Skip to content

Commit

Permalink
Add google_chronicle_rule_deployment resource to chronicle
Browse files Browse the repository at this point in the history
  • Loading branch information
ankitgoyal0301 committed Jan 10, 2025
1 parent b60c430 commit ac32ae6
Show file tree
Hide file tree
Showing 3 changed files with 249 additions and 0 deletions.
135 changes: 135 additions & 0 deletions mmv1/products/chronicle/RuleDeployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
# Copyright 2025 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
name: RuleDeployment
description: The RuleDeployment resource represents the deployment state of a Rule.
min_version: 'beta'
references:
guides:
'Google SecOps Guides': 'https://cloud.google.com/chronicle/docs/secops/secops-overview'
api: 'https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/RuleDeployment'
base_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rules}}/deployments
self_link: projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment
create_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment?updateMask=enabled,alerting,archived,runFrequency
id_format: projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment
import_format:
- projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment
create_verb: PATCH
update_verb: PATCH
update_mask: true
exclude_delete: true

examples:
- name: 'chronicle_ruledeployment_basic'
primary_resource_id: 'example'
min_version: 'beta'
test_env_vars:
chronicle_id: 'CHRONICLE_ID'

parameters:
- name: location
type: String
description: The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
immutable: true
url_param_only: true
required: true
- name: instance
type: String
description: The unique identifier for the Chronicle instance, which is the same as the customer ID.
immutable: true
url_param_only: true
required: true
- name: rule
type: String
description: The Rule ID of the rule.
immutable: true
url_param_only: true
required: true
properties:
- name: name
type: String
description: |-
The resource name of the rule deployment.
Note that RuleDeployment is a child of the overall Rule, not any individual
revision, so the resource ID segment for the Rule resource must not
reference a specific revision.
Format:
projects/{project}/locations/{location}/instances/{instance}/rules/{rule}/deployment
output: true
- name: enabled
type: Boolean
description: Whether the rule is currently deployed continuously against incoming data.
- name: alerting
type: Boolean
description: |-
Whether detections resulting from this deployment should be considered
alerts.
- name: archived
type: Boolean
description: |-
The archive state of the rule deployment.
Cannot be set to true unless enabled is set to false.
If set to true, alerting will automatically be set to false.
If currently set to true, enabled, alerting, and run_frequency cannot be
updated.
- name: archiveTime
type: String
description: Output only. The timestamp when the rule deployment archive state was last set to true.
If the rule deployment's current archive state is not set to true, the field will be empty.
output: true
- name: runFrequency
type: String
description: |2-
The run frequency of the rule deployment.
Possible values:
LIVE
HOURLY
DAILY
- name: executionState
type: String
description: |2-
The execution state of the rule deployment.
Possible values:
DEFAULT
LIMITED
PAUSED
output: true
- name: producerRules
type: Array
description: |2-
Output only. The names of the associated/chained producer rules. Rules are considered
producers for this rule if this rule explicitly filters on their ruleid.
Format:
projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
output: true
item_type:
type: String
- name: consumerRules
type: Array
description: |2-
Output only. The names of the associated/chained consumer rules. Rules are considered
consumers of this rule if their rule text explicitly filters on this rule's ruleid.
Format:
projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
output: true
item_type:
type: String
- name: lastAlertStatusChangeTime
type: String
description: Output only. The timestamp when the rule deployment alert state was lastly changed.
This is filled regardless of the current alert state.E.g. if the current alert status is false,
this timestamp will be the timestamp when the alert status was changed to false.
output: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
resource "google_chronicle_rule" "my-rule" {
provider = "google-beta"
location = "us"
instance = "{{index $.TestEnvVars "chronicle_id"}}"
text = <<-EOT
rule test_rule { meta: events: $userid = $e.principal.user.userid match: $userid over 10m condition: $e }
EOT
}

resource "google_chronicle_rule_deployment" "{{$.PrimaryResourceId}}" {
provider = "google-beta"
location = "us"
instance = "{{index $.TestEnvVars "chronicle_id"}}"
rule = element(split("/", resource.google_chronicle_rule.my-rule.name), length(split("/", resource.google_chronicle_rule.my-rule.name)) - 1)
enabled = true
alerting = true
archived = false
run_frequency = "DAILY"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
package chronicle_test

{{- if ne $.TargetVersionName "ga" }}

import (
"testing"

"github.com/hashicorp/terraform-plugin-testing/helper/resource"

"github.com/hashicorp/terraform-provider-google/google/acctest"
"github.com/hashicorp/terraform-provider-google/google/envvar"
)

func TestAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_update(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"chronicle_id": envvar.GetTestChronicleInstanceIdFromEnv(t),
"random_suffix": acctest.RandString(t, 10),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
Steps: []resource.TestStep{
{
Config: testAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_basic(context),
},
{
ResourceName: "google_chronicle_rule_deployment.example",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"instance", "location", "rule"},
},
{
Config: testAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_update(context),
},
{
ResourceName: "google_chronicle_rule_deployment.example",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"instance", "location", "rule"},
},
},
})
}

func testAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_basic(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_chronicle_rule" "my-rule" {
provider = "google-beta"
location = "us"
instance = "%{chronicle_id}"
text = <<-EOT
rule test_rule { meta: events: $userid = $e.principal.user.userid match: $userid over 10m condition: $e }
EOT
}

resource "google_chronicle_rule_deployment" "example" {
provider = "google-beta"
location = "us"
instance = "%{chronicle_id}"
rule = element(split("/", resource.google_chronicle_rule.my-rule.name), length(split("/", resource.google_chronicle_rule.my-rule.name)) - 1)
enabled = true
alerting = true
archived = false
run_frequency = "DAILY"
}
`, context)
}

func testAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_update(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_chronicle_rule" "my-rule" {
provider = "google-beta"
location = "us"
instance = "%{chronicle_id}"
text = <<-EOT
rule test_rule { meta: events: $userid = $e.principal.user.userid match: $userid over 10m condition: $e }
EOT
}

resource "google_chronicle_rule_deployment" "example" {
provider = "google-beta"
location = "us"
instance = "%{chronicle_id}"
rule = element(split("/", resource.google_chronicle_rule.my-rule.name), length(split("/", resource.google_chronicle_rule.my-rule.name)) - 1)
enabled = false
alerting = false
archived = false
run_frequency = "HOURLY"
}
`, context)
}
{{- end }}

0 comments on commit ac32ae6

Please sign in to comment.