New Resource: azurerm_security_center_assessment_metadata #10124
Conversation
There was a problem hiding this comment.
We have some test failing:
------- Stdout: -------
=== RUN TestAccSecurityCenterAssessmentMetadata_complete
=== PAUSE TestAccSecurityCenterAssessmentMetadata_complete
=== CONT TestAccSecurityCenterAssessmentMetadata_complete
testing.go:745: Error destroying resource! WARNING: Dangling resources
may exist. The full state and error is shown below.
Error: Check failed: "azurerm_security_center_assessment_metadata.test" still exists
State: <no state>
--- FAIL: TestAccSecurityCenterAssessmentMetadata_complete (43.00s)
FAIL
------- Stdout: -------
=== RUN TestAccSecurityCenterAssessmentMetadata_update
=== PAUSE TestAccSecurityCenterAssessmentMetadata_update
=== CONT TestAccSecurityCenterAssessmentMetadata_update
testing.go:684: Step 0 error: Check failed: Check 1/1 error: "azurerm_security_center_assessment_metadata.test" did not exist
--- FAIL: TestAccSecurityCenterAssessmentMetadata_update (22.06s)
FAIL
|
@katbyte , After rerun, seems all test cases passed on my local. Maybe rerun or clean-up test env can resolve your problem? $ make testacc TEST=./azurerm/internal/services/securitycenter/ TESTARGS="-parallel 11 -test.run=TestAccSecurityCenterAssessmentMetadata_" |
|
@katbyte , may I ask whether the test cases are passed from your side? |
|
@katbyte , Seems test case can pass after rerun on CI. |
There was a problem hiding this comment.
Thanks for this PR - I've taken a look through and left some comments inline - since several of these fields can't be (or don't make sense to be, in the case of the uuid) user specified, it'd be worth rethinking the design here (since we can generate/default values for these as necessary) - but if we can fix those up then we should be able to take another look.
Thanks!
| Required: true, | ||
| ForceNew: true, | ||
| ValidateFunc: validation.IsUUID, | ||
| }, |
There was a problem hiding this comment.
unless this UUID can represent a built-in value - to be honest there's not much point making this user configurable - instead we'd be better to make this a Computed-only field and generate a default value in the Create function here
| } | ||
| } | ||
|
|
||
| func resourceArmSecurityCenterAssessmentMetadataCreateUpdate(d *schema.ResourceData, meta interface{}) error { |
There was a problem hiding this comment.
we'll need to split this Create and Update function here to be able to use ignore_changes on these fields (since d.GetOk won't capture that) - which also makes the uuid logic easier here if we're generating them
azurerm/internal/services/securitycenter/security_center_assessment_metadata_resource.go
Outdated
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/security_center_assessment_metadata_resource.go
Show resolved
Hide resolved
azurerm/internal/services/securitycenter/security_center_assessment_metadata_resource.go
Outdated
Show resolved
Hide resolved
|
|
||
| * `name` - (Required) The GUID as name which should be used for this Security Center Assessment Metadata. Changing this forces a new Security Center Assessment Metadata to be created. | ||
|
|
||
| * `assessment_type` - (Required) The type of the Security Center Assessment which can be specified by user. Possible value is `CustomerManaged`. |
There was a problem hiding this comment.
if this is the only possible value, there's no point exposing this field - we may as well default it
website/docs/r/security_center_assessment_metadata.html.markdown
Outdated
Show resolved
Hide resolved
website/docs/r/security_center_assessment_metadata.html.markdown
Outdated
Show resolved
Hide resolved
|
|
||
| * `threats` - (Optional) A list of the threat impacts for the Security Center Assessment. Possible values are `AccountBreach`, `DataExfiltration`, `DataSpillage`, `DenialOfService`, `ElevationOfPrivilege`, `MaliciousInsider`, `MissingCoverage` and `ThreatResistance`. | ||
|
|
||
| * `user_impact` - (Optional) The user impact of the Security Center Assessment. Possible values are `Low`, `Moderate` and `High`. |
There was a problem hiding this comment.
is there a default value for this?
There was a problem hiding this comment.
Based on previous testing, there is no default value when this property isn't specified.
website/docs/r/security_center_assessment_metadata.html.markdown
Outdated
Show resolved
Hide resolved
|
@tombuildsstuff , thanks for your comments. I've updated code and provide my idea. Please have an another look. |
|
This has been released in version 2.49.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.49.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked as resolved and limited conversation to collaborators
Currently, terraform doesn't support Security.AssessmentMetadata RP. So submitted this PR to implement it.
--- PASS: TestAccSecurityCenterAssessmentMetadata_basic (66.90s)
--- PASS: TestAccSecurityCenterAssessmentMetadata_complete (68.07s)
--- PASS: TestAccSecurityCenterAssessmentMetadata_update (125.80s)
The api in go sdk package:
https://github.com/Azure/azure-sdk-for-go/blob/master/services/preview/security/mgmt/v3.0/security/assessmentsmetadata.go