Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource: azurerm_security_center_subscription_pricing #2043

Merged
merged 6 commits into from
Oct 13, 2018

Conversation

katbyte
Copy link
Collaborator

@katbyte katbyte commented Oct 9, 2018

No description provided.


# azurerm_securitycenter_subscription_pricing

Manages the subscription's Security Center pricing tier.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this resource need Owner permission here?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From memory I believe this does - but it'd be worth confirming/documenting here

},

Schema: map[string]*schema.Schema{
"tier": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the API support in-place update ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep

client := meta.(*ArmClient).securityCenterPricingClient
ctx := meta.(*ArmClient).StopContext

resp, err := client.GetSubscriptionPricing(ctx, "default")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

merge to single line?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It cannot be done as resp is used below

client := meta.(*ArmClient).securityCenterPricingClient
ctx := meta.(*ArmClient).StopContext

resp, err := client.GetSubscriptionPricing(ctx, "default")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we move "default" to a constant variable?


resp, err := client.GetSubscriptionPricing(ctx, "default")
if err != nil {
if utils.ResponseWasNotFound(resp.Response) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it because of terraform import ?

},
}

_, err := client.UpdateSubscriptionPricing(ctx, "default", pricing)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move to constant variable?

return fmt.Errorf("Error creating/updating Security Center Subscription pricing: %+v", err)
}

resp, err := client.GetSubscriptionPricing(ctx, "default")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the GetSubscriptionPricing duplicated with resourceArmSecurityCenterSubscriptionPricingRead ?

Copy link
Contributor

@metacpp metacpp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with some suggestions.

Copy link
Contributor

@tombuildsstuff tombuildsstuff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few minor comments but this otherwise LGTM 👍

"tier": {
Type: schema.TypeString,
Required: true,
DiffSuppressFunc: suppress.CaseDifference,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can remove this since we're requiring the case matches below

}

func resourceArmSecurityCenterSubscriptionPricingDelete(_ *schema.ResourceData, _ interface{}) error {
return nil //cannot be deleted
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we revert to whatever the default value is? we do this for the Postgresql/MySql configuration value resources

"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

func resourceArmSecurityCenterSubscriptionPricing() *schema.Resource {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thinking about this longer term - I think this'd make more sense as a nested element on the azurerm_subscription resource (but this is fine as an independent resource for the moment) 🤔

@@ -243,6 +243,7 @@ func Provider() terraform.ResourceProvider {
"azurerm_route": resourceArmRoute(),
"azurerm_route_table": resourceArmRouteTable(),
"azurerm_search_service": resourceArmSearchService(),
"azurerm_securitycenter_subscription_pricing": resourceArmSecurityCenterSubscriptionPricing(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

securitycenter -> security_center

azurerm/config.go Show resolved Hide resolved
page_title: "Azure Resource Manager: azurerm_securitycenter_subscription_pricing"
sidebar_current: "docs-azurerm-securitycenter-subscription-pricing"
description: |-
Manages the subscription's Security Center pricing tier.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this'd read clearer as Manages the Pricing Tier for Azure Security Center in the current subscription - what do you think (and below too)


# azurerm_securitycenter_subscription_pricing

Manages the subscription's Security Center pricing tier.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From memory I believe this does - but it'd be worth confirming/documenting here


* `tier` - (Required) The pricing tier to use. Must be one of `Free` or `Standard`.

~> **NOTE:** Changing the pricing tier to `Standard` affects all resources in the subscription and could be quite costly.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

katbyte added a commit that referenced this pull request Oct 13, 2018
@katbyte katbyte force-pushed the r-security-pricing branch from 8fa67b0 to 0f32cf6 Compare October 13, 2018 02:04
katbyte added a commit that referenced this pull request Oct 13, 2018
@katbyte katbyte force-pushed the r-security-pricing branch from 0f32cf6 to 1ee95b2 Compare October 13, 2018 02:05
@katbyte
Copy link
Collaborator Author

katbyte commented Oct 13, 2018

Tests pass:

gofmt -w $(find . -name '*.go' |grep -v vendor)
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./azurerm -v -test.run=TestAccAzureRMSecurityCenterSubscriptionPricing -timeout 180m
=== RUN   TestAccAzureRMSecurityCenterSubscriptionPricing_update
--- PASS: TestAccAzureRMSecurityCenterSubscriptionPricing_update (39.38s)
PASS
ok  	github.com/terraform-providers/terraform-provider-azurerm/azurerm	39.416s

Copy link
Contributor

@tombuildsstuff tombuildsstuff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a few minor things but this otherwise LGTM 👍

)

func TestAccAzureRMSecurityCenterSubscriptionPricing_update(t *testing.T) {
resourceName := "azurerm_security_center_subscription_pricing.test"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is fine for now - we may want to add a feature-toggle for this in time

The pricing tier can be imported using the `resource id`, e.g.

```shell
terraform import azurerm_securitycenter_subscription_pricing.example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Security/pricings/default
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

securitycenter -> security_center


The following arguments are supported:

* `tier` - (Required) The pricing tier to use. Must be one of `Free` or `Standard`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to match the other resources this'd be better as:

Possible values are `Free` and `Standard`


Manages the Pricing Tier for Azure Security Center in the current subscription.

~> **NOTE:** Owner access permission is required.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this be clearer as:

This resource requires the `Owner` permission on the Subscription

@tombuildsstuff tombuildsstuff changed the title New Resource: azurerm_securitycenter_subscription_pricing New Resource: azurerm_security_center_subscription_pricing Oct 13, 2018

# azurerm_security_center_subscription_pricing

Manages the Pricing Tier for Azure Security Center in the current subscription.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO we should add a note about Deletion here

katbyte added a commit that referenced this pull request Oct 13, 2018
@katbyte katbyte force-pushed the r-security-pricing branch from 433fac6 to 4a4268b Compare October 13, 2018 03:47
@katbyte katbyte merged commit 434862d into master Oct 13, 2018
@katbyte katbyte deleted the r-security-pricing branch October 13, 2018 03:52
katbyte added a commit that referenced this pull request Oct 13, 2018
@ghost
Copy link

ghost commented Mar 6, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 6, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants