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules` Documentation + +The `alertrules` SDK allows for interaction with Azure Resource Manager `securityinsights` (API Version `2023-12-01-preview`). + +This readme covers example usages, but further information on [using this SDK can be found in the project root](https://github.com/hashicorp/go-azure-sdk/tree/main/docs). + +### Import Path + +```go +import "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" +``` + + +### Client Initialization + +```go +client := alertrules.NewAlertRulesClientWithBaseURI("https://management.azure.com") +client.Client.Authorizer = authorizer +``` + + +### Example Usage: `AlertRulesClient.CreateOrUpdate` + +```go +ctx := context.TODO() +id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceName", "ruleId") + +payload := alertrules.AlertRule{ + // ... +} + + +read, err := client.CreateOrUpdate(ctx, id, payload) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `AlertRulesClient.Delete` + +```go +ctx := context.TODO() +id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceName", "ruleId") + +read, err := client.Delete(ctx, id) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `AlertRulesClient.Get` + +```go +ctx := context.TODO() +id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceName", "ruleId") + +read, err := client.Get(ctx, id) +if err != nil { + // handle the error +} +if model := read.Model; model != nil { + // do something with the model/response object +} +``` + + +### Example Usage: `AlertRulesClient.List` + +```go +ctx := context.TODO() +id := alertrules.NewWorkspaceID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceName") + +// alternatively `client.List(ctx, id)` can be used to do batched pagination +items, err := client.ListComplete(ctx, id) +if err != nil { + // handle the error +} +for _, item := range items { + // do something +} +``` diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/client.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/client.go new file mode 100644 index 000000000000..20e26334cc48 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/client.go @@ -0,0 +1,26 @@ +package alertrules + +import ( + "fmt" + + "github.com/hashicorp/go-azure-sdk/sdk/client/resourcemanager" + sdkEnv "github.com/hashicorp/go-azure-sdk/sdk/environments" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type AlertRulesClient struct { + Client *resourcemanager.Client +} + +func NewAlertRulesClientWithBaseURI(sdkApi sdkEnv.Api) (*AlertRulesClient, error) { + client, err := resourcemanager.NewClient(sdkApi, "alertrules", defaultApiVersion) + if err != nil { + return nil, fmt.Errorf("instantiating AlertRulesClient: %+v", err) + } + + return &AlertRulesClient{ + Client: client, + }, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/constants.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/constants.go new file mode 100644 index 000000000000..d8fed1359a1f --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/constants.go @@ -0,0 +1,579 @@ +package alertrules + +import ( + "encoding/json" + "fmt" + "strings" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type AlertDetail string + +const ( + AlertDetailDisplayName AlertDetail = "DisplayName" + AlertDetailSeverity AlertDetail = "Severity" +) + +func PossibleValuesForAlertDetail() []string { + return []string{ + string(AlertDetailDisplayName), + string(AlertDetailSeverity), + } +} + +func (s *AlertDetail) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseAlertDetail(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseAlertDetail(input string) (*AlertDetail, error) { + vals := map[string]AlertDetail{ + "displayname": AlertDetailDisplayName, + "severity": AlertDetailSeverity, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := AlertDetail(input) + return &out, nil +} + +type AlertProperty string + +const ( + AlertPropertyAlertLink AlertProperty = "AlertLink" + AlertPropertyConfidenceLevel AlertProperty = "ConfidenceLevel" + AlertPropertyConfidenceScore AlertProperty = "ConfidenceScore" + AlertPropertyExtendedLinks AlertProperty = "ExtendedLinks" + AlertPropertyProductComponentName AlertProperty = "ProductComponentName" + AlertPropertyProductName AlertProperty = "ProductName" + AlertPropertyProviderName AlertProperty = "ProviderName" + AlertPropertyRemediationSteps AlertProperty = "RemediationSteps" + AlertPropertySubTechniques AlertProperty = "SubTechniques" + AlertPropertyTechniques AlertProperty = "Techniques" +) + +func PossibleValuesForAlertProperty() []string { + return []string{ + string(AlertPropertyAlertLink), + string(AlertPropertyConfidenceLevel), + string(AlertPropertyConfidenceScore), + string(AlertPropertyExtendedLinks), + string(AlertPropertyProductComponentName), + string(AlertPropertyProductName), + string(AlertPropertyProviderName), + string(AlertPropertyRemediationSteps), + string(AlertPropertySubTechniques), + string(AlertPropertyTechniques), + } +} + +func (s *AlertProperty) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseAlertProperty(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseAlertProperty(input string) (*AlertProperty, error) { + vals := map[string]AlertProperty{ + "alertlink": AlertPropertyAlertLink, + "confidencelevel": AlertPropertyConfidenceLevel, + "confidencescore": AlertPropertyConfidenceScore, + "extendedlinks": AlertPropertyExtendedLinks, + "productcomponentname": AlertPropertyProductComponentName, + "productname": AlertPropertyProductName, + "providername": AlertPropertyProviderName, + "remediationsteps": AlertPropertyRemediationSteps, + "subtechniques": AlertPropertySubTechniques, + "techniques": AlertPropertyTechniques, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := AlertProperty(input) + return &out, nil +} + +type AlertRuleKind string + +const ( + AlertRuleKindFusion AlertRuleKind = "Fusion" + AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics" + AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" + AlertRuleKindNRT AlertRuleKind = "NRT" + AlertRuleKindScheduled AlertRuleKind = "Scheduled" + AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence" +) + +func PossibleValuesForAlertRuleKind() []string { + return []string{ + string(AlertRuleKindFusion), + string(AlertRuleKindMLBehaviorAnalytics), + string(AlertRuleKindMicrosoftSecurityIncidentCreation), + string(AlertRuleKindNRT), + string(AlertRuleKindScheduled), + string(AlertRuleKindThreatIntelligence), + } +} + +func (s *AlertRuleKind) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseAlertRuleKind(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseAlertRuleKind(input string) (*AlertRuleKind, error) { + vals := map[string]AlertRuleKind{ + "fusion": AlertRuleKindFusion, + "mlbehavioranalytics": AlertRuleKindMLBehaviorAnalytics, + "microsoftsecurityincidentcreation": AlertRuleKindMicrosoftSecurityIncidentCreation, + "nrt": AlertRuleKindNRT, + "scheduled": AlertRuleKindScheduled, + "threatintelligence": AlertRuleKindThreatIntelligence, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := AlertRuleKind(input) + return &out, nil +} + +type AlertSeverity string + +const ( + AlertSeverityHigh AlertSeverity = "High" + AlertSeverityInformational AlertSeverity = "Informational" + AlertSeverityLow AlertSeverity = "Low" + AlertSeverityMedium AlertSeverity = "Medium" +) + +func PossibleValuesForAlertSeverity() []string { + return []string{ + string(AlertSeverityHigh), + string(AlertSeverityInformational), + string(AlertSeverityLow), + string(AlertSeverityMedium), + } +} + +func (s *AlertSeverity) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseAlertSeverity(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseAlertSeverity(input string) (*AlertSeverity, error) { + vals := map[string]AlertSeverity{ + "high": AlertSeverityHigh, + "informational": AlertSeverityInformational, + "low": AlertSeverityLow, + "medium": AlertSeverityMedium, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := AlertSeverity(input) + return &out, nil +} + +type AttackTactic string + +const ( + AttackTacticCollection AttackTactic = "Collection" + AttackTacticCommandAndControl AttackTactic = "CommandAndControl" + AttackTacticCredentialAccess AttackTactic = "CredentialAccess" + AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" + AttackTacticDiscovery AttackTactic = "Discovery" + AttackTacticExecution AttackTactic = "Execution" + AttackTacticExfiltration AttackTactic = "Exfiltration" + AttackTacticImpact AttackTactic = "Impact" + AttackTacticImpairProcessControl AttackTactic = "ImpairProcessControl" + AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction" + AttackTacticInitialAccess AttackTactic = "InitialAccess" + AttackTacticLateralMovement AttackTactic = "LateralMovement" + AttackTacticPersistence AttackTactic = "Persistence" + AttackTacticPreAttack AttackTactic = "PreAttack" + AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" + AttackTacticReconnaissance AttackTactic = "Reconnaissance" + AttackTacticResourceDevelopment AttackTactic = "ResourceDevelopment" +) + +func PossibleValuesForAttackTactic() []string { + return []string{ + string(AttackTacticCollection), + string(AttackTacticCommandAndControl), + string(AttackTacticCredentialAccess), + string(AttackTacticDefenseEvasion), + string(AttackTacticDiscovery), + string(AttackTacticExecution), + string(AttackTacticExfiltration), + string(AttackTacticImpact), + string(AttackTacticImpairProcessControl), + string(AttackTacticInhibitResponseFunction), + string(AttackTacticInitialAccess), + string(AttackTacticLateralMovement), + string(AttackTacticPersistence), + string(AttackTacticPreAttack), + string(AttackTacticPrivilegeEscalation), + string(AttackTacticReconnaissance), + string(AttackTacticResourceDevelopment), + } +} + +func (s *AttackTactic) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseAttackTactic(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseAttackTactic(input string) (*AttackTactic, error) { + vals := map[string]AttackTactic{ + "collection": AttackTacticCollection, + "commandandcontrol": AttackTacticCommandAndControl, + "credentialaccess": AttackTacticCredentialAccess, + "defenseevasion": AttackTacticDefenseEvasion, + "discovery": AttackTacticDiscovery, + "execution": AttackTacticExecution, + "exfiltration": AttackTacticExfiltration, + "impact": AttackTacticImpact, + "impairprocesscontrol": AttackTacticImpairProcessControl, + "inhibitresponsefunction": AttackTacticInhibitResponseFunction, + "initialaccess": AttackTacticInitialAccess, + "lateralmovement": AttackTacticLateralMovement, + "persistence": AttackTacticPersistence, + "preattack": AttackTacticPreAttack, + "privilegeescalation": AttackTacticPrivilegeEscalation, + "reconnaissance": AttackTacticReconnaissance, + "resourcedevelopment": AttackTacticResourceDevelopment, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := AttackTactic(input) + return &out, nil +} + +type EntityMappingType string + +const ( + EntityMappingTypeAccount EntityMappingType = "Account" + EntityMappingTypeAzureResource EntityMappingType = "AzureResource" + EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication" + EntityMappingTypeDNS EntityMappingType = "DNS" + EntityMappingTypeFile EntityMappingType = "File" + EntityMappingTypeFileHash EntityMappingType = "FileHash" + EntityMappingTypeHost EntityMappingType = "Host" + EntityMappingTypeIP EntityMappingType = "IP" + EntityMappingTypeMailCluster EntityMappingType = "MailCluster" + EntityMappingTypeMailMessage EntityMappingType = "MailMessage" + EntityMappingTypeMailbox EntityMappingType = "Mailbox" + EntityMappingTypeMalware EntityMappingType = "Malware" + EntityMappingTypeProcess EntityMappingType = "Process" + EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey" + EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue" + EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup" + EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail" + EntityMappingTypeURL EntityMappingType = "URL" +) + +func PossibleValuesForEntityMappingType() []string { + return []string{ + string(EntityMappingTypeAccount), + string(EntityMappingTypeAzureResource), + string(EntityMappingTypeCloudApplication), + string(EntityMappingTypeDNS), + string(EntityMappingTypeFile), + string(EntityMappingTypeFileHash), + string(EntityMappingTypeHost), + string(EntityMappingTypeIP), + string(EntityMappingTypeMailCluster), + string(EntityMappingTypeMailMessage), + string(EntityMappingTypeMailbox), + string(EntityMappingTypeMalware), + string(EntityMappingTypeProcess), + string(EntityMappingTypeRegistryKey), + string(EntityMappingTypeRegistryValue), + string(EntityMappingTypeSecurityGroup), + string(EntityMappingTypeSubmissionMail), + string(EntityMappingTypeURL), + } +} + +func (s *EntityMappingType) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseEntityMappingType(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseEntityMappingType(input string) (*EntityMappingType, error) { + vals := map[string]EntityMappingType{ + "account": EntityMappingTypeAccount, + "azureresource": EntityMappingTypeAzureResource, + "cloudapplication": EntityMappingTypeCloudApplication, + "dns": EntityMappingTypeDNS, + "file": EntityMappingTypeFile, + "filehash": EntityMappingTypeFileHash, + "host": EntityMappingTypeHost, + "ip": EntityMappingTypeIP, + "mailcluster": EntityMappingTypeMailCluster, + "mailmessage": EntityMappingTypeMailMessage, + "mailbox": EntityMappingTypeMailbox, + "malware": EntityMappingTypeMalware, + "process": EntityMappingTypeProcess, + "registrykey": EntityMappingTypeRegistryKey, + "registryvalue": EntityMappingTypeRegistryValue, + "securitygroup": EntityMappingTypeSecurityGroup, + "submissionmail": EntityMappingTypeSubmissionMail, + "url": EntityMappingTypeURL, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := EntityMappingType(input) + return &out, nil +} + +type EventGroupingAggregationKind string + +const ( + EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult" + EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert" +) + +func PossibleValuesForEventGroupingAggregationKind() []string { + return []string{ + string(EventGroupingAggregationKindAlertPerResult), + string(EventGroupingAggregationKindSingleAlert), + } +} + +func (s *EventGroupingAggregationKind) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseEventGroupingAggregationKind(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseEventGroupingAggregationKind(input string) (*EventGroupingAggregationKind, error) { + vals := map[string]EventGroupingAggregationKind{ + "alertperresult": EventGroupingAggregationKindAlertPerResult, + "singlealert": EventGroupingAggregationKindSingleAlert, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := EventGroupingAggregationKind(input) + return &out, nil +} + +type MatchingMethod string + +const ( + MatchingMethodAllEntities MatchingMethod = "AllEntities" + MatchingMethodAnyAlert MatchingMethod = "AnyAlert" + MatchingMethodSelected MatchingMethod = "Selected" +) + +func PossibleValuesForMatchingMethod() []string { + return []string{ + string(MatchingMethodAllEntities), + string(MatchingMethodAnyAlert), + string(MatchingMethodSelected), + } +} + +func (s *MatchingMethod) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseMatchingMethod(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseMatchingMethod(input string) (*MatchingMethod, error) { + vals := map[string]MatchingMethod{ + "allentities": MatchingMethodAllEntities, + "anyalert": MatchingMethodAnyAlert, + "selected": MatchingMethodSelected, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := MatchingMethod(input) + return &out, nil +} + +type MicrosoftSecurityProductName string + +const ( + MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" + MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" + MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" + MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" + MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" + MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" + MicrosoftSecurityProductNameOfficeThreeSixFiveAdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" +) + +func PossibleValuesForMicrosoftSecurityProductName() []string { + return []string{ + string(MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection), + string(MicrosoftSecurityProductNameAzureAdvancedThreatProtection), + string(MicrosoftSecurityProductNameAzureSecurityCenter), + string(MicrosoftSecurityProductNameAzureSecurityCenterForIoT), + string(MicrosoftSecurityProductNameMicrosoftCloudAppSecurity), + string(MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection), + string(MicrosoftSecurityProductNameOfficeThreeSixFiveAdvancedThreatProtection), + } +} + +func (s *MicrosoftSecurityProductName) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseMicrosoftSecurityProductName(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseMicrosoftSecurityProductName(input string) (*MicrosoftSecurityProductName, error) { + vals := map[string]MicrosoftSecurityProductName{ + "azure active directory identity protection": MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection, + "azure advanced threat protection": MicrosoftSecurityProductNameAzureAdvancedThreatProtection, + "azure security center": MicrosoftSecurityProductNameAzureSecurityCenter, + "azure security center for iot": MicrosoftSecurityProductNameAzureSecurityCenterForIoT, + "microsoft cloud app security": MicrosoftSecurityProductNameMicrosoftCloudAppSecurity, + "microsoft defender advanced threat protection": MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection, + "office 365 advanced threat protection": MicrosoftSecurityProductNameOfficeThreeSixFiveAdvancedThreatProtection, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := MicrosoftSecurityProductName(input) + return &out, nil +} + +type TriggerOperator string + +const ( + TriggerOperatorEqual TriggerOperator = "Equal" + TriggerOperatorGreaterThan TriggerOperator = "GreaterThan" + TriggerOperatorLessThan TriggerOperator = "LessThan" + TriggerOperatorNotEqual TriggerOperator = "NotEqual" +) + +func PossibleValuesForTriggerOperator() []string { + return []string{ + string(TriggerOperatorEqual), + string(TriggerOperatorGreaterThan), + string(TriggerOperatorLessThan), + string(TriggerOperatorNotEqual), + } +} + +func (s *TriggerOperator) UnmarshalJSON(bytes []byte) error { + var decoded string + if err := json.Unmarshal(bytes, &decoded); err != nil { + return fmt.Errorf("unmarshaling: %+v", err) + } + out, err := parseTriggerOperator(decoded) + if err != nil { + return fmt.Errorf("parsing %q: %+v", decoded, err) + } + *s = *out + return nil +} + +func parseTriggerOperator(input string) (*TriggerOperator, error) { + vals := map[string]TriggerOperator{ + "equal": TriggerOperatorEqual, + "greaterthan": TriggerOperatorGreaterThan, + "lessthan": TriggerOperatorLessThan, + "notequal": TriggerOperatorNotEqual, + } + if v, ok := vals[strings.ToLower(input)]; ok { + return &v, nil + } + + // otherwise presume it's an undefined value and best-effort it + out := TriggerOperator(input) + return &out, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/id_alertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/id_alertrule.go new file mode 100644 index 000000000000..6d6969d0276d --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/id_alertrule.go @@ -0,0 +1,141 @@ +package alertrules + +import ( + "fmt" + "strings" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/recaser" + "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +func init() { + recaser.RegisterResourceId(&AlertRuleId{}) +} + +var _ resourceids.ResourceId = &AlertRuleId{} + +// AlertRuleId is a struct representing the Resource ID for a Alert Rule +type AlertRuleId struct { + SubscriptionId string + ResourceGroupName string + WorkspaceName string + RuleId string +} + +// NewAlertRuleID returns a new AlertRuleId struct +func NewAlertRuleID(subscriptionId string, resourceGroupName string, workspaceName string, ruleId string) AlertRuleId { + return AlertRuleId{ + SubscriptionId: subscriptionId, + ResourceGroupName: resourceGroupName, + WorkspaceName: workspaceName, + RuleId: ruleId, + } +} + +// ParseAlertRuleID parses 'input' into a AlertRuleId +func ParseAlertRuleID(input string) (*AlertRuleId, error) { + parser := resourceids.NewParserFromResourceIdType(&AlertRuleId{}) + parsed, err := parser.Parse(input, false) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + id := AlertRuleId{} + if err = id.FromParseResult(*parsed); err != nil { + return nil, err + } + + return &id, nil +} + +// ParseAlertRuleIDInsensitively parses 'input' case-insensitively into a AlertRuleId +// note: this method should only be used for API response data and not user input +func ParseAlertRuleIDInsensitively(input string) (*AlertRuleId, error) { + parser := resourceids.NewParserFromResourceIdType(&AlertRuleId{}) + parsed, err := parser.Parse(input, true) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + id := AlertRuleId{} + if err = id.FromParseResult(*parsed); err != nil { + return nil, err + } + + return &id, nil +} + +func (id *AlertRuleId) FromParseResult(input resourceids.ParseResult) error { + var ok bool + + if id.SubscriptionId, ok = input.Parsed["subscriptionId"]; !ok { + return resourceids.NewSegmentNotSpecifiedError(id, "subscriptionId", input) + } + + if id.ResourceGroupName, ok = input.Parsed["resourceGroupName"]; !ok { + return resourceids.NewSegmentNotSpecifiedError(id, "resourceGroupName", input) + } + + if id.WorkspaceName, ok = input.Parsed["workspaceName"]; !ok { + return resourceids.NewSegmentNotSpecifiedError(id, "workspaceName", input) + } + + if id.RuleId, ok = input.Parsed["ruleId"]; !ok { + return resourceids.NewSegmentNotSpecifiedError(id, "ruleId", input) + } + + return nil +} + +// ValidateAlertRuleID checks that 'input' can be parsed as a Alert Rule ID +func ValidateAlertRuleID(input interface{}, key string) (warnings []string, errors []error) { + v, ok := input.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected %q to be a string", key)) + return + } + + if _, err := ParseAlertRuleID(v); err != nil { + errors = append(errors, err) + } + + return +} + +// ID returns the formatted Alert Rule ID +func (id AlertRuleId) ID() string { + fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.OperationalInsights/workspaces/%s/providers/Microsoft.SecurityInsights/alertRules/%s" + return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroupName, id.WorkspaceName, id.RuleId) +} + +// Segments returns a slice of Resource ID Segments which comprise this Alert Rule ID +func (id AlertRuleId) Segments() []resourceids.Segment { + return []resourceids.Segment{ + resourceids.StaticSegment("staticSubscriptions", "subscriptions", "subscriptions"), + resourceids.SubscriptionIdSegment("subscriptionId", "12345678-1234-9876-4563-123456789012"), + resourceids.StaticSegment("staticResourceGroups", "resourceGroups", "resourceGroups"), + resourceids.ResourceGroupSegment("resourceGroupName", "example-resource-group"), + resourceids.StaticSegment("staticProviders", "providers", "providers"), + resourceids.ResourceProviderSegment("staticMicrosoftOperationalInsights", "Microsoft.OperationalInsights", "Microsoft.OperationalInsights"), + resourceids.StaticSegment("staticWorkspaces", "workspaces", "workspaces"), + resourceids.UserSpecifiedSegment("workspaceName", "workspaceName"), + resourceids.StaticSegment("staticProviders2", "providers", "providers"), + resourceids.ResourceProviderSegment("staticMicrosoftSecurityInsights", "Microsoft.SecurityInsights", "Microsoft.SecurityInsights"), + resourceids.StaticSegment("staticAlertRules", "alertRules", "alertRules"), + resourceids.UserSpecifiedSegment("ruleId", "ruleId"), + } +} + +// String returns a human-readable description of this Alert Rule ID +func (id AlertRuleId) String() string { + components := []string{ + fmt.Sprintf("Subscription: %q", id.SubscriptionId), + fmt.Sprintf("Resource Group Name: %q", id.ResourceGroupName), + fmt.Sprintf("Workspace Name: %q", id.WorkspaceName), + fmt.Sprintf("Rule: %q", id.RuleId), + } + return fmt.Sprintf("Alert Rule (%s)", strings.Join(components, "\n")) +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/id_workspace.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/id_workspace.go new file mode 100644 index 000000000000..6ca991d3ed14 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/id_workspace.go @@ -0,0 +1,130 @@ +package alertrules + +import ( + "fmt" + "strings" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/recaser" + "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +func init() { + recaser.RegisterResourceId(&WorkspaceId{}) +} + +var _ resourceids.ResourceId = &WorkspaceId{} + +// WorkspaceId is a struct representing the Resource ID for a Workspace +type WorkspaceId struct { + SubscriptionId string + ResourceGroupName string + WorkspaceName string +} + +// NewWorkspaceID returns a new WorkspaceId struct +func NewWorkspaceID(subscriptionId string, resourceGroupName string, workspaceName string) WorkspaceId { + return WorkspaceId{ + SubscriptionId: subscriptionId, + ResourceGroupName: resourceGroupName, + WorkspaceName: workspaceName, + } +} + +// ParseWorkspaceID parses 'input' into a WorkspaceId +func ParseWorkspaceID(input string) (*WorkspaceId, error) { + parser := resourceids.NewParserFromResourceIdType(&WorkspaceId{}) + parsed, err := parser.Parse(input, false) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + id := WorkspaceId{} + if err = id.FromParseResult(*parsed); err != nil { + return nil, err + } + + return &id, nil +} + +// ParseWorkspaceIDInsensitively parses 'input' case-insensitively into a WorkspaceId +// note: this method should only be used for API response data and not user input +func ParseWorkspaceIDInsensitively(input string) (*WorkspaceId, error) { + parser := resourceids.NewParserFromResourceIdType(&WorkspaceId{}) + parsed, err := parser.Parse(input, true) + if err != nil { + return nil, fmt.Errorf("parsing %q: %+v", input, err) + } + + id := WorkspaceId{} + if err = id.FromParseResult(*parsed); err != nil { + return nil, err + } + + return &id, nil +} + +func (id *WorkspaceId) FromParseResult(input resourceids.ParseResult) error { + var ok bool + + if id.SubscriptionId, ok = input.Parsed["subscriptionId"]; !ok { + return resourceids.NewSegmentNotSpecifiedError(id, "subscriptionId", input) + } + + if id.ResourceGroupName, ok = input.Parsed["resourceGroupName"]; !ok { + return resourceids.NewSegmentNotSpecifiedError(id, "resourceGroupName", input) + } + + if id.WorkspaceName, ok = input.Parsed["workspaceName"]; !ok { + return resourceids.NewSegmentNotSpecifiedError(id, "workspaceName", input) + } + + return nil +} + +// ValidateWorkspaceID checks that 'input' can be parsed as a Workspace ID +func ValidateWorkspaceID(input interface{}, key string) (warnings []string, errors []error) { + v, ok := input.(string) + if !ok { + errors = append(errors, fmt.Errorf("expected %q to be a string", key)) + return + } + + if _, err := ParseWorkspaceID(v); err != nil { + errors = append(errors, err) + } + + return +} + +// ID returns the formatted Workspace ID +func (id WorkspaceId) ID() string { + fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.OperationalInsights/workspaces/%s" + return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroupName, id.WorkspaceName) +} + +// Segments returns a slice of Resource ID Segments which comprise this Workspace ID +func (id WorkspaceId) Segments() []resourceids.Segment { + return []resourceids.Segment{ + resourceids.StaticSegment("staticSubscriptions", "subscriptions", "subscriptions"), + resourceids.SubscriptionIdSegment("subscriptionId", "12345678-1234-9876-4563-123456789012"), + resourceids.StaticSegment("staticResourceGroups", "resourceGroups", "resourceGroups"), + resourceids.ResourceGroupSegment("resourceGroupName", "example-resource-group"), + resourceids.StaticSegment("staticProviders", "providers", "providers"), + resourceids.ResourceProviderSegment("staticMicrosoftOperationalInsights", "Microsoft.OperationalInsights", "Microsoft.OperationalInsights"), + resourceids.StaticSegment("staticWorkspaces", "workspaces", "workspaces"), + resourceids.UserSpecifiedSegment("workspaceName", "workspaceName"), + } +} + +// String returns a human-readable description of this Workspace ID +func (id WorkspaceId) String() string { + components := []string{ + fmt.Sprintf("Subscription: %q", id.SubscriptionId), + fmt.Sprintf("Resource Group Name: %q", id.ResourceGroupName), + fmt.Sprintf("Workspace Name: %q", id.WorkspaceName), + } + return fmt.Sprintf("Workspace (%s)", strings.Join(components, "\n")) +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_createorupdate.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_createorupdate.go new file mode 100644 index 000000000000..13548ddf46e8 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_createorupdate.go @@ -0,0 +1,63 @@ +package alertrules + +import ( + "context" + "encoding/json" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type CreateOrUpdateOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model AlertRule +} + +// CreateOrUpdate ... +func (c AlertRulesClient) CreateOrUpdate(ctx context.Context, id AlertRuleId, input AlertRule) (result CreateOrUpdateOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json; charset=utf-8", + ExpectedStatusCodes: []int{ + http.StatusCreated, + http.StatusOK, + }, + HttpMethod: http.MethodPut, + Path: id.ID(), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + if err = req.Marshal(input); err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + var respObj json.RawMessage + if err = resp.Unmarshal(&respObj); err != nil { + return + } + model, err := UnmarshalAlertRuleImplementation(respObj) + if err != nil { + return + } + result.Model = model + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_delete.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_delete.go new file mode 100644 index 000000000000..aae7085c25e2 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_delete.go @@ -0,0 +1,47 @@ +package alertrules + +import ( + "context" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type DeleteOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData +} + +// Delete ... +func (c AlertRulesClient) Delete(ctx context.Context, id AlertRuleId) (result DeleteOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json; charset=utf-8", + ExpectedStatusCodes: []int{ + http.StatusNoContent, + http.StatusOK, + }, + HttpMethod: http.MethodDelete, + Path: id.ID(), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_get.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_get.go new file mode 100644 index 000000000000..f6b552d75c7f --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_get.go @@ -0,0 +1,58 @@ +package alertrules + +import ( + "context" + "encoding/json" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type GetOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model AlertRule +} + +// Get ... +func (c AlertRulesClient) Get(ctx context.Context, id AlertRuleId) (result GetOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json; charset=utf-8", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Path: id.ID(), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.Execute(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + var respObj json.RawMessage + if err = resp.Unmarshal(&respObj); err != nil { + return + } + model, err := UnmarshalAlertRuleImplementation(respObj) + if err != nil { + return + } + result.Model = model + + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_list.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_list.go new file mode 100644 index 000000000000..55fff58c8614 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/method_list.go @@ -0,0 +1,117 @@ +package alertrules + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + + "github.com/hashicorp/go-azure-sdk/sdk/client" + "github.com/hashicorp/go-azure-sdk/sdk/odata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type ListOperationResponse struct { + HttpResponse *http.Response + OData *odata.OData + Model *[]AlertRule +} + +type ListCompleteResult struct { + LatestHttpResponse *http.Response + Items []AlertRule +} + +type ListCustomPager struct { + NextLink *odata.Link `json:"nextLink"` +} + +func (p *ListCustomPager) NextPageLink() *odata.Link { + defer func() { + p.NextLink = nil + }() + + return p.NextLink +} + +// List ... +func (c AlertRulesClient) List(ctx context.Context, id WorkspaceId) (result ListOperationResponse, err error) { + opts := client.RequestOptions{ + ContentType: "application/json; charset=utf-8", + ExpectedStatusCodes: []int{ + http.StatusOK, + }, + HttpMethod: http.MethodGet, + Pager: &ListCustomPager{}, + Path: fmt.Sprintf("%s/providers/Microsoft.SecurityInsights/alertRules", id.ID()), + } + + req, err := c.Client.NewRequest(ctx, opts) + if err != nil { + return + } + + var resp *client.Response + resp, err = req.ExecutePaged(ctx) + if resp != nil { + result.OData = resp.OData + result.HttpResponse = resp.Response + } + if err != nil { + return + } + + var values struct { + Values *[]json.RawMessage `json:"value"` + } + if err = resp.Unmarshal(&values); err != nil { + return + } + + temp := make([]AlertRule, 0) + if values.Values != nil { + for i, v := range *values.Values { + val, err := UnmarshalAlertRuleImplementation(v) + if err != nil { + err = fmt.Errorf("unmarshalling item %d for AlertRule (%q): %+v", i, v, err) + return result, err + } + temp = append(temp, val) + } + } + result.Model = &temp + + return +} + +// ListComplete retrieves all the results into a single object +func (c AlertRulesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error) { + return c.ListCompleteMatchingPredicate(ctx, id, AlertRuleOperationPredicate{}) +} + +// ListCompleteMatchingPredicate retrieves all the results and then applies the predicate +func (c AlertRulesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate AlertRuleOperationPredicate) (result ListCompleteResult, err error) { + items := make([]AlertRule, 0) + + resp, err := c.List(ctx, id) + if err != nil { + result.LatestHttpResponse = resp.HttpResponse + err = fmt.Errorf("loading results: %+v", err) + return + } + if resp.Model != nil { + for _, v := range *resp.Model { + if predicate.Matches(v) { + items = append(items, v) + } + } + } + + result = ListCompleteResult{ + LatestHttpResponse: resp.HttpResponse, + Items: items, + } + return +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertdetailsoverride.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertdetailsoverride.go new file mode 100644 index 000000000000..15010b19db06 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertdetailsoverride.go @@ -0,0 +1,12 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type AlertDetailsOverride struct { + AlertDescriptionFormat *string `json:"alertDescriptionFormat,omitempty"` + AlertDisplayNameFormat *string `json:"alertDisplayNameFormat,omitempty"` + AlertDynamicProperties *[]AlertPropertyMapping `json:"alertDynamicProperties,omitempty"` + AlertSeverityColumnName *string `json:"alertSeverityColumnName,omitempty"` + AlertTacticsColumnName *string `json:"alertTacticsColumnName,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertpropertymapping.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertpropertymapping.go new file mode 100644 index 000000000000..f98f2362b60d --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertpropertymapping.go @@ -0,0 +1,9 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type AlertPropertyMapping struct { + AlertProperty *AlertProperty `json:"alertProperty,omitempty"` + Value *string `json:"value,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertrule.go new file mode 100644 index 000000000000..706f1a808af0 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_alertrule.go @@ -0,0 +1,122 @@ +package alertrules + +import ( + "encoding/json" + "fmt" + "strings" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type AlertRule interface { + AlertRule() BaseAlertRuleImpl +} + +var _ AlertRule = BaseAlertRuleImpl{} + +type BaseAlertRuleImpl struct { + Etag *string `json:"etag,omitempty"` + Id *string `json:"id,omitempty"` + Kind AlertRuleKind `json:"kind"` + Name *string `json:"name,omitempty"` + SystemData *systemdata.SystemData `json:"systemData,omitempty"` + Type *string `json:"type,omitempty"` +} + +func (s BaseAlertRuleImpl) AlertRule() BaseAlertRuleImpl { + return s +} + +var _ AlertRule = RawAlertRuleImpl{} + +// RawAlertRuleImpl is returned when the Discriminated Value doesn't match any of the defined types +// NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) +// and is used only for Deserialization (e.g. this cannot be used as a Request Payload). +type RawAlertRuleImpl struct { + alertRule BaseAlertRuleImpl + Type string + Values map[string]interface{} +} + +func (s RawAlertRuleImpl) AlertRule() BaseAlertRuleImpl { + return s.alertRule +} + +func UnmarshalAlertRuleImplementation(input []byte) (AlertRule, error) { + if input == nil { + return nil, nil + } + + var temp map[string]interface{} + if err := json.Unmarshal(input, &temp); err != nil { + return nil, fmt.Errorf("unmarshaling AlertRule into map[string]interface: %+v", err) + } + + var value string + if v, ok := temp["kind"]; ok { + value = fmt.Sprintf("%v", v) + } + + if strings.EqualFold(value, "Fusion") { + var out FusionAlertRule + if err := json.Unmarshal(input, &out); err != nil { + return nil, fmt.Errorf("unmarshaling into FusionAlertRule: %+v", err) + } + return out, nil + } + + if strings.EqualFold(value, "MLBehaviorAnalytics") { + var out MLBehaviorAnalyticsAlertRule + if err := json.Unmarshal(input, &out); err != nil { + return nil, fmt.Errorf("unmarshaling into MLBehaviorAnalyticsAlertRule: %+v", err) + } + return out, nil + } + + if strings.EqualFold(value, "MicrosoftSecurityIncidentCreation") { + var out MicrosoftSecurityIncidentCreationAlertRule + if err := json.Unmarshal(input, &out); err != nil { + return nil, fmt.Errorf("unmarshaling into MicrosoftSecurityIncidentCreationAlertRule: %+v", err) + } + return out, nil + } + + if strings.EqualFold(value, "NRT") { + var out NrtAlertRule + if err := json.Unmarshal(input, &out); err != nil { + return nil, fmt.Errorf("unmarshaling into NrtAlertRule: %+v", err) + } + return out, nil + } + + if strings.EqualFold(value, "Scheduled") { + var out ScheduledAlertRule + if err := json.Unmarshal(input, &out); err != nil { + return nil, fmt.Errorf("unmarshaling into ScheduledAlertRule: %+v", err) + } + return out, nil + } + + if strings.EqualFold(value, "ThreatIntelligence") { + var out ThreatIntelligenceAlertRule + if err := json.Unmarshal(input, &out); err != nil { + return nil, fmt.Errorf("unmarshaling into ThreatIntelligenceAlertRule: %+v", err) + } + return out, nil + } + + var parent BaseAlertRuleImpl + if err := json.Unmarshal(input, &parent); err != nil { + return nil, fmt.Errorf("unmarshaling into BaseAlertRuleImpl: %+v", err) + } + + return RawAlertRuleImpl{ + alertRule: parent, + Type: value, + Values: temp, + }, nil + +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_entitymapping.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_entitymapping.go new file mode 100644 index 000000000000..b1fc81c3323a --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_entitymapping.go @@ -0,0 +1,9 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type EntityMapping struct { + EntityType *EntityMappingType `json:"entityType,omitempty"` + FieldMappings *[]FieldMapping `json:"fieldMappings,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_eventgroupingsettings.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_eventgroupingsettings.go new file mode 100644 index 000000000000..ae513b5b198c --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_eventgroupingsettings.go @@ -0,0 +1,8 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type EventGroupingSettings struct { + AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fieldmapping.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fieldmapping.go new file mode 100644 index 000000000000..9e73ac232185 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fieldmapping.go @@ -0,0 +1,9 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type FieldMapping struct { + ColumnName *string `json:"columnName,omitempty"` + Identifier *string `json:"identifier,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionalertrule.go new file mode 100644 index 000000000000..f9ebd649bd9c --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionalertrule.go @@ -0,0 +1,62 @@ +package alertrules + +import ( + "encoding/json" + "fmt" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ AlertRule = FusionAlertRule{} + +type FusionAlertRule struct { + Properties *FusionAlertRuleProperties `json:"properties,omitempty"` + + // Fields inherited from AlertRule + + Etag *string `json:"etag,omitempty"` + Id *string `json:"id,omitempty"` + Kind AlertRuleKind `json:"kind"` + Name *string `json:"name,omitempty"` + SystemData *systemdata.SystemData `json:"systemData,omitempty"` + Type *string `json:"type,omitempty"` +} + +func (s FusionAlertRule) AlertRule() BaseAlertRuleImpl { + return BaseAlertRuleImpl{ + Etag: s.Etag, + Id: s.Id, + Kind: s.Kind, + Name: s.Name, + SystemData: s.SystemData, + Type: s.Type, + } +} + +var _ json.Marshaler = FusionAlertRule{} + +func (s FusionAlertRule) MarshalJSON() ([]byte, error) { + type wrapper FusionAlertRule + wrapped := wrapper(s) + encoded, err := json.Marshal(wrapped) + if err != nil { + return nil, fmt.Errorf("marshaling FusionAlertRule: %+v", err) + } + + var decoded map[string]interface{} + if err = json.Unmarshal(encoded, &decoded); err != nil { + return nil, fmt.Errorf("unmarshaling FusionAlertRule: %+v", err) + } + + decoded["kind"] = "Fusion" + + encoded, err = json.Marshal(decoded) + if err != nil { + return nil, fmt.Errorf("re-marshaling FusionAlertRule: %+v", err) + } + + return encoded, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionalertruleproperties.go new file mode 100644 index 000000000000..105c07396b24 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionalertruleproperties.go @@ -0,0 +1,36 @@ +package alertrules + +import ( + "time" + + "github.com/hashicorp/go-azure-helpers/lang/dates" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type FusionAlertRuleProperties struct { + AlertRuleTemplateName string `json:"alertRuleTemplateName"` + Description *string `json:"description,omitempty"` + DisplayName *string `json:"displayName,omitempty"` + Enabled bool `json:"enabled"` + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` + ScenarioExclusionPatterns *[]FusionScenarioExclusionPattern `json:"scenarioExclusionPatterns,omitempty"` + Severity *AlertSeverity `json:"severity,omitempty"` + SourceSettings *[]FusionSourceSettings `json:"sourceSettings,omitempty"` + SubTechniques *[]string `json:"subTechniques,omitempty"` + Tactics *[]AttackTactic `json:"tactics,omitempty"` + Techniques *[]string `json:"techniques,omitempty"` +} + +func (o *FusionAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { + if o.LastModifiedUtc == nil { + return nil, nil + } + return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") +} + +func (o *FusionAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.LastModifiedUtc = &formatted +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionscenarioexclusionpattern.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionscenarioexclusionpattern.go new file mode 100644 index 000000000000..98b11076d11a --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionscenarioexclusionpattern.go @@ -0,0 +1,9 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type FusionScenarioExclusionPattern struct { + DateAddedInUTC string `json:"dateAddedInUTC"` + ExclusionPattern string `json:"exclusionPattern"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsourcesettings.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsourcesettings.go new file mode 100644 index 000000000000..dd206d437b58 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsourcesettings.go @@ -0,0 +1,10 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type FusionSourceSettings struct { + Enabled bool `json:"enabled"` + SourceName string `json:"sourceName"` + SourceSubTypes *[]FusionSourceSubTypeSetting `json:"sourceSubTypes,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsourcesubtypesetting.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsourcesubtypesetting.go new file mode 100644 index 000000000000..b2561512e5f8 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsourcesubtypesetting.go @@ -0,0 +1,11 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type FusionSourceSubTypeSetting struct { + Enabled bool `json:"enabled"` + SeverityFilters FusionSubTypeSeverityFilter `json:"severityFilters"` + SourceSubTypeDisplayName *string `json:"sourceSubTypeDisplayName,omitempty"` + SourceSubTypeName string `json:"sourceSubTypeName"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsubtypeseverityfilter.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsubtypeseverityfilter.go new file mode 100644 index 000000000000..149cc8f8372c --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsubtypeseverityfilter.go @@ -0,0 +1,9 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type FusionSubTypeSeverityFilter struct { + Filters *[]FusionSubTypeSeverityFiltersItem `json:"filters,omitempty"` + IsSupported *bool `json:"isSupported,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsubtypeseverityfiltersitem.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsubtypeseverityfiltersitem.go new file mode 100644 index 000000000000..5e70b222ee7f --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_fusionsubtypeseverityfiltersitem.go @@ -0,0 +1,9 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type FusionSubTypeSeverityFiltersItem struct { + Enabled bool `json:"enabled"` + Severity AlertSeverity `json:"severity"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_groupingconfiguration.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_groupingconfiguration.go new file mode 100644 index 000000000000..cb8d21f3d601 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_groupingconfiguration.go @@ -0,0 +1,14 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type GroupingConfiguration struct { + Enabled bool `json:"enabled"` + GroupByAlertDetails *[]AlertDetail `json:"groupByAlertDetails,omitempty"` + GroupByCustomDetails *[]string `json:"groupByCustomDetails,omitempty"` + GroupByEntities *[]EntityMappingType `json:"groupByEntities,omitempty"` + LookbackDuration string `json:"lookbackDuration"` + MatchingMethod MatchingMethod `json:"matchingMethod"` + ReopenClosedIncident bool `json:"reopenClosedIncident"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_incidentconfiguration.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_incidentconfiguration.go new file mode 100644 index 000000000000..53ab8b667b1c --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_incidentconfiguration.go @@ -0,0 +1,9 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type IncidentConfiguration struct { + CreateIncident bool `json:"createIncident"` + GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_microsoftsecurityincidentcreationalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_microsoftsecurityincidentcreationalertrule.go new file mode 100644 index 000000000000..ccf5f8899d4b --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_microsoftsecurityincidentcreationalertrule.go @@ -0,0 +1,62 @@ +package alertrules + +import ( + "encoding/json" + "fmt" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ AlertRule = MicrosoftSecurityIncidentCreationAlertRule{} + +type MicrosoftSecurityIncidentCreationAlertRule struct { + Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` + + // Fields inherited from AlertRule + + Etag *string `json:"etag,omitempty"` + Id *string `json:"id,omitempty"` + Kind AlertRuleKind `json:"kind"` + Name *string `json:"name,omitempty"` + SystemData *systemdata.SystemData `json:"systemData,omitempty"` + Type *string `json:"type,omitempty"` +} + +func (s MicrosoftSecurityIncidentCreationAlertRule) AlertRule() BaseAlertRuleImpl { + return BaseAlertRuleImpl{ + Etag: s.Etag, + Id: s.Id, + Kind: s.Kind, + Name: s.Name, + SystemData: s.SystemData, + Type: s.Type, + } +} + +var _ json.Marshaler = MicrosoftSecurityIncidentCreationAlertRule{} + +func (s MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { + type wrapper MicrosoftSecurityIncidentCreationAlertRule + wrapped := wrapper(s) + encoded, err := json.Marshal(wrapped) + if err != nil { + return nil, fmt.Errorf("marshaling MicrosoftSecurityIncidentCreationAlertRule: %+v", err) + } + + var decoded map[string]interface{} + if err = json.Unmarshal(encoded, &decoded); err != nil { + return nil, fmt.Errorf("unmarshaling MicrosoftSecurityIncidentCreationAlertRule: %+v", err) + } + + decoded["kind"] = "MicrosoftSecurityIncidentCreation" + + encoded, err = json.Marshal(decoded) + if err != nil { + return nil, fmt.Errorf("re-marshaling MicrosoftSecurityIncidentCreationAlertRule: %+v", err) + } + + return encoded, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_microsoftsecurityincidentcreationalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_microsoftsecurityincidentcreationalertruleproperties.go new file mode 100644 index 000000000000..428ca90f774f --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_microsoftsecurityincidentcreationalertruleproperties.go @@ -0,0 +1,34 @@ +package alertrules + +import ( + "time" + + "github.com/hashicorp/go-azure-helpers/lang/dates" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + Description *string `json:"description,omitempty"` + DisplayName string `json:"displayName"` + DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + Enabled bool `json:"enabled"` + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` + ProductFilter MicrosoftSecurityProductName `json:"productFilter"` + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` +} + +func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { + if o.LastModifiedUtc == nil { + return nil, nil + } + return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") +} + +func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.LastModifiedUtc = &formatted +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_mlbehavioranalyticsalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_mlbehavioranalyticsalertrule.go new file mode 100644 index 000000000000..f5c3da24cd19 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_mlbehavioranalyticsalertrule.go @@ -0,0 +1,62 @@ +package alertrules + +import ( + "encoding/json" + "fmt" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ AlertRule = MLBehaviorAnalyticsAlertRule{} + +type MLBehaviorAnalyticsAlertRule struct { + Properties *MLBehaviorAnalyticsAlertRuleProperties `json:"properties,omitempty"` + + // Fields inherited from AlertRule + + Etag *string `json:"etag,omitempty"` + Id *string `json:"id,omitempty"` + Kind AlertRuleKind `json:"kind"` + Name *string `json:"name,omitempty"` + SystemData *systemdata.SystemData `json:"systemData,omitempty"` + Type *string `json:"type,omitempty"` +} + +func (s MLBehaviorAnalyticsAlertRule) AlertRule() BaseAlertRuleImpl { + return BaseAlertRuleImpl{ + Etag: s.Etag, + Id: s.Id, + Kind: s.Kind, + Name: s.Name, + SystemData: s.SystemData, + Type: s.Type, + } +} + +var _ json.Marshaler = MLBehaviorAnalyticsAlertRule{} + +func (s MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error) { + type wrapper MLBehaviorAnalyticsAlertRule + wrapped := wrapper(s) + encoded, err := json.Marshal(wrapped) + if err != nil { + return nil, fmt.Errorf("marshaling MLBehaviorAnalyticsAlertRule: %+v", err) + } + + var decoded map[string]interface{} + if err = json.Unmarshal(encoded, &decoded); err != nil { + return nil, fmt.Errorf("unmarshaling MLBehaviorAnalyticsAlertRule: %+v", err) + } + + decoded["kind"] = "MLBehaviorAnalytics" + + encoded, err = json.Marshal(decoded) + if err != nil { + return nil, fmt.Errorf("re-marshaling MLBehaviorAnalyticsAlertRule: %+v", err) + } + + return encoded, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_mlbehavioranalyticsalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_mlbehavioranalyticsalertruleproperties.go new file mode 100644 index 000000000000..37904ed80ef2 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_mlbehavioranalyticsalertruleproperties.go @@ -0,0 +1,34 @@ +package alertrules + +import ( + "time" + + "github.com/hashicorp/go-azure-helpers/lang/dates" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type MLBehaviorAnalyticsAlertRuleProperties struct { + AlertRuleTemplateName string `json:"alertRuleTemplateName"` + Description *string `json:"description,omitempty"` + DisplayName *string `json:"displayName,omitempty"` + Enabled bool `json:"enabled"` + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` + Severity *AlertSeverity `json:"severity,omitempty"` + SubTechniques *[]string `json:"subTechniques,omitempty"` + Tactics *[]AttackTactic `json:"tactics,omitempty"` + Techniques *[]string `json:"techniques,omitempty"` +} + +func (o *MLBehaviorAnalyticsAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { + if o.LastModifiedUtc == nil { + return nil, nil + } + return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") +} + +func (o *MLBehaviorAnalyticsAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.LastModifiedUtc = &formatted +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_nrtalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_nrtalertrule.go new file mode 100644 index 000000000000..4cb451bbb75b --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_nrtalertrule.go @@ -0,0 +1,62 @@ +package alertrules + +import ( + "encoding/json" + "fmt" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ AlertRule = NrtAlertRule{} + +type NrtAlertRule struct { + Properties *NrtAlertRuleProperties `json:"properties,omitempty"` + + // Fields inherited from AlertRule + + Etag *string `json:"etag,omitempty"` + Id *string `json:"id,omitempty"` + Kind AlertRuleKind `json:"kind"` + Name *string `json:"name,omitempty"` + SystemData *systemdata.SystemData `json:"systemData,omitempty"` + Type *string `json:"type,omitempty"` +} + +func (s NrtAlertRule) AlertRule() BaseAlertRuleImpl { + return BaseAlertRuleImpl{ + Etag: s.Etag, + Id: s.Id, + Kind: s.Kind, + Name: s.Name, + SystemData: s.SystemData, + Type: s.Type, + } +} + +var _ json.Marshaler = NrtAlertRule{} + +func (s NrtAlertRule) MarshalJSON() ([]byte, error) { + type wrapper NrtAlertRule + wrapped := wrapper(s) + encoded, err := json.Marshal(wrapped) + if err != nil { + return nil, fmt.Errorf("marshaling NrtAlertRule: %+v", err) + } + + var decoded map[string]interface{} + if err = json.Unmarshal(encoded, &decoded); err != nil { + return nil, fmt.Errorf("unmarshaling NrtAlertRule: %+v", err) + } + + decoded["kind"] = "NRT" + + encoded, err = json.Marshal(decoded) + if err != nil { + return nil, fmt.Errorf("re-marshaling NrtAlertRule: %+v", err) + } + + return encoded, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_nrtalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_nrtalertruleproperties.go new file mode 100644 index 000000000000..f58cea74b3dc --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_nrtalertruleproperties.go @@ -0,0 +1,44 @@ +package alertrules + +import ( + "time" + + "github.com/hashicorp/go-azure-helpers/lang/dates" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type NrtAlertRuleProperties struct { + AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + CustomDetails *map[string]string `json:"customDetails,omitempty"` + Description *string `json:"description,omitempty"` + DisplayName string `json:"displayName"` + Enabled bool `json:"enabled"` + EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"` + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` + IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` + Query string `json:"query"` + SentinelEntitiesMappings *[]SentinelEntityMapping `json:"sentinelEntitiesMappings,omitempty"` + Severity AlertSeverity `json:"severity"` + SubTechniques *[]string `json:"subTechniques,omitempty"` + SuppressionDuration string `json:"suppressionDuration"` + SuppressionEnabled bool `json:"suppressionEnabled"` + Tactics *[]AttackTactic `json:"tactics,omitempty"` + Techniques *[]string `json:"techniques,omitempty"` + TemplateVersion *string `json:"templateVersion,omitempty"` +} + +func (o *NrtAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { + if o.LastModifiedUtc == nil { + return nil, nil + } + return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") +} + +func (o *NrtAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.LastModifiedUtc = &formatted +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_scheduledalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_scheduledalertrule.go new file mode 100644 index 000000000000..6dc6c221e548 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_scheduledalertrule.go @@ -0,0 +1,62 @@ +package alertrules + +import ( + "encoding/json" + "fmt" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ AlertRule = ScheduledAlertRule{} + +type ScheduledAlertRule struct { + Properties *ScheduledAlertRuleProperties `json:"properties,omitempty"` + + // Fields inherited from AlertRule + + Etag *string `json:"etag,omitempty"` + Id *string `json:"id,omitempty"` + Kind AlertRuleKind `json:"kind"` + Name *string `json:"name,omitempty"` + SystemData *systemdata.SystemData `json:"systemData,omitempty"` + Type *string `json:"type,omitempty"` +} + +func (s ScheduledAlertRule) AlertRule() BaseAlertRuleImpl { + return BaseAlertRuleImpl{ + Etag: s.Etag, + Id: s.Id, + Kind: s.Kind, + Name: s.Name, + SystemData: s.SystemData, + Type: s.Type, + } +} + +var _ json.Marshaler = ScheduledAlertRule{} + +func (s ScheduledAlertRule) MarshalJSON() ([]byte, error) { + type wrapper ScheduledAlertRule + wrapped := wrapper(s) + encoded, err := json.Marshal(wrapped) + if err != nil { + return nil, fmt.Errorf("marshaling ScheduledAlertRule: %+v", err) + } + + var decoded map[string]interface{} + if err = json.Unmarshal(encoded, &decoded); err != nil { + return nil, fmt.Errorf("unmarshaling ScheduledAlertRule: %+v", err) + } + + decoded["kind"] = "Scheduled" + + encoded, err = json.Marshal(decoded) + if err != nil { + return nil, fmt.Errorf("re-marshaling ScheduledAlertRule: %+v", err) + } + + return encoded, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_scheduledalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_scheduledalertruleproperties.go new file mode 100644 index 000000000000..6020e20f2bac --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_scheduledalertruleproperties.go @@ -0,0 +1,48 @@ +package alertrules + +import ( + "time" + + "github.com/hashicorp/go-azure-helpers/lang/dates" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type ScheduledAlertRuleProperties struct { + AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + CustomDetails *map[string]string `json:"customDetails,omitempty"` + Description *string `json:"description,omitempty"` + DisplayName string `json:"displayName"` + Enabled bool `json:"enabled"` + EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"` + EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` + IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` + Query *string `json:"query,omitempty"` + QueryFrequency *string `json:"queryFrequency,omitempty"` + QueryPeriod *string `json:"queryPeriod,omitempty"` + SentinelEntitiesMappings *[]SentinelEntityMapping `json:"sentinelEntitiesMappings,omitempty"` + Severity *AlertSeverity `json:"severity,omitempty"` + SubTechniques *[]string `json:"subTechniques,omitempty"` + SuppressionDuration string `json:"suppressionDuration"` + SuppressionEnabled bool `json:"suppressionEnabled"` + Tactics *[]AttackTactic `json:"tactics,omitempty"` + Techniques *[]string `json:"techniques,omitempty"` + TemplateVersion *string `json:"templateVersion,omitempty"` + TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"` + TriggerThreshold *int64 `json:"triggerThreshold,omitempty"` +} + +func (o *ScheduledAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { + if o.LastModifiedUtc == nil { + return nil, nil + } + return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") +} + +func (o *ScheduledAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.LastModifiedUtc = &formatted +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_sentinelentitymapping.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_sentinelentitymapping.go new file mode 100644 index 000000000000..356dda0094fe --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_sentinelentitymapping.go @@ -0,0 +1,8 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type SentinelEntityMapping struct { + ColumnName *string `json:"columnName,omitempty"` +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_threatintelligencealertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_threatintelligencealertrule.go new file mode 100644 index 000000000000..ea1acdbd17c9 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_threatintelligencealertrule.go @@ -0,0 +1,62 @@ +package alertrules + +import ( + "encoding/json" + "fmt" + + "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +var _ AlertRule = ThreatIntelligenceAlertRule{} + +type ThreatIntelligenceAlertRule struct { + Properties *ThreatIntelligenceAlertRuleProperties `json:"properties,omitempty"` + + // Fields inherited from AlertRule + + Etag *string `json:"etag,omitempty"` + Id *string `json:"id,omitempty"` + Kind AlertRuleKind `json:"kind"` + Name *string `json:"name,omitempty"` + SystemData *systemdata.SystemData `json:"systemData,omitempty"` + Type *string `json:"type,omitempty"` +} + +func (s ThreatIntelligenceAlertRule) AlertRule() BaseAlertRuleImpl { + return BaseAlertRuleImpl{ + Etag: s.Etag, + Id: s.Id, + Kind: s.Kind, + Name: s.Name, + SystemData: s.SystemData, + Type: s.Type, + } +} + +var _ json.Marshaler = ThreatIntelligenceAlertRule{} + +func (s ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error) { + type wrapper ThreatIntelligenceAlertRule + wrapped := wrapper(s) + encoded, err := json.Marshal(wrapped) + if err != nil { + return nil, fmt.Errorf("marshaling ThreatIntelligenceAlertRule: %+v", err) + } + + var decoded map[string]interface{} + if err = json.Unmarshal(encoded, &decoded); err != nil { + return nil, fmt.Errorf("unmarshaling ThreatIntelligenceAlertRule: %+v", err) + } + + decoded["kind"] = "ThreatIntelligence" + + encoded, err = json.Marshal(decoded) + if err != nil { + return nil, fmt.Errorf("re-marshaling ThreatIntelligenceAlertRule: %+v", err) + } + + return encoded, nil +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_threatintelligencealertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_threatintelligencealertruleproperties.go new file mode 100644 index 000000000000..3dd0dff2daf7 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/model_threatintelligencealertruleproperties.go @@ -0,0 +1,34 @@ +package alertrules + +import ( + "time" + + "github.com/hashicorp/go-azure-helpers/lang/dates" +) + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type ThreatIntelligenceAlertRuleProperties struct { + AlertRuleTemplateName string `json:"alertRuleTemplateName"` + Description *string `json:"description,omitempty"` + DisplayName *string `json:"displayName,omitempty"` + Enabled bool `json:"enabled"` + LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` + Severity *AlertSeverity `json:"severity,omitempty"` + SubTechniques *[]string `json:"subTechniques,omitempty"` + Tactics *[]AttackTactic `json:"tactics,omitempty"` + Techniques *[]string `json:"techniques,omitempty"` +} + +func (o *ThreatIntelligenceAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { + if o.LastModifiedUtc == nil { + return nil, nil + } + return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") +} + +func (o *ThreatIntelligenceAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { + formatted := input.Format("2006-01-02T15:04:05Z07:00") + o.LastModifiedUtc = &formatted +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/predicates.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/predicates.go new file mode 100644 index 000000000000..20dada025237 --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/predicates.go @@ -0,0 +1,12 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +type AlertRuleOperationPredicate struct { +} + +func (p AlertRuleOperationPredicate) Matches(input AlertRule) bool { + + return true +} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/version.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/version.go new file mode 100644 index 000000000000..1f95276dd2ed --- /dev/null +++ b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules/version.go @@ -0,0 +1,10 @@ +package alertrules + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See NOTICE.txt in the project root for license information. + +const defaultApiVersion = "2023-12-01-preview" + +func userAgent() string { + return "hashicorp/go-azure-sdk/alertrules/2023-12-01-preview" +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 3b8df9023da3..faa8a9e40b57 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -148,7 +148,7 @@ github.com/hashicorp/go-azure-helpers/resourcemanager/tags github.com/hashicorp/go-azure-helpers/resourcemanager/zones github.com/hashicorp/go-azure-helpers/sender github.com/hashicorp/go-azure-helpers/storage -# github.com/hashicorp/go-azure-sdk/resource-manager v0.20241128.1112539 +# github.com/hashicorp/go-azure-sdk/resource-manager v0.20241205.1102105 ## explicit; go 1.22 github.com/hashicorp/go-azure-sdk/resource-manager/aad/2021-05-01/domainservices github.com/hashicorp/go-azure-sdk/resource-manager/aadb2c/2021-04-01-preview @@ -1010,6 +1010,7 @@ github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-p github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/sentinelonboardingstates github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlistitems github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlists +github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules github.com/hashicorp/go-azure-sdk/resource-manager/servicebus/2021-06-01-preview/disasterrecoveryconfigs github.com/hashicorp/go-azure-sdk/resource-manager/servicebus/2021-06-01-preview/namespacesauthorizationrule github.com/hashicorp/go-azure-sdk/resource-manager/servicebus/2021-06-01-preview/queues @@ -1157,7 +1158,7 @@ github.com/hashicorp/go-azure-sdk/resource-manager/workloads/2023-04-01/saplands github.com/hashicorp/go-azure-sdk/resource-manager/workloads/2023-04-01/saprecommendations github.com/hashicorp/go-azure-sdk/resource-manager/workloads/2023-04-01/sapsupportedsku github.com/hashicorp/go-azure-sdk/resource-manager/workloads/2023-04-01/sapvirtualinstances -# github.com/hashicorp/go-azure-sdk/sdk v0.20241128.1112539 +# github.com/hashicorp/go-azure-sdk/sdk v0.20241205.1102105 ## explicit; go 1.22 github.com/hashicorp/go-azure-sdk/sdk/auth github.com/hashicorp/go-azure-sdk/sdk/auth/autorest diff --git a/website/docs/r/sentinel_alert_rule_scheduled.html.markdown b/website/docs/r/sentinel_alert_rule_scheduled.html.markdown index 98a43758b28e..8f70fae5e2ec 100644 --- a/website/docs/r/sentinel_alert_rule_scheduled.html.markdown +++ b/website/docs/r/sentinel_alert_rule_scheduled.html.markdown @@ -95,7 +95,7 @@ The following arguments are supported: * `sentinel_entity_mapping` - (Optional) A list of `sentinel_entity_mapping` blocks as defined below. --> **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5. +-> **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 10. * `tactics` - (Optional) A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`. From 2ebb2ef1280d3375f8a167986374a2a569f07946 Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Fri, 6 Dec 2024 13:54:33 +1100 Subject: [PATCH 02/10] expand count limitation for `entity_mapping` and `sentinel_entity_mapping` --- .../services/sentinel/sentinel_alert_rule.go | 33 ++++ .../sentinel_alert_rule_nrt_resource.go | 4 +- .../sentinel_alert_rule_scheduled_resource.go | 2 +- ...inel_alert_rule_scheduled_resource_test.go | 182 +++++++++++++++++- 4 files changed, 211 insertions(+), 10 deletions(-) diff --git a/internal/services/sentinel/sentinel_alert_rule.go b/internal/services/sentinel/sentinel_alert_rule.go index ff2b43dcc33a..56f39badb32e 100644 --- a/internal/services/sentinel/sentinel_alert_rule.go +++ b/internal/services/sentinel/sentinel_alert_rule.go @@ -237,6 +237,22 @@ func flattenNewAlertRuleIncidentConfiguration(input *newalertrules.IncidentConfi } } +func expandAlertRuleEventGroupingSetting(input []interface{}) *alertrules.EventGroupingSettings { + if len(input) == 0 || input[0] == nil { + return nil + } + + v := input[0].(map[string]interface{}) + result := alertrules.EventGroupingSettings{} + + if aggregationKind := v["aggregation_method"].(string); aggregationKind != "" { + kind := alertrules.EventGroupingAggregationKind(aggregationKind) + result.AggregationKind = &kind + } + + return &result +} + func expandAlertRuleGrouping(input []interface{}, withGroupPrefix bool) *alertrules.GroupingConfiguration { if len(input) == 0 || input[0] == nil { return nil @@ -377,6 +393,23 @@ func flattenAlertRuleGrouping(input *alertrules.GroupingConfiguration, withGroup } } +func flattenAlertRuleEventGroupingSetting(input *alertrules.EventGroupingSettings) []interface{} { + if input == nil { + return []interface{}{} + } + + var aggregationKind string + if input.AggregationKind != nil { + aggregationKind = string(*input.AggregationKind) + } + + return []interface{}{ + map[string]interface{}{ + "aggregation_method": aggregationKind, + }, + } +} + func flattenNewAlertRuleGrouping(input *newalertrules.GroupingConfiguration, withGroupPrefix bool) []interface{} { if input == nil { return []interface{}{} diff --git a/internal/services/sentinel/sentinel_alert_rule_nrt_resource.go b/internal/services/sentinel/sentinel_alert_rule_nrt_resource.go index 4d831081aa77..46086d7ef308 100644 --- a/internal/services/sentinel/sentinel_alert_rule_nrt_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_nrt_resource.go @@ -367,7 +367,7 @@ func resourceSentinelAlertRuleNrtCreateUpdate(d *pluginsdk.ResourceData, meta in param.Properties.TemplateVersion = utils.String(v.(string)) } if v, ok := d.GetOk("event_grouping"); ok { - param.Properties.EventGroupingSettings = expandAlertRuleScheduledEventGroupingSetting(v.([]interface{})) + param.Properties.EventGroupingSettings = expandAlertRuleEventGroupingSetting(v.([]interface{})) } if v, ok := d.GetOk("alert_details_override"); ok { param.Properties.AlertDetailsOverride = expandAlertRuleAlertDetailsOverride(v.([]interface{})) @@ -471,7 +471,7 @@ func resourceSentinelAlertRuleNrtRead(d *pluginsdk.ResourceData, meta interface{ d.Set("alert_rule_template_guid", prop.AlertRuleTemplateName) d.Set("alert_rule_template_version", prop.TemplateVersion) - if err := d.Set("event_grouping", flattenAlertRuleScheduledEventGroupingSetting(prop.EventGroupingSettings)); err != nil { + if err := d.Set("event_grouping", flattenAlertRuleEventGroupingSetting(prop.EventGroupingSettings)); err != nil { return fmt.Errorf("setting `event_grouping`: %+v", err) } if err := d.Set("alert_details_override", flattenAlertRuleAlertDetailsOverride(prop.AlertDetailsOverride)); err != nil { diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go index 8a4524ca2efe..e96cd92f7cad 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go @@ -334,7 +334,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource { "sentinel_entity_mapping": { Type: pluginsdk.TypeList, Optional: true, - MaxItems: 5, + MaxItems: 10, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ "column_name": { diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go index 2f06cb9b7ccf..e8ff655b8177 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go @@ -33,6 +33,21 @@ func TestAccSentinelAlertRuleScheduled_basic(t *testing.T) { }) } +func TestAccSentinelAlertRuleScheduled_extra(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_sentinel_alert_rule_scheduled", "test") + r := SentinelAlertRuleScheduledResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.tenEntity(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func TestAccSentinelAlertRuleScheduled_upgrade(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_sentinel_alert_rule_scheduled", "test") r := SentinelAlertRuleScheduledResource{} @@ -193,6 +208,101 @@ QUERY `, r.template(data), data.RandomInteger) } +func (r SentinelAlertRuleScheduledResource) tenEntity(data acceptance.TestData) string { + return fmt.Sprintf(` +%s + +resource "azurerm_sentinel_alert_rule_scheduled" "test" { + name = "acctest-SentinelAlertRule-Sche-%d" + log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.test.workspace_id + display_name = "Some Rule" + severity = "High" + query = < Date: Fri, 6 Dec 2024 14:41:05 +1100 Subject: [PATCH 03/10] add test case --- .../sentinel_alert_rule_scheduled_resource.go | 6 +- ...inel_alert_rule_scheduled_resource_test.go | 143 +++++++++--------- 2 files changed, 71 insertions(+), 78 deletions(-) diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go index e96cd92f7cad..f63e8ab1a5a3 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go @@ -446,9 +446,9 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m sentinelEntityMappingCount = len(*param.Properties.SentinelEntitiesMappings) } - // the max number of `sentinel_entity_mapping` and `entity_mapping` together is 5 - if entityMappingCount+sentinelEntityMappingCount > 5 { - return fmt.Errorf("`entity_mapping` and `sentinel_entity_mapping` together can't exceed 5") + // the max number of `sentinel_entity_mapping` and `entity_mapping` together is 10 + if entityMappingCount+sentinelEntityMappingCount > 10 { + return fmt.Errorf("`entity_mapping` and `sentinel_entity_mapping` together can't exceed 10") } if !d.IsNewResource() { diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go index e8ff655b8177..d076434cc3de 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go @@ -33,13 +33,20 @@ func TestAccSentinelAlertRuleScheduled_basic(t *testing.T) { }) } -func TestAccSentinelAlertRuleScheduled_extra(t *testing.T) { +func TestAccSentinelAlertRuleScheduled_entityMapping(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_sentinel_alert_rule_scheduled", "test") r := SentinelAlertRuleScheduledResource{} data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: r.tenEntity(data), + Config: r.tenEntityMapping(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.tenSentinelEntityMapping(data), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), ), @@ -208,7 +215,7 @@ QUERY `, r.template(data), data.RandomInteger) } -func (r SentinelAlertRuleScheduledResource) tenEntity(data acceptance.TestData) string { +func (r SentinelAlertRuleScheduledResource) tenEntityMapping(data acceptance.TestData) string { return fmt.Sprintf(` %s @@ -218,16 +225,13 @@ resource "azurerm_sentinel_alert_rule_scheduled" "test" { display_name = "Some Rule" severity = "High" query = < Date: Fri, 6 Dec 2024 14:52:30 +1100 Subject: [PATCH 04/10] replace `utils` functions --- .../services/sentinel/sentinel_alert_rule.go | 38 ++++++------------- 1 file changed, 11 insertions(+), 27 deletions(-) diff --git a/internal/services/sentinel/sentinel_alert_rule.go b/internal/services/sentinel/sentinel_alert_rule.go index 56f39badb32e..a7564d298121 100644 --- a/internal/services/sentinel/sentinel_alert_rule.go +++ b/internal/services/sentinel/sentinel_alert_rule.go @@ -16,7 +16,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/utils" ) -// TODO: after all sentinel alert rules updated to new API version, remove the old function and rename this to `importSentinelAlertRule` +// TODO: after all sentinel alert rules updated to new API version, remove these old functions and rename new funtions. func importNewSentinelAlertRule(expectKind newalertrules.AlertRuleKind) pluginsdk.ImporterFunc { return func(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) (data []*pluginsdk.ResourceData, err error) { id, err := newalertrules.ParseAlertRuleID(d.Id()) @@ -27,7 +27,7 @@ func importNewSentinelAlertRule(expectKind newalertrules.AlertRuleKind) pluginsd client := meta.(*clients.Client).Sentinel.NewAlertRulesClient resp, err := client.Get(ctx, *id) if err != nil { - return nil, fmt.Errorf("retrieving Sentinel Alert Rule %q: %+v", id, err) + return nil, fmt.Errorf("retrieving %q: %+v", id, err) } if err = assertNewAlertRuleKind(resp.Model, expectKind); err != nil { @@ -496,16 +496,16 @@ func expandNewAlertRuleAlertDetailsOverride(input []interface{}) *newalertrules. output := &newalertrules.AlertDetailsOverride{} if v := b["description_format"]; v != "" { - output.AlertDescriptionFormat = utils.String(v.(string)) + output.AlertDescriptionFormat = pointer.To(v.(string)) } if v := b["display_name_format"]; v != "" { - output.AlertDisplayNameFormat = utils.String(v.(string)) + output.AlertDisplayNameFormat = pointer.To(v.(string)) } if v := b["severity_column_name"]; v != "" { - output.AlertSeverityColumnName = utils.String(v.(string)) + output.AlertSeverityColumnName = pointer.To(v.(string)) } if v := b["tactics_column_name"]; v != "" { - output.AlertTacticsColumnName = utils.String(v.(string)) + output.AlertTacticsColumnName = pointer.To(v.(string)) } if v := b["dynamic_property"]; v != nil && len(v.([]interface{})) > 0 { output.AlertDynamicProperties = expandNewAlertRuleAlertDynamicProperties(v.([]interface{})) @@ -560,26 +560,10 @@ func flattenNewAlertRuleAlertDetailsOverride(input *newalertrules.AlertDetailsOv return []interface{}{} } - var descriptionFormat string - if input.AlertDescriptionFormat != nil { - descriptionFormat = *input.AlertDescriptionFormat - } - - var displayNameFormat string - if input.AlertDisplayNameFormat != nil { - displayNameFormat = *input.AlertDisplayNameFormat - } - - var severityColumnName string - if input.AlertSeverityColumnName != nil { - severityColumnName = *input.AlertSeverityColumnName - } - - var tacticsColumnName string - if input.AlertTacticsColumnName != nil { - tacticsColumnName = *input.AlertTacticsColumnName - } - + descriptionFormat := pointer.From(input.AlertDescriptionFormat) + displayNameFormat := pointer.From(input.AlertDisplayNameFormat) + severityColumnName := pointer.From(input.AlertSeverityColumnName) + tacticsColumnName := pointer.From(input.AlertTacticsColumnName) var dynamicProperties []interface{} if input.AlertDynamicProperties != nil { dynamicProperties = flattenNewAlertRuleAlertDynamicProperties(input.AlertDynamicProperties) @@ -625,7 +609,7 @@ func expandNewAlertRuleAlertDynamicProperties(input []interface{}) *[]newalertru property := newalertrules.AlertProperty(b["name"].(string)) output = append(output, newalertrules.AlertPropertyMapping{ AlertProperty: &property, - Value: utils.String(b["value"].(string)), + Value: pointer.To(b["value"].(string)), }) } From 0ba52ba7369fdbddb45d70c385d481069cbf3178 Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Mon, 9 Dec 2024 11:57:01 +1100 Subject: [PATCH 05/10] update other sentinel alert rules api version --- internal/services/sentinel/client/client.go | 5 +- .../services/sentinel/sentinel_alert_rule.go | 2 +- .../sentinel_alert_rule_data_source.go | 2 +- .../sentinel_alert_rule_fusion_resource.go | 2 +- ...entinel_alert_rule_fusion_resource_test.go | 2 +- ...ule_machine_learning_behavior_analytics.go | 2 +- ...achine_learning_behavior_analytics_test.go | 2 +- ...lert_rule_ms_security_incident_resource.go | 2 +- ...rule_ms_security_incident_resource_test.go | 2 +- .../sentinel_alert_rule_nrt_resource.go | 2 +- .../sentinel_alert_rule_nrt_resource_test.go | 2 +- ...t_rule_threat_intelligence_resouce_test.go | 2 +- ...alert_rule_threat_intelligence_resource.go | 2 +- .../2022-10-01-preview/alertrules/README.md | 90 --- .../2022-10-01-preview/alertrules/client.go | 26 - .../alertrules/constants.go | 576 ------------------ .../alertrules/id_alertrule.go | 141 ----- .../alertrules/id_workspace.go | 130 ---- .../alertrules/method_createorupdate.go | 63 -- .../alertrules/method_delete.go | 47 -- .../alertrules/method_get.go | 58 -- .../alertrules/method_list.go | 117 ---- .../alertrules/model_alertdetailsoverride.go | 12 - .../alertrules/model_alertpropertymapping.go | 9 - .../alertrules/model_alertrule.go | 122 ---- .../alertrules/model_entitymapping.go | 9 - .../alertrules/model_eventgroupingsettings.go | 8 - .../alertrules/model_fieldmapping.go | 9 - .../alertrules/model_fusionalertrule.go | 62 -- .../model_fusionalertruleproperties.go | 35 -- .../model_fusionscenarioexclusionpattern.go | 9 - .../alertrules/model_fusionsourcesettings.go | 10 - .../model_fusionsourcesubtypesetting.go | 11 - .../model_fusionsubtypeseverityfilter.go | 9 - .../model_fusionsubtypeseverityfiltersitem.go | 9 - .../alertrules/model_groupingconfiguration.go | 14 - .../alertrules/model_incidentconfiguration.go | 9 - ...rosoftsecurityincidentcreationalertrule.go | 62 -- ...rityincidentcreationalertruleproperties.go | 34 -- .../model_mlbehavioranalyticsalertrule.go | 62 -- ..._mlbehavioranalyticsalertruleproperties.go | 33 - .../alertrules/model_nrtalertrule.go | 62 -- .../model_nrtalertruleproperties.go | 43 -- .../alertrules/model_scheduledalertrule.go | 62 -- .../model_scheduledalertruleproperties.go | 47 -- .../alertrules/model_sentinelentitymapping.go | 8 - .../model_threatintelligencealertrule.go | 62 -- ...l_threatintelligencealertruleproperties.go | 33 - .../alertrules/predicates.go | 12 - .../2022-10-01-preview/alertrules/version.go | 10 - vendor/modules.txt | 1 - 51 files changed, 14 insertions(+), 2131 deletions(-) delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/README.md delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/client.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/constants.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/id_alertrule.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/id_workspace.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_createorupdate.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_delete.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_get.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_list.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertdetailsoverride.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertpropertymapping.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertrule.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_entitymapping.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_eventgroupingsettings.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fieldmapping.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionalertrule.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionalertruleproperties.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionscenarioexclusionpattern.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsourcesettings.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsourcesubtypesetting.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsubtypeseverityfilter.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsubtypeseverityfiltersitem.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_groupingconfiguration.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_incidentconfiguration.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_microsoftsecurityincidentcreationalertrule.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_microsoftsecurityincidentcreationalertruleproperties.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_mlbehavioranalyticsalertrule.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_mlbehavioranalyticsalertruleproperties.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_nrtalertrule.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_nrtalertruleproperties.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_scheduledalertrule.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_scheduledalertruleproperties.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_sentinelentitymapping.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_threatintelligencealertrule.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_threatintelligencealertruleproperties.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/predicates.go delete mode 100644 vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/version.go diff --git a/internal/services/sentinel/client/client.go b/internal/services/sentinel/client/client.go index 4412fb5a52bc..44400b4ee5dd 100644 --- a/internal/services/sentinel/client/client.go +++ b/internal/services/sentinel/client/client.go @@ -7,7 +7,6 @@ import ( "fmt" alertruletemplates "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2021-09-01-preview/securityinsight" // nolint: staticcheck - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/automationrules" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/metadata" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/sentinelonboardingstates" @@ -19,7 +18,7 @@ import ( ) type Client struct { - AlertRulesClient *alertrules.AlertRulesClient + AlertRulesClient *newalertrules.AlertRulesClient AlertRuleTemplatesClient *alertruletemplates.AlertRuleTemplatesClient AutomationRulesClient *automationrules.AutomationRulesClient DataConnectorsClient *securityinsight.DataConnectorsClient @@ -33,7 +32,7 @@ type Client struct { } func NewClient(o *common.ClientOptions) (*Client, error) { - alertRulesClient, err := alertrules.NewAlertRulesClientWithBaseURI(o.Environment.ResourceManager) + alertRulesClient, err := newalertrules.NewAlertRulesClientWithBaseURI(o.Environment.ResourceManager) if err != nil { return nil, fmt.Errorf("building Alert Rules Client: %+v", err) } diff --git a/internal/services/sentinel/sentinel_alert_rule.go b/internal/services/sentinel/sentinel_alert_rule.go index a7564d298121..e4d1bf483472 100644 --- a/internal/services/sentinel/sentinel_alert_rule.go +++ b/internal/services/sentinel/sentinel_alert_rule.go @@ -8,7 +8,7 @@ import ( "fmt" "github.com/hashicorp/go-azure-helpers/lang/pointer" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" newalertrules "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" diff --git a/internal/services/sentinel/sentinel_alert_rule_data_source.go b/internal/services/sentinel/sentinel_alert_rule_data_source.go index 448beaa79789..f3f1f2b00ac9 100644 --- a/internal/services/sentinel/sentinel_alert_rule_data_source.go +++ b/internal/services/sentinel/sentinel_alert_rule_data_source.go @@ -8,7 +8,7 @@ import ( "time" "github.com/hashicorp/go-azure-helpers/lang/response" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" diff --git a/internal/services/sentinel/sentinel_alert_rule_fusion_resource.go b/internal/services/sentinel/sentinel_alert_rule_fusion_resource.go index 02b67abf2db9..1de99def0c7f 100644 --- a/internal/services/sentinel/sentinel_alert_rule_fusion_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_fusion_resource.go @@ -10,7 +10,7 @@ import ( "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-helpers/lang/response" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/features" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" diff --git a/internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go index 6e0b3b0207d6..24445d352fee 100644 --- a/internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/hashicorp/go-azure-helpers/lang/response" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" diff --git a/internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics.go b/internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics.go index 0f8f5de4911d..5b22ada93045 100644 --- a/internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics.go +++ b/internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics.go @@ -9,7 +9,7 @@ import ( "time" "github.com/hashicorp/go-azure-helpers/lang/response" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" diff --git a/internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics_test.go b/internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics_test.go index d504416affe7..8d93031d7cf1 100644 --- a/internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/hashicorp/go-azure-helpers/lang/response" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" diff --git a/internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource.go b/internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource.go index 840936e7a3ef..df06765af8bd 100644 --- a/internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource.go @@ -9,7 +9,7 @@ import ( "time" "github.com/hashicorp/go-azure-helpers/lang/response" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" diff --git a/internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource_test.go index 5c283e3d2e5e..9f5914838a9c 100644 --- a/internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" diff --git a/internal/services/sentinel/sentinel_alert_rule_nrt_resource.go b/internal/services/sentinel/sentinel_alert_rule_nrt_resource.go index 46086d7ef308..eb32ba1e3580 100644 --- a/internal/services/sentinel/sentinel_alert_rule_nrt_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_nrt_resource.go @@ -9,7 +9,7 @@ import ( "time" "github.com/hashicorp/go-azure-helpers/lang/response" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/helpers/validate" diff --git a/internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go index b9b1e9131ec1..f5da785f3320 100644 --- a/internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" diff --git a/internal/services/sentinel/sentinel_alert_rule_threat_intelligence_resouce_test.go b/internal/services/sentinel/sentinel_alert_rule_threat_intelligence_resouce_test.go index 5b047f370f35..6b1fbffc98e8 100644 --- a/internal/services/sentinel/sentinel_alert_rule_threat_intelligence_resouce_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_threat_intelligence_resouce_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/hashicorp/go-azure-helpers/lang/response" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" diff --git a/internal/services/sentinel/sentinel_alert_rule_threat_intelligence_resource.go b/internal/services/sentinel/sentinel_alert_rule_threat_intelligence_resource.go index d6880f63338a..e3f8b3fd0877 100644 --- a/internal/services/sentinel/sentinel_alert_rule_threat_intelligence_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_threat_intelligence_resource.go @@ -11,7 +11,7 @@ import ( alertruletemplates "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2021-09-01-preview/securityinsight" // nolint: staticcheck "github.com/hashicorp/go-azure-helpers/lang/response" "github.com/hashicorp/go-azure-sdk/resource-manager/operationalinsights/2022-10-01/workspaces" - "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-azurerm/helpers/tf" "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/README.md b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/README.md deleted file mode 100644 index 2b4f4582c0d9..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/README.md +++ /dev/null @@ -1,90 +0,0 @@ - -## `github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules` Documentation - -The `alertrules` SDK allows for interaction with Azure Resource Manager `securityinsights` (API Version `2022-10-01-preview`). - -This readme covers example usages, but further information on [using this SDK can be found in the project root](https://github.com/hashicorp/go-azure-sdk/tree/main/docs). - -### Import Path - -```go -import "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules" -``` - - -### Client Initialization - -```go -client := alertrules.NewAlertRulesClientWithBaseURI("https://management.azure.com") -client.Client.Authorizer = authorizer -``` - - -### Example Usage: `AlertRulesClient.CreateOrUpdate` - -```go -ctx := context.TODO() -id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceName", "ruleId") - -payload := alertrules.AlertRule{ - // ... -} - - -read, err := client.CreateOrUpdate(ctx, id, payload) -if err != nil { - // handle the error -} -if model := read.Model; model != nil { - // do something with the model/response object -} -``` - - -### Example Usage: `AlertRulesClient.Delete` - -```go -ctx := context.TODO() -id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceName", "ruleId") - -read, err := client.Delete(ctx, id) -if err != nil { - // handle the error -} -if model := read.Model; model != nil { - // do something with the model/response object -} -``` - - -### Example Usage: `AlertRulesClient.Get` - -```go -ctx := context.TODO() -id := alertrules.NewAlertRuleID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceName", "ruleId") - -read, err := client.Get(ctx, id) -if err != nil { - // handle the error -} -if model := read.Model; model != nil { - // do something with the model/response object -} -``` - - -### Example Usage: `AlertRulesClient.List` - -```go -ctx := context.TODO() -id := alertrules.NewWorkspaceID("12345678-1234-9876-4563-123456789012", "example-resource-group", "workspaceName") - -// alternatively `client.List(ctx, id)` can be used to do batched pagination -items, err := client.ListComplete(ctx, id) -if err != nil { - // handle the error -} -for _, item := range items { - // do something -} -``` diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/client.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/client.go deleted file mode 100644 index 20e26334cc48..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/client.go +++ /dev/null @@ -1,26 +0,0 @@ -package alertrules - -import ( - "fmt" - - "github.com/hashicorp/go-azure-sdk/sdk/client/resourcemanager" - sdkEnv "github.com/hashicorp/go-azure-sdk/sdk/environments" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type AlertRulesClient struct { - Client *resourcemanager.Client -} - -func NewAlertRulesClientWithBaseURI(sdkApi sdkEnv.Api) (*AlertRulesClient, error) { - client, err := resourcemanager.NewClient(sdkApi, "alertrules", defaultApiVersion) - if err != nil { - return nil, fmt.Errorf("instantiating AlertRulesClient: %+v", err) - } - - return &AlertRulesClient{ - Client: client, - }, nil -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/constants.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/constants.go deleted file mode 100644 index 269a786b12f2..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/constants.go +++ /dev/null @@ -1,576 +0,0 @@ -package alertrules - -import ( - "encoding/json" - "fmt" - "strings" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type AlertDetail string - -const ( - AlertDetailDisplayName AlertDetail = "DisplayName" - AlertDetailSeverity AlertDetail = "Severity" -) - -func PossibleValuesForAlertDetail() []string { - return []string{ - string(AlertDetailDisplayName), - string(AlertDetailSeverity), - } -} - -func (s *AlertDetail) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseAlertDetail(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseAlertDetail(input string) (*AlertDetail, error) { - vals := map[string]AlertDetail{ - "displayname": AlertDetailDisplayName, - "severity": AlertDetailSeverity, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := AlertDetail(input) - return &out, nil -} - -type AlertProperty string - -const ( - AlertPropertyAlertLink AlertProperty = "AlertLink" - AlertPropertyConfidenceLevel AlertProperty = "ConfidenceLevel" - AlertPropertyConfidenceScore AlertProperty = "ConfidenceScore" - AlertPropertyExtendedLinks AlertProperty = "ExtendedLinks" - AlertPropertyProductComponentName AlertProperty = "ProductComponentName" - AlertPropertyProductName AlertProperty = "ProductName" - AlertPropertyProviderName AlertProperty = "ProviderName" - AlertPropertyRemediationSteps AlertProperty = "RemediationSteps" - AlertPropertyTechniques AlertProperty = "Techniques" -) - -func PossibleValuesForAlertProperty() []string { - return []string{ - string(AlertPropertyAlertLink), - string(AlertPropertyConfidenceLevel), - string(AlertPropertyConfidenceScore), - string(AlertPropertyExtendedLinks), - string(AlertPropertyProductComponentName), - string(AlertPropertyProductName), - string(AlertPropertyProviderName), - string(AlertPropertyRemediationSteps), - string(AlertPropertyTechniques), - } -} - -func (s *AlertProperty) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseAlertProperty(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseAlertProperty(input string) (*AlertProperty, error) { - vals := map[string]AlertProperty{ - "alertlink": AlertPropertyAlertLink, - "confidencelevel": AlertPropertyConfidenceLevel, - "confidencescore": AlertPropertyConfidenceScore, - "extendedlinks": AlertPropertyExtendedLinks, - "productcomponentname": AlertPropertyProductComponentName, - "productname": AlertPropertyProductName, - "providername": AlertPropertyProviderName, - "remediationsteps": AlertPropertyRemediationSteps, - "techniques": AlertPropertyTechniques, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := AlertProperty(input) - return &out, nil -} - -type AlertRuleKind string - -const ( - AlertRuleKindFusion AlertRuleKind = "Fusion" - AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics" - AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" - AlertRuleKindNRT AlertRuleKind = "NRT" - AlertRuleKindScheduled AlertRuleKind = "Scheduled" - AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence" -) - -func PossibleValuesForAlertRuleKind() []string { - return []string{ - string(AlertRuleKindFusion), - string(AlertRuleKindMLBehaviorAnalytics), - string(AlertRuleKindMicrosoftSecurityIncidentCreation), - string(AlertRuleKindNRT), - string(AlertRuleKindScheduled), - string(AlertRuleKindThreatIntelligence), - } -} - -func (s *AlertRuleKind) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseAlertRuleKind(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseAlertRuleKind(input string) (*AlertRuleKind, error) { - vals := map[string]AlertRuleKind{ - "fusion": AlertRuleKindFusion, - "mlbehavioranalytics": AlertRuleKindMLBehaviorAnalytics, - "microsoftsecurityincidentcreation": AlertRuleKindMicrosoftSecurityIncidentCreation, - "nrt": AlertRuleKindNRT, - "scheduled": AlertRuleKindScheduled, - "threatintelligence": AlertRuleKindThreatIntelligence, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := AlertRuleKind(input) - return &out, nil -} - -type AlertSeverity string - -const ( - AlertSeverityHigh AlertSeverity = "High" - AlertSeverityInformational AlertSeverity = "Informational" - AlertSeverityLow AlertSeverity = "Low" - AlertSeverityMedium AlertSeverity = "Medium" -) - -func PossibleValuesForAlertSeverity() []string { - return []string{ - string(AlertSeverityHigh), - string(AlertSeverityInformational), - string(AlertSeverityLow), - string(AlertSeverityMedium), - } -} - -func (s *AlertSeverity) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseAlertSeverity(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseAlertSeverity(input string) (*AlertSeverity, error) { - vals := map[string]AlertSeverity{ - "high": AlertSeverityHigh, - "informational": AlertSeverityInformational, - "low": AlertSeverityLow, - "medium": AlertSeverityMedium, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := AlertSeverity(input) - return &out, nil -} - -type AttackTactic string - -const ( - AttackTacticCollection AttackTactic = "Collection" - AttackTacticCommandAndControl AttackTactic = "CommandAndControl" - AttackTacticCredentialAccess AttackTactic = "CredentialAccess" - AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" - AttackTacticDiscovery AttackTactic = "Discovery" - AttackTacticExecution AttackTactic = "Execution" - AttackTacticExfiltration AttackTactic = "Exfiltration" - AttackTacticImpact AttackTactic = "Impact" - AttackTacticImpairProcessControl AttackTactic = "ImpairProcessControl" - AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction" - AttackTacticInitialAccess AttackTactic = "InitialAccess" - AttackTacticLateralMovement AttackTactic = "LateralMovement" - AttackTacticPersistence AttackTactic = "Persistence" - AttackTacticPreAttack AttackTactic = "PreAttack" - AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" - AttackTacticReconnaissance AttackTactic = "Reconnaissance" - AttackTacticResourceDevelopment AttackTactic = "ResourceDevelopment" -) - -func PossibleValuesForAttackTactic() []string { - return []string{ - string(AttackTacticCollection), - string(AttackTacticCommandAndControl), - string(AttackTacticCredentialAccess), - string(AttackTacticDefenseEvasion), - string(AttackTacticDiscovery), - string(AttackTacticExecution), - string(AttackTacticExfiltration), - string(AttackTacticImpact), - string(AttackTacticImpairProcessControl), - string(AttackTacticInhibitResponseFunction), - string(AttackTacticInitialAccess), - string(AttackTacticLateralMovement), - string(AttackTacticPersistence), - string(AttackTacticPreAttack), - string(AttackTacticPrivilegeEscalation), - string(AttackTacticReconnaissance), - string(AttackTacticResourceDevelopment), - } -} - -func (s *AttackTactic) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseAttackTactic(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseAttackTactic(input string) (*AttackTactic, error) { - vals := map[string]AttackTactic{ - "collection": AttackTacticCollection, - "commandandcontrol": AttackTacticCommandAndControl, - "credentialaccess": AttackTacticCredentialAccess, - "defenseevasion": AttackTacticDefenseEvasion, - "discovery": AttackTacticDiscovery, - "execution": AttackTacticExecution, - "exfiltration": AttackTacticExfiltration, - "impact": AttackTacticImpact, - "impairprocesscontrol": AttackTacticImpairProcessControl, - "inhibitresponsefunction": AttackTacticInhibitResponseFunction, - "initialaccess": AttackTacticInitialAccess, - "lateralmovement": AttackTacticLateralMovement, - "persistence": AttackTacticPersistence, - "preattack": AttackTacticPreAttack, - "privilegeescalation": AttackTacticPrivilegeEscalation, - "reconnaissance": AttackTacticReconnaissance, - "resourcedevelopment": AttackTacticResourceDevelopment, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := AttackTactic(input) - return &out, nil -} - -type EntityMappingType string - -const ( - EntityMappingTypeAccount EntityMappingType = "Account" - EntityMappingTypeAzureResource EntityMappingType = "AzureResource" - EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication" - EntityMappingTypeDNS EntityMappingType = "DNS" - EntityMappingTypeFile EntityMappingType = "File" - EntityMappingTypeFileHash EntityMappingType = "FileHash" - EntityMappingTypeHost EntityMappingType = "Host" - EntityMappingTypeIP EntityMappingType = "IP" - EntityMappingTypeMailCluster EntityMappingType = "MailCluster" - EntityMappingTypeMailMessage EntityMappingType = "MailMessage" - EntityMappingTypeMailbox EntityMappingType = "Mailbox" - EntityMappingTypeMalware EntityMappingType = "Malware" - EntityMappingTypeProcess EntityMappingType = "Process" - EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey" - EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue" - EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup" - EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail" - EntityMappingTypeURL EntityMappingType = "URL" -) - -func PossibleValuesForEntityMappingType() []string { - return []string{ - string(EntityMappingTypeAccount), - string(EntityMappingTypeAzureResource), - string(EntityMappingTypeCloudApplication), - string(EntityMappingTypeDNS), - string(EntityMappingTypeFile), - string(EntityMappingTypeFileHash), - string(EntityMappingTypeHost), - string(EntityMappingTypeIP), - string(EntityMappingTypeMailCluster), - string(EntityMappingTypeMailMessage), - string(EntityMappingTypeMailbox), - string(EntityMappingTypeMalware), - string(EntityMappingTypeProcess), - string(EntityMappingTypeRegistryKey), - string(EntityMappingTypeRegistryValue), - string(EntityMappingTypeSecurityGroup), - string(EntityMappingTypeSubmissionMail), - string(EntityMappingTypeURL), - } -} - -func (s *EntityMappingType) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseEntityMappingType(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseEntityMappingType(input string) (*EntityMappingType, error) { - vals := map[string]EntityMappingType{ - "account": EntityMappingTypeAccount, - "azureresource": EntityMappingTypeAzureResource, - "cloudapplication": EntityMappingTypeCloudApplication, - "dns": EntityMappingTypeDNS, - "file": EntityMappingTypeFile, - "filehash": EntityMappingTypeFileHash, - "host": EntityMappingTypeHost, - "ip": EntityMappingTypeIP, - "mailcluster": EntityMappingTypeMailCluster, - "mailmessage": EntityMappingTypeMailMessage, - "mailbox": EntityMappingTypeMailbox, - "malware": EntityMappingTypeMalware, - "process": EntityMappingTypeProcess, - "registrykey": EntityMappingTypeRegistryKey, - "registryvalue": EntityMappingTypeRegistryValue, - "securitygroup": EntityMappingTypeSecurityGroup, - "submissionmail": EntityMappingTypeSubmissionMail, - "url": EntityMappingTypeURL, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := EntityMappingType(input) - return &out, nil -} - -type EventGroupingAggregationKind string - -const ( - EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult" - EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert" -) - -func PossibleValuesForEventGroupingAggregationKind() []string { - return []string{ - string(EventGroupingAggregationKindAlertPerResult), - string(EventGroupingAggregationKindSingleAlert), - } -} - -func (s *EventGroupingAggregationKind) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseEventGroupingAggregationKind(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseEventGroupingAggregationKind(input string) (*EventGroupingAggregationKind, error) { - vals := map[string]EventGroupingAggregationKind{ - "alertperresult": EventGroupingAggregationKindAlertPerResult, - "singlealert": EventGroupingAggregationKindSingleAlert, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := EventGroupingAggregationKind(input) - return &out, nil -} - -type MatchingMethod string - -const ( - MatchingMethodAllEntities MatchingMethod = "AllEntities" - MatchingMethodAnyAlert MatchingMethod = "AnyAlert" - MatchingMethodSelected MatchingMethod = "Selected" -) - -func PossibleValuesForMatchingMethod() []string { - return []string{ - string(MatchingMethodAllEntities), - string(MatchingMethodAnyAlert), - string(MatchingMethodSelected), - } -} - -func (s *MatchingMethod) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseMatchingMethod(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseMatchingMethod(input string) (*MatchingMethod, error) { - vals := map[string]MatchingMethod{ - "allentities": MatchingMethodAllEntities, - "anyalert": MatchingMethodAnyAlert, - "selected": MatchingMethodSelected, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := MatchingMethod(input) - return &out, nil -} - -type MicrosoftSecurityProductName string - -const ( - MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" - MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" - MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" - MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" - MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" - MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" - MicrosoftSecurityProductNameOfficeThreeSixFiveAdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" -) - -func PossibleValuesForMicrosoftSecurityProductName() []string { - return []string{ - string(MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection), - string(MicrosoftSecurityProductNameAzureAdvancedThreatProtection), - string(MicrosoftSecurityProductNameAzureSecurityCenter), - string(MicrosoftSecurityProductNameAzureSecurityCenterForIoT), - string(MicrosoftSecurityProductNameMicrosoftCloudAppSecurity), - string(MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection), - string(MicrosoftSecurityProductNameOfficeThreeSixFiveAdvancedThreatProtection), - } -} - -func (s *MicrosoftSecurityProductName) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseMicrosoftSecurityProductName(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseMicrosoftSecurityProductName(input string) (*MicrosoftSecurityProductName, error) { - vals := map[string]MicrosoftSecurityProductName{ - "azure active directory identity protection": MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection, - "azure advanced threat protection": MicrosoftSecurityProductNameAzureAdvancedThreatProtection, - "azure security center": MicrosoftSecurityProductNameAzureSecurityCenter, - "azure security center for iot": MicrosoftSecurityProductNameAzureSecurityCenterForIoT, - "microsoft cloud app security": MicrosoftSecurityProductNameMicrosoftCloudAppSecurity, - "microsoft defender advanced threat protection": MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection, - "office 365 advanced threat protection": MicrosoftSecurityProductNameOfficeThreeSixFiveAdvancedThreatProtection, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := MicrosoftSecurityProductName(input) - return &out, nil -} - -type TriggerOperator string - -const ( - TriggerOperatorEqual TriggerOperator = "Equal" - TriggerOperatorGreaterThan TriggerOperator = "GreaterThan" - TriggerOperatorLessThan TriggerOperator = "LessThan" - TriggerOperatorNotEqual TriggerOperator = "NotEqual" -) - -func PossibleValuesForTriggerOperator() []string { - return []string{ - string(TriggerOperatorEqual), - string(TriggerOperatorGreaterThan), - string(TriggerOperatorLessThan), - string(TriggerOperatorNotEqual), - } -} - -func (s *TriggerOperator) UnmarshalJSON(bytes []byte) error { - var decoded string - if err := json.Unmarshal(bytes, &decoded); err != nil { - return fmt.Errorf("unmarshaling: %+v", err) - } - out, err := parseTriggerOperator(decoded) - if err != nil { - return fmt.Errorf("parsing %q: %+v", decoded, err) - } - *s = *out - return nil -} - -func parseTriggerOperator(input string) (*TriggerOperator, error) { - vals := map[string]TriggerOperator{ - "equal": TriggerOperatorEqual, - "greaterthan": TriggerOperatorGreaterThan, - "lessthan": TriggerOperatorLessThan, - "notequal": TriggerOperatorNotEqual, - } - if v, ok := vals[strings.ToLower(input)]; ok { - return &v, nil - } - - // otherwise presume it's an undefined value and best-effort it - out := TriggerOperator(input) - return &out, nil -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/id_alertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/id_alertrule.go deleted file mode 100644 index 6d6969d0276d..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/id_alertrule.go +++ /dev/null @@ -1,141 +0,0 @@ -package alertrules - -import ( - "fmt" - "strings" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/recaser" - "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -func init() { - recaser.RegisterResourceId(&AlertRuleId{}) -} - -var _ resourceids.ResourceId = &AlertRuleId{} - -// AlertRuleId is a struct representing the Resource ID for a Alert Rule -type AlertRuleId struct { - SubscriptionId string - ResourceGroupName string - WorkspaceName string - RuleId string -} - -// NewAlertRuleID returns a new AlertRuleId struct -func NewAlertRuleID(subscriptionId string, resourceGroupName string, workspaceName string, ruleId string) AlertRuleId { - return AlertRuleId{ - SubscriptionId: subscriptionId, - ResourceGroupName: resourceGroupName, - WorkspaceName: workspaceName, - RuleId: ruleId, - } -} - -// ParseAlertRuleID parses 'input' into a AlertRuleId -func ParseAlertRuleID(input string) (*AlertRuleId, error) { - parser := resourceids.NewParserFromResourceIdType(&AlertRuleId{}) - parsed, err := parser.Parse(input, false) - if err != nil { - return nil, fmt.Errorf("parsing %q: %+v", input, err) - } - - id := AlertRuleId{} - if err = id.FromParseResult(*parsed); err != nil { - return nil, err - } - - return &id, nil -} - -// ParseAlertRuleIDInsensitively parses 'input' case-insensitively into a AlertRuleId -// note: this method should only be used for API response data and not user input -func ParseAlertRuleIDInsensitively(input string) (*AlertRuleId, error) { - parser := resourceids.NewParserFromResourceIdType(&AlertRuleId{}) - parsed, err := parser.Parse(input, true) - if err != nil { - return nil, fmt.Errorf("parsing %q: %+v", input, err) - } - - id := AlertRuleId{} - if err = id.FromParseResult(*parsed); err != nil { - return nil, err - } - - return &id, nil -} - -func (id *AlertRuleId) FromParseResult(input resourceids.ParseResult) error { - var ok bool - - if id.SubscriptionId, ok = input.Parsed["subscriptionId"]; !ok { - return resourceids.NewSegmentNotSpecifiedError(id, "subscriptionId", input) - } - - if id.ResourceGroupName, ok = input.Parsed["resourceGroupName"]; !ok { - return resourceids.NewSegmentNotSpecifiedError(id, "resourceGroupName", input) - } - - if id.WorkspaceName, ok = input.Parsed["workspaceName"]; !ok { - return resourceids.NewSegmentNotSpecifiedError(id, "workspaceName", input) - } - - if id.RuleId, ok = input.Parsed["ruleId"]; !ok { - return resourceids.NewSegmentNotSpecifiedError(id, "ruleId", input) - } - - return nil -} - -// ValidateAlertRuleID checks that 'input' can be parsed as a Alert Rule ID -func ValidateAlertRuleID(input interface{}, key string) (warnings []string, errors []error) { - v, ok := input.(string) - if !ok { - errors = append(errors, fmt.Errorf("expected %q to be a string", key)) - return - } - - if _, err := ParseAlertRuleID(v); err != nil { - errors = append(errors, err) - } - - return -} - -// ID returns the formatted Alert Rule ID -func (id AlertRuleId) ID() string { - fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.OperationalInsights/workspaces/%s/providers/Microsoft.SecurityInsights/alertRules/%s" - return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroupName, id.WorkspaceName, id.RuleId) -} - -// Segments returns a slice of Resource ID Segments which comprise this Alert Rule ID -func (id AlertRuleId) Segments() []resourceids.Segment { - return []resourceids.Segment{ - resourceids.StaticSegment("staticSubscriptions", "subscriptions", "subscriptions"), - resourceids.SubscriptionIdSegment("subscriptionId", "12345678-1234-9876-4563-123456789012"), - resourceids.StaticSegment("staticResourceGroups", "resourceGroups", "resourceGroups"), - resourceids.ResourceGroupSegment("resourceGroupName", "example-resource-group"), - resourceids.StaticSegment("staticProviders", "providers", "providers"), - resourceids.ResourceProviderSegment("staticMicrosoftOperationalInsights", "Microsoft.OperationalInsights", "Microsoft.OperationalInsights"), - resourceids.StaticSegment("staticWorkspaces", "workspaces", "workspaces"), - resourceids.UserSpecifiedSegment("workspaceName", "workspaceName"), - resourceids.StaticSegment("staticProviders2", "providers", "providers"), - resourceids.ResourceProviderSegment("staticMicrosoftSecurityInsights", "Microsoft.SecurityInsights", "Microsoft.SecurityInsights"), - resourceids.StaticSegment("staticAlertRules", "alertRules", "alertRules"), - resourceids.UserSpecifiedSegment("ruleId", "ruleId"), - } -} - -// String returns a human-readable description of this Alert Rule ID -func (id AlertRuleId) String() string { - components := []string{ - fmt.Sprintf("Subscription: %q", id.SubscriptionId), - fmt.Sprintf("Resource Group Name: %q", id.ResourceGroupName), - fmt.Sprintf("Workspace Name: %q", id.WorkspaceName), - fmt.Sprintf("Rule: %q", id.RuleId), - } - return fmt.Sprintf("Alert Rule (%s)", strings.Join(components, "\n")) -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/id_workspace.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/id_workspace.go deleted file mode 100644 index 6ca991d3ed14..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/id_workspace.go +++ /dev/null @@ -1,130 +0,0 @@ -package alertrules - -import ( - "fmt" - "strings" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/recaser" - "github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -func init() { - recaser.RegisterResourceId(&WorkspaceId{}) -} - -var _ resourceids.ResourceId = &WorkspaceId{} - -// WorkspaceId is a struct representing the Resource ID for a Workspace -type WorkspaceId struct { - SubscriptionId string - ResourceGroupName string - WorkspaceName string -} - -// NewWorkspaceID returns a new WorkspaceId struct -func NewWorkspaceID(subscriptionId string, resourceGroupName string, workspaceName string) WorkspaceId { - return WorkspaceId{ - SubscriptionId: subscriptionId, - ResourceGroupName: resourceGroupName, - WorkspaceName: workspaceName, - } -} - -// ParseWorkspaceID parses 'input' into a WorkspaceId -func ParseWorkspaceID(input string) (*WorkspaceId, error) { - parser := resourceids.NewParserFromResourceIdType(&WorkspaceId{}) - parsed, err := parser.Parse(input, false) - if err != nil { - return nil, fmt.Errorf("parsing %q: %+v", input, err) - } - - id := WorkspaceId{} - if err = id.FromParseResult(*parsed); err != nil { - return nil, err - } - - return &id, nil -} - -// ParseWorkspaceIDInsensitively parses 'input' case-insensitively into a WorkspaceId -// note: this method should only be used for API response data and not user input -func ParseWorkspaceIDInsensitively(input string) (*WorkspaceId, error) { - parser := resourceids.NewParserFromResourceIdType(&WorkspaceId{}) - parsed, err := parser.Parse(input, true) - if err != nil { - return nil, fmt.Errorf("parsing %q: %+v", input, err) - } - - id := WorkspaceId{} - if err = id.FromParseResult(*parsed); err != nil { - return nil, err - } - - return &id, nil -} - -func (id *WorkspaceId) FromParseResult(input resourceids.ParseResult) error { - var ok bool - - if id.SubscriptionId, ok = input.Parsed["subscriptionId"]; !ok { - return resourceids.NewSegmentNotSpecifiedError(id, "subscriptionId", input) - } - - if id.ResourceGroupName, ok = input.Parsed["resourceGroupName"]; !ok { - return resourceids.NewSegmentNotSpecifiedError(id, "resourceGroupName", input) - } - - if id.WorkspaceName, ok = input.Parsed["workspaceName"]; !ok { - return resourceids.NewSegmentNotSpecifiedError(id, "workspaceName", input) - } - - return nil -} - -// ValidateWorkspaceID checks that 'input' can be parsed as a Workspace ID -func ValidateWorkspaceID(input interface{}, key string) (warnings []string, errors []error) { - v, ok := input.(string) - if !ok { - errors = append(errors, fmt.Errorf("expected %q to be a string", key)) - return - } - - if _, err := ParseWorkspaceID(v); err != nil { - errors = append(errors, err) - } - - return -} - -// ID returns the formatted Workspace ID -func (id WorkspaceId) ID() string { - fmtString := "/subscriptions/%s/resourceGroups/%s/providers/Microsoft.OperationalInsights/workspaces/%s" - return fmt.Sprintf(fmtString, id.SubscriptionId, id.ResourceGroupName, id.WorkspaceName) -} - -// Segments returns a slice of Resource ID Segments which comprise this Workspace ID -func (id WorkspaceId) Segments() []resourceids.Segment { - return []resourceids.Segment{ - resourceids.StaticSegment("staticSubscriptions", "subscriptions", "subscriptions"), - resourceids.SubscriptionIdSegment("subscriptionId", "12345678-1234-9876-4563-123456789012"), - resourceids.StaticSegment("staticResourceGroups", "resourceGroups", "resourceGroups"), - resourceids.ResourceGroupSegment("resourceGroupName", "example-resource-group"), - resourceids.StaticSegment("staticProviders", "providers", "providers"), - resourceids.ResourceProviderSegment("staticMicrosoftOperationalInsights", "Microsoft.OperationalInsights", "Microsoft.OperationalInsights"), - resourceids.StaticSegment("staticWorkspaces", "workspaces", "workspaces"), - resourceids.UserSpecifiedSegment("workspaceName", "workspaceName"), - } -} - -// String returns a human-readable description of this Workspace ID -func (id WorkspaceId) String() string { - components := []string{ - fmt.Sprintf("Subscription: %q", id.SubscriptionId), - fmt.Sprintf("Resource Group Name: %q", id.ResourceGroupName), - fmt.Sprintf("Workspace Name: %q", id.WorkspaceName), - } - return fmt.Sprintf("Workspace (%s)", strings.Join(components, "\n")) -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_createorupdate.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_createorupdate.go deleted file mode 100644 index 13548ddf46e8..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_createorupdate.go +++ /dev/null @@ -1,63 +0,0 @@ -package alertrules - -import ( - "context" - "encoding/json" - "net/http" - - "github.com/hashicorp/go-azure-sdk/sdk/client" - "github.com/hashicorp/go-azure-sdk/sdk/odata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type CreateOrUpdateOperationResponse struct { - HttpResponse *http.Response - OData *odata.OData - Model AlertRule -} - -// CreateOrUpdate ... -func (c AlertRulesClient) CreateOrUpdate(ctx context.Context, id AlertRuleId, input AlertRule) (result CreateOrUpdateOperationResponse, err error) { - opts := client.RequestOptions{ - ContentType: "application/json; charset=utf-8", - ExpectedStatusCodes: []int{ - http.StatusCreated, - http.StatusOK, - }, - HttpMethod: http.MethodPut, - Path: id.ID(), - } - - req, err := c.Client.NewRequest(ctx, opts) - if err != nil { - return - } - - if err = req.Marshal(input); err != nil { - return - } - - var resp *client.Response - resp, err = req.Execute(ctx) - if resp != nil { - result.OData = resp.OData - result.HttpResponse = resp.Response - } - if err != nil { - return - } - - var respObj json.RawMessage - if err = resp.Unmarshal(&respObj); err != nil { - return - } - model, err := UnmarshalAlertRuleImplementation(respObj) - if err != nil { - return - } - result.Model = model - - return -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_delete.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_delete.go deleted file mode 100644 index aae7085c25e2..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_delete.go +++ /dev/null @@ -1,47 +0,0 @@ -package alertrules - -import ( - "context" - "net/http" - - "github.com/hashicorp/go-azure-sdk/sdk/client" - "github.com/hashicorp/go-azure-sdk/sdk/odata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type DeleteOperationResponse struct { - HttpResponse *http.Response - OData *odata.OData -} - -// Delete ... -func (c AlertRulesClient) Delete(ctx context.Context, id AlertRuleId) (result DeleteOperationResponse, err error) { - opts := client.RequestOptions{ - ContentType: "application/json; charset=utf-8", - ExpectedStatusCodes: []int{ - http.StatusNoContent, - http.StatusOK, - }, - HttpMethod: http.MethodDelete, - Path: id.ID(), - } - - req, err := c.Client.NewRequest(ctx, opts) - if err != nil { - return - } - - var resp *client.Response - resp, err = req.Execute(ctx) - if resp != nil { - result.OData = resp.OData - result.HttpResponse = resp.Response - } - if err != nil { - return - } - - return -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_get.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_get.go deleted file mode 100644 index f6b552d75c7f..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_get.go +++ /dev/null @@ -1,58 +0,0 @@ -package alertrules - -import ( - "context" - "encoding/json" - "net/http" - - "github.com/hashicorp/go-azure-sdk/sdk/client" - "github.com/hashicorp/go-azure-sdk/sdk/odata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type GetOperationResponse struct { - HttpResponse *http.Response - OData *odata.OData - Model AlertRule -} - -// Get ... -func (c AlertRulesClient) Get(ctx context.Context, id AlertRuleId) (result GetOperationResponse, err error) { - opts := client.RequestOptions{ - ContentType: "application/json; charset=utf-8", - ExpectedStatusCodes: []int{ - http.StatusOK, - }, - HttpMethod: http.MethodGet, - Path: id.ID(), - } - - req, err := c.Client.NewRequest(ctx, opts) - if err != nil { - return - } - - var resp *client.Response - resp, err = req.Execute(ctx) - if resp != nil { - result.OData = resp.OData - result.HttpResponse = resp.Response - } - if err != nil { - return - } - - var respObj json.RawMessage - if err = resp.Unmarshal(&respObj); err != nil { - return - } - model, err := UnmarshalAlertRuleImplementation(respObj) - if err != nil { - return - } - result.Model = model - - return -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_list.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_list.go deleted file mode 100644 index 55fff58c8614..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/method_list.go +++ /dev/null @@ -1,117 +0,0 @@ -package alertrules - -import ( - "context" - "encoding/json" - "fmt" - "net/http" - - "github.com/hashicorp/go-azure-sdk/sdk/client" - "github.com/hashicorp/go-azure-sdk/sdk/odata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type ListOperationResponse struct { - HttpResponse *http.Response - OData *odata.OData - Model *[]AlertRule -} - -type ListCompleteResult struct { - LatestHttpResponse *http.Response - Items []AlertRule -} - -type ListCustomPager struct { - NextLink *odata.Link `json:"nextLink"` -} - -func (p *ListCustomPager) NextPageLink() *odata.Link { - defer func() { - p.NextLink = nil - }() - - return p.NextLink -} - -// List ... -func (c AlertRulesClient) List(ctx context.Context, id WorkspaceId) (result ListOperationResponse, err error) { - opts := client.RequestOptions{ - ContentType: "application/json; charset=utf-8", - ExpectedStatusCodes: []int{ - http.StatusOK, - }, - HttpMethod: http.MethodGet, - Pager: &ListCustomPager{}, - Path: fmt.Sprintf("%s/providers/Microsoft.SecurityInsights/alertRules", id.ID()), - } - - req, err := c.Client.NewRequest(ctx, opts) - if err != nil { - return - } - - var resp *client.Response - resp, err = req.ExecutePaged(ctx) - if resp != nil { - result.OData = resp.OData - result.HttpResponse = resp.Response - } - if err != nil { - return - } - - var values struct { - Values *[]json.RawMessage `json:"value"` - } - if err = resp.Unmarshal(&values); err != nil { - return - } - - temp := make([]AlertRule, 0) - if values.Values != nil { - for i, v := range *values.Values { - val, err := UnmarshalAlertRuleImplementation(v) - if err != nil { - err = fmt.Errorf("unmarshalling item %d for AlertRule (%q): %+v", i, v, err) - return result, err - } - temp = append(temp, val) - } - } - result.Model = &temp - - return -} - -// ListComplete retrieves all the results into a single object -func (c AlertRulesClient) ListComplete(ctx context.Context, id WorkspaceId) (ListCompleteResult, error) { - return c.ListCompleteMatchingPredicate(ctx, id, AlertRuleOperationPredicate{}) -} - -// ListCompleteMatchingPredicate retrieves all the results and then applies the predicate -func (c AlertRulesClient) ListCompleteMatchingPredicate(ctx context.Context, id WorkspaceId, predicate AlertRuleOperationPredicate) (result ListCompleteResult, err error) { - items := make([]AlertRule, 0) - - resp, err := c.List(ctx, id) - if err != nil { - result.LatestHttpResponse = resp.HttpResponse - err = fmt.Errorf("loading results: %+v", err) - return - } - if resp.Model != nil { - for _, v := range *resp.Model { - if predicate.Matches(v) { - items = append(items, v) - } - } - } - - result = ListCompleteResult{ - LatestHttpResponse: resp.HttpResponse, - Items: items, - } - return -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertdetailsoverride.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertdetailsoverride.go deleted file mode 100644 index 15010b19db06..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertdetailsoverride.go +++ /dev/null @@ -1,12 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type AlertDetailsOverride struct { - AlertDescriptionFormat *string `json:"alertDescriptionFormat,omitempty"` - AlertDisplayNameFormat *string `json:"alertDisplayNameFormat,omitempty"` - AlertDynamicProperties *[]AlertPropertyMapping `json:"alertDynamicProperties,omitempty"` - AlertSeverityColumnName *string `json:"alertSeverityColumnName,omitempty"` - AlertTacticsColumnName *string `json:"alertTacticsColumnName,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertpropertymapping.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertpropertymapping.go deleted file mode 100644 index f98f2362b60d..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertpropertymapping.go +++ /dev/null @@ -1,9 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type AlertPropertyMapping struct { - AlertProperty *AlertProperty `json:"alertProperty,omitempty"` - Value *string `json:"value,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertrule.go deleted file mode 100644 index 706f1a808af0..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_alertrule.go +++ /dev/null @@ -1,122 +0,0 @@ -package alertrules - -import ( - "encoding/json" - "fmt" - "strings" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type AlertRule interface { - AlertRule() BaseAlertRuleImpl -} - -var _ AlertRule = BaseAlertRuleImpl{} - -type BaseAlertRuleImpl struct { - Etag *string `json:"etag,omitempty"` - Id *string `json:"id,omitempty"` - Kind AlertRuleKind `json:"kind"` - Name *string `json:"name,omitempty"` - SystemData *systemdata.SystemData `json:"systemData,omitempty"` - Type *string `json:"type,omitempty"` -} - -func (s BaseAlertRuleImpl) AlertRule() BaseAlertRuleImpl { - return s -} - -var _ AlertRule = RawAlertRuleImpl{} - -// RawAlertRuleImpl is returned when the Discriminated Value doesn't match any of the defined types -// NOTE: this should only be used when a type isn't defined for this type of Object (as a workaround) -// and is used only for Deserialization (e.g. this cannot be used as a Request Payload). -type RawAlertRuleImpl struct { - alertRule BaseAlertRuleImpl - Type string - Values map[string]interface{} -} - -func (s RawAlertRuleImpl) AlertRule() BaseAlertRuleImpl { - return s.alertRule -} - -func UnmarshalAlertRuleImplementation(input []byte) (AlertRule, error) { - if input == nil { - return nil, nil - } - - var temp map[string]interface{} - if err := json.Unmarshal(input, &temp); err != nil { - return nil, fmt.Errorf("unmarshaling AlertRule into map[string]interface: %+v", err) - } - - var value string - if v, ok := temp["kind"]; ok { - value = fmt.Sprintf("%v", v) - } - - if strings.EqualFold(value, "Fusion") { - var out FusionAlertRule - if err := json.Unmarshal(input, &out); err != nil { - return nil, fmt.Errorf("unmarshaling into FusionAlertRule: %+v", err) - } - return out, nil - } - - if strings.EqualFold(value, "MLBehaviorAnalytics") { - var out MLBehaviorAnalyticsAlertRule - if err := json.Unmarshal(input, &out); err != nil { - return nil, fmt.Errorf("unmarshaling into MLBehaviorAnalyticsAlertRule: %+v", err) - } - return out, nil - } - - if strings.EqualFold(value, "MicrosoftSecurityIncidentCreation") { - var out MicrosoftSecurityIncidentCreationAlertRule - if err := json.Unmarshal(input, &out); err != nil { - return nil, fmt.Errorf("unmarshaling into MicrosoftSecurityIncidentCreationAlertRule: %+v", err) - } - return out, nil - } - - if strings.EqualFold(value, "NRT") { - var out NrtAlertRule - if err := json.Unmarshal(input, &out); err != nil { - return nil, fmt.Errorf("unmarshaling into NrtAlertRule: %+v", err) - } - return out, nil - } - - if strings.EqualFold(value, "Scheduled") { - var out ScheduledAlertRule - if err := json.Unmarshal(input, &out); err != nil { - return nil, fmt.Errorf("unmarshaling into ScheduledAlertRule: %+v", err) - } - return out, nil - } - - if strings.EqualFold(value, "ThreatIntelligence") { - var out ThreatIntelligenceAlertRule - if err := json.Unmarshal(input, &out); err != nil { - return nil, fmt.Errorf("unmarshaling into ThreatIntelligenceAlertRule: %+v", err) - } - return out, nil - } - - var parent BaseAlertRuleImpl - if err := json.Unmarshal(input, &parent); err != nil { - return nil, fmt.Errorf("unmarshaling into BaseAlertRuleImpl: %+v", err) - } - - return RawAlertRuleImpl{ - alertRule: parent, - Type: value, - Values: temp, - }, nil - -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_entitymapping.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_entitymapping.go deleted file mode 100644 index b1fc81c3323a..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_entitymapping.go +++ /dev/null @@ -1,9 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type EntityMapping struct { - EntityType *EntityMappingType `json:"entityType,omitempty"` - FieldMappings *[]FieldMapping `json:"fieldMappings,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_eventgroupingsettings.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_eventgroupingsettings.go deleted file mode 100644 index ae513b5b198c..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_eventgroupingsettings.go +++ /dev/null @@ -1,8 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type EventGroupingSettings struct { - AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fieldmapping.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fieldmapping.go deleted file mode 100644 index 9e73ac232185..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fieldmapping.go +++ /dev/null @@ -1,9 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type FieldMapping struct { - ColumnName *string `json:"columnName,omitempty"` - Identifier *string `json:"identifier,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionalertrule.go deleted file mode 100644 index f9ebd649bd9c..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionalertrule.go +++ /dev/null @@ -1,62 +0,0 @@ -package alertrules - -import ( - "encoding/json" - "fmt" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -var _ AlertRule = FusionAlertRule{} - -type FusionAlertRule struct { - Properties *FusionAlertRuleProperties `json:"properties,omitempty"` - - // Fields inherited from AlertRule - - Etag *string `json:"etag,omitempty"` - Id *string `json:"id,omitempty"` - Kind AlertRuleKind `json:"kind"` - Name *string `json:"name,omitempty"` - SystemData *systemdata.SystemData `json:"systemData,omitempty"` - Type *string `json:"type,omitempty"` -} - -func (s FusionAlertRule) AlertRule() BaseAlertRuleImpl { - return BaseAlertRuleImpl{ - Etag: s.Etag, - Id: s.Id, - Kind: s.Kind, - Name: s.Name, - SystemData: s.SystemData, - Type: s.Type, - } -} - -var _ json.Marshaler = FusionAlertRule{} - -func (s FusionAlertRule) MarshalJSON() ([]byte, error) { - type wrapper FusionAlertRule - wrapped := wrapper(s) - encoded, err := json.Marshal(wrapped) - if err != nil { - return nil, fmt.Errorf("marshaling FusionAlertRule: %+v", err) - } - - var decoded map[string]interface{} - if err = json.Unmarshal(encoded, &decoded); err != nil { - return nil, fmt.Errorf("unmarshaling FusionAlertRule: %+v", err) - } - - decoded["kind"] = "Fusion" - - encoded, err = json.Marshal(decoded) - if err != nil { - return nil, fmt.Errorf("re-marshaling FusionAlertRule: %+v", err) - } - - return encoded, nil -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionalertruleproperties.go deleted file mode 100644 index 89e3751fcc87..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionalertruleproperties.go +++ /dev/null @@ -1,35 +0,0 @@ -package alertrules - -import ( - "time" - - "github.com/hashicorp/go-azure-helpers/lang/dates" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type FusionAlertRuleProperties struct { - AlertRuleTemplateName string `json:"alertRuleTemplateName"` - Description *string `json:"description,omitempty"` - DisplayName *string `json:"displayName,omitempty"` - Enabled bool `json:"enabled"` - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` - ScenarioExclusionPatterns *[]FusionScenarioExclusionPattern `json:"scenarioExclusionPatterns,omitempty"` - Severity *AlertSeverity `json:"severity,omitempty"` - SourceSettings *[]FusionSourceSettings `json:"sourceSettings,omitempty"` - Tactics *[]AttackTactic `json:"tactics,omitempty"` - Techniques *[]string `json:"techniques,omitempty"` -} - -func (o *FusionAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { - if o.LastModifiedUtc == nil { - return nil, nil - } - return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") -} - -func (o *FusionAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { - formatted := input.Format("2006-01-02T15:04:05Z07:00") - o.LastModifiedUtc = &formatted -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionscenarioexclusionpattern.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionscenarioexclusionpattern.go deleted file mode 100644 index 98b11076d11a..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionscenarioexclusionpattern.go +++ /dev/null @@ -1,9 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type FusionScenarioExclusionPattern struct { - DateAddedInUTC string `json:"dateAddedInUTC"` - ExclusionPattern string `json:"exclusionPattern"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsourcesettings.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsourcesettings.go deleted file mode 100644 index dd206d437b58..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsourcesettings.go +++ /dev/null @@ -1,10 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type FusionSourceSettings struct { - Enabled bool `json:"enabled"` - SourceName string `json:"sourceName"` - SourceSubTypes *[]FusionSourceSubTypeSetting `json:"sourceSubTypes,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsourcesubtypesetting.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsourcesubtypesetting.go deleted file mode 100644 index b2561512e5f8..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsourcesubtypesetting.go +++ /dev/null @@ -1,11 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type FusionSourceSubTypeSetting struct { - Enabled bool `json:"enabled"` - SeverityFilters FusionSubTypeSeverityFilter `json:"severityFilters"` - SourceSubTypeDisplayName *string `json:"sourceSubTypeDisplayName,omitempty"` - SourceSubTypeName string `json:"sourceSubTypeName"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsubtypeseverityfilter.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsubtypeseverityfilter.go deleted file mode 100644 index 149cc8f8372c..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsubtypeseverityfilter.go +++ /dev/null @@ -1,9 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type FusionSubTypeSeverityFilter struct { - Filters *[]FusionSubTypeSeverityFiltersItem `json:"filters,omitempty"` - IsSupported *bool `json:"isSupported,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsubtypeseverityfiltersitem.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsubtypeseverityfiltersitem.go deleted file mode 100644 index 5e70b222ee7f..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_fusionsubtypeseverityfiltersitem.go +++ /dev/null @@ -1,9 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type FusionSubTypeSeverityFiltersItem struct { - Enabled bool `json:"enabled"` - Severity AlertSeverity `json:"severity"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_groupingconfiguration.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_groupingconfiguration.go deleted file mode 100644 index cb8d21f3d601..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_groupingconfiguration.go +++ /dev/null @@ -1,14 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type GroupingConfiguration struct { - Enabled bool `json:"enabled"` - GroupByAlertDetails *[]AlertDetail `json:"groupByAlertDetails,omitempty"` - GroupByCustomDetails *[]string `json:"groupByCustomDetails,omitempty"` - GroupByEntities *[]EntityMappingType `json:"groupByEntities,omitempty"` - LookbackDuration string `json:"lookbackDuration"` - MatchingMethod MatchingMethod `json:"matchingMethod"` - ReopenClosedIncident bool `json:"reopenClosedIncident"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_incidentconfiguration.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_incidentconfiguration.go deleted file mode 100644 index 53ab8b667b1c..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_incidentconfiguration.go +++ /dev/null @@ -1,9 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type IncidentConfiguration struct { - CreateIncident bool `json:"createIncident"` - GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_microsoftsecurityincidentcreationalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_microsoftsecurityincidentcreationalertrule.go deleted file mode 100644 index ccf5f8899d4b..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_microsoftsecurityincidentcreationalertrule.go +++ /dev/null @@ -1,62 +0,0 @@ -package alertrules - -import ( - "encoding/json" - "fmt" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -var _ AlertRule = MicrosoftSecurityIncidentCreationAlertRule{} - -type MicrosoftSecurityIncidentCreationAlertRule struct { - Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` - - // Fields inherited from AlertRule - - Etag *string `json:"etag,omitempty"` - Id *string `json:"id,omitempty"` - Kind AlertRuleKind `json:"kind"` - Name *string `json:"name,omitempty"` - SystemData *systemdata.SystemData `json:"systemData,omitempty"` - Type *string `json:"type,omitempty"` -} - -func (s MicrosoftSecurityIncidentCreationAlertRule) AlertRule() BaseAlertRuleImpl { - return BaseAlertRuleImpl{ - Etag: s.Etag, - Id: s.Id, - Kind: s.Kind, - Name: s.Name, - SystemData: s.SystemData, - Type: s.Type, - } -} - -var _ json.Marshaler = MicrosoftSecurityIncidentCreationAlertRule{} - -func (s MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { - type wrapper MicrosoftSecurityIncidentCreationAlertRule - wrapped := wrapper(s) - encoded, err := json.Marshal(wrapped) - if err != nil { - return nil, fmt.Errorf("marshaling MicrosoftSecurityIncidentCreationAlertRule: %+v", err) - } - - var decoded map[string]interface{} - if err = json.Unmarshal(encoded, &decoded); err != nil { - return nil, fmt.Errorf("unmarshaling MicrosoftSecurityIncidentCreationAlertRule: %+v", err) - } - - decoded["kind"] = "MicrosoftSecurityIncidentCreation" - - encoded, err = json.Marshal(decoded) - if err != nil { - return nil, fmt.Errorf("re-marshaling MicrosoftSecurityIncidentCreationAlertRule: %+v", err) - } - - return encoded, nil -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_microsoftsecurityincidentcreationalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_microsoftsecurityincidentcreationalertruleproperties.go deleted file mode 100644 index 428ca90f774f..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_microsoftsecurityincidentcreationalertruleproperties.go +++ /dev/null @@ -1,34 +0,0 @@ -package alertrules - -import ( - "time" - - "github.com/hashicorp/go-azure-helpers/lang/dates" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { - AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` - Description *string `json:"description,omitempty"` - DisplayName string `json:"displayName"` - DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` - DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` - Enabled bool `json:"enabled"` - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` - ProductFilter MicrosoftSecurityProductName `json:"productFilter"` - SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` -} - -func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { - if o.LastModifiedUtc == nil { - return nil, nil - } - return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") -} - -func (o *MicrosoftSecurityIncidentCreationAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { - formatted := input.Format("2006-01-02T15:04:05Z07:00") - o.LastModifiedUtc = &formatted -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_mlbehavioranalyticsalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_mlbehavioranalyticsalertrule.go deleted file mode 100644 index f5c3da24cd19..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_mlbehavioranalyticsalertrule.go +++ /dev/null @@ -1,62 +0,0 @@ -package alertrules - -import ( - "encoding/json" - "fmt" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -var _ AlertRule = MLBehaviorAnalyticsAlertRule{} - -type MLBehaviorAnalyticsAlertRule struct { - Properties *MLBehaviorAnalyticsAlertRuleProperties `json:"properties,omitempty"` - - // Fields inherited from AlertRule - - Etag *string `json:"etag,omitempty"` - Id *string `json:"id,omitempty"` - Kind AlertRuleKind `json:"kind"` - Name *string `json:"name,omitempty"` - SystemData *systemdata.SystemData `json:"systemData,omitempty"` - Type *string `json:"type,omitempty"` -} - -func (s MLBehaviorAnalyticsAlertRule) AlertRule() BaseAlertRuleImpl { - return BaseAlertRuleImpl{ - Etag: s.Etag, - Id: s.Id, - Kind: s.Kind, - Name: s.Name, - SystemData: s.SystemData, - Type: s.Type, - } -} - -var _ json.Marshaler = MLBehaviorAnalyticsAlertRule{} - -func (s MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error) { - type wrapper MLBehaviorAnalyticsAlertRule - wrapped := wrapper(s) - encoded, err := json.Marshal(wrapped) - if err != nil { - return nil, fmt.Errorf("marshaling MLBehaviorAnalyticsAlertRule: %+v", err) - } - - var decoded map[string]interface{} - if err = json.Unmarshal(encoded, &decoded); err != nil { - return nil, fmt.Errorf("unmarshaling MLBehaviorAnalyticsAlertRule: %+v", err) - } - - decoded["kind"] = "MLBehaviorAnalytics" - - encoded, err = json.Marshal(decoded) - if err != nil { - return nil, fmt.Errorf("re-marshaling MLBehaviorAnalyticsAlertRule: %+v", err) - } - - return encoded, nil -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_mlbehavioranalyticsalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_mlbehavioranalyticsalertruleproperties.go deleted file mode 100644 index 87834ad4f66b..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_mlbehavioranalyticsalertruleproperties.go +++ /dev/null @@ -1,33 +0,0 @@ -package alertrules - -import ( - "time" - - "github.com/hashicorp/go-azure-helpers/lang/dates" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type MLBehaviorAnalyticsAlertRuleProperties struct { - AlertRuleTemplateName string `json:"alertRuleTemplateName"` - Description *string `json:"description,omitempty"` - DisplayName *string `json:"displayName,omitempty"` - Enabled bool `json:"enabled"` - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` - Severity *AlertSeverity `json:"severity,omitempty"` - Tactics *[]AttackTactic `json:"tactics,omitempty"` - Techniques *[]string `json:"techniques,omitempty"` -} - -func (o *MLBehaviorAnalyticsAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { - if o.LastModifiedUtc == nil { - return nil, nil - } - return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") -} - -func (o *MLBehaviorAnalyticsAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { - formatted := input.Format("2006-01-02T15:04:05Z07:00") - o.LastModifiedUtc = &formatted -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_nrtalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_nrtalertrule.go deleted file mode 100644 index 4cb451bbb75b..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_nrtalertrule.go +++ /dev/null @@ -1,62 +0,0 @@ -package alertrules - -import ( - "encoding/json" - "fmt" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -var _ AlertRule = NrtAlertRule{} - -type NrtAlertRule struct { - Properties *NrtAlertRuleProperties `json:"properties,omitempty"` - - // Fields inherited from AlertRule - - Etag *string `json:"etag,omitempty"` - Id *string `json:"id,omitempty"` - Kind AlertRuleKind `json:"kind"` - Name *string `json:"name,omitempty"` - SystemData *systemdata.SystemData `json:"systemData,omitempty"` - Type *string `json:"type,omitempty"` -} - -func (s NrtAlertRule) AlertRule() BaseAlertRuleImpl { - return BaseAlertRuleImpl{ - Etag: s.Etag, - Id: s.Id, - Kind: s.Kind, - Name: s.Name, - SystemData: s.SystemData, - Type: s.Type, - } -} - -var _ json.Marshaler = NrtAlertRule{} - -func (s NrtAlertRule) MarshalJSON() ([]byte, error) { - type wrapper NrtAlertRule - wrapped := wrapper(s) - encoded, err := json.Marshal(wrapped) - if err != nil { - return nil, fmt.Errorf("marshaling NrtAlertRule: %+v", err) - } - - var decoded map[string]interface{} - if err = json.Unmarshal(encoded, &decoded); err != nil { - return nil, fmt.Errorf("unmarshaling NrtAlertRule: %+v", err) - } - - decoded["kind"] = "NRT" - - encoded, err = json.Marshal(decoded) - if err != nil { - return nil, fmt.Errorf("re-marshaling NrtAlertRule: %+v", err) - } - - return encoded, nil -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_nrtalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_nrtalertruleproperties.go deleted file mode 100644 index 8c8669017c93..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_nrtalertruleproperties.go +++ /dev/null @@ -1,43 +0,0 @@ -package alertrules - -import ( - "time" - - "github.com/hashicorp/go-azure-helpers/lang/dates" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type NrtAlertRuleProperties struct { - AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` - AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` - CustomDetails *map[string]string `json:"customDetails,omitempty"` - Description *string `json:"description,omitempty"` - DisplayName string `json:"displayName"` - Enabled bool `json:"enabled"` - EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"` - EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` - IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` - Query string `json:"query"` - SentinelEntitiesMappings *[]SentinelEntityMapping `json:"sentinelEntitiesMappings,omitempty"` - Severity AlertSeverity `json:"severity"` - SuppressionDuration string `json:"suppressionDuration"` - SuppressionEnabled bool `json:"suppressionEnabled"` - Tactics *[]AttackTactic `json:"tactics,omitempty"` - Techniques *[]string `json:"techniques,omitempty"` - TemplateVersion *string `json:"templateVersion,omitempty"` -} - -func (o *NrtAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { - if o.LastModifiedUtc == nil { - return nil, nil - } - return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") -} - -func (o *NrtAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { - formatted := input.Format("2006-01-02T15:04:05Z07:00") - o.LastModifiedUtc = &formatted -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_scheduledalertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_scheduledalertrule.go deleted file mode 100644 index 6dc6c221e548..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_scheduledalertrule.go +++ /dev/null @@ -1,62 +0,0 @@ -package alertrules - -import ( - "encoding/json" - "fmt" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -var _ AlertRule = ScheduledAlertRule{} - -type ScheduledAlertRule struct { - Properties *ScheduledAlertRuleProperties `json:"properties,omitempty"` - - // Fields inherited from AlertRule - - Etag *string `json:"etag,omitempty"` - Id *string `json:"id,omitempty"` - Kind AlertRuleKind `json:"kind"` - Name *string `json:"name,omitempty"` - SystemData *systemdata.SystemData `json:"systemData,omitempty"` - Type *string `json:"type,omitempty"` -} - -func (s ScheduledAlertRule) AlertRule() BaseAlertRuleImpl { - return BaseAlertRuleImpl{ - Etag: s.Etag, - Id: s.Id, - Kind: s.Kind, - Name: s.Name, - SystemData: s.SystemData, - Type: s.Type, - } -} - -var _ json.Marshaler = ScheduledAlertRule{} - -func (s ScheduledAlertRule) MarshalJSON() ([]byte, error) { - type wrapper ScheduledAlertRule - wrapped := wrapper(s) - encoded, err := json.Marshal(wrapped) - if err != nil { - return nil, fmt.Errorf("marshaling ScheduledAlertRule: %+v", err) - } - - var decoded map[string]interface{} - if err = json.Unmarshal(encoded, &decoded); err != nil { - return nil, fmt.Errorf("unmarshaling ScheduledAlertRule: %+v", err) - } - - decoded["kind"] = "Scheduled" - - encoded, err = json.Marshal(decoded) - if err != nil { - return nil, fmt.Errorf("re-marshaling ScheduledAlertRule: %+v", err) - } - - return encoded, nil -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_scheduledalertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_scheduledalertruleproperties.go deleted file mode 100644 index f75eee1a4d19..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_scheduledalertruleproperties.go +++ /dev/null @@ -1,47 +0,0 @@ -package alertrules - -import ( - "time" - - "github.com/hashicorp/go-azure-helpers/lang/dates" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type ScheduledAlertRuleProperties struct { - AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` - AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` - CustomDetails *map[string]string `json:"customDetails,omitempty"` - Description *string `json:"description,omitempty"` - DisplayName string `json:"displayName"` - Enabled bool `json:"enabled"` - EntityMappings *[]EntityMapping `json:"entityMappings,omitempty"` - EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` - IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` - Query *string `json:"query,omitempty"` - QueryFrequency *string `json:"queryFrequency,omitempty"` - QueryPeriod *string `json:"queryPeriod,omitempty"` - SentinelEntitiesMappings *[]SentinelEntityMapping `json:"sentinelEntitiesMappings,omitempty"` - Severity *AlertSeverity `json:"severity,omitempty"` - SuppressionDuration string `json:"suppressionDuration"` - SuppressionEnabled bool `json:"suppressionEnabled"` - Tactics *[]AttackTactic `json:"tactics,omitempty"` - Techniques *[]string `json:"techniques,omitempty"` - TemplateVersion *string `json:"templateVersion,omitempty"` - TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"` - TriggerThreshold *int64 `json:"triggerThreshold,omitempty"` -} - -func (o *ScheduledAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { - if o.LastModifiedUtc == nil { - return nil, nil - } - return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") -} - -func (o *ScheduledAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { - formatted := input.Format("2006-01-02T15:04:05Z07:00") - o.LastModifiedUtc = &formatted -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_sentinelentitymapping.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_sentinelentitymapping.go deleted file mode 100644 index 356dda0094fe..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_sentinelentitymapping.go +++ /dev/null @@ -1,8 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type SentinelEntityMapping struct { - ColumnName *string `json:"columnName,omitempty"` -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_threatintelligencealertrule.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_threatintelligencealertrule.go deleted file mode 100644 index ea1acdbd17c9..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_threatintelligencealertrule.go +++ /dev/null @@ -1,62 +0,0 @@ -package alertrules - -import ( - "encoding/json" - "fmt" - - "github.com/hashicorp/go-azure-helpers/resourcemanager/systemdata" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -var _ AlertRule = ThreatIntelligenceAlertRule{} - -type ThreatIntelligenceAlertRule struct { - Properties *ThreatIntelligenceAlertRuleProperties `json:"properties,omitempty"` - - // Fields inherited from AlertRule - - Etag *string `json:"etag,omitempty"` - Id *string `json:"id,omitempty"` - Kind AlertRuleKind `json:"kind"` - Name *string `json:"name,omitempty"` - SystemData *systemdata.SystemData `json:"systemData,omitempty"` - Type *string `json:"type,omitempty"` -} - -func (s ThreatIntelligenceAlertRule) AlertRule() BaseAlertRuleImpl { - return BaseAlertRuleImpl{ - Etag: s.Etag, - Id: s.Id, - Kind: s.Kind, - Name: s.Name, - SystemData: s.SystemData, - Type: s.Type, - } -} - -var _ json.Marshaler = ThreatIntelligenceAlertRule{} - -func (s ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error) { - type wrapper ThreatIntelligenceAlertRule - wrapped := wrapper(s) - encoded, err := json.Marshal(wrapped) - if err != nil { - return nil, fmt.Errorf("marshaling ThreatIntelligenceAlertRule: %+v", err) - } - - var decoded map[string]interface{} - if err = json.Unmarshal(encoded, &decoded); err != nil { - return nil, fmt.Errorf("unmarshaling ThreatIntelligenceAlertRule: %+v", err) - } - - decoded["kind"] = "ThreatIntelligence" - - encoded, err = json.Marshal(decoded) - if err != nil { - return nil, fmt.Errorf("re-marshaling ThreatIntelligenceAlertRule: %+v", err) - } - - return encoded, nil -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_threatintelligencealertruleproperties.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_threatintelligencealertruleproperties.go deleted file mode 100644 index 498f10795251..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/model_threatintelligencealertruleproperties.go +++ /dev/null @@ -1,33 +0,0 @@ -package alertrules - -import ( - "time" - - "github.com/hashicorp/go-azure-helpers/lang/dates" -) - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type ThreatIntelligenceAlertRuleProperties struct { - AlertRuleTemplateName string `json:"alertRuleTemplateName"` - Description *string `json:"description,omitempty"` - DisplayName *string `json:"displayName,omitempty"` - Enabled bool `json:"enabled"` - LastModifiedUtc *string `json:"lastModifiedUtc,omitempty"` - Severity *AlertSeverity `json:"severity,omitempty"` - Tactics *[]AttackTactic `json:"tactics,omitempty"` - Techniques *[]string `json:"techniques,omitempty"` -} - -func (o *ThreatIntelligenceAlertRuleProperties) GetLastModifiedUtcAsTime() (*time.Time, error) { - if o.LastModifiedUtc == nil { - return nil, nil - } - return dates.ParseAsFormat(o.LastModifiedUtc, "2006-01-02T15:04:05Z07:00") -} - -func (o *ThreatIntelligenceAlertRuleProperties) SetLastModifiedUtcAsTime(input time.Time) { - formatted := input.Format("2006-01-02T15:04:05Z07:00") - o.LastModifiedUtc = &formatted -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/predicates.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/predicates.go deleted file mode 100644 index 20dada025237..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/predicates.go +++ /dev/null @@ -1,12 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -type AlertRuleOperationPredicate struct { -} - -func (p AlertRuleOperationPredicate) Matches(input AlertRule) bool { - - return true -} diff --git a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/version.go b/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/version.go deleted file mode 100644 index ee7f550859f7..000000000000 --- a/vendor/github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules/version.go +++ /dev/null @@ -1,10 +0,0 @@ -package alertrules - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See NOTICE.txt in the project root for license information. - -const defaultApiVersion = "2022-10-01-preview" - -func userAgent() string { - return "hashicorp/go-azure-sdk/alertrules/2022-10-01-preview" -} diff --git a/vendor/modules.txt b/vendor/modules.txt index faa8a9e40b57..a0aadd62c8d5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1004,7 +1004,6 @@ github.com/hashicorp/go-azure-sdk/resource-manager/security/2022-05-01/settings github.com/hashicorp/go-azure-sdk/resource-manager/security/2022-12-01-preview/defenderforstorage github.com/hashicorp/go-azure-sdk/resource-manager/security/2023-01-01/pricings github.com/hashicorp/go-azure-sdk/resource-manager/security/2023-05-01/servervulnerabilityassessmentssettings -github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/automationrules github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/metadata github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/sentinelonboardingstates From 87754837d46c4abbe8fe47f63b37c5bbbcf559ce Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Mon, 9 Dec 2024 15:00:39 +1100 Subject: [PATCH 06/10] update acctest --- ...inel_alert_rule_anomaly_built_in_resource_test.go | 2 +- .../sentinel_alert_rule_anomaly_data_source_test.go | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/internal/services/sentinel/sentinel_alert_rule_anomaly_built_in_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_anomaly_built_in_resource_test.go index 5b675c1b51c8..34e4435164ea 100644 --- a/internal/services/sentinel/sentinel_alert_rule_anomaly_built_in_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_anomaly_built_in_resource_test.go @@ -61,7 +61,7 @@ func (SentinelAlertRuleAnomalyBuiltInResource) basic(data acceptance.TestData) s return fmt.Sprintf(` %s resource "azurerm_sentinel_alert_rule_anomaly_built_in" "test" { - display_name = "Potential data staging" + display_name = "UEBA Anomalous Account Deletion" log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.test.workspace_id enabled = true mode = "Production" diff --git a/internal/services/sentinel/sentinel_alert_rule_anomaly_data_source_test.go b/internal/services/sentinel/sentinel_alert_rule_anomaly_data_source_test.go index 6d927c20a4e7..b2a322e89c0a 100644 --- a/internal/services/sentinel/sentinel_alert_rule_anomaly_data_source_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_anomaly_data_source_test.go @@ -34,7 +34,7 @@ func TestAccSentinelAlertRuleAnomalyDataSource_basicWithThreshold(t *testing.T) check.That(data.ResourceName).Key("settings_definition_id").Exists(), check.That(data.ResourceName).Key("tactics.#").HasValue("1"), check.That(data.ResourceName).Key("techniques.#").HasValue("1"), - check.That(data.ResourceName).Key("threshold_observation.#").HasValue("2"), + check.That(data.ResourceName).Key("threshold_observation.#").HasValue("1"), ), }, }) @@ -113,9 +113,9 @@ func TestAccSentinelAlertRuleAnomalyDataSource_basicWithPrioritized(t *testing.T check.That(data.ResourceName).Key("required_data_connector.#").HasValue("1"), check.That(data.ResourceName).Key("mode").Exists(), check.That(data.ResourceName).Key("settings_definition_id").Exists(), - check.That(data.ResourceName).Key("tactics.#").HasValue("2"), - check.That(data.ResourceName).Key("techniques.#").HasValue("2"), - check.That(data.ResourceName).Key("prioritized_exclude_observation.#").HasValue("2"), + check.That(data.ResourceName).Key("tactics.#").HasValue("1"), + check.That(data.ResourceName).Key("techniques.#").HasValue("1"), + check.That(data.ResourceName).Key("prioritized_exclude_observation.#").HasValue("1"), ), }, }) @@ -127,7 +127,7 @@ func (SentinelAlertRuleAnomalyDataSource) basic_withThreshold(data acceptance.Te data "azurerm_sentinel_alert_rule_anomaly" "test" { log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.test.workspace_id - display_name = "Potential data staging" + display_name = "Attempted user account bruteforce" } `, SecurityInsightsSentinelOnboardingStateResource{}.basic(data)) } @@ -160,7 +160,7 @@ func (SentinelAlertRuleAnomalyDataSource) basic_withPrioritizeExclude(data accep data "azurerm_sentinel_alert_rule_anomaly" "test" { log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.test.workspace_id - display_name = "Anomalous web request activity" + display_name = "Rare privileged process calls on a daily basis" } `, SecurityInsightsSentinelOnboardingStateResource{}.basic(data)) } From 1a92687da5425c9fece980068c6b25fad8baff4a Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Tue, 10 Dec 2024 09:46:14 +1100 Subject: [PATCH 07/10] fresh vendor --- vendor/modules.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/modules.txt b/vendor/modules.txt index 58be4329893c..83b56d8c9e2f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1005,12 +1005,12 @@ github.com/hashicorp/go-azure-sdk/resource-manager/security/2022-05-01/settings github.com/hashicorp/go-azure-sdk/resource-manager/security/2022-12-01-preview/defenderforstorage github.com/hashicorp/go-azure-sdk/resource-manager/security/2023-01-01/pricings github.com/hashicorp/go-azure-sdk/resource-manager/security/2023-05-01/servervulnerabilityassessmentssettings -github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/automationrules github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/metadata github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/sentinelonboardingstates github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlistitems github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlists +github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules github.com/hashicorp/go-azure-sdk/resource-manager/servicebus/2021-06-01-preview/disasterrecoveryconfigs github.com/hashicorp/go-azure-sdk/resource-manager/servicebus/2021-06-01-preview/namespacesauthorizationrule github.com/hashicorp/go-azure-sdk/resource-manager/servicebus/2021-06-01-preview/queues From e7acaf3853fdca9b0e84fa0838c1355012ed4ce8 Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Tue, 10 Dec 2024 22:03:28 +1100 Subject: [PATCH 08/10] revert useless functions --- internal/services/sentinel/client/client.go | 14 +- .../services/sentinel/sentinel_alert_rule.go | 397 ------------------ .../sentinel_alert_rule_scheduled_resource.go | 32 +- ...inel_alert_rule_scheduled_resource_test.go | 2 +- 4 files changed, 20 insertions(+), 425 deletions(-) diff --git a/internal/services/sentinel/client/client.go b/internal/services/sentinel/client/client.go index 44400b4ee5dd..4b44512f4575 100644 --- a/internal/services/sentinel/client/client.go +++ b/internal/services/sentinel/client/client.go @@ -12,13 +12,13 @@ import ( "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/sentinelonboardingstates" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlistitems" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlists" - newalertrules "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" + "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/common" securityinsight "github.com/jackofallops/kermit/sdk/securityinsights/2022-10-01-preview/securityinsights" ) type Client struct { - AlertRulesClient *newalertrules.AlertRulesClient + AlertRulesClient *alertrules.AlertRulesClient AlertRuleTemplatesClient *alertruletemplates.AlertRuleTemplatesClient AutomationRulesClient *automationrules.AutomationRulesClient DataConnectorsClient *securityinsight.DataConnectorsClient @@ -28,11 +28,10 @@ type Client struct { AnalyticsSettingsClient *securityinsight.SecurityMLAnalyticsSettingsClient ThreatIntelligenceClient *securityinsight.ThreatIntelligenceIndicatorClient MetadataClient *metadata.MetadataClient - NewAlertRulesClient *newalertrules.AlertRulesClient } func NewClient(o *common.ClientOptions) (*Client, error) { - alertRulesClient, err := newalertrules.NewAlertRulesClientWithBaseURI(o.Environment.ResourceManager) + alertRulesClient, err := alertrules.NewAlertRulesClientWithBaseURI(o.Environment.ResourceManager) if err != nil { return nil, fmt.Errorf("building Alert Rules Client: %+v", err) } @@ -80,12 +79,6 @@ func NewClient(o *common.ClientOptions) (*Client, error) { } o.Configure(metadataClient.Client, o.Authorizers.ResourceManager) - newAlertRulesClient, err := newalertrules.NewAlertRulesClientWithBaseURI(o.Environment.ResourceManager) - if err != nil { - return nil, fmt.Errorf("building New Alert Rules Client: %+v", err) - } - o.Configure(newAlertRulesClient.Client, o.Authorizers.ResourceManager) - return &Client{ AlertRulesClient: alertRulesClient, AlertRuleTemplatesClient: &alertRuleTemplatesClient, @@ -97,6 +90,5 @@ func NewClient(o *common.ClientOptions) (*Client, error) { AnalyticsSettingsClient: &analyticsSettingsClient, ThreatIntelligenceClient: &threatIntelligenceClient, MetadataClient: metadataClient, - NewAlertRulesClient: newAlertRulesClient, }, nil } diff --git a/internal/services/sentinel/sentinel_alert_rule.go b/internal/services/sentinel/sentinel_alert_rule.go index e4d1bf483472..241543de1b88 100644 --- a/internal/services/sentinel/sentinel_alert_rule.go +++ b/internal/services/sentinel/sentinel_alert_rule.go @@ -7,36 +7,13 @@ import ( "context" "fmt" - "github.com/hashicorp/go-azure-helpers/lang/pointer" "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" - newalertrules "github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" "github.com/hashicorp/terraform-provider-azurerm/internal/sdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/utils" ) -// TODO: after all sentinel alert rules updated to new API version, remove these old functions and rename new funtions. -func importNewSentinelAlertRule(expectKind newalertrules.AlertRuleKind) pluginsdk.ImporterFunc { - return func(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) (data []*pluginsdk.ResourceData, err error) { - id, err := newalertrules.ParseAlertRuleID(d.Id()) - if err != nil { - return nil, err - } - - client := meta.(*clients.Client).Sentinel.NewAlertRulesClient - resp, err := client.Get(ctx, *id) - if err != nil { - return nil, fmt.Errorf("retrieving %q: %+v", id, err) - } - - if err = assertNewAlertRuleKind(resp.Model, expectKind); err != nil { - return nil, err - } - return []*pluginsdk.ResourceData{d}, nil - } -} - func importSentinelAlertRule(expectKind alertrules.AlertRuleKind) pluginsdk.ImporterFunc { return func(ctx context.Context, d *pluginsdk.ResourceData, meta interface{}) (data []*pluginsdk.ResourceData, err error) { id, err := alertrules.ParseAlertRuleID(d.Id()) @@ -103,26 +80,6 @@ func assertAlertRuleKind(rule alertrules.AlertRule, expectKind alertrules.AlertR return nil } -func assertNewAlertRuleKind(rule newalertrules.AlertRule, expectKind newalertrules.AlertRuleKind) error { - if rule == nil { - return fmt.Errorf("model was nil") - } - - var kind newalertrules.AlertRuleKind - switch rule.(type) { - case newalertrules.ScheduledAlertRule: - kind = newalertrules.AlertRuleKindScheduled - case newalertrules.FusionAlertRule: - kind = newalertrules.AlertRuleKindFusion - case newalertrules.MicrosoftSecurityIncidentCreationAlertRule: - kind = newalertrules.AlertRuleKindMicrosoftSecurityIncidentCreation - } - if expectKind != kind { - return fmt.Errorf("Sentinel Alert Rule has mismatched kind, expected: %q, got %q", expectKind, kind) - } - return nil -} - func expandAlertRuleTactics(input []interface{}) *[]alertrules.AttackTactic { result := make([]alertrules.AttackTactic, 0) @@ -133,16 +90,6 @@ func expandAlertRuleTactics(input []interface{}) *[]alertrules.AttackTactic { return &result } -func expandNewAlertRuleTactics(input []interface{}) *[]newalertrules.AttackTactic { - result := make([]newalertrules.AttackTactic, 0) - - for _, e := range input { - result = append(result, newalertrules.AttackTactic(e.(string))) - } - - return &result -} - func flattenAlertRuleTactics(input *[]alertrules.AttackTactic) []interface{} { if input == nil { return []interface{}{} @@ -157,20 +104,6 @@ func flattenAlertRuleTactics(input *[]alertrules.AttackTactic) []interface{} { return output } -func flattenNewAlertRuleTactics(input *[]newalertrules.AttackTactic) []interface{} { - if input == nil { - return []interface{}{} - } - - output := make([]interface{}, 0) - - for _, e := range *input { - output = append(output, string(e)) - } - - return output -} - func expandAlertRuleTechnicals(input []interface{}) *[]string { result := make([]string, 0) @@ -196,21 +129,6 @@ func expandAlertRuleIncidentConfiguration(input []interface{}, createIncidentKey return output } -func expandNewAlertRuleIncidentConfiguration(input []interface{}, createIncidentKey string, withGroupByPrefix bool) *newalertrules.IncidentConfiguration { - if len(input) == 0 || input[0] == nil { - return nil - } - - raw := input[0].(map[string]interface{}) - - output := &newalertrules.IncidentConfiguration{ - CreateIncident: raw[createIncidentKey].(bool), - GroupingConfiguration: expandNewAlertRuleGrouping(raw["grouping"].([]interface{}), withGroupByPrefix), - } - - return output -} - func flattenAlertRuleIncidentConfiguration(input *alertrules.IncidentConfiguration, createIncidentKey string, withGroupByPrefix bool) []interface{} { if input == nil { return []interface{}{} @@ -224,19 +142,6 @@ func flattenAlertRuleIncidentConfiguration(input *alertrules.IncidentConfigurati } } -func flattenNewAlertRuleIncidentConfiguration(input *newalertrules.IncidentConfiguration, createIncidentKey string, withGroupByPrefix bool) []interface{} { - if input == nil { - return []interface{}{} - } - - return []interface{}{ - map[string]interface{}{ - createIncidentKey: input.CreateIncident, - "grouping": flattenNewAlertRuleGrouping(input.GroupingConfiguration, withGroupByPrefix), - }, - } -} - func expandAlertRuleEventGroupingSetting(input []interface{}) *alertrules.EventGroupingSettings { if len(input) == 0 || input[0] == nil { return nil @@ -298,51 +203,6 @@ func expandAlertRuleGrouping(input []interface{}, withGroupPrefix bool) *alertru return output } -func expandNewAlertRuleGrouping(input []interface{}, withGroupPrefix bool) *newalertrules.GroupingConfiguration { - if len(input) == 0 || input[0] == nil { - return nil - } - - raw := input[0].(map[string]interface{}) - - output := &newalertrules.GroupingConfiguration{ - Enabled: raw["enabled"].(bool), - ReopenClosedIncident: raw["reopen_closed_incidents"].(bool), - LookbackDuration: raw["lookback_duration"].(string), - MatchingMethod: newalertrules.MatchingMethod(raw["entity_matching_method"].(string)), - } - - key := "by_entities" - if withGroupPrefix { - key = "group_" + key - } - groupByEntitiesList := raw[key].([]interface{}) - groupByEntities := make([]newalertrules.EntityMappingType, len(groupByEntitiesList)) - for idx, t := range groupByEntitiesList { - groupByEntities[idx] = newalertrules.EntityMappingType(t.(string)) - } - output.GroupByEntities = &groupByEntities - - key = "by_alert_details" - if withGroupPrefix { - key = "group_" + key - } - groupByAlertDetailsList := raw[key].([]interface{}) - groupByAlertDetails := make([]newalertrules.AlertDetail, len(groupByAlertDetailsList)) - for idx, t := range groupByAlertDetailsList { - groupByAlertDetails[idx] = newalertrules.AlertDetail(t.(string)) - } - output.GroupByAlertDetails = &groupByAlertDetails - - key = "by_custom_details" - if withGroupPrefix { - key = "group_" + key - } - output.GroupByCustomDetails = utils.ExpandStringSlice(raw[key].([]interface{})) - - return output -} - func flattenAlertRuleGrouping(input *alertrules.GroupingConfiguration, withGroupPrefix bool) []interface{} { if input == nil { return []interface{}{} @@ -410,56 +270,6 @@ func flattenAlertRuleEventGroupingSetting(input *alertrules.EventGroupingSetting } } -func flattenNewAlertRuleGrouping(input *newalertrules.GroupingConfiguration, withGroupPrefix bool) []interface{} { - if input == nil { - return []interface{}{} - } - - var groupByEntities []interface{} - if input.GroupByEntities != nil { - for _, entity := range *input.GroupByEntities { - groupByEntities = append(groupByEntities, string(entity)) - } - } - - var groupByAlertDetails []interface{} - if input.GroupByAlertDetails != nil { - for _, detail := range *input.GroupByAlertDetails { - groupByAlertDetails = append(groupByAlertDetails, string(detail)) - } - } - - var groupByCustomDetails []interface{} - if input.GroupByCustomDetails != nil { - for _, detail := range *input.GroupByCustomDetails { - groupByCustomDetails = append(groupByCustomDetails, detail) - } - } - - var ( - k1 = "by_entities" - k2 = "by_alert_details" - k3 = "by_custom_details" - ) - - if withGroupPrefix { - k1 = "group_" + k1 - k2 = "group_" + k2 - k3 = "group_" + k3 - } - return []interface{}{ - map[string]interface{}{ - "enabled": input.Enabled, - "lookback_duration": input.LookbackDuration, - "reopen_closed_incidents": input.ReopenClosedIncident, - "entity_matching_method": string(input.MatchingMethod), - k1: groupByEntities, - k2: groupByAlertDetails, - k3: groupByCustomDetails, - }, - } -} - func expandAlertRuleAlertDetailsOverride(input []interface{}) *alertrules.AlertDetailsOverride { if len(input) == 0 || input[0] == nil { return nil @@ -487,33 +297,6 @@ func expandAlertRuleAlertDetailsOverride(input []interface{}) *alertrules.AlertD return output } -func expandNewAlertRuleAlertDetailsOverride(input []interface{}) *newalertrules.AlertDetailsOverride { - if len(input) == 0 || input[0] == nil { - return nil - } - - b := input[0].(map[string]interface{}) - output := &newalertrules.AlertDetailsOverride{} - - if v := b["description_format"]; v != "" { - output.AlertDescriptionFormat = pointer.To(v.(string)) - } - if v := b["display_name_format"]; v != "" { - output.AlertDisplayNameFormat = pointer.To(v.(string)) - } - if v := b["severity_column_name"]; v != "" { - output.AlertSeverityColumnName = pointer.To(v.(string)) - } - if v := b["tactics_column_name"]; v != "" { - output.AlertTacticsColumnName = pointer.To(v.(string)) - } - if v := b["dynamic_property"]; v != nil && len(v.([]interface{})) > 0 { - output.AlertDynamicProperties = expandNewAlertRuleAlertDynamicProperties(v.([]interface{})) - } - - return output -} - func flattenAlertRuleAlertDetailsOverride(input *alertrules.AlertDetailsOverride) []interface{} { if input == nil { return []interface{}{} @@ -555,31 +338,6 @@ func flattenAlertRuleAlertDetailsOverride(input *alertrules.AlertDetailsOverride } } -func flattenNewAlertRuleAlertDetailsOverride(input *newalertrules.AlertDetailsOverride) []interface{} { - if input == nil { - return []interface{}{} - } - - descriptionFormat := pointer.From(input.AlertDescriptionFormat) - displayNameFormat := pointer.From(input.AlertDisplayNameFormat) - severityColumnName := pointer.From(input.AlertSeverityColumnName) - tacticsColumnName := pointer.From(input.AlertTacticsColumnName) - var dynamicProperties []interface{} - if input.AlertDynamicProperties != nil { - dynamicProperties = flattenNewAlertRuleAlertDynamicProperties(input.AlertDynamicProperties) - } - - return []interface{}{ - map[string]interface{}{ - "description_format": descriptionFormat, - "display_name_format": displayNameFormat, - "severity_column_name": severityColumnName, - "tactics_column_name": tacticsColumnName, - "dynamic_property": dynamicProperties, - }, - } -} - func expandAlertRuleAlertDynamicProperties(input []interface{}) *[]alertrules.AlertPropertyMapping { if len(input) == 0 || input[0] == nil { return nil @@ -598,24 +356,6 @@ func expandAlertRuleAlertDynamicProperties(input []interface{}) *[]alertrules.Al return &output } -func expandNewAlertRuleAlertDynamicProperties(input []interface{}) *[]newalertrules.AlertPropertyMapping { - if len(input) == 0 || input[0] == nil { - return nil - } - - output := make([]newalertrules.AlertPropertyMapping, 0, len(input)) - for _, v := range input { - b := v.(map[string]interface{}) - property := newalertrules.AlertProperty(b["name"].(string)) - output = append(output, newalertrules.AlertPropertyMapping{ - AlertProperty: &property, - Value: pointer.To(b["value"].(string)), - }) - } - - return &output -} - func flattenAlertRuleAlertDynamicProperties(input *[]alertrules.AlertPropertyMapping) []interface{} { if input == nil || len(*input) == 0 { return []interface{}{} @@ -636,26 +376,6 @@ func flattenAlertRuleAlertDynamicProperties(input *[]alertrules.AlertPropertyMap return output } -func flattenNewAlertRuleAlertDynamicProperties(input *[]newalertrules.AlertPropertyMapping) []interface{} { - if input == nil || len(*input) == 0 { - return []interface{}{} - } - - output := make([]interface{}, 0, len(*input)) - for _, i := range *input { - name := "" - if i.AlertProperty != nil { - name = string(*i.AlertProperty) - } - output = append(output, map[string]interface{}{ - "name": name, - "value": i.Value, - }) - } - - return output -} - func expandAlertRuleEntityMapping(input []interface{}) *[]alertrules.EntityMapping { if len(input) == 0 { return nil @@ -674,24 +394,6 @@ func expandAlertRuleEntityMapping(input []interface{}) *[]alertrules.EntityMappi return &result } -func expandNewAlertRuleEntityMapping(input []interface{}) *[]newalertrules.EntityMapping { - if len(input) == 0 { - return nil - } - - result := make([]newalertrules.EntityMapping, 0, len(input)) - for _, e := range input { - b := e.(map[string]interface{}) - mappingType := newalertrules.EntityMappingType(b["entity_type"].(string)) - result = append(result, newalertrules.EntityMapping{ - EntityType: &mappingType, - FieldMappings: expandNewAlertRuleFieldMapping(b["field_mapping"].([]interface{})), - }) - } - - return &result -} - func flattenAlertRuleEntityMapping(input *[]alertrules.EntityMapping) []interface{} { if input == nil { return []interface{}{} @@ -712,26 +414,6 @@ func flattenAlertRuleEntityMapping(input *[]alertrules.EntityMapping) []interfac return output } -func flattenNewAlertRuleEntityMapping(input *[]newalertrules.EntityMapping) []interface{} { - if input == nil { - return []interface{}{} - } - - output := make([]interface{}, 0, len(*input)) - for _, e := range *input { - entityType := "" - if e.EntityType != nil { - entityType = string(*e.EntityType) - } - output = append(output, map[string]interface{}{ - "entity_type": entityType, - "field_mapping": flattenNewAlertRuleFieldMapping(e.FieldMappings), - }) - } - - return output -} - func expandAlertRuleFieldMapping(input []interface{}) *[]alertrules.FieldMapping { if len(input) == 0 { return nil @@ -749,23 +431,6 @@ func expandAlertRuleFieldMapping(input []interface{}) *[]alertrules.FieldMapping return &result } -func expandNewAlertRuleFieldMapping(input []interface{}) *[]newalertrules.FieldMapping { - if len(input) == 0 { - return nil - } - - result := make([]newalertrules.FieldMapping, 0, len(input)) - for _, e := range input { - b := e.(map[string]interface{}) - result = append(result, newalertrules.FieldMapping{ - Identifier: pointer.To(b["identifier"].(string)), - ColumnName: pointer.To(b["column_name"].(string)), - }) - } - - return &result -} - func flattenAlertRuleFieldMapping(input *[]alertrules.FieldMapping) []interface{} { if input == nil { return []interface{}{} @@ -792,32 +457,6 @@ func flattenAlertRuleFieldMapping(input *[]alertrules.FieldMapping) []interface{ return output } -func flattenNewAlertRuleFieldMapping(input *[]newalertrules.FieldMapping) []interface{} { - if input == nil { - return []interface{}{} - } - - output := make([]interface{}, 0, len(*input)) - for _, e := range *input { - var identifier string - if e.Identifier != nil { - identifier = *e.Identifier - } - - var columnName string - if e.ColumnName != nil { - columnName = *e.ColumnName - } - - output = append(output, map[string]interface{}{ - "identifier": identifier, - "column_name": columnName, - }) - } - - return output -} - func expandAlertRuleSentinelEntityMapping(input []interface{}) *[]alertrules.SentinelEntityMapping { if len(input) == 0 { return nil @@ -834,22 +473,6 @@ func expandAlertRuleSentinelEntityMapping(input []interface{}) *[]alertrules.Sen return &result } -func expandNewAlertRuleSentinelEntityMapping(input []interface{}) *[]newalertrules.SentinelEntityMapping { - if len(input) == 0 { - return nil - } - - result := make([]newalertrules.SentinelEntityMapping, 0, len(input)) - for _, e := range input { - b := e.(map[string]interface{}) - result = append(result, newalertrules.SentinelEntityMapping{ - ColumnName: utils.String(b["column_name"].(string)), - }) - } - - return &result -} - func flattenAlertRuleSentinelEntityMapping(input *[]alertrules.SentinelEntityMapping) []interface{} { if input == nil { return []interface{}{} @@ -869,23 +492,3 @@ func flattenAlertRuleSentinelEntityMapping(input *[]alertrules.SentinelEntityMap return output } - -func flattenNewAlertRuleSentinelEntityMapping(input *[]newalertrules.SentinelEntityMapping) []interface{} { - if input == nil { - return []interface{}{} - } - - output := make([]interface{}, 0, len(*input)) - for _, e := range *input { - var columnName string - if e.ColumnName != nil { - columnName = *e.ColumnName - } - - output = append(output, map[string]interface{}{ - "column_name": columnName, - }) - } - - return output -} diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go index f63e8ab1a5a3..abd888e48f91 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go @@ -33,7 +33,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource { Importer: pluginsdk.ImporterValidatingResourceIdThen(func(id string) error { _, err := alertrules.ParseAlertRuleID(id) return err - }, importNewSentinelAlertRule(alertrules.AlertRuleKindScheduled)), + }, importSentinelAlertRule(alertrules.AlertRuleKindScheduled)), Timeouts: &pluginsdk.ResourceTimeout{ Create: pluginsdk.DefaultTimeout(30 * time.Minute), @@ -352,7 +352,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource { } func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Sentinel.NewAlertRulesClient + client := meta.(*clients.Client).Sentinel.AlertRulesClient ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() @@ -398,13 +398,13 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m } } - incident := expandNewAlertRuleIncidentConfiguration(d.Get("incident").([]interface{}), "create_incident_enabled", false) + incident := expandAlertRuleIncidentConfiguration(d.Get("incident").([]interface{}), "create_incident_enabled", false) param := alertrules.ScheduledAlertRule{ Properties: &alertrules.ScheduledAlertRuleProperties{ Description: utils.String(d.Get("description").(string)), DisplayName: d.Get("display_name").(string), - Tactics: expandNewAlertRuleTactics(d.Get("tactics").(*pluginsdk.Set).List()), + Tactics: expandAlertRuleTactics(d.Get("tactics").(*pluginsdk.Set).List()), Techniques: expandAlertRuleTechnicals(d.Get("techniques").(*pluginsdk.Set).List()), IncidentConfiguration: incident, Severity: pointer.To(alertrules.AlertSeverity(d.Get("severity").(string))), @@ -429,7 +429,7 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m param.Properties.EventGroupingSettings = expandAlertRuleScheduledEventGroupingSetting(v.([]interface{})) } if v, ok := d.GetOk("alert_details_override"); ok { - param.Properties.AlertDetailsOverride = expandNewAlertRuleAlertDetailsOverride(v.([]interface{})) + param.Properties.AlertDetailsOverride = expandAlertRuleAlertDetailsOverride(v.([]interface{})) } if v, ok := d.GetOk("custom_details"); ok { param.Properties.CustomDetails = utils.ExpandPtrMapStringString(v.(map[string]interface{})) @@ -438,11 +438,11 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m entityMappingCount := 0 sentinelEntityMappingCount := 0 if v, ok := d.GetOk("entity_mapping"); ok { - param.Properties.EntityMappings = expandNewAlertRuleEntityMapping(v.([]interface{})) + param.Properties.EntityMappings = expandAlertRuleEntityMapping(v.([]interface{})) entityMappingCount = len(*param.Properties.EntityMappings) } if v, ok := d.GetOk("sentinel_entity_mapping"); ok { - param.Properties.SentinelEntitiesMappings = expandNewAlertRuleSentinelEntityMapping(v.([]interface{})) + param.Properties.SentinelEntitiesMappings = expandAlertRuleSentinelEntityMapping(v.([]interface{})) sentinelEntityMappingCount = len(*param.Properties.SentinelEntitiesMappings) } @@ -457,7 +457,7 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m return fmt.Errorf("retrieving Sentinel Alert Rule Scheduled %q: %+v", id, err) } - if err := assertNewAlertRuleKind(resp.Model, alertrules.AlertRuleKindScheduled); err != nil { + if err := assertAlertRuleKind(resp.Model, alertrules.AlertRuleKindScheduled); err != nil { return fmt.Errorf("asserting alert rule of %q: %+v", id, err) } } @@ -472,7 +472,7 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m } func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Sentinel.NewAlertRulesClient + client := meta.(*clients.Client).Sentinel.AlertRulesClient ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d) defer cancel() @@ -492,7 +492,7 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte return fmt.Errorf("retrieving Sentinel Alert Rule Scheduled %q: %+v", id, err) } - if err := assertNewAlertRuleKind(resp.Model, alertrules.AlertRuleKindScheduled); err != nil { + if err := assertAlertRuleKind(resp.Model, alertrules.AlertRuleKindScheduled); err != nil { return fmt.Errorf("asserting alert rule of %q: %+v", id, err) } @@ -506,14 +506,14 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte if prop := rule.Properties; prop != nil { d.Set("description", prop.Description) d.Set("display_name", prop.DisplayName) - if err := d.Set("tactics", flattenNewAlertRuleTactics(prop.Tactics)); err != nil { + if err := d.Set("tactics", flattenAlertRuleTactics(prop.Tactics)); err != nil { return fmt.Errorf("setting `tactics`: %+v", err) } if err := d.Set("techniques", prop.Techniques); err != nil { return fmt.Errorf("setting `techniques`: %+v", err) } - if err := d.Set("incident", flattenNewAlertRuleIncidentConfiguration(prop.IncidentConfiguration, "create_incident_enabled", false)); err != nil { + if err := d.Set("incident", flattenAlertRuleIncidentConfiguration(prop.IncidentConfiguration, "create_incident_enabled", false)); err != nil { return fmt.Errorf("setting `incident`: %+v", err) } @@ -532,16 +532,16 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte if err := d.Set("event_grouping", flattenAlertRuleScheduledEventGroupingSetting(prop.EventGroupingSettings)); err != nil { return fmt.Errorf("setting `event_grouping`: %+v", err) } - if err := d.Set("alert_details_override", flattenNewAlertRuleAlertDetailsOverride(prop.AlertDetailsOverride)); err != nil { + if err := d.Set("alert_details_override", flattenAlertRuleAlertDetailsOverride(prop.AlertDetailsOverride)); err != nil { return fmt.Errorf("setting `alert_details_override`: %+v", err) } if err := d.Set("custom_details", utils.FlattenPtrMapStringString(prop.CustomDetails)); err != nil { return fmt.Errorf("setting `custom_details`: %+v", err) } - if err := d.Set("entity_mapping", flattenNewAlertRuleEntityMapping(prop.EntityMappings)); err != nil { + if err := d.Set("entity_mapping", flattenAlertRuleEntityMapping(prop.EntityMappings)); err != nil { return fmt.Errorf("setting `entity_mapping`: %+v", err) } - if err := d.Set("sentinel_entity_mapping", flattenNewAlertRuleSentinelEntityMapping(prop.SentinelEntitiesMappings)); err != nil { + if err := d.Set("sentinel_entity_mapping", flattenAlertRuleSentinelEntityMapping(prop.SentinelEntitiesMappings)); err != nil { return fmt.Errorf("setting `sentinel_entity_mapping`: %+v", err) } } @@ -552,7 +552,7 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte } func resourceSentinelAlertRuleScheduledDelete(d *pluginsdk.ResourceData, meta interface{}) error { - client := meta.(*clients.Client).Sentinel.NewAlertRulesClient + client := meta.(*clients.Client).Sentinel.AlertRulesClient ctx, cancel := timeouts.ForDelete(meta.(*clients.Client).StopContext, d) defer cancel() diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go index d076434cc3de..859ff1a133df 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go @@ -179,7 +179,7 @@ func (t SentinelAlertRuleScheduledResource) Exists(ctx context.Context, clients return nil, err } - resp, err := clients.Sentinel.NewAlertRulesClient.Get(ctx, *id) + resp, err := clients.Sentinel.AlertRulesClient.Get(ctx, *id) if err != nil { return nil, fmt.Errorf("reading Sentinel Alert Rule Scheduled %q: %v", id, err) } From 9604067c102c112c115814384ab8f80f85448f78 Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Tue, 10 Dec 2024 22:07:35 +1100 Subject: [PATCH 09/10] remove duplicate function --- .../sentinel_alert_rule_scheduled_resource.go | 37 +------------------ 1 file changed, 2 insertions(+), 35 deletions(-) diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go index abd888e48f91..d70235690d65 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go @@ -426,7 +426,7 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m param.Properties.TemplateVersion = utils.String(v.(string)) } if v, ok := d.GetOk("event_grouping"); ok { - param.Properties.EventGroupingSettings = expandAlertRuleScheduledEventGroupingSetting(v.([]interface{})) + param.Properties.EventGroupingSettings = expandAlertRuleEventGroupingSetting(v.([]interface{})) } if v, ok := d.GetOk("alert_details_override"); ok { param.Properties.AlertDetailsOverride = expandAlertRuleAlertDetailsOverride(v.([]interface{})) @@ -529,7 +529,7 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte d.Set("alert_rule_template_guid", prop.AlertRuleTemplateName) d.Set("alert_rule_template_version", prop.TemplateVersion) - if err := d.Set("event_grouping", flattenAlertRuleScheduledEventGroupingSetting(prop.EventGroupingSettings)); err != nil { + if err := d.Set("event_grouping", flattenAlertRuleEventGroupingSetting(prop.EventGroupingSettings)); err != nil { return fmt.Errorf("setting `event_grouping`: %+v", err) } if err := d.Set("alert_details_override", flattenAlertRuleAlertDetailsOverride(prop.AlertDetailsOverride)); err != nil { @@ -567,36 +567,3 @@ func resourceSentinelAlertRuleScheduledDelete(d *pluginsdk.ResourceData, meta in return nil } - -func expandAlertRuleScheduledEventGroupingSetting(input []interface{}) *alertrules.EventGroupingSettings { - if len(input) == 0 || input[0] == nil { - return nil - } - - v := input[0].(map[string]interface{}) - result := alertrules.EventGroupingSettings{} - - if aggregationKind := v["aggregation_method"].(string); aggregationKind != "" { - kind := alertrules.EventGroupingAggregationKind(aggregationKind) - result.AggregationKind = &kind - } - - return &result -} - -func flattenAlertRuleScheduledEventGroupingSetting(input *alertrules.EventGroupingSettings) []interface{} { - if input == nil { - return []interface{}{} - } - - var aggregationKind string - if input.AggregationKind != nil { - aggregationKind = string(*input.AggregationKind) - } - - return []interface{}{ - map[string]interface{}{ - "aggregation_method": aggregationKind, - }, - } -} From 010de02cf7e5b9a241f782291ed6a623d2420ccf Mon Sep 17 00:00:00 2001 From: ziyeqf <51212351+ziyeqf@users.noreply.github.com> Date: Thu, 12 Dec 2024 10:28:28 +1100 Subject: [PATCH 10/10] address comment --- .../sentinel_alert_rule_scheduled_resource_test.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go index 859ff1a133df..63f14f73d25d 100644 --- a/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go +++ b/internal/services/sentinel/sentinel_alert_rule_scheduled_resource_test.go @@ -275,6 +275,7 @@ QUERY column_name = "SourceComputerId" } } + entity_mapping { entity_type = "Account" field_mapping { @@ -282,6 +283,7 @@ QUERY column_name = "ComputerIP" } } + entity_mapping { entity_type = "Account" field_mapping { @@ -289,6 +291,7 @@ QUERY column_name = "Computer" } } + entity_mapping { entity_type = "Account" field_mapping { @@ -296,6 +299,7 @@ QUERY column_name = "Category" } } + entity_mapping { entity_type = "Account" field_mapping { @@ -323,30 +327,39 @@ QUERY sentinel_entity_mapping { column_name = "VMUUID" } + sentinel_entity_mapping { column_name = "SourceSystem" } + sentinel_entity_mapping { column_name = "TimeGenerated" } + sentinel_entity_mapping { column_name = "MG" } + sentinel_entity_mapping { column_name = "ManagementGroupName" } + sentinel_entity_mapping { column_name = "SourceComputerId" } + sentinel_entity_mapping { column_name = "ComputerIP" } + sentinel_entity_mapping { column_name = "Computer" } + sentinel_entity_mapping { column_name = "Category" } + sentinel_entity_mapping { column_name = "OSType" }