new resource "azurerm_iot_security_solution" #10034
Conversation
There was a problem hiding this comment.
@njuCZ - all the tests are failing with:
Error: listing keys for IoTHub "acctestIoTHub-210113185506263492" (Resource Group "acctestRG-security-210113185506263492"): devices.IotHubResourceClient#ListKeys: Failure sending request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=<nil> <nil>
|
@katbyte I have rerun the acctest in my local and all could succeed. Had a look at your error message, it seems the error occurs when reading iothub resource. So May I ask could you run iothub acctest successfully? |
|
@njuCZ - all the tests are still failing with that error. |
njuCZ
force-pushed
the
iot_security_solution
branch
from
fdcfa62 to
74f6028
Compare
|
@katbyte I reproduce such problem when using a different location. After investigating, I found deleting a iot security solution will cause the iotHub state changed to |
azurerm/internal/services/securitycenter/iot_security_solution_resource.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/iot_security_solution_resource.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/iot_security_solution_resource.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/iot_security_solution_resource.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/iot_security_solution_resource.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/iot_security_solution_resource.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/iot_security_solution_resource.go
Outdated
Show resolved
Hide resolved
| A `user_defined_resource` block supports the following: | ||
|
|
||
| * `query` - (Required) Azure Resource Graph query which represents the security solution's user defined resources. | ||
|
|
||
| * `subscription_ids` - (Required) A list of subscription Ids on which the user defined resources query should be executed.. |
There was a problem hiding this comment.
I think we should improve the ux here, i'm not sure what this is doing exactly? a list of iot hubs to apply this to via a graph query?
There was a problem hiding this comment.
here is the doc about user_defined_resource: https://docs.microsoft.com/en-us/azure/defender-for-iot/quickstart-configure-your-solution. Through this field, user could monitor the entire IoT solution in one dashboard, surfacing all of your IoT devices, IoT platforms and back-end resources in Azure. so it is not for auto find iothub, but for other related resources.
In the portal, the ux is:
user choose the sub or resourceGroup, the portal will convert into graph query and send to the backend. Should we do like the portal and dynamically build the graph query?
There was a problem hiding this comment.
Maybe it would be best to rename these to query_for_resources & query_subscription_ids?
|
@katbyte I have renamed the fields, could you have a look again? |
| "user_defined_resource": { | ||
| Type: schema.TypeList, | ||
| Optional: true, | ||
| Computed: true, | ||
| MaxItems: 1, | ||
| Elem: &schema.Resource{ | ||
| Schema: map[string]*schema.Schema{ | ||
| "query_for_resources": { | ||
| Type: schema.TypeString, | ||
| Required: true, | ||
| }, | ||
|
|
||
| "query_subscription_ids": { | ||
| Type: schema.TypeSet, | ||
| Required: true, | ||
| Elem: &schema.Schema{ | ||
| Type: schema.TypeString, | ||
| ValidateFunc: validation.IsUUID, | ||
| }, | ||
| }, | ||
| }, | ||
| }, | ||
| }, |
There was a problem hiding this comment.
I think we can move these up one level? not sure if user_defined_resource really adds any useful information/ux?
|
|
||
| A `recommendations_enabled` block supports the following: | ||
|
|
||
| * `events_to_exportacr_authentication` - (Optional) Could Service Principal Authentication be used with ACR repository? Defaults to `true`. |
There was a problem hiding this comment.
We need to fix thes properties:
| * `events_to_exportacr_authentication` - (Optional) Could Service Principal Authentication be used with ACR repository? Defaults to `true`. | |
| * `acr_authentication` - (Optional) Is Principal Authentication enabled for the ACR repository? Defaults to `true`. |
and so forth
There was a problem hiding this comment.
oh, sorry for all the typo
|
@katbyte thanks for your careful review, I have updated the doc |
| Type: schema.TypeString, | ||
| Optional: true, | ||
| ValidateFunc: loganalyticsValidate.LogAnalyticsWorkspaceID, | ||
| DiffSuppressFunc: suppress.CaseDifference, |
There was a problem hiding this comment.
@njuCZ is there a Swagger bug tracking this API bug?
There was a problem hiding this comment.
have created an issue to track: Azure/azure-rest-api-specs#12721
| Type: schema.TypeString, | ||
| ValidateFunc: iothubValidate.IotHubID, | ||
| }, | ||
| Set: set.HashStringIgnoreCase, |
There was a problem hiding this comment.
@njuCZ is there a Swagger bug tracking this API bug?
There was a problem hiding this comment.
above, I used the same issue to track both
|
This has been released in version 2.45.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.45.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked as resolved and limited conversation to collaborators
intro:
for the
recommendationschema,recommendationspecified, all recommendation config are auto enabled.recommendationand make it enabled or disabled, all other config are auto enabled.to handle such matter and avoid diff, I have made each recommendation config as a sub schema, please review and check whether it's ok