Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for the categories property of azurerm_security_center_assessment_metadata #12278

Merged
merged 5 commits into from
Jun 23, 2021
Merged

Add support for the categories property of azurerm_security_center_assessment_metadata #12278

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ef1719f
Add support for the categories property of azurerm_security_center_as…
Jun 18, 2021
6dd346b
update code
Jun 18, 2021
07e3163
update code
Jun 18, 2021
6d865ef
update code
Jun 22, 2021
3226a62
update code
Jun 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 44 additions & 4 deletions azurerm/internal/services/securitycenter/security_center_assessment_metadata_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,26 @@ func resourceArmSecurityCenterAssessmentMetadata() *pluginsdk.Resource {
}, false),
},

// API would return `Unknown` when `categories` isn't set.
// After synced with service team, they confirmed will add `Unknown` as possible value to this property and it will be published as a new version of this API.
// https://github.com/Azure/azure-rest-api-specs/issues/14918
"categories": {
Type: pluginsdk.TypeSet,
Optional: true,
Computed: true,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateFunc: validation.StringInSlice([]string{
"Unknown",
string(security.Compute),
string(security.Data),
string(security.IdentityAndAccess),
string(security.IoT),
string(security.Networking),
}, false),
},
},

"implementation_effort": {
Type: pluginsdk.TypeString,
Optional: true,
Expand Down Expand Up @@ -104,10 +124,6 @@ func resourceArmSecurityCenterAssessmentMetadata() *pluginsdk.Resource {
}, false),
},

// The `category` property doesn't take effect at the service side since the property name is incorrect and it should be `categories`.
// To implement this property once the bug is fixed.
// BUG: https://github.com/Azure/azure-rest-api-specs/issues/12297

"name": {
Type: pluginsdk.TypeString,
Computed: true,
Expand Down Expand Up @@ -146,6 +162,14 @@ func resourceArmSecurityCenterAssessmentMetadataCreate(d *pluginsdk.ResourceData
},
}

if v, ok := d.GetOk("categories"); ok {
categories := make([]security.Categories, 0)
for _, item := range v.(*pluginsdk.Set).List() {
categories = append(categories, (security.Categories)(item.(string)))
}
params.AssessmentMetadataProperties.Categories = &categories
}

if v, ok := d.GetOk("threats"); ok {
threats := make([]security.Threats, 0)
for _, item := range v.(*pluginsdk.Set).List() {
Expand Down Expand Up @@ -205,6 +229,14 @@ func resourceArmSecurityCenterAssessmentMetadataRead(d *pluginsdk.ResourceData,
d.Set("remediation_description", props.RemediationDescription)
d.Set("user_impact", string(props.UserImpact))

categories := make([]string, 0)
if props.Categories != nil {
for _, item := range *props.Categories {
categories = append(categories, string(item))
}
}
d.Set("categories", utils.FlattenStringSlice(&categories))

threats := make([]string, 0)
if props.Threats != nil {
for _, item := range *props.Threats {
Expand Down Expand Up @@ -247,6 +279,14 @@ func resourceArmSecurityCenterAssessmentMetadataUpdate(d *pluginsdk.ResourceData
existing.AssessmentMetadataProperties.Severity = security.Severity(d.Get("severity").(string))
}

if d.HasChange("categories") {
categories := make([]security.Categories, 0)
for _, item := range d.Get("categories").(*pluginsdk.Set).List() {
categories = append(categories, (security.Categories)(item.(string)))
}
existing.AssessmentMetadataProperties.Categories = &categories
}

if d.HasChange("threats") {
threats := make([]security.Threats, 0)
for _, item := range d.Get("threats").(*pluginsdk.Set).List() {
Expand Down
30 changes: 30 additions & 0 deletions ...erm/internal/services/securitycenter/security_center_assessment_metadata_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,21 @@ func TestAccSecurityCenterAssessmentMetadata_update(t *testing.T) {
})
}

func TestAccSecurityCenterAssessmentMetadata_categories(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_security_center_assessment_metadata", "test")
r := SecurityCenterAssessmentMetadataResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.categories(),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
})
}

func (r SecurityCenterAssessmentMetadataResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
assessmentMetadataClient := client.SecurityCenter.AssessmentsMetadataClient
id, err := parse.AssessmentMetadataID(state.ID)
Expand Down Expand Up @@ -135,3 +150,18 @@ resource "azurerm_security_center_assessment_metadata" "test" {
}
`
}

func (r SecurityCenterAssessmentMetadataResource) categories() string {
return `
provider "azurerm" {
features {}
}

resource "azurerm_security_center_assessment_metadata" "test" {
display_name = "Test Display Name"
severity = "Medium"
description = "Test Description"
categories = ["Data"]
}
`
}
2 changes: 2 additions & 0 deletions website/docs/r/security_center_assessment_metadata.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ The following arguments are supported:

---

* `categories` - (Optional) A list of the categories of resource that is at risk when the Security Center Assessment is unhealthy. Possible values are `Unknown`, `Compute`, `Data`, `IdentityAndAccess`, `IoT` and `Networking`.

* `implementation_effort` - (Optional) The implementation effort which is used to remediate the Security Center Assessment. Possible values are `Low`, `Moderate` and `High`.

* `remediation_description` - (Optional) The description which is used to mitigate the security issue.
Expand Down