azurerm_sentinel_data_connector_threat_intelligence - support `look…

…back_date` (#20390) fix #19795
hashicorp · Feb 10, 2023 · ddd6a9e · ddd6a9e
1 parent 7761ae8
commit ddd6a9e
Show file tree

Hide file tree

Showing 5 changed files with 132 additions and 7 deletions.
diff --git a/internal/services/sentinel/azuresdkhacks/models.go b/internal/services/sentinel/azuresdkhacks/models.go
@@ -97,7 +97,7 @@ func unmarshalBasicDataConnector(body []byte) (securityinsight.BasicDataConnecto
 		err := json.Unmarshal(body, &odc)
 		return odc, err
 	case string(securityinsight.KindBasicDataConnectorKindThreatIntelligence):
-		var tdc securityinsight.TIDataConnector
+		var tdc TIDataConnector
 		err := json.Unmarshal(body, &tdc)
 		return tdc, err
 	case string(securityinsight.KindBasicDataConnectorKindThreatIntelligenceTaxii):
@@ -312,6 +312,109 @@ func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error {
 	return nil
 }
 
+var _ securityinsight.BasicDataConnector = TIDataConnector{}
+
+type TIDataConnector struct {
+	*TIDataConnectorProperties `json:"properties,omitempty"`
+	Kind                       securityinsight.KindBasicDataConnector `json:"kind,omitempty"`
+	Etag                       *string                                `json:"etag,omitempty"`
+	ID                         *string                                `json:"id,omitempty"`
+	Name                       *string                                `json:"name,omitempty"`
+	Type                       *string                                `json:"type,omitempty"`
+	SystemData                 *securityinsight.SystemData            `json:"systemData,omitempty"`
+}
+
+func (TIDataConnector) AsAADDataConnector() (*securityinsight.AADDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsMSTIDataConnector() (*securityinsight.MSTIDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsMTPDataConnector() (*securityinsight.MTPDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsAATPDataConnector() (*securityinsight.AATPDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsASCDataConnector() (*securityinsight.ASCDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsAwsCloudTrailDataConnector() (*securityinsight.AwsCloudTrailDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsAwsS3DataConnector() (*securityinsight.AwsS3DataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsMCASDataConnector() (*securityinsight.MCASDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsDynamics365DataConnector() (*securityinsight.Dynamics365DataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsOfficeATPDataConnector() (*securityinsight.OfficeATPDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsOffice365ProjectDataConnector() (*securityinsight.Office365ProjectDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsOfficePowerBIDataConnector() (*securityinsight.OfficePowerBIDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsOfficeIRMDataConnector() (*securityinsight.OfficeIRMDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsMDATPDataConnector() (*securityinsight.MDATPDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsOfficeDataConnector() (*securityinsight.OfficeDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsTIDataConnector() (*securityinsight.TIDataConnector, bool) {
+	// This method is not used at all, only for implementing the interface.
+	return nil, false
+}
+
+func (TIDataConnector) AsTiTaxiiDataConnector() (*securityinsight.TiTaxiiDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsIoTDataConnector() (*securityinsight.IoTDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsCodelessUIDataConnector() (*securityinsight.CodelessUIDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsCodelessAPIPollingDataConnector() (*securityinsight.CodelessAPIPollingDataConnector, bool) {
+	return nil, false
+}
+
+func (TIDataConnector) AsDataConnector() (*securityinsight.DataConnector, bool) {
+	return nil, false
+}
+
+type TIDataConnectorProperties struct {
+	TipLookbackPeriod *Time                                     `json:"tipLookbackPeriod,omitempty"`
+	DataTypes         *securityinsight.TIDataConnectorDataTypes `json:"dataTypes,omitempty"`
+	TenantID          *string                                   `json:"tenantId,omitempty"`
+}
+
 type PollingFrequency string
 
 func (freq *PollingFrequency) UnmarshalJSON(body []byte) error {

diff --git a/internal/services/sentinel/sentinel_data_connector.go b/internal/services/sentinel/sentinel_data_connector.go
@@ -68,6 +68,8 @@ func assertDataConnectorKind(dc securityinsight.BasicDataConnector, expectKind s
 		kind = securityinsight.DataConnectorKindAmazonWebServicesS3
 	case azuresdkhacks.TiTaxiiDataConnector:
 		kind = securityinsight.DataConnectorKindThreatIntelligenceTaxii
+	case azuresdkhacks.TIDataConnector:
+		kind = securityinsight.DataConnectorKindThreatIntelligence
 	}
 	if expectKind != kind {
 		return fmt.Errorf("Sentinel Data Connector has mismatched kind, expected: %q, got %q", expectKind, kind)

diff --git a/internal/services/sentinel/sentinel_data_connector_threat_intelligence.go b/internal/services/sentinel/sentinel_data_connector_threat_intelligence.go
@@ -8,6 +8,7 @@ import (
 	"github.com/hashicorp/go-azure-sdk/resource-manager/operationalinsights/2020-08-01/workspaces"
 	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel/azuresdkhacks"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel/parse"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
@@ -55,12 +56,21 @@ func resourceSentinelDataConnectorThreatIntelligence() *pluginsdk.Resource {
 				ForceNew:     true,
 				ValidateFunc: validation.IsUUID,
 			},
+
+			"lookback_date": {
+				Type:         pluginsdk.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				Default:      "1970-01-01T00:00:00Z",
+				ValidateFunc: validation.IsRFC3339Time,
+			},
 		},
 	}
 }
 
 func resourceSentinelDataConnectorThreatIntelligenceCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error {
-	client := meta.(*clients.Client).Sentinel.DataConnectorsClient
+	client := azuresdkhacks.DataConnectorsClient{BaseClient: meta.(*clients.Client).Sentinel.DataConnectorsClient.BaseClient}
+
 	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -89,10 +99,15 @@ func resourceSentinelDataConnectorThreatIntelligenceCreateUpdate(d *pluginsdk.Re
 		tenantId = meta.(*clients.Client).Account.TenantId
 	}
 
-	param := securityinsight.TIDataConnector{
+	lookbackDate, _ := time.Parse(time.RFC3339, d.Get("lookback_date").(string))
+
+	param := azuresdkhacks.TIDataConnector{
 		Name: &name,
-		TIDataConnectorProperties: &securityinsight.TIDataConnectorProperties{
+		TIDataConnectorProperties: &azuresdkhacks.TIDataConnectorProperties{
 			TenantID: &tenantId,
+			TipLookbackPeriod: &azuresdkhacks.Time{
+				Time: lookbackDate,
+			},
 			DataTypes: &securityinsight.TIDataConnectorDataTypes{
 				Indicators: &securityinsight.TIDataConnectorDataTypesIndicators{
 					State: securityinsight.DataTypeStateEnabled,
@@ -112,7 +127,7 @@ func resourceSentinelDataConnectorThreatIntelligenceCreateUpdate(d *pluginsdk.Re
 }
 
 func resourceSentinelDataConnectorThreatIntelligenceRead(d *pluginsdk.ResourceData, meta interface{}) error {
-	client := meta.(*clients.Client).Sentinel.DataConnectorsClient
+	client := azuresdkhacks.DataConnectorsClient{BaseClient: meta.(*clients.Client).Sentinel.DataConnectorsClient.BaseClient}
 	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
@@ -133,14 +148,15 @@ func resourceSentinelDataConnectorThreatIntelligenceRead(d *pluginsdk.ResourceDa
 		return fmt.Errorf("retrieving %s: %+v", id, err)
 	}
 
-	dc, ok := resp.Value.(securityinsight.TIDataConnector)
+	dc, ok := resp.Value.(azuresdkhacks.TIDataConnector)
 	if !ok {
 		return fmt.Errorf("%s was not a Threat Intelligence Data Connector", id)
 	}
 
 	d.Set("name", id.Name)
 	d.Set("log_analytics_workspace_id", workspaceId.ID())
 	d.Set("tenant_id", dc.TenantID)
+	d.Set("lookback_date", dc.TipLookbackPeriod.Format(time.RFC3339))
 
 	return nil
 }

diff --git a/internal/services/sentinel/sentinel_data_connector_threat_intelligence_test.go b/internal/services/sentinel/sentinel_data_connector_threat_intelligence_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel/azuresdkhacks"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/sentinel/parse"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
 	"github.com/hashicorp/terraform-provider-azurerm/utils"
@@ -61,7 +62,7 @@ func TestAccAzureRMSentinelDataConnectorThreatIntelligence_requiresImport(t *tes
 }
 
 func (r SentinelDataConnectorThreatIntelligenceResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
-	client := clients.Sentinel.DataConnectorsClient
+	client := azuresdkhacks.DataConnectorsClient{BaseClient: clients.Sentinel.DataConnectorsClient.BaseClient}
 
 	id, err := parse.DataConnectorID(state.ID)
 	if err != nil {
@@ -103,6 +104,7 @@ resource "azurerm_sentinel_data_connector_threat_intelligence" "test" {
   log_analytics_workspace_id = azurerm_log_analytics_workspace.test.id
   tenant_id                  = data.azurerm_client_config.test.tenant_id
   depends_on                 = [azurerm_log_analytics_solution.test]
+  lookback_date              = "1990-01-01T00:00:00Z"
 }
 `, template, data.RandomInteger)
 }

diff --git a/website/docs/r/sentinel_data_connector_threat_intelligence.html.markdown b/website/docs/r/sentinel_data_connector_threat_intelligence.html.markdown
@@ -52,6 +52,8 @@ The following arguments are supported:
 
 * `name` - (Required) The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
 
+* `lookback_date` - (Optional) The lookback date for the this Threat Intelligence Data Connector in RFC3339. Defaults to `1970-01-01T00:00:00Z`.
+
 ---
 
 * `tenant_id` - (Optional) The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.