Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_sentinel_alert_rule_* - upgrade API version #28195

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
+253 −71
Open

azurerm_sentinel_alert_rule_* - upgrade API version #28195

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
12d9fac
`azurerm_sentinel_alert_rule_scheduled` - upgrade API version
ziyeqf Dec 6, 2024
2ebb2ef
expand count limitation for `entity_mapping` and
ziyeqf Dec 6, 2024
859a687
add test case
ziyeqf Dec 6, 2024
fc7b8a9
replace `utils` functions
ziyeqf Dec 6, 2024
0ba52ba
update other sentinel alert rules api version
ziyeqf Dec 9, 2024
8775483
update acctest
ziyeqf Dec 9, 2024
f5cae7e
Merge branch 'main' into sentinel_scheduled_update
ziyeqf Dec 9, 2024
1a92687
fresh vendor
ziyeqf Dec 9, 2024
e7acaf3
revert useless functions
ziyeqf Dec 10, 2024
9604067
remove duplicate function
ziyeqf Dec 10, 2024
010de02
address comment
ziyeqf Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion internal/services/sentinel/client/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ import (
"fmt"

alertruletemplates "github.com/Azure/azure-sdk-for-go/services/preview/securityinsight/mgmt/2021-09-01-preview/securityinsight" // nolint: staticcheck
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/automationrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/metadata"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/sentinelonboardingstates"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlistitems"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-11-01/watchlists"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/internal/common"
securityinsight "github.com/jackofallops/kermit/sdk/securityinsights/2022-10-01-preview/securityinsights"
)
Expand Down
35 changes: 34 additions & 1 deletion internal/services/sentinel/sentinel_alert_rule.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"context"
"fmt"

"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
Expand Down Expand Up @@ -142,6 +142,22 @@ func flattenAlertRuleIncidentConfiguration(input *alertrules.IncidentConfigurati
}
}

func expandAlertRuleEventGroupingSetting(input []interface{}) *alertrules.EventGroupingSettings {
if len(input) == 0 || input[0] == nil {
return nil
}

v := input[0].(map[string]interface{})
result := alertrules.EventGroupingSettings{}

if aggregationKind := v["aggregation_method"].(string); aggregationKind != "" {
kind := alertrules.EventGroupingAggregationKind(aggregationKind)
result.AggregationKind = &kind
}

return &result
}

func expandAlertRuleGrouping(input []interface{}, withGroupPrefix bool) *alertrules.GroupingConfiguration {
if len(input) == 0 || input[0] == nil {
return nil
Expand Down Expand Up @@ -237,6 +253,23 @@ func flattenAlertRuleGrouping(input *alertrules.GroupingConfiguration, withGroup
}
}

func flattenAlertRuleEventGroupingSetting(input *alertrules.EventGroupingSettings) []interface{} {
if input == nil {
return []interface{}{}
}

var aggregationKind string
if input.AggregationKind != nil {
aggregationKind = string(*input.AggregationKind)
}

return []interface{}{
map[string]interface{}{
"aggregation_method": aggregationKind,
},
}
}

func expandAlertRuleAlertDetailsOverride(input []interface{}) *alertrules.AlertDetailsOverride {
if len(input) == 0 || input[0] == nil {
return nil
Expand Down
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_anomaly_built_in_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ func (SentinelAlertRuleAnomalyBuiltInResource) basic(data acceptance.TestData) s
return fmt.Sprintf(`
%s
resource "azurerm_sentinel_alert_rule_anomaly_built_in" "test" {
display_name = "Potential data staging"
display_name = "UEBA Anomalous Account Deletion"
log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.test.workspace_id
enabled = true
mode = "Production"
Expand Down
12 changes: 6 additions & 6 deletions internal/services/sentinel/sentinel_alert_rule_anomaly_data_source_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func TestAccSentinelAlertRuleAnomalyDataSource_basicWithThreshold(t *testing.T)
check.That(data.ResourceName).Key("settings_definition_id").Exists(),
check.That(data.ResourceName).Key("tactics.#").HasValue("1"),
check.That(data.ResourceName).Key("techniques.#").HasValue("1"),
check.That(data.ResourceName).Key("threshold_observation.#").HasValue("2"),
check.That(data.ResourceName).Key("threshold_observation.#").HasValue("1"),
),
},
})
Expand Down Expand Up @@ -113,9 +113,9 @@ func TestAccSentinelAlertRuleAnomalyDataSource_basicWithPrioritized(t *testing.T
check.That(data.ResourceName).Key("required_data_connector.#").HasValue("1"),
check.That(data.ResourceName).Key("mode").Exists(),
check.That(data.ResourceName).Key("settings_definition_id").Exists(),
check.That(data.ResourceName).Key("tactics.#").HasValue("2"),
check.That(data.ResourceName).Key("techniques.#").HasValue("2"),
check.That(data.ResourceName).Key("prioritized_exclude_observation.#").HasValue("2"),
check.That(data.ResourceName).Key("tactics.#").HasValue("1"),
check.That(data.ResourceName).Key("techniques.#").HasValue("1"),
check.That(data.ResourceName).Key("prioritized_exclude_observation.#").HasValue("1"),
),
},
})
Expand All @@ -127,7 +127,7 @@ func (SentinelAlertRuleAnomalyDataSource) basic_withThreshold(data acceptance.Te

data "azurerm_sentinel_alert_rule_anomaly" "test" {
log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.test.workspace_id
display_name = "Potential data staging"
display_name = "Attempted user account bruteforce"
}
`, SecurityInsightsSentinelOnboardingStateResource{}.basic(data))
}
Expand Down Expand Up @@ -160,7 +160,7 @@ func (SentinelAlertRuleAnomalyDataSource) basic_withPrioritizeExclude(data accep

data "azurerm_sentinel_alert_rule_anomaly" "test" {
log_analytics_workspace_id = azurerm_sentinel_log_analytics_workspace_onboarding.test.workspace_id
display_name = "Anomalous web request activity"
display_name = "Rare privileged process calls on a daily basis"
}
`, SecurityInsightsSentinelOnboardingStateResource{}.basic(data))
}
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_data_source.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"time"

"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
Expand Down
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_fusion_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (

"github.com/hashicorp/go-azure-helpers/lang/pointer"
"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/features"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
Expand Down
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"testing"

"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
Expand Down
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"time"

"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
Expand Down
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_machine_learning_behavior_analytics_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"testing"

"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
Expand Down
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"time"

"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
Expand Down
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_ms_security_incident_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"fmt"
"testing"

"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
Expand Down
6 changes: 3 additions & 3 deletions internal/services/sentinel/sentinel_alert_rule_nrt_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"time"

"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
"github.com/hashicorp/terraform-provider-azurerm/helpers/validate"
Expand Down Expand Up @@ -367,7 +367,7 @@ func resourceSentinelAlertRuleNrtCreateUpdate(d *pluginsdk.ResourceData, meta in
param.Properties.TemplateVersion = utils.String(v.(string))
}
if v, ok := d.GetOk("event_grouping"); ok {
param.Properties.EventGroupingSettings = expandAlertRuleScheduledEventGroupingSetting(v.([]interface{}))
param.Properties.EventGroupingSettings = expandAlertRuleEventGroupingSetting(v.([]interface{}))
}
if v, ok := d.GetOk("alert_details_override"); ok {
param.Properties.AlertDetailsOverride = expandAlertRuleAlertDetailsOverride(v.([]interface{}))
Expand Down Expand Up @@ -471,7 +471,7 @@ func resourceSentinelAlertRuleNrtRead(d *pluginsdk.ResourceData, meta interface{
d.Set("alert_rule_template_guid", prop.AlertRuleTemplateName)
d.Set("alert_rule_template_version", prop.TemplateVersion)

if err := d.Set("event_grouping", flattenAlertRuleScheduledEventGroupingSetting(prop.EventGroupingSettings)); err != nil {
if err := d.Set("event_grouping", flattenAlertRuleEventGroupingSetting(prop.EventGroupingSettings)); err != nil {
return fmt.Errorf("setting `event_grouping`: %+v", err)
}
if err := d.Set("alert_details_override", flattenAlertRuleAlertDetailsOverride(prop.AlertDetailsOverride)); err != nil {
Expand Down
2 changes: 1 addition & 1 deletion internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"fmt"
"testing"

"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
Expand Down
49 changes: 8 additions & 41 deletions internal/services/sentinel/sentinel_alert_rule_scheduled_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"github.com/hashicorp/go-azure-helpers/lang/pointer"
"github.com/hashicorp/go-azure-helpers/lang/response"
"github.com/hashicorp/go-azure-sdk/resource-manager/operationalinsights/2020-08-01/workspaces"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2022-10-01-preview/alertrules"
"github.com/hashicorp/go-azure-sdk/resource-manager/securityinsights/2023-12-01-preview/alertrules"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
"github.com/hashicorp/terraform-provider-azurerm/helpers/validate"
Expand Down Expand Up @@ -301,7 +301,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource {
"entity_mapping": {
Type: pluginsdk.TypeList,
Optional: true,
MaxItems: 5,
MaxItems: 10,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although the error message provided by the API is descriptive and it seems like it makes sense to hand off the validation to the API, I think we should actually keep the MaxItems validation in the schema here because there's value in informing the user earlier of any config issues at plan time, instead of at apply time. WDYT?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree!

Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"entity_type": {
Expand Down Expand Up @@ -334,7 +334,7 @@ func resourceSentinelAlertRuleScheduled() *pluginsdk.Resource {
"sentinel_entity_mapping": {
Type: pluginsdk.TypeList,
Optional: true,
MaxItems: 5,
MaxItems: 10,
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"column_name": {
Expand Down Expand Up @@ -426,7 +426,7 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m
param.Properties.TemplateVersion = utils.String(v.(string))
}
if v, ok := d.GetOk("event_grouping"); ok {
param.Properties.EventGroupingSettings = expandAlertRuleScheduledEventGroupingSetting(v.([]interface{}))
param.Properties.EventGroupingSettings = expandAlertRuleEventGroupingSetting(v.([]interface{}))
}
if v, ok := d.GetOk("alert_details_override"); ok {
param.Properties.AlertDetailsOverride = expandAlertRuleAlertDetailsOverride(v.([]interface{}))
Expand All @@ -446,9 +446,9 @@ func resourceSentinelAlertRuleScheduledCreateUpdate(d *pluginsdk.ResourceData, m
sentinelEntityMappingCount = len(*param.Properties.SentinelEntitiesMappings)
}

// the max number of `sentinel_entity_mapping` and `entity_mapping` together is 5
if entityMappingCount+sentinelEntityMappingCount > 5 {
return fmt.Errorf("`entity_mapping` and `sentinel_entity_mapping` together can't exceed 5")
// the max number of `sentinel_entity_mapping` and `entity_mapping` together is 10
if entityMappingCount+sentinelEntityMappingCount > 10 {
return fmt.Errorf("`entity_mapping` and `sentinel_entity_mapping` together can't exceed 10")
}

if !d.IsNewResource() {
Expand Down Expand Up @@ -529,7 +529,7 @@ func resourceSentinelAlertRuleScheduledRead(d *pluginsdk.ResourceData, meta inte
d.Set("alert_rule_template_guid", prop.AlertRuleTemplateName)
d.Set("alert_rule_template_version", prop.TemplateVersion)

if err := d.Set("event_grouping", flattenAlertRuleScheduledEventGroupingSetting(prop.EventGroupingSettings)); err != nil {
if err := d.Set("event_grouping", flattenAlertRuleEventGroupingSetting(prop.EventGroupingSettings)); err != nil {
return fmt.Errorf("setting `event_grouping`: %+v", err)
}
if err := d.Set("alert_details_override", flattenAlertRuleAlertDetailsOverride(prop.AlertDetailsOverride)); err != nil {
Expand Down Expand Up @@ -567,36 +567,3 @@ func resourceSentinelAlertRuleScheduledDelete(d *pluginsdk.ResourceData, meta in

return nil
}

func expandAlertRuleScheduledEventGroupingSetting(input []interface{}) *alertrules.EventGroupingSettings {
if len(input) == 0 || input[0] == nil {
return nil
}

v := input[0].(map[string]interface{})
result := alertrules.EventGroupingSettings{}

if aggregationKind := v["aggregation_method"].(string); aggregationKind != "" {
kind := alertrules.EventGroupingAggregationKind(aggregationKind)
result.AggregationKind = &kind
}

return &result
}

func flattenAlertRuleScheduledEventGroupingSetting(input *alertrules.EventGroupingSettings) []interface{} {
if input == nil {
return []interface{}{}
}

var aggregationKind string
if input.AggregationKind != nil {
aggregationKind = string(*input.AggregationKind)
}

return []interface{}{
map[string]interface{}{
"aggregation_method": aggregationKind,
},
}
}
Loading
Loading