new resource "azurerm_security_center_assessment" and rename "azurerm…

…_security_center_assessment_metadata" to "azurerm_security_center_assessment_policy" (#10694)

azurerm/internal/services/securitycenter/client/client.go

@@ -6,6 +6,7 @@ import (
 )
 
 type Client struct {
+	AssessmentsClient                   *security.AssessmentsClient
 	AssessmentsMetadataClient           *security.AssessmentsMetadataClient
 	ContactsClient                      *security.ContactsClient
 	DeviceSecurityGroupsClient          *security.DeviceSecurityGroupsClient
@@ -22,6 +23,9 @@ type Client struct {
 func NewClient(o *common.ClientOptions) *Client {
 	ascLocation := "Global"
 
+	AssessmentsClient := security.NewAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId, ascLocation)
+	o.ConfigureClient(&AssessmentsClient.Client, o.ResourceManagerAuthorizer)
+
 	AssessmentsMetadataClient := security.NewAssessmentsMetadataClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId, ascLocation)
 	o.ConfigureClient(&AssessmentsMetadataClient.Client, o.ResourceManagerAuthorizer)
 
@@ -56,6 +60,7 @@ func NewClient(o *common.ClientOptions) *Client {
 	o.ConfigureClient(&ServerVulnerabilityAssessmentClient.Client, o.ResourceManagerAuthorizer)
 
 	return &Client{
+		AssessmentsClient:                   &AssessmentsClient,
 		AssessmentsMetadataClient:           &AssessmentsMetadataClient,
 		ContactsClient:                      &ContactsClient,
 		DeviceSecurityGroupsClient:          &DeviceSecurityGroupsClient,

azurerm/internal/services/securitycenter/parse/assessment.go

@@ -0,0 +1,42 @@
+package parse
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+)
+
+type AssessmentId struct {
+	TargetResourceID string
+	Name             string
+}
+
+func NewAssessmentID(targetResourceID, name string) AssessmentId {
+	return AssessmentId{
+		TargetResourceID: targetResourceID,
+		Name:             name,
+	}
+}
+
+func (id AssessmentId) ID() string {
+	fmtString := "%s/providers/Microsoft.Security/assessments/%s"
+	return fmt.Sprintf(fmtString, id.TargetResourceID, id.Name)
+}
+
+func AssessmentID(input string) (*AssessmentId, error) {
+	id, err := azure.ParseAzureResourceID(input)
+	if err != nil {
+		return nil, fmt.Errorf("parsing Security Assessment ID %q: %+v", input, err)
+	}
+
+	parts := strings.Split(input, "/providers/Microsoft.Security/assessments/")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("parsing Security Assessment ID: %q", id)
+	}
+
+	return &AssessmentId{
+		TargetResourceID: parts[0],
+		Name:             parts[1],
+	}, nil
+}

azurerm/internal/services/securitycenter/parse/assessment_test.go

@@ -0,0 +1,85 @@
+package parse
+
+import (
+	"testing"
+
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/resourceid"
+)
+
+var _ resourceid.Formatter = AssessmentId{}
+
+func TestAssessmentIDFormatter(t *testing.T) {
+	actual := NewAssessmentID("/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resourceGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset1", "assessment1").ID()
+	expected := "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resourceGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset1/providers/Microsoft.Security/assessments/assessment1"
+	if actual != expected {
+		t.Fatalf("Expected %q but got %q", expected, actual)
+	}
+}
+
+func TestAssessmentID(t *testing.T) {
+	testData := []struct {
+		Name   string
+		Input  string
+		Error  bool
+		Expect *AssessmentId
+	}{
+		{
+			Name:  "Empty",
+			Input: "",
+			Error: true,
+		},
+		{
+			Name:  "No Security resource provider",
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resourceGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset1",
+			Error: true,
+		},
+		{
+			Name:  "No target resource Segment",
+			Input: "/providers/Microsoft.Security/assessments/assessment1",
+			Error: true,
+		},
+		{
+			Name:  "No Security Center Assessment Segment",
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resourceGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset1/providers/Microsoft.Security/",
+			Error: true,
+		},
+		{
+			Name:  "No Security Center Assessment name",
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resourceGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset1/providers/Microsoft.Security/assessments/",
+			Error: true,
+		},
+		{
+			Name:  "ID of Security Center Assessment",
+			Input: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resourceGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset1/providers/Microsoft.Security/assessments/assessment1",
+			Error: false,
+			Expect: &AssessmentId{
+				TargetResourceID: "/subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resourceGroup1/providers/Microsoft.Compute/virtualMachineScaleSets/scaleset1",
+				Name:             "assessment1",
+			},
+		},
+		{
+			Name:  "Wrong Casing",
+			Input: "/SUBSCRIPTIONS/12345678-1234-9876-4563-123456789012/RESOURCEGROUPS/RESOURCEGROUP1/PROVIDERS/MICROSOFT.COMPUTE/VIRTUALMACHINESCALESETS/SCALESET1/PROVIDERS/MICROSOFT.SECURITY/ASSESSMENTS/ASSESSMENT1",
+			Error: true,
+		},
+	}
+
+	for _, v := range testData {
+		t.Logf("[DEBUG] Testing %q..", v.Name)
+
+		actual, err := AssessmentID(v.Input)
+		if err != nil {
+			if v.Expect == nil {
+				continue
+			}
+			t.Fatalf("Expected a value but got an error: %s", err)
+		}
+
+		if actual.Name != v.Expect.Name {
+			t.Fatalf("Expected %q but got %q for Name", v.Expect.Name, actual.Name)
+		}
+		if actual.TargetResourceID != v.Expect.TargetResourceID {
+			t.Fatalf("Expected %q but got %q for TargetResourceID", v.Expect.TargetResourceID, actual.TargetResourceID)
+		}
+	}
+}

azurerm/internal/services/securitycenter/registration.go

@@ -29,8 +29,10 @@ func (r Registration) SupportedResources() map[string]*schema.Resource {
 		"azurerm_advanced_threat_protection":                      resourceAdvancedThreatProtection(),
 		"azurerm_iot_security_device_group":                       resourceIotSecurityDeviceGroup(),
 		"azurerm_iot_security_solution":                           resourceIotSecuritySolution(),
-		"azurerm_security_center_contact":                         resourceSecurityCenterContact(),
+		"azurerm_security_center_assessment":                      resourceSecurityCenterAssessment(),
 		"azurerm_security_center_assessment_metadata":             resourceArmSecurityCenterAssessmentMetadata(),
+		"azurerm_security_center_assessment_policy":               resourceArmSecurityCenterAssessmentPolicy(),
+		"azurerm_security_center_contact":                         resourceSecurityCenterContact(),
 		"azurerm_security_center_setting":                         resourceSecurityCenterSetting(),
 		"azurerm_security_center_subscription_pricing":            resourceSecurityCenterSubscriptionPricing(),
 		"azurerm_security_center_workspace":                       resourceSecurityCenterWorkspace(),

azurerm/internal/services/securitycenter/security_center_assessment_metadata_resource.go

@@ -19,10 +19,11 @@ import (
 
 func resourceArmSecurityCenterAssessmentMetadata() *schema.Resource {
 	return &schema.Resource{
-		Create: resourceArmSecurityCenterAssessmentMetadataCreate,
-		Read:   resourceArmSecurityCenterAssessmentMetadataRead,
-		Update: resourceArmSecurityCenterAssessmentMetadataUpdate,
-		Delete: resourceArmSecurityCenterAssessmentMetadataDelete,
+		Create:             resourceArmSecurityCenterAssessmentMetadataCreate,
+		Read:               resourceArmSecurityCenterAssessmentMetadataRead,
+		Update:             resourceArmSecurityCenterAssessmentMetadataUpdate,
+		Delete:             resourceArmSecurityCenterAssessmentMetadataDelete,
+		DeprecationMessage: "This resource has been renamed to `azurerm_security_center_assessment_policy` and will be removed in version 3.0 of the provider.",
 
 		Timeouts: &schema.ResourceTimeout{
 			Create: schema.DefaultTimeout(30 * time.Minute),