azurerm_sentinel_watchlist - Add required property item_search_key

Since March, the sentinel API now requires the `itemSearchey` in the `PUT` request. Meanwhile, the `contentType` is now not needed here as we don't actually send any content, but delegate it to the `azurerm_sentinel_watchlist_item`.
magodo · Mar 17, 2022 · 7f857d9 · 7f857d9
1 parent 4daf795
commit 7f857d9
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 4 deletions.
diff --git a/examples/sentinel/watchlist-item-from-csv-file/main.tf b/examples/sentinel/watchlist-item-from-csv-file/main.tf
@@ -32,6 +32,7 @@ resource "azurerm_sentinel_watchlist" "example" {
   name                       = "example-watchlist"
   log_analytics_workspace_id = azurerm_log_analytics_solution.example.workspace_resource_id
   display_name               = "example-wl"
+  item_search_key            = "Key"
 }
 
 locals {

diff --git a/internal/services/sentinel/sentinel_watchlist_item_resource_test.go b/internal/services/sentinel/sentinel_watchlist_item_resource_test.go
@@ -170,6 +170,7 @@ resource "azurerm_sentinel_watchlist" "test" {
   name                       = "accTestWL-%d"
   log_analytics_workspace_id = azurerm_log_analytics_solution.sentinel.workspace_resource_id
   display_name               = "test"
+  item_search_key            = "k1"
 }
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
 }
diff --git a/internal/services/sentinel/sentinel_watchlist_resource.go b/internal/services/sentinel/sentinel_watchlist_resource.go
@@ -28,6 +28,7 @@ type WatchlistModel struct {
 	Description             string   `tfschema:"description"`
 	Labels                  []string `tfschema:"labels"`
 	DefaultDuration         string   `tfschema:"default_duration"`
+	ItemSearchKey           string   `tfschema:"item_search_key"`
 }
 
 func (r WatchlistResource) Arguments() map[string]*pluginsdk.Schema {
@@ -50,6 +51,12 @@ func (r WatchlistResource) Arguments() map[string]*pluginsdk.Schema {
 			ForceNew:     true,
 			ValidateFunc: validation.StringIsNotEmpty,
 		},
+		"item_search_key": {
+			Type:         pluginsdk.TypeString,
+			Required:     true,
+			ForceNew:     true,
+			ValidateFunc: validation.StringIsNotEmpty,
+		},
 		"description": {
 			Type:         pluginsdk.TypeString,
 			Optional:     true,
@@ -124,10 +131,11 @@ func (r WatchlistResource) Create() sdk.ResourceFunc {
 					// The only supported provider for now is "Microsoft"
 					Provider: utils.String("Microsoft"),
 
-					// The "source" and "contentType" represent the source file name which contains the watchlist items and its content type.
+					// The "source" represent the source file name which contains the watchlist items.
 					// Setting them here is merely to make the API happy.
-					Source:      securityinsight.Source("a.csv"),
-					ContentType: utils.String("Text/Csv"),
+					Source: securityinsight.Source("a.csv"),
+
+					ItemsSearchKey: utils.String(model.ItemSearchKey),
 				},
 			}
 
@@ -189,6 +197,9 @@ func (r WatchlistResource) Read() sdk.ResourceFunc {
 				if props.DefaultDuration != nil {
 					model.DefaultDuration = *props.DefaultDuration
 				}
+				if props.ItemsSearchKey != nil {
+					model.ItemSearchKey = *props.ItemsSearchKey
+				}
 			}
 
 			return metadata.Encode(&model)

diff --git a/internal/services/sentinel/sentinel_watchlist_resource_test.go b/internal/services/sentinel/sentinel_watchlist_resource_test.go
@@ -88,6 +88,7 @@ resource "azurerm_sentinel_watchlist" "test" {
   name                       = "accTestWL-%d"
   log_analytics_workspace_id = azurerm_log_analytics_solution.sentinel.workspace_resource_id
   display_name               = "test"
+  item_search_key            = "Key"
 }
 `, template, data.RandomInteger)
 }
@@ -104,6 +105,7 @@ resource "azurerm_sentinel_watchlist" "test" {
   description                = "description"
   labels                     = ["label1", "laebl2"]
   default_duration           = "P2DT3H"
+  item_search_key            = "Key"
 }
 `, template, data.RandomInteger)
 }
@@ -117,6 +119,7 @@ resource "azurerm_sentinel_watchlist" "import" {
   name                       = azurerm_sentinel_watchlist.test.name
   log_analytics_workspace_id = azurerm_sentinel_watchlist.test.log_analytics_workspace_id
   display_name               = azurerm_sentinel_watchlist.test.display_name
+  item_search_key            = azurerm_sentinel_watchlist.test.item_search_key
 }
 `, template)
 }
@@ -136,7 +139,7 @@ resource "azurerm_log_analytics_workspace" "test" {
   name                = "acctest-workspace-%d"
   location            = azurerm_resource_group.test.location
   resource_group_name = azurerm_resource_group.test.name
-  sku                 = "pergb2018"
+  sku                 = "PerGB2018"
 }
 
 resource "azurerm_log_analytics_solution" "sentinel" {

diff --git a/website/docs/r/sentinel_watchlist.html.markdown b/website/docs/r/sentinel_watchlist.html.markdown
@@ -42,6 +42,7 @@ resource "azurerm_sentinel_watchlist" "example" {
   name                       = "example-watchlist"
   log_analytics_workspace_id = azurerm_log_analytics_solution.example.workspace_resource_id
   display_name               = "example-wl"
+  item_search_key            = "Key"
 }
 ```
 
@@ -55,6 +56,8 @@ The following arguments are supported:
 
 * `display_name` - (Required) The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
 
+* `item_search_key` - (Required) The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.
+
 ---
 
 * `default_duration` - (Optional) The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.