Add google_chronicle_rule_deployment resource to chronicle (GoogleCloudPlatform#12729)

ankitgoyal0301 · anoopkverma-google · commit 1afb9fc8406d · 2025-01-31T12:17:54.000+05:30
diff --git a/mmv1/products/chronicle/RuleDeployment.yaml b/mmv1/products/chronicle/RuleDeployment.yaml
@@ -0,0 +1,135 @@
+# Copyright 2025 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: RuleDeployment
+description: The RuleDeployment resource represents the deployment state of a Rule.
+min_version: 'beta'
+references:
+  guides:
+    'Google SecOps Guides': 'https://cloud.google.com/chronicle/docs/secops/secops-overview'
+  api: 'https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/RuleDeployment'
+base_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rules}}/deployments
+self_link: projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment
+create_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment?updateMask=enabled,alerting,archived,runFrequency
+id_format: projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment
+import_format:
+  - projects/{{project}}/locations/{{location}}/instances/{{instance}}/rules/{{rule}}/deployment
+create_verb: PATCH
+update_verb: PATCH
+update_mask: true
+exclude_delete: true
+
+examples:
+  - name: 'chronicle_ruledeployment_basic'
+    primary_resource_id: 'example'
+    min_version: 'beta'
+    test_env_vars:
+      chronicle_id: 'CHRONICLE_ID'
+
+parameters:
+  - name: location
+    type: String
+    description: The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2".
+    immutable: true
+    url_param_only: true
+    required: true
+  - name: instance
+    type: String
+    description: The unique identifier for the Chronicle instance, which is the same as the customer ID.
+    immutable: true
+    url_param_only: true
+    required: true
+  - name: rule
+    type: String
+    description: The Rule ID of the rule.
+    immutable: true
+    url_param_only: true
+    required: true
+properties:
+  - name: name
+    type: String
+    description: |-
+      The resource name of the rule deployment.
+      Note that RuleDeployment is a child of the overall Rule, not any individual
+      revision, so the resource ID segment for the Rule resource must not
+      reference a specific revision.
+      Format:
+      projects/{project}/locations/{location}/instances/{instance}/rules/{rule}/deployment
+    output: true
+  - name: enabled
+    type: Boolean
+    description: Whether the rule is currently deployed continuously against incoming data.
+  - name: alerting
+    type: Boolean
+    description: |-
+      Whether detections resulting from this deployment should be considered
+      alerts.
+  - name: archived
+    type: Boolean
+    description: |-
+      The archive state of the rule deployment.
+      Cannot be set to true unless enabled is set to false.
+      If set to true, alerting will automatically be set to false.
+      If currently set to true, enabled, alerting, and run_frequency cannot be
+      updated.
+  - name: archiveTime
+    type: String
+    description: Output only. The timestamp when the rule deployment archive state was last set to true.
+      If the rule deployment's current archive state is not set to true, the field will be empty.
+    output: true
+  - name: runFrequency
+    type: String
+    description: |2-
+
+      The run frequency of the rule deployment.
+      Possible values:
+      LIVE
+      HOURLY
+      DAILY
+  - name: executionState
+    type: String
+    description: |2-
+
+      The execution state of the rule deployment.
+      Possible values:
+      DEFAULT
+      LIMITED
+      PAUSED
+    output: true
+  - name: producerRules
+    type: Array
+    description: |2-
+      Output only. The names of the associated/chained producer rules. Rules are considered
+      producers for this rule if this rule explicitly filters on their ruleid.
+      Format:
+      projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
+    output: true
+    item_type:
+      type: String
+  - name: consumerRules
+    type: Array
+    description: |2-
+      Output only. The names of the associated/chained consumer rules. Rules are considered
+      consumers of this rule if their rule text explicitly filters on this rule's ruleid.
+      Format:
+      projects/{project}/locations/{location}/instances/{instance}/rules/{rule}
+    output: true
+    item_type:
+      type: String
+  - name: lastAlertStatusChangeTime
+    type: String
+    description: Output only. The timestamp when the rule deployment alert state was lastly changed.
+      This is filled regardless of the current alert state.E.g. if the current alert status is false,
+      this timestamp will be the timestamp when the alert status was changed to false.
+    output: true
diff --git a/mmv1/templates/terraform/examples/chronicle_ruledeployment_basic.tf.tmpl b/mmv1/templates/terraform/examples/chronicle_ruledeployment_basic.tf.tmpl
@@ -0,0 +1,19 @@
+resource "google_chronicle_rule" "my-rule" {
+ provider = "google-beta"
+ location = "us"
+ instance = "{{index $.TestEnvVars "chronicle_id"}}"
+ text = <<-EOT
+             rule test_rule { meta: events:  $userid = $e.principal.user.userid  match: $userid over 10m condition: $e }
+         EOT
+}
+
+resource "google_chronicle_rule_deployment" "{{$.PrimaryResourceId}}" {
+ provider = "google-beta"
+ location = "us"
+ instance = "{{index $.TestEnvVars "chronicle_id"}}"
+ rule = element(split("/", resource.google_chronicle_rule.my-rule.name), length(split("/", resource.google_chronicle_rule.my-rule.name)) - 1)
+ enabled = true
+ alerting = true
+ archived = false
+ run_frequency = "DAILY"
+}
diff --git a/mmv1/third_party/terraform/services/chronicle/resource_chronicle_rule_deployment_test.go.tmpl b/mmv1/third_party/terraform/services/chronicle/resource_chronicle_rule_deployment_test.go.tmpl
@@ -0,0 +1,95 @@
+package chronicle_test
+
+{{- if ne $.TargetVersionName "ga" }}
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+)
+
+func TestAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"chronicle_id":  envvar.GetTestChronicleInstanceIdFromEnv(t),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_basic(context),
+			},
+			{
+				ResourceName:            "google_chronicle_rule_deployment.example",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"instance", "location", "rule"},
+			},
+			{
+				Config: testAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_update(context),
+			},
+			{
+				ResourceName:            "google_chronicle_rule_deployment.example",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"instance", "location", "rule"},
+			},
+		},
+	})
+}
+
+func testAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_chronicle_rule" "my-rule" {
+ provider = "google-beta"
+ location = "us"
+ instance = "%{chronicle_id}"
+ text = <<-EOT
+             rule test_rule { meta: events:  $userid = $e.principal.user.userid  match: $userid over 10m condition: $e }
+         EOT
+}
+
+resource "google_chronicle_rule_deployment" "example" {
+ provider = "google-beta"
+ location = "us"
+ instance = "%{chronicle_id}"
+ rule = element(split("/", resource.google_chronicle_rule.my-rule.name), length(split("/", resource.google_chronicle_rule.my-rule.name)) - 1)
+ enabled = true
+ alerting = true
+ archived = false
+ run_frequency = "DAILY"
+}
+`, context)
+}
+
+func testAccChronicleRuleDeployment_chronicleRuledeploymentBasicExample_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_chronicle_rule" "my-rule" {
+ provider = "google-beta"
+ location = "us"
+ instance = "%{chronicle_id}"
+ text = <<-EOT
+             rule test_rule { meta: events:  $userid = $e.principal.user.userid  match: $userid over 10m condition: $e }
+         EOT
+}
+
+resource "google_chronicle_rule_deployment" "example" {
+ provider = "google-beta"
+ location = "us"
+ instance = "%{chronicle_id}"
+ rule = element(split("/", resource.google_chronicle_rule.my-rule.name), length(split("/", resource.google_chronicle_rule.my-rule.name)) - 1)
+ enabled = false
+ alerting = false
+ archived = false
+ run_frequency = "HOURLY"
+}
+`, context)
+}
+{{- end }}
