From 910581c4b834975730bc85a37d7daed6457ed138 Mon Sep 17 00:00:00 2001 From: Johan Andersson Date: Tue, 5 Nov 2024 11:07:16 +0100 Subject: [PATCH] Add support for Azure Blob Storage protection (#204) --- docs/data-sources/azure_permissions.md | 6 +- docs/resources/azure_subscription.md | 17 +++++ go.mod | 2 +- go.sum | 4 +- .../provider/data_source_azure_permissions.go | 14 ++-- internal/provider/names.go | 1 + .../provider/resource_azure_subscription.go | 73 +++++++++++++++---- 7 files changed, 94 insertions(+), 23 deletions(-) diff --git a/docs/data-sources/azure_permissions.md b/docs/data-sources/azure_permissions.md index a95ac31..fd253b7 100644 --- a/docs/data-sources/azure_permissions.md +++ b/docs/data-sources/azure_permissions.md @@ -10,6 +10,7 @@ description: |- * AZURE_SQL_MI_PROTECTION * CLOUD_NATIVE_ARCHIVAL * CLOUD_NATIVE_ARCHIVAL_ENCRYPTION + * CLOUD_NATIVE_BLOB_PROTECTION * CLOUD_NATIVE_PROTECTION * EXOCOMPUTE See the subscription ../resources/azure_subscription resource for more information @@ -40,6 +41,7 @@ supported for Azure subscriptions are: * `AZURE_SQL_MI_PROTECTION` * `CLOUD_NATIVE_ARCHIVAL` * `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION` + * `CLOUD_NATIVE_BLOB_PROTECTION` * `CLOUD_NATIVE_PROTECTION` * `EXOCOMPUTE` @@ -99,8 +101,8 @@ resource "polaris_azure_subscription" "subscription" { ### Optional -- `feature` (String) RSC feature. Note that the feature name must be given in the `EXAMPLE_FEATURE_NAME` style. Possible values are `AZURE_SQL_DB_PROTECTION`, `AZURE_SQL_MI_PROTECTION`, `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`. -- `features` (Set of String, Deprecated) RSC features. Possible values are `AZURE_SQL_DB_PROTECTION`, `AZURE_SQL_MI_PROTECTION`, `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`. **Deprecated:** use `feature` instead. +- `feature` (String) RSC feature. Note that the feature name must be given in the `EXAMPLE_FEATURE_NAME` style. Possible values are `AZURE_SQL_DB_PROTECTION`, `AZURE_SQL_MI_PROTECTION`, `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_BLOB_PROTECTION`, `CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`. +- `features` (Set of String, Deprecated) RSC features. Possible values are `AZURE_SQL_DB_PROTECTION`, `AZURE_SQL_MI_PROTECTION`, `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_BLOB_PROTECTION`, `CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`. **Deprecated:** use `feature` instead. ### Read-Only diff --git a/docs/resources/azure_subscription.md b/docs/resources/azure_subscription.md index c0b8606..2e80344 100644 --- a/docs/resources/azure_subscription.md +++ b/docs/resources/azure_subscription.md @@ -152,6 +152,7 @@ resource "polaris_azure_subscription" "default" { - `cloud_native_archival` (Block List, Max: 1) Enable the RSC Cloud Native Archival feature for the Azure subscription. (see [below for nested schema](#nestedblock--cloud_native_archival)) - `cloud_native_archival_encryption` (Block List, Max: 1) Enable the RSC Cloud Native Archival Encryption feature for the Azure subscription. (see [below for nested schema](#nestedblock--cloud_native_archival_encryption)) +- `cloud_native_blob_protection` (Block List, Max: 1) Enable the RSC Cloud Native Protection feature for Azure Blob Storage. (see [below for nested schema](#nestedblock--cloud_native_blob_protection)) - `cloud_native_protection` (Block List, Max: 1) Enable the RSC Cloud Native Protection feature for the Azure subscription. (see [below for nested schema](#nestedblock--cloud_native_protection)) - `delete_snapshots_on_destroy` (Boolean) Should snapshots be deleted when the resource is destroyed. Default value is `false`. - `exocompute` (Block List, Max: 1) Enable the RSC Exocompute feature for the Azure subscription. (see [below for nested schema](#nestedblock--exocompute)) @@ -205,6 +206,22 @@ Read-Only: - `status` (String) Status of the Cloud Native Archival Encryption feature. + +### Nested Schema for `cloud_native_blob_protection` + +Required: + +- `regions` (Set of String) Azure regions that RSC will monitor for resources to protect according to SLA Domains. Should be specified in the standard Azure style, e.g. `eastus`. + +Optional: + +- `permissions` (String) Permissions updated signal. When this field changes, the provider will notify RSC that the permissions for the feature has been updated. Use this field with the `polaris_azure_permissions` data source. + +Read-Only: + +- `status` (String) Status of the Cloud Native Blob Protection feature. + + ### Nested Schema for `cloud_native_protection` diff --git a/go.mod b/go.mod index 3741403..f453b75 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 github.com/hashicorp/terraform-plugin-docs v0.16.0 github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 - github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.11.0-beta.6 + github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.11.0-beta.7 ) require ( diff --git a/go.sum b/go.sum index 5268148..18014cd 100644 --- a/go.sum +++ b/go.sum @@ -270,8 +270,8 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.11.0-beta.6 h1:7tIuXO7wf/zLBmYtd3HXevp733UeHRY5VzrLSzgA57g= -github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.11.0-beta.6/go.mod h1:ryJGDKlbaCvozY3Wvt+TPSN2OZRChQedHUNsnVfCbXE= +github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.11.0-beta.7 h1:n3tfrj61TLoKKkywcboFjEb/sd+G53vJV13dfV14k3Q= +github.com/rubrikinc/rubrik-polaris-sdk-for-go v0.11.0-beta.7/go.mod h1:ryJGDKlbaCvozY3Wvt+TPSN2OZRChQedHUNsnVfCbXE= github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww= github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= diff --git a/internal/provider/data_source_azure_permissions.go b/internal/provider/data_source_azure_permissions.go index 1660d80..69bf5b1 100644 --- a/internal/provider/data_source_azure_permissions.go +++ b/internal/provider/data_source_azure_permissions.go @@ -41,6 +41,7 @@ supported for Azure subscriptions are: * ´AZURE_SQL_MI_PROTECTION´ * ´CLOUD_NATIVE_ARCHIVAL´ * ´CLOUD_NATIVE_ARCHIVAL_ENCRYPTION´ + * ´CLOUD_NATIVE_BLOB_PROTECTION´ * ´CLOUD_NATIVE_PROTECTION´ * ´EXOCOMPUTE´ @@ -105,11 +106,12 @@ func dataSourceAzurePermissions() *schema.Resource { ExactlyOneOf: []string{keyFeature, keyFeatures}, Description: "RSC feature. Note that the feature name must be given in the `EXAMPLE_FEATURE_NAME` " + "style. Possible values are `AZURE_SQL_DB_PROTECTION`, `AZURE_SQL_MI_PROTECTION`, " + - "`CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_PROTECTION` and " + - "`EXOCOMPUTE`.", + "`CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_BLOB_PROTECTION`, " + + "`CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`.", ValidateFunc: validation.StringInSlice([]string{ "AZURE_SQL_DB_PROTECTION", "AZURE_SQL_MI_PROTECTION", "CLOUD_NATIVE_ARCHIVAL", - "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION", "CLOUD_NATIVE_PROTECTION", "EXOCOMPUTE", + "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION", "CLOUD_NATIVE_BLOB_PROTECTION", "CLOUD_NATIVE_PROTECTION", + "EXOCOMPUTE", }, false), }, keyFeatures: { @@ -118,14 +120,16 @@ func dataSourceAzurePermissions() *schema.Resource { Type: schema.TypeString, ValidateFunc: validation.StringInSlice([]string{ "AZURE_SQL_DB_PROTECTION", "AZURE_SQL_MI_PROTECTION", "CLOUD_NATIVE_ARCHIVAL", - "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION", "CLOUD_NATIVE_PROTECTION", "EXOCOMPUTE", + "CLOUD_NATIVE_ARCHIVAL_ENCRYPTION", "CLOUD_NATIVE_BLOB_PROTECTION", "CLOUD_NATIVE_PROTECTION", + "EXOCOMPUTE", }, false), }, MinItems: 1, Optional: true, Description: "RSC features. Possible values are `AZURE_SQL_DB_PROTECTION`, " + "`AZURE_SQL_MI_PROTECTION`, `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, " + - "`CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`. **Deprecated:** use `feature` instead.", + "`CLOUD_NATIVE_BLOB_PROTECTION`, `CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`. **Deprecated:** " + + "use `feature` instead.", Deprecated: "use `feature` instead", }, keyHash: { diff --git a/internal/provider/names.go b/internal/provider/names.go index 20f7f2d..0aadd7c 100644 --- a/internal/provider/names.go +++ b/internal/provider/names.go @@ -42,6 +42,7 @@ const ( keyCloudComputeSettings = "cloud_compute_settings" keyCloudNativeArchival = "cloud_native_archival" keyCloudNativeArchivalEncryption = "cloud_native_archival_encryption" + keyCloudNativeBlobProtection = "cloud_native_blob_protection" keyCloudNativeProtection = "cloud_native_protection" keyClusterID = "cluster_id" keyClusterName = "cluster_name" diff --git a/internal/provider/resource_azure_subscription.go b/internal/provider/resource_azure_subscription.go index 3afd56d..8794763 100644 --- a/internal/provider/resource_azure_subscription.go +++ b/internal/provider/resource_azure_subscription.go @@ -157,7 +157,7 @@ func resourceAzureSubscription() *schema.Resource { MaxItems: 1, Optional: true, AtLeastOneOf: []string{ - keyCloudNativeArchival, + keyCloudNativeBlobProtection, keyCloudNativeProtection, keyExocompute, keySQLDBProtection, @@ -261,6 +261,46 @@ func resourceAzureSubscription() *schema.Resource { }, Description: "Enable the RSC Cloud Native Archival Encryption feature for the Azure subscription.", }, + keyCloudNativeBlobProtection: { + Type: schema.TypeList, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + keyPermissions: { + Type: schema.TypeString, + Optional: true, + Description: "Permissions updated signal. When this field changes, the provider will notify " + + "RSC that the permissions for the feature has been updated. Use this field with the " + + "`polaris_azure_permissions` data source.", + ValidateFunc: validation.StringIsNotWhiteSpace, + }, + keyRegions: { + Type: schema.TypeSet, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + MinItems: 1, + Required: true, + Description: "Azure regions that RSC will monitor for resources to protect according to " + + "SLA Domains. Should be specified in the standard Azure style, e.g. `eastus`.", + }, + keyStatus: { + Type: schema.TypeString, + Computed: true, + Description: "Status of the Cloud Native Blob Protection feature.", + }, + }, + }, + MaxItems: 1, + Optional: true, + AtLeastOneOf: []string{ + keyCloudNativeArchival, + keyCloudNativeProtection, + keyExocompute, + keySQLDBProtection, + keySQLMIProtection, + }, + Description: "Enable the RSC Cloud Native Protection feature for Azure Blob Storage.", + }, keyCloudNativeProtection: { Type: schema.TypeList, Elem: &schema.Resource{ @@ -328,7 +368,7 @@ func resourceAzureSubscription() *schema.Resource { Optional: true, AtLeastOneOf: []string{ keyCloudNativeArchival, - keyCloudNativeProtection, + keyCloudNativeBlobProtection, keyExocompute, keySQLDBProtection, keySQLMIProtection, @@ -408,8 +448,8 @@ func resourceAzureSubscription() *schema.Resource { Optional: true, AtLeastOneOf: []string{ keyCloudNativeArchival, + keyCloudNativeBlobProtection, keyCloudNativeProtection, - keyExocompute, keySQLDBProtection, keySQLMIProtection, }, @@ -448,9 +488,9 @@ func resourceAzureSubscription() *schema.Resource { Optional: true, AtLeastOneOf: []string{ keyCloudNativeArchival, + keyCloudNativeBlobProtection, keyCloudNativeProtection, keyExocompute, - keySQLDBProtection, keySQLMIProtection, }, Description: "Enable the RSC SQL DB Protection feature for the Azure subscription.", @@ -488,10 +528,10 @@ func resourceAzureSubscription() *schema.Resource { Optional: true, AtLeastOneOf: []string{ keyCloudNativeArchival, + keyCloudNativeBlobProtection, keyCloudNativeProtection, keyExocompute, keySQLDBProtection, - keySQLMIProtection, }, Description: "Enable the RSC SQL MI Protection feature for the Azure subscription.", }, @@ -841,34 +881,41 @@ var azureKeyFeatureMap = map[string]orderedFeature{ orderSplitAdd: 203, orderSplitRemove: 200, }, - keyCloudNativeProtection: { - feature: core.FeatureCloudNativeProtection, + keyCloudNativeBlobProtection: { + feature: core.FeatureCloudNativeBlobProtection, orderAdd: 102, orderRemove: 302, orderSplitAdd: 205, orderSplitRemove: 204, }, - keyExocompute: { - feature: core.FeatureExocompute, + keyCloudNativeProtection: { + feature: core.FeatureCloudNativeProtection, orderAdd: 103, orderRemove: 303, orderSplitAdd: 207, orderSplitRemove: 206, }, - keySQLDBProtection: { - feature: core.FeatureAzureSQLDBProtection, + keyExocompute: { + feature: core.FeatureExocompute, orderAdd: 104, orderRemove: 304, orderSplitAdd: 209, orderSplitRemove: 208, }, - keySQLMIProtection: { - feature: core.FeatureAzureSQLMIProtection, + keySQLDBProtection: { + feature: core.FeatureAzureSQLDBProtection, orderAdd: 105, orderRemove: 305, orderSplitAdd: 211, orderSplitRemove: 210, }, + keySQLMIProtection: { + feature: core.FeatureAzureSQLMIProtection, + orderAdd: 106, + orderRemove: 306, + orderSplitAdd: 213, + orderSplitRemove: 212, + }, } // addAzureFeature onboards the RSC feature for the Azure subscription.