-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(RAIN-92781): Add provider for AzureAdAl integration (#623)
* feat(RAIN-92781): Add provider for AzureAdAl integration Signed-off-by: rubindersingh <rubinder.singh@lacework.net> * feat(RAIN-92781): Add provider for AzureAdAl integration - Fix doc warning Signed-off-by: rubindersingh <rubinder.singh@lacework.net> --------- Signed-off-by: rubindersingh <rubinder.singh@lacework.net>
- Loading branch information
1 parent
e33faa4
commit f7da529
Showing
6 changed files
with
383 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
--- | ||
subcategory: "Cloud Account Integrations" | ||
layout: "lacework" | ||
page_title: "Lacework: lacework_integration_azure_ad_al" | ||
description: |- | ||
Create and manage Azure Active Directory Activity Log integrations | ||
--- | ||
|
||
# lacework\_integration\_azure\_ad\_al | ||
|
||
!> **Warning:** This integration is not yet generally available. Please contact your Lacework account team to request access to the Azure AD feature preview. | ||
|
||
Use this resource to configure an Azure Active Directory Activity Log integration to analyze audit logs | ||
for monitoring cloud account security. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
resource "lacework_integration_azure_ad_al" "account_abc" { | ||
name = "account ABC" | ||
tenant_id = "abbc1234-abc1-123a-1234-abcd1234abcd" | ||
event_hub_namespace = "your-eventhub-ns.servicebus.windows.net" | ||
event_hub_name = "your-event-hub-name" | ||
credentials { | ||
client_id = "1234abcd-abcd-1234-ab12-abcd1234abcd" | ||
client_secret = "ABCD1234abcd1234abdc1234ABCD1234abcdefxxx=" | ||
} | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `name` - (Required) The Azure Active Directory Activity Log integration name. | ||
* `tenant_id` - (Required) The directory tenant ID. | ||
* `event_hub_namespace` - (Required) The EventHub Namespace. | ||
* `event_hub_name` - (Required) The EventHub Name. | ||
* `credentials` - (Required) The credentials needed by the integration. See [Credentials](#credentials) below for details. | ||
* `enabled` - (Optional) The state of the external integration. Defaults to `true`. | ||
* `retries` - (Optional) The number of attempts to create the external integration. Defaults to `5`. | ||
|
||
### Credentials | ||
|
||
`credentials` supports the following arguments: | ||
|
||
* `client_id` - (Required) The application client ID. | ||
* `client_secret` - (Required) The client secret. | ||
|
||
## Import | ||
|
||
A Lacework Azure Active Directory Activity Log integration can be imported using a `INT_GUID`, e.g. | ||
|
||
``` | ||
$ terraform import lacework_integration_azure_ad_al.account_abc EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5 | ||
``` | ||
-> **Note:** To retrieve the `INT_GUID` from existing integrations in your account, use the | ||
Lacework CLI command `lacework cloud-account list`. To install this tool follow | ||
[this documentation](https://docs.lacework.com/cli/). |
24 changes: 24 additions & 0 deletions
24
examples/resource_lacework_integration_azure_ad_al/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
terraform { | ||
required_providers { | ||
lacework = { | ||
source = "lacework/lacework" | ||
} | ||
} | ||
} | ||
|
||
variable "name" { | ||
type = string | ||
default = "Azure Active Directory Activity Log integration example" | ||
} | ||
|
||
resource "lacework_integration_azure_ad_al" "example" { | ||
name = var.name | ||
tenant_id = "your-tenant-id-goes-here" | ||
event_hub_namespace = "your-eventhub-ns.servicebus.windows.net" | ||
event_hub_name = "your-event-hub-name" | ||
credentials { | ||
client_id = "1234567890-abcd-client-id" | ||
client_secret = "SUPER_SECURE_SECRET" | ||
} | ||
retries = 10 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
integration/resource_lacework_integration_azure_ad_al_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package integration | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/gruntwork-io/terratest/modules/terraform" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
// TestIntegrationAzureAdAl applies integration terraform: | ||
// => '../examples/resource_lacework_integration_azure_ad_al' | ||
// | ||
// It uses the go-sdk to verify the created integration, | ||
// applies an update with new integration name and destroys it | ||
func TestIntegrationAzureAdAl(t *testing.T) { | ||
integration_name := "Azure Ad Al Example Integration Test With Terraform" | ||
updated_integration_name := fmt.Sprintf("%s Updated", integration_name) | ||
|
||
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ | ||
TerraformDir: "../examples/resource_lacework_integration_azure_ad_al", | ||
Vars: map[string]interface{}{ | ||
"name": integration_name, | ||
}, | ||
}) | ||
defer terraform.Destroy(t, terraformOptions) | ||
|
||
// Create new AzureAdAl integration | ||
create := terraform.InitAndApplyAndIdempotent(t, terraformOptions) | ||
intgRes := GetCloudAccountAzureAdAlIntegrationResponse(create) | ||
assert.Equal(t, integration_name, intgRes.Data.Name) | ||
|
||
// Update integration | ||
terraformOptions.Vars["name"] = updated_integration_name | ||
|
||
update := terraform.InitAndApplyAndIdempotent(t, terraformOptions) | ||
intgRes = GetCloudAccountAzureAdAlIntegrationResponse(update) | ||
assert.Equal(t, updated_integration_name, intgRes.Data.Name) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.