misc azurerm

JamesWoolfenden · Dec 16, 2022 · 81a8d3d · 81a8d3d
1 parent 500977d
commit 81a8d3d
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 12 deletions.
diff --git a/src/azure.go b/src/azure.go
@@ -72,6 +72,8 @@ func GetAZUREResourcePermissions(result ResourceV2) ([]string, error) {
 		"azurerm_security_center_contact":              azurermSecurityCenterContact,
 		"azurerm_security_center_setting":              azurermSecurityCenterSetting,
 		"azurerm_security_center_workspace":            azurermSecurityCenterWorkspace,
+		"azurerm_log_analytics_solution":               azurermLogAnalyticsSolution,
+		"azurerm_role_assignment":                      azurermRoleAssignment,
 	}
 
 	var Permissions []string

diff --git a/src/files_azure.go b/src/files_azure.go
@@ -126,3 +126,9 @@ var azurermSecurityCenterSetting []byte
 
 //go:embed mapping/azurerm/resource/security/azurerm_security_center_workspace.json
 var azurermSecurityCenterWorkspace []byte
+
+//go:embed mapping/azurerm/resource/operationsmanagement/azurerm_log_analytics_solution.json
+var azurermLogAnalyticsSolution []byte
+
+//go:embed mapping/azurerm/resource/authorization/azurerm_role_assignment.json
+var azurermRoleAssignment []byte
diff --git a/src/mapping/azurerm/resource/authorization/azurerm_role_assignment.json b/src/mapping/azurerm/resource/authorization/azurerm_role_assignment.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "Microsoft.Authorization/roleAssignments/read",
+      "Microsoft.Authorization/roleAssignments/write",
+      "Microsoft.Authorization/roleAssignments/delete"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "Microsoft.Authorization/roleAssignments/delete"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/azurerm/resource/operationsmanagement/azurerm_log_analytics_solution.json b/src/mapping/azurerm/resource/operationsmanagement/azurerm_log_analytics_solution.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "Microsoft.OperationsManagement/solutions/read",
+      "Microsoft.OperationsManagement/solutions/write",
+      "Microsoft.OperationsManagement/solutions/delete"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "Microsoft.OperationsManagement/solutions/delete"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/terraform/azurerm/backup/azurerm_log_analytics_solution.tf b/terraform/azurerm/backup/azurerm_log_analytics_solution.tf
@@ -0,0 +1,12 @@
+resource "azurerm_log_analytics_solution" "pike" {
+  solution_name         = "ContainerInsights"
+  location              = "uksouth"
+  resource_group_name   = "pike"
+  workspace_resource_id = "/subscriptions/037ce662-dfc1-4b8b-a8a7-6c414b540ed6/resourceGroups/pike/providers/Microsoft.OperationalInsights/workspaces/pike"
+  workspace_name        = "pike"
+
+  plan {
+    publisher = "Microsoft"
+    product   = "OMSGallery/ContainerInsights"
+  }
+}
diff --git a/terraform/azurerm/backup/azurerm_role_assignment.tf b/terraform/azurerm/backup/azurerm_role_assignment.tf
@@ -0,0 +1,11 @@
+data "azurerm_subscription" "primary" {
+}
+
+data "azurerm_client_config" "example" {
+}
+
+resource "azurerm_role_assignment" "example" {
+  scope                = data.azurerm_subscription.primary.id
+  role_definition_name = "Reader"
+  principal_id         = data.azurerm_client_config.example.object_id
+}
diff --git a/terraform/azurerm/role/azurerm_role_definition.tf b/terraform/azurerm/role/azurerm_role_definition.tf
@@ -5,16 +5,17 @@ resource "azurerm_role_definition" "example" {
 
   permissions {
     actions = [
-      "Microsoft.Security/workspaceSettings/read",
-      "Microsoft.Security/workspaceSettings/write",
-      "Microsoft.Security/workspaceSettings/delete",
+      #analytics
+      "Microsoft.OperationsManagement/solutions/read",
+      "Microsoft.OperationsManagement/solutions/write",
+      "Microsoft.OperationsManagement/solutions/delete",
 
-      "Microsoft.Security/securityContacts/read",
-      "Microsoft.Security/securityContacts/write",
-      "Microsoft.Security/securityContacts/delete",
+      "Microsoft.Resources/subscriptions/providers/read",
 
-      "Microsoft.Security/settings/read",
-      "Microsoft.Security/settings/write"
+      #role
+      "Microsoft.Authorization/roleAssignments/read",
+      "Microsoft.Authorization/roleAssignments/write",
+      "Microsoft.Authorization/roleAssignments/delete"
     ]
     not_actions = []
   }

diff --git a/todo_azure.md b/todo_azure.md
@@ -35,10 +35,6 @@
 ./resource.ps1 azurerm_kusto_server
 azurerm_disk_encryption_set
 azurerm_kubernetes_cluster
-azurerm_log_analytics_solution
-./resource.ps1 azurerm_log_analytics_solution
-./resource.ps1 azurerm_role_assignment
-
 ./resource.ps1 azurerm_security_center_auto_provisioning
 ./resource.ps1 azurerm_security_center_automation
 ./resource.ps1 azurerm_security_center_subscription_pricing