Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

INVS-2397-cse-log-mapping-import-fix #675

Merged
merged 1 commit into from
Jul 24, 2024
Merged

INVS-2397-cse-log-mapping-import-fix #675

merged 1 commit into from
Jul 24, 2024

Conversation

pmontiel-sumo
Copy link
Collaborator

Addresses: https://sumologic.atlassian.net/browse/INVS-2397
slack conv: https://sumologic.slack.com/archives/CAU3N0Y92/p1721397319790159

when using terraform plan -generate-config-out="main.tf" produced cse_log_mappings resources are missing required field fields

was able to reproduce in local test:

╷
│ Error: Insufficient fields blocks
│ 
│   on generated_resources.tf line 1:
│   (source code not available)
│ 
│ At least 1 "fields" blocks are required.
╵

was a little hard to find the root cause since there was no error or exception in log.

TLDR:
there is a discrepancy in field splitIndex type definition between API(string) and resource in terraform provider(int), so setFields function in resource_sumologic_cse_log_mappings.go was silently failing for log mappings having splitIndex as null ( was expecting there a more evident error ¯_(ツ)_/¯ )

while tackling this, spot also couple discrepancies on "required" fields in sumologic_cse_log_mapping.go vs CSE API (https://api.sumologic.com/docs/sec/#operation/GetLogMapping), so also taking care of them.

pmontiel-sumo
pmontiel-sumo commented Jul 23, 2024
View reviewed changes
sumologic/resource_sumologic_cse_log_mapping.go
@@ -351,11 +352,17 @@ func resourceToCSELogMappingField(data interface{}) CSELogMappingField {
field.SkippedValues = resourceStringArrayToStringArray(fieldObj["skipped_values"].([]interface{}))
field.DefaultValue = fieldObj["default_value"].(string)
field.Format = fieldObj["format"].(string)
field.CaseInsensitive = fieldObj["case_insensitive"].(bool)
caseInsensitive := fieldObj["case_insensitive"]
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also safeguarding here for bool

pmontiel-sumo
pmontiel-sumo commented Jul 23, 2024
View reviewed changes
sumologic/resource_sumologic_cse_log_mapping.go
Comment on lines +451 to +458

splitIndex, err := strconv.Atoi(t.SplitIndex)
if err == nil {
mapping["split_index"] = splitIndex
}

f = append(f, mapping)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is what fixed the import functionality

@pmontiel-sumo
Copy link
Collaborator Author

tested using pointing to cse-stag-alpha

terraform plan -generate-config-out=generated_resources.tf

generated_resources.tf

# __generated__ by Terraform
# Please review these resources and move them into your main configuration files.

# __generated__ by Terraform from "d4b3aa88-aa33-4959-9ad9-161b839e38a9"
resource "sumologic_cse_log_mapping" "Password_Item_Usage_C2C" {
  enabled          = true
  name             = "1Password Item Usage C2C"
  parent_id        = null
  product_guid     = "3fe1afe0-c1c2-45d6-835e-0bdb1e4b703f"
  record_type      = "Audit"
  relates_entities = false
  skipped_values   = [",", "-"]
  fields {
    alternate_values  = []
    case_insensitive  = false
    default_value     = null
    field_join        = []
    format            = null
    format_parameters = []
    join_delimiter    = null
    name              = "srcDevice_ip"
    skipped_values    = []
    split_delimiter   = null
    split_index       = 0
    time_zone         = null
    value             = "client.ip_address"
    value_type        = null
  }
  fields {
    alternate_values  = []
    case_insensitive  = false
    default_value     = null
    field_join        = []
    format            = null
    format_parameters = []
    join_delimiter    = null
    name              = "action"
    skipped_values    = []
    split_delimiter   = null
    split_index       = 0
    time_zone         = null
    value             = "action"
    value_type        = null
  }
  fields {
    alternate_values  = []
    case_insensitive  = false
    default_value     = null
    field_join        = []
    format            = null
    format_parameters = []
    join_delimiter    = null
    name              = "user_userId"
    skipped_values    = []
    split_delimiter   = null
    split_index       = 0
    time_zone         = null
    value             = "target_user.uuid"
    value_type        = null
  }
  fields {
    alternate_values  = []
    case_insensitive  = false
    default_value     = null
    field_join        = []
    format            = null
    format_parameters = []
    join_delimiter    = null
    name              = "user_username"
    skipped_values    = []
    split_delimiter   = null
    split_index       = 0
    time_zone         = null
    value             = "target_user.email"
    value_type        = null
  }
  fields {
    alternate_values  = []
    case_insensitive  = false
    default_value     = null
    field_join        = []
    format            = null
    format_parameters = []
    join_delimiter    = null
    name              = "application"
    skipped_values    = []
    split_delimiter   = null
    split_index       = 0
    time_zone         = null
    value             = "client.app_name"
    value_type        = null
  }
  structured_inputs {
    event_id_pattern = "item_usage-.*"
    log_format       = "JSON"
    product          = "1Password"
    vendor           = "1Password"
  }
}

# __generated__ by Terraform from "89ee8b73-4f2a-4029-bf6c-e2dc7faf41dc"
resource "sumologic_cse_log_mapping" "PMN_test" {
  enabled          = false
  name             = "PMN test"
  parent_id        = null
  product_guid     = "3fe1afe0-c1c2-45d6-835e-0bdb1e4b703f"
  record_type      = "AuthenticationPrivilegeEscalation"
  relates_entities = true
  skipped_values   = []
  fields {
    alternate_values  = []
    case_insensitive  = false
    default_value     = null
    field_join        = []
    format            = null
    format_parameters = []
    join_delimiter    = null
    name              = "file_hash_sha256"
    skipped_values    = []
    split_delimiter   = null
    split_index       = 0
    time_zone         = null
    value             = "a"
    value_type        = "lookup"
    lookup {
      key   = "b"
      value = "c"
    }
  }
  fields {
    alternate_values  = []
    case_insensitive  = false
    default_value     = null
    field_join        = []
    format            = null
    format_parameters = []
    join_delimiter    = null
    name              = "bytesIn"
    skipped_values    = []
    split_delimiter   = ","
    split_index       = 1
    time_zone         = null
    value             = "ggg"
    value_type        = "split"
  }
  structured_inputs {
    event_id_pattern = "*"
    log_format       = "JSON"
    product          = "1Password"
    vendor           = "1Password"
  }
}

@pmontiel-sumo pmontiel-sumo merged commit 54e505b into master Jul 24, 2024
3 checks passed
@pmontiel-sumo pmontiel-sumo deleted the INVS-2397-cse-log-mapping-import-fix branch July 24, 2024 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kachristensen kachristensen kachristensen approved these changes

@sumovishal sumovishal Awaiting requested review from sumovishal sumovishal is a code owner

@dagould dagould Awaiting requested review from dagould

@big-mac-slice big-mac-slice Awaiting requested review from big-mac-slice

@bgrey-sumo bgrey-sumo Awaiting requested review from bgrey-sumo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pmontiel-sumo @kachristensen