Logic app slack

ops/pentest/_config.tf

@@ -10,6 +10,10 @@ terraform {
       source  = "hashicorp/azurerm"
       version = "~> 3.100.0"
     }
+    azapi = {
+      source  = "Azure/azapi"
+      version = "1.14.0"
+    }
   }
   required_version = "~> 1.3.3"
 }

ops/pentest/main.tf

@@ -102,3 +102,10 @@ module "app_service_autoscale" {
 
   tags = local.management_tags
 }
+
+module "logic_app_workflow" {
+  source = "../services/alerts/alert_app"
+
+  global_vault = data.azurerm_key_vault.global
+
+}

ops/services/alerts/alert_app/_var.tf

@@ -0,0 +1,32 @@
+variable "rg_name" {
+  description = "Name of resource group to deploy into"
+  type        = string
+  default     = "prime-simple-report-pentest"
+}
+
+variable "rg_location" {
+  description = "Location of resource group to deploy into"
+  type        = string
+  default     = "eastus"
+}
+
+variable "global_vault" {
+
+}
+
+variable "channel" {
+  default     = "project-sr-on-call-alerts"
+  description = "The Slack channel that the alerts are sent to."
+}
+
+
+variable "connection_name" {
+  type        = string
+  description = "This connection must be manually activated in the Azure Console after deployment to test other will have to wait for Alert Group to trigger it"
+  default     = "slack"
+}
+
+variable "logicAppName" {
+  default = "Slack-Integration-Workflow"
+
+}

ops/services/alerts/alert_app/data.tf

@@ -0,0 +1,19 @@
+data "azurerm_key_vault_secret" "azure_alert_slack_webhook" {
+  name         = "azure-alert-slack-webhook"
+  key_vault_id = var.global_vault.id
+}
+
+
+data "azurerm_subscription" "primary" {
+
+}
+
+# Resource Groups
+data "azurerm_resource_group" "rg" {
+  # Environments are assembled into shared resource groups by environment level.
+  name = "${local.project}-${local.name}-${local.env_level}"
+}
+
+data "azurerm_resource_group" "rg_global" {
+  name = "${local.project}-${local.name}-management"
+}

ops/services/alerts/alert_app/main.tf

@@ -0,0 +1,233 @@
+locals {
+  project   = "prime"
+  name      = "simple-report"
+  env_level = "pentest"
+  management_tags = {
+    prime-app      = "simple-report"
+    resource_group = data.azurerm_resource_group.rg.name
+  }
+}
+
+
+# Define the Logic App Workflow
+resource "azurerm_logic_app_workflow" "slack_workflow" {
+  name     = var.logicAppName
+  location = data.azurerm_resource_group.rg.location
+  parameters = {
+    "$connections" = "{\"slack\":{\"connectionId\":\"${data.azurerm_subscription.primary.id}/resourceGroups/${data.azurerm_resource_group.rg.name}/providers/Microsoft.Web/connections/slack\",\"connectionName\":\"slack\",\"id\":\"${data.azurerm_subscription.primary.id}/providers/Microsoft.Web/locations/eastus/managedApis/slack\"}}"
+  }
+  resource_group_name = data.azurerm_resource_group.rg.name
+  workflow_parameters = {
+    "$connections" = "{\"defaultValue\":{},\"type\":\"Object\"}"
+  }
+}
+
+
+# Define the Logic App Workflow Action
+resource "azurerm_logic_app_action_http" "workflow_action" {
+  logic_app_id = azurerm_logic_app_workflow.slack_workflow.id
+  name         = "Http"
+  method       = "POST"
+  #How to get this uri programmtically
+  uri = data.azurerm_key_vault_secret.azure_alert_slack_webhook.value
+  body = jsonencode({
+    "text" : "@{triggerBody()?['data']?['essentials']}"
+  })
+  headers = {
+    Content-Type = "application/json"
+  }
+}
+
+
+
+resource "azurerm_logic_app_trigger_http_request" "res-4" {
+  logic_app_id = azurerm_logic_app_workflow.slack_workflow.id
+  name         = "When a HTTP request is received"
+  schema       = <<SCHEMA
+{
+  "type": "Request",
+  "kind": "Http",
+  "inputs": {
+    "schema": {
+      "type": "object",
+      "properties": {
+        "schemaId": {
+          "type": "string"
+        },
+        "data": {
+          "type": "object",
+          "properties": {
+            "essentials": {
+              "type": "object",
+              "properties": {
+                "alertId": {
+                  "type": "string"
+                },
+                "alertRule": {
+                  "type": "string"
+                },
+                "severity": {
+                  "type": "string"
+                },
+                "signalType": {
+                  "type": "string"
+                },
+                "monitorCondition": {
+                  "type": "string"
+                },
+                "monitoringService": {
+                  "type": "string"
+                },
+                "alertTargetIDs": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "configurationItems": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "originAlertId": {
+                  "type": "string"
+                },
+                "firedDateTime": {
+                  "type": "string"
+                },
+                "resolvedDateTime": {
+                  "type": "string"
+                },
+                "description": {
+                  "type": "string"
+                },
+                "essentialsVersion": {
+                  "type": "string"
+                },
+                "alertContextVersion": {
+                  "type": "string"
+                }
+              }
+            },
+            "alertContext": {
+              "type": "object",
+              "properties": {
+                "properties": {},
+                "conditionType": {
+                  "type": "string"
+                },
+                "condition": {
+                  "type": "object",
+                  "properties": {
+                    "windowSize": {
+                      "type": "string"
+                    },
+                    "allOf": {
+                      "type": "array",
+                      "items": {
+                        "type": "object",
+                        "properties": {
+                          "metricName": {
+                            "type": "string"
+                          },
+                          "metricNamespace": {
+                            "type": "string"
+                          },
+                          "operator": {
+                            "type": "string"
+                          },
+                          "threshold": {
+                            "type": "string"
+                          },
+                          "timeAggregation": {
+                            "type": "string"
+                          },
+                          "dimensions": {
+                            "type": "array",
+                            "items": {
+                              "type": "object",
+                              "properties": {
+                                "name": {
+                                  "type": "string"
+                                },
+                                "value": {
+                                  "type": "string"
+                                }
+                              },
+                              "required": [
+                                "name",
+                                "value"
+                              ]
+                            }
+                          },
+                          "metricValue": {
+                            "type": "number"
+                          }
+                        },
+                        "required": [
+                          "metricName",
+                          "metricNamespace",
+                          "operator",
+                          "threshold",
+                          "timeAggregation",
+                          "dimensions",
+                          "metricValue"
+                        ]
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+SCHEMA
+}
+
+
+
+
+resource "azapi_resource" "createApiConnectionslack" {
+  type                      = "Microsoft.Web/connections@2015-08-01-preview"
+  name                      = var.connection_name
+  parent_id                 = data.azurerm_resource_group.rg.id
+  location                  = data.azurerm_resource_group.rg.location
+  schema_validation_enabled = false
+
+
+  body = jsonencode({
+    properties = {
+
+      api = {
+        name        = var.connection_name
+        displayName = "slack"
+        description = "Slack is a team communication tool, that brings together all of your team communications in one place, instantly searchable and available wherever you go."
+        iconUri     = "https://connectoricons-prod.azureedge.net/releases/v1.0.1669/1.0.1669.3522/slack/icon.png"
+        brandColor  = "#78D4B6"
+        id          = "${data.azurerm_subscription.primary.id}/providers/Microsoft.Web/locations/${data.azurerm_resource_group.rg_global.location}/managedApis/${var.connection_name}"
+        type        = "Microsoft.Web/locations/managedApis"
+      }
+    }
+  })
+}
+
+
+
+
+resource "azurerm_monitor_action_group" "on_call_action_group" {
+  name                = "OnCallEngineer"
+  resource_group_name = data.azurerm_resource_group.rg.name
+  short_name          = "OnCall"
+  logic_app_receiver {
+    name                    = var.logicAppName
+    resource_id             = azurerm_logic_app_workflow.slack_workflow.id
+    callback_url            = azurerm_logic_app_workflow.slack_workflow.access_endpoint
+    use_common_alert_schema = false
+  }
+}

ops/services/alerts/alert_app/provider.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.100.0"
+    }
+    azapi = {
+      source  = "Azure/azapi"
+      version = "1.14.0"
+    }
+  }
+}