Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[azurerm_database_vulnerability_assessment_rule_baseline] New resource for vulnerability scan baseline settings #3806

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
94 commits
Select commit Hold shift + click to select a range
c39ac15
Update vendor directory for new resource azurerm_database_vulnerabili…
benjamin37 Jun 27, 2019
fa073cc
new resource azurerm_database_vulnerability_assessment_rule_baseline
benjamin37 Jun 27, 2019
8dc416d
Merge remote-tracking branch 'github/master' into feature/vulnerabili…
benjamin37 Jul 1, 2019
ee452a5
Merge remote-tracking branch 'github/master' into feature/vulnerabili…
benjamin37 Jul 8, 2019
baeb7fa
fix import order
benjamin37 Jul 8, 2019
4d648e6
fix import whitespaces
benjamin37 Jul 8, 2019
9934600
make baseline name case sensitive
benjamin37 Aug 5, 2019
688fb83
formatting
benjamin37 Aug 5, 2019
0cf6157
formatting
benjamin37 Aug 5, 2019
412a555
formatting
benjamin37 Aug 5, 2019
1fb50ba
formatting
benjamin37 Aug 5, 2019
26ffe5f
formatting
benjamin37 Aug 5, 2019
e01b7c3
formatting
benjamin37 Aug 5, 2019
53a5b0a
formatting
benjamin37 Aug 5, 2019
b0bd2d1
formatting
benjamin37 Aug 5, 2019
819f6a7
formatting
benjamin37 Aug 5, 2019
701ed78
baseline results should not contain empty strings
benjamin37 Aug 5, 2019
cc33d88
[resource_arm_database_vulnerablility_assessment_rule_baseline] align…
benjamin37 Aug 5, 2019
d236109
[resource_arm_database_vulnerablility_assessment_rule_baseline] use "…
benjamin37 Aug 5, 2019
23758d6
[resource_arm_database_vulnerablility_assessment_rule_baseline] mark …
benjamin37 Aug 5, 2019
524916b
[resource_arm_database_vulnerablility_assessment_rule_baseline] fix i…
benjamin37 Aug 5, 2019
c9a104d
[resource_arm_database_vulnerablility_assessment_rule_baseline] not o…
benjamin37 Aug 5, 2019
8853c14
[resource_arm_database_vulnerablility_assessment_rule_baseline] only …
benjamin37 Aug 5, 2019
3410144
Make it concrete that it is an MS SQL Database
benjamin37 Aug 12, 2019
918d696
rename baseline resource to make it clear that it's only available fo…
benjamin37 Aug 12, 2019
1ea1d5e
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Aug 12, 2019
1eccecb
more mssql renames
benjamin37 Aug 12, 2019
9eb900b
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Aug 12, 2019
fa97207
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Aug 14, 2019
1da4ed4
align resources
benjamin37 Aug 14, 2019
752923b
inline function
benjamin37 Aug 14, 2019
5787aa8
add import checks
benjamin37 Aug 14, 2019
bed631e
Remove unnecessary properties to have a minimal example, set dependen…
benjamin37 Aug 14, 2019
cb055b3
move DatabaseVulnerabilityAssessmentRuleBaselinesClient to the mssql …
benjamin37 Aug 14, 2019
543d6f9
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Aug 14, 2019
bf785d3
Fix mssql client config
benjamin37 Aug 14, 2019
8bf6868
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 2, 2019
e67a0d8
security alert policy for mssql server
benjamin37 Sep 4, 2019
8a4872d
documentation for security alert policy for mssql server
benjamin37 Sep 4, 2019
1ab1970
use azurerm_mssql_server_security_alert_policy resource for mssql dat…
benjamin37 Sep 4, 2019
1a46261
fix make lint
benjamin37 Sep 4, 2019
d93a196
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 4, 2019
5e13f51
format
benjamin37 Sep 4, 2019
26703bc
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 10, 2019
c898013
update azure sdk for go v33.2.0
benjamin37 Sep 10, 2019
907c6cc
format
benjamin37 Sep 10, 2019
e6c0021
azure sdk update
benjamin37 Sep 10, 2019
10658b1
new resource azurerm_mssql_server_vulnerability_assessment
benjamin37 Sep 12, 2019
a1ea616
test for new resource azurerm_mssql_server_vulnerability_assessment
benjamin37 Sep 12, 2019
5b4eaea
documentation for new resource azurerm_mssql_server_vulnerability_ass…
benjamin37 Sep 12, 2019
6c36d15
import order
benjamin37 Sep 12, 2019
a8ba963
update example and documentation for azurerm_mssql_database_vulnerabi…
benjamin37 Sep 12, 2019
d178cd5
* remove deprecated resource_group_name from storage container
benjamin37 Sep 12, 2019
fe1699d
* fix baseline master test
benjamin37 Sep 12, 2019
27f0582
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 12, 2019
fd3b561
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 13, 2019
b753048
format
benjamin37 Sep 13, 2019
60682a9
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 23, 2019
ccf3886
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 23, 2019
046f667
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 25, 2019
01ddcfd
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 27, 2019
4ddc869
remove unnecessary newlines
benjamin37 Sep 27, 2019
65dfccc
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Sep 30, 2019
30bee5e
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Oct 10, 2019
8915ab2
update imports
benjamin37 Oct 10, 2019
201c143
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Oct 15, 2019
8d380df
formatting
benjamin37 Oct 15, 2019
b9e0b5a
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Nov 7, 2019
dd665b6
remove unnecessary expand function
benjamin37 Nov 8, 2019
d3604e9
Bug fixed on azure side that REST API of sql database vulnerability b…
benjamin37 Nov 8, 2019
60458c8
azurerm_mssql_server_vulnerability_assessment does not need to be cre…
benjamin37 Nov 8, 2019
fa4db1a
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Nov 11, 2019
74f8189
add subcategory for new resources
benjamin37 Nov 11, 2019
9487a11
separate block documentation
benjamin37 Nov 26, 2019
10bbf68
refactoring
benjamin37 Nov 26, 2019
8c10b46
remove ignore case since this is not used per default
benjamin37 Nov 26, 2019
78d72f7
remove ignore case since api is not returning different case anymore
benjamin37 Nov 26, 2019
641ddd9
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Nov 26, 2019
a0df7c7
replace resource_group_name and server_name in azurerm_mssql_server_v…
benjamin37 Nov 28, 2019
11fdc51
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Nov 28, 2019
12892ae
use error
benjamin37 Nov 28, 2019
a52cdcb
replace resource_group_name and server_name in azurerm_mssql_database…
benjamin37 Nov 28, 2019
4b4a31f
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Dec 9, 2019
a1102e1
add new docs to azurerm.erb
benjamin37 Dec 9, 2019
48331df
parseAzureResourceID has moved to azure.ParseAzureResourceID
benjamin37 Dec 9, 2019
cdca72b
renames
benjamin37 Dec 9, 2019
6ed8efb
refactoring
benjamin37 Dec 9, 2019
e78f037
import order
benjamin37 Dec 9, 2019
e035316
split basic tests in update and basic
benjamin37 Dec 9, 2019
dc09230
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Dec 10, 2019
301257a
use new timeouts
benjamin37 Dec 10, 2019
bd0e102
used wrong read
benjamin37 Dec 11, 2019
d595257
erge remote-tracking branch 'github/master' into feature/db-vulnerabi…
benjamin37 Dec 11, 2019
1b94869
Merge remote-tracking branch 'github/master' into feature/db-vulnerab…
benjamin37 Dec 12, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion azurerm/internal/services/mssql/client/client.go
Original file line number Diff line number Diff line change
@@ -1,19 +1,36 @@
package client

import (
sql201703 "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql"
"github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-10-01-preview/sql"
sql201806 "github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2018-06-01-preview/sql"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
)

type Client struct {
ElasticPoolsClient *sql.ElasticPoolsClient
ElasticPoolsClient *sql.ElasticPoolsClient
DatabaseVulnerabilityAssessmentRuleBaselinesClient *sql201703.DatabaseVulnerabilityAssessmentRuleBaselinesClient
ServerSecurityAlertPoliciesClient *sql201703.ServerSecurityAlertPoliciesClient
ServerVulnerabilityAssessmentsClient *sql201806.ServerVulnerabilityAssessmentsClient
}

func NewClient(o *common.ClientOptions) *Client {
ElasticPoolsClient := sql.NewElasticPoolsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&ElasticPoolsClient.Client, o.ResourceManagerAuthorizer)

DatabaseVulnerabilityAssessmentRuleBaselinesClient := sql201703.NewDatabaseVulnerabilityAssessmentRuleBaselinesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&DatabaseVulnerabilityAssessmentRuleBaselinesClient.Client, o.ResourceManagerAuthorizer)

ServerSecurityAlertPoliciesClient := sql201703.NewServerSecurityAlertPoliciesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&ServerSecurityAlertPoliciesClient.Client, o.ResourceManagerAuthorizer)

ServerVulnerabilityAssessmentsClient := sql201806.NewServerVulnerabilityAssessmentsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&ServerVulnerabilityAssessmentsClient.Client, o.ResourceManagerAuthorizer)

return &Client{
ElasticPoolsClient: &ElasticPoolsClient,
DatabaseVulnerabilityAssessmentRuleBaselinesClient: &DatabaseVulnerabilityAssessmentRuleBaselinesClient,
ServerSecurityAlertPoliciesClient: &ServerSecurityAlertPoliciesClient,
ServerVulnerabilityAssessmentsClient: &ServerVulnerabilityAssessmentsClient,
}
}
433 changes: 218 additions & 215 deletions azurerm/provider.go

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,244 @@
package azurerm

import (
"fmt"
"log"
"time"

"github.com/Azure/azure-sdk-for-go/services/preview/sql/mgmt/2017-03-01-preview/sql"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

func resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaseline() *schema.Resource {
return &schema.Resource{
Create: resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaselineCreateUpdate,
Read: resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaselineRead,
Update: resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaselineCreateUpdate,
Delete: resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaselineDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},

Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(30 * time.Minute),
Read: schema.DefaultTimeout(5 * time.Minute),
Update: schema.DefaultTimeout(30 * time.Minute),
Delete: schema.DefaultTimeout(30 * time.Minute),
},

Schema: map[string]*schema.Schema{
"server_vulnerability_assessment_id": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: azure.ValidateResourceID,
},

"database_name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: azure.ValidateMsSqlDatabaseName,
},

"rule_id": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
katbyte marked this conversation as resolved.
Show resolved Hide resolved

"baseline_name": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Default: string(sql.VulnerabilityAssessmentPolicyBaselineNameDefault),
ValidateFunc: validation.StringInSlice([]string{
string(sql.VulnerabilityAssessmentPolicyBaselineNameDefault),
string(sql.VulnerabilityAssessmentPolicyBaselineNameMaster),
}, false),
},

"baseline_result": {
Type: schema.TypeSet,
Required: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"result": {
Type: schema.TypeList,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validate.NoEmptyStrings,
},
},
},
},
},
},
}
}

func resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaselineCreateUpdate(d *schema.ResourceData, meta interface{}) error {
client := meta.(*ArmClient).MSSQL.DatabaseVulnerabilityAssessmentRuleBaselinesClient
ctx, cancel := timeouts.ForCreateUpdate(meta.(*ArmClient).StopContext, d)
defer cancel()

log.Printf("[INFO] preparing arguments for Azure ARM Vulnerability Assessment Rule Baselines creation.")

vulnerabilityAssessmentId, err := azure.ParseAzureResourceID(d.Get("server_vulnerability_assessment_id").(string))
if err != nil {
return err
}

resourceGroupName := vulnerabilityAssessmentId.ResourceGroup
serverName := vulnerabilityAssessmentId.Path["servers"]
vulnerabilityAssessmentClient := meta.(*ArmClient).MSSQL.ServerVulnerabilityAssessmentsClient

vulnerabilityAssessment, err := vulnerabilityAssessmentClient.Get(ctx, resourceGroupName, serverName)
if err != nil {
return fmt.Errorf("Error retrieving Server Vulnerability Assessment Settings: %+v", err)
}
if vulnerabilityAssessment.StorageContainerPath == nil {
return fmt.Errorf("Storage Container Path not set in Server Vulnerability Assessment Settings")
}

databaseName := d.Get("database_name").(string)
ruleId := d.Get("rule_id").(string)
baselineName := sql.VulnerabilityAssessmentPolicyBaselineName(d.Get("baseline_name").(string))
parameters := expandBaselineResults(d.Get("baseline_result").(*schema.Set))

result, err := client.CreateOrUpdate(ctx, resourceGroupName, serverName, databaseName, ruleId, baselineName, *parameters)
if err != nil {
return fmt.Errorf("error updataing database vulnerability assessment rule baseline: %s", err)
}

d.SetId(*result.ID)

return resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaselineRead(d, meta)
}

func resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaselineRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*ArmClient).MSSQL.DatabaseVulnerabilityAssessmentRuleBaselinesClient
ctx, cancel := timeouts.ForRead(meta.(*ArmClient).StopContext, d)
defer cancel()

log.Printf("[INFO] Reading Azure ARM Vulnerability Assessment Rule Baselines.")

id, err := azure.ParseAzureResourceID(d.Id())
if err != nil {
return err
}

resourceGroupName := id.ResourceGroup
serverName := id.Path["servers"]
databaseName := id.Path["databases"]
ruleId := id.Path["rules"]
baselineName := sql.VulnerabilityAssessmentPolicyBaselineName(id.Path["baselines"])

result, err := client.Get(ctx, resourceGroupName, serverName, databaseName, ruleId, baselineName)
if err != nil {
if utils.ResponseWasNotFound(result.Response) {
log.Printf("[WARN] Vulnerability Assessment Rule Baseline %s not found", id)
d.SetId("")
return nil
}

return fmt.Errorf("error making Read request to Vulnerability Assessment Rule Baselines: %+v", err)
}

vulnerabilityAssessmentClient := meta.(*ArmClient).MSSQL.ServerVulnerabilityAssessmentsClient
vulnerabilityAssessment, err := vulnerabilityAssessmentClient.Get(ctx, resourceGroupName, serverName)
if err != nil {
return fmt.Errorf("Error retrieving Server Vulnerability Assessment Settings: %+v", err)
}
d.Set("server_vulnerability_assessment_id", vulnerabilityAssessment.ID)

d.Set("database_name", databaseName)
d.Set("rule_id", ruleId)
d.Set("baseline_name", baselineName)

if baselineResults := result.BaselineResults; baselineResults != nil {
d.Set("baseline_result", flattenBaselineResult(baselineResults))
}

return nil
}

func resourceArmMssqlDatabaseVulnerabilityAssessmentRuleBaselineDelete(d *schema.ResourceData, meta interface{}) error {
client := meta.(*ArmClient).MSSQL.DatabaseVulnerabilityAssessmentRuleBaselinesClient
ctx, cancel := timeouts.ForDelete(meta.(*ArmClient).StopContext, d)
defer cancel()

log.Printf("[INFO] Deleting Azure ARM Vulnerability Assessment Rule Baselines.")

id, err := azure.ParseAzureResourceID(d.Id())
if err != nil {
return err
}

resourceGroupName := id.ResourceGroup
serverName := id.Path["servers"]
databaseName := id.Path["databases"]
ruleId := id.Path["rules"]
baselineName := sql.VulnerabilityAssessmentPolicyBaselineName(id.Path["baselines"])

result, err := client.Delete(ctx, resourceGroupName, serverName, databaseName, ruleId, baselineName)
if err != nil {
if utils.ResponseWasNotFound(result) {
log.Printf("[DEBUG] Vulnerability Assessment Rule Baseline %s not found", id)
return nil
}

return fmt.Errorf("error deleting Vulnerability Assessment Rule Baselines: %s", err)
}

return nil
}

func expandBaselineResults(baselineResult *schema.Set) *sql.DatabaseVulnerabilityAssessmentRuleBaseline {
baselineResultList := baselineResult.List()

baselineResults := make([]sql.DatabaseVulnerabilityAssessmentRuleBaselineItem, len(baselineResultList))

for i, baselineResult := range baselineResultList {
result := make([]string, 0)
baselineResultMap := baselineResult.(map[string]interface{})

for _, s := range baselineResultMap["result"].([]interface{}) {
result = append(result, s.(string))
}

baselineResults[i] = sql.DatabaseVulnerabilityAssessmentRuleBaselineItem{
Result: &result,
}
}

return &sql.DatabaseVulnerabilityAssessmentRuleBaseline{
DatabaseVulnerabilityAssessmentRuleBaselineProperties: &sql.DatabaseVulnerabilityAssessmentRuleBaselineProperties{
BaselineResults: &baselineResults,
},
}
}

func flattenBaselineResult(baselineResults *[]sql.DatabaseVulnerabilityAssessmentRuleBaselineItem) []map[string]interface{} {
resp := make([]map[string]interface{}, 0)

if baselineResults != nil {
for _, baselineResult := range *baselineResults {
output := map[string]interface{}{}

if result := baselineResult.Result; result != nil {
output["result"] = *result
}

resp = append(resp, output)
}
}

return resp
}
Loading