Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add google_chronicle_watchlist resource to chronicle #12648

Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
127 changes: 127 additions & 0 deletions mmv1/products/chronicle/Watchlist.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
name: Watchlist
description: A watchlist is a list of entities that allows for bulk operations over the included entities.
min_version: beta
references:
guides:
'Google SecOps Guides': 'https://cloud.google.com/chronicle/docs/secops/secops-overview'
api: 'https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.watchlists'
base_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists
self_link: projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists/{{watchlist_id}}
create_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists?watchlistId={{watchlist_id}}
id_format: projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists/{{watchlist_id}}
import_format:
- projects/{{project}}/locations/{{location}}/instances/{{instance}}/watchlists/{{watchlist_id}}
update_verb: PATCH
update_mask: true

examples:
- name: 'chronicle_watchlist_basic'
primary_resource_id: 'example'
min_version: 'beta'
vars:
name: watchlist-name
description: watchlist-description
test_env_vars:
chronicle_id: 'CHRONICLE_ID'

parameters:
- name: location
type: String
description: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
zli82016 marked this conversation as resolved.
Show resolved Hide resolved
immutable: true
url_param_only: true
required: true
- name: instance
type: String
description: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
zli82016 marked this conversation as resolved.
Show resolved Hide resolved
immutable: true
url_param_only: true
required: true
- name: watchlistId
type: String
description: |-
Optional. The ID to use for the watchlist,
which will become the final component of the watchlist's resource name.
This value should be 4-63 characters, and valid characters
are /a-z-/.
immutable: true
url_param_only: true
required: true
properties:
- name: name
type: String
description: |-
Identifier. Resource name of the watchlist.
Format:
projects/{project}/locations/{location}/instances/{instance}/watchlists/{watchlist}
default_from_api: true
ankitgoyal0301 marked this conversation as resolved.
Show resolved Hide resolved
- name: multiplyingFactor
type: Double
description: |-
Optional. Weight applied to the risk score for entities
in this watchlist.
The default is 1.0 if it is not specified.
zli82016 marked this conversation as resolved.
Show resolved Hide resolved
- name: createTime
type: String
description: Output only. Time the watchlist was created.
output: true
- name: updateTime
type: String
description: Output only. Time the watchlist was last updated.
output: true
- name: displayName
type: String
description: |-
Required. Display name of the watchlist.
Note that it must be at least one character and less than 63 characters
(https://google.aip.dev/148).
required: true
- name: description
type: String
description: Optional. Description of the watchlist.
- name: entityPopulationMechanism
type: NestedObject
description: Mechanism to populate entities in the watchlist.
required: true
properties:
- name: manual
type: NestedObject
description: Entities are added manually.
allow_empty_object: true
send_empty_value: true
properties:
[] # Meant to be an empty object with no properties.
- name: entityCount
type: NestedObject
description: Count of different types of entities in the watchlist.
output: true
properties:
- name: user
type: Integer
description: Output only. Count of user type entities in the watchlist.
output: true
- name: asset
type: Integer
description: Output only. Count of asset type entities in the watchlist.
output: true
- name: watchlistUserPreferences
type: NestedObject
description: A collection of user preferences for watchlist UI configuration.
properties:
- name: pinned
type: Boolean
description: Optional. Whether the watchlist is pinned on the dashboard.
22 changes: 22 additions & 0 deletions mmv1/products/chronicle/product.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
name: Chronicle
display_name: Chronicle
scopes:
- https://www.googleapis.com/auth/cloud-platform
versions:
- base_url: https://{{location}}-chronicle.googleapis.com/v1beta/
name: beta
caibaseurl: ""
ankitgoyal0301 marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
provider "google-beta" {
user_project_override = true
}
ankitgoyal0301 marked this conversation as resolved.
Show resolved Hide resolved

resource "google_chronicle_watchlist" "{{$.PrimaryResourceId}}" {
provider = "google-beta"
location = "us"
instance = "{{index $.TestEnvVars "chronicle_id"}}"
watchlist_id = "{{index $.Vars "name"}}"
description = "{{index $.Vars "description"}}"
display_name = "{{index $.Vars "name"}}"
multiplying_factor = 1
entity_population_mechanism {
manual {

}
}
watchlist_user_preferences {
pinned = true
}
}
ankitgoyal0301 marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,11 @@ var ServicesListBeta = mapOf(
"displayName" to "Certificatemanager",
"path" to "./google-beta/services/certificatemanager"
),
"chronicle" to mapOf(
"name" to "chronicle",
"displayName" to "Chronicle",
"path" to "./google-beta/services/chronicle"
),
"cloudasset" to mapOf(
"name" to "cloudasset",
"displayName" to "Cloudasset",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,11 @@ var ServicesListGa = mapOf(
"displayName" to "Certificatemanager",
"path" to "./google/services/certificatemanager"
),
"chronicle" to mapOf(
"name" to "chronicle",
"displayName" to "Chronicle",
"path" to "./google-beta/services/chronicle"
ankitgoyal0301 marked this conversation as resolved.
Show resolved Hide resolved
),
zli82016 marked this conversation as resolved.
Show resolved Hide resolved
"cloudasset" to mapOf(
"name" to "cloudasset",
"displayName" to "Cloudasset",
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
package chronicle_test

{{- if ne $.TargetVersionName "ga" }}

import (
"testing"

"github.com/hashicorp/terraform-plugin-testing/helper/resource"

"github.com/hashicorp/terraform-provider-google/google/acctest"
"github.com/hashicorp/terraform-provider-google/google/envvar"
)

func TestAccChronicleWatchlist_chronicleWatchlistBasicExample_update(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"chronicle_id": envvar.GetTestChronicleInstanceIdFromEnv(t),
"random_suffix": acctest.RandString(t, 10),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
CheckDestroy: testAccCheckChronicleWatchlistDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccChronicleWatchlist_chronicleWatchlistBasicExample_basic(context),
},
{
ResourceName: "google_chronicle_watchlist.example",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"instance", "location", "watchlist_id"},
},
{
Config: testAccChronicleWatchlist_chronicleWatchlistBasicExample_update(context),
},
{
ResourceName: "google_chronicle_watchlist.example",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"instance", "location", "watchlist_id"},
},
},
})
}

func testAccChronicleWatchlist_chronicleWatchlistBasicExample_basic(context map[string]interface{}) string {
return acctest.Nprintf(`
provider "google-beta" {
user_project_override = true
}

resource "google_chronicle_watchlist" "example" {
provider = "google-beta"
location = "us"
instance = "%{chronicle_id}"
watchlist_id = "tf-test-watchlist-name%{random_suffix}"
description = "tf-test-watchlist-description%{random_suffix}"
display_name = "tf-test-watchlist-name%{random_suffix}"
multiplying_factor = 1
entity_population_mechanism {
manual {

}
}
ankitgoyal0301 marked this conversation as resolved.
Show resolved Hide resolved
}
`, context)
}

func testAccChronicleWatchlist_chronicleWatchlistBasicExample_update(context map[string]interface{}) string {
return acctest.Nprintf(`
provider "google-beta" {
user_project_override = true
}

resource "google_chronicle_watchlist" "example" {
provider = "google-beta"
location = "us"
instance = "%{chronicle_id}"
watchlist_id = "tf-test-watchlist-name%{random_suffix}"
description = "tf-test-watchlist-updated-description%{random_suffix}"
display_name = "tf-test-updated-watchlist%{random_suffix}"
multiplying_factor = 2
entity_population_mechanism {
manual {

}
}
watchlist_user_preferences {
pinned = true
}
ankitgoyal0301 marked this conversation as resolved.
Show resolved Hide resolved
}
`, context)
}
{{- end }}
Loading