Skip to content

Commit

Permalink
[AZURE] Update ARM templates to include resource collection (#711)
Browse files Browse the repository at this point in the history
Adds Resource Collection Toggle and Makes CSM dependent on Resource collection (ie will be false unless resource collection is enabled). Also cleaned some things up to match with the schema.
  • Loading branch information
ava-silver authored Nov 20, 2023
1 parent f7a3a61 commit 80e7f42
Show file tree
Hide file tree
Showing 4 changed files with 131 additions and 45 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@
"steps": [
{
"name": "servicePrincipal",
"type": "Microsoft.Common.Section",
"label": "Service Principal",
"elements": [
{
Expand Down Expand Up @@ -121,7 +120,6 @@
},
{
"name": "datadogConfig",
"type": "Microsoft.Common.Section",
"label": "Datadog Configuration",
"elements": [
{
Expand Down Expand Up @@ -272,12 +270,6 @@
"toolTip": "Whether or not to use automute for hosts",
"defaultValue": "true"
},
{
"name": "cspm_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Cloud Security Management",
"toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria."
},
{
"name": "custom_metrics_enabled",
"type": "Microsoft.Common.CheckBox",
Expand All @@ -286,6 +278,42 @@
}
],
"visible": true
},
{
"name": "resourceCollection",
"type": "Microsoft.Common.Section",
"label": "Resource Collection",
"elements": [
{
"name": "resource_collection_info",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Collect configuration information about the resources monitored with this App Registration."
}
},
{
"name": "resource_collection_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Enable Resource Collection",
"toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment."
},
{
"name": "cspm_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Enable Cloud Security Management:",
"toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.",
"visible": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]"
},
{
"name": "cspm_placeholder",
"type": "Microsoft.Common.TextBlock",
"visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]",
"options": {
"text": "Enable Cloud Security Management: Requires Resource Collection"
}
}
],
"visible": true
}
]
}
Expand All @@ -304,8 +332,9 @@
"appServicePlanFilters": "[steps('datadogConfig').metrics.appServicePlanFilters]",
"containerAppFilters": "[steps('datadogConfig').metrics.containerAppFilters]",
"automute": "[steps('datadogConfig').metrics.automute]",
"cspm_enabled": "[steps('datadogConfig').metrics.cspm_enabled]",
"custom_metrics_enabled": "[steps('datadogConfig').metrics.custom_metrics_enabled]"
"custom_metrics_enabled": "[steps('datadogConfig').metrics.custom_metrics_enabled]",
"resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]",
"cspm_enabled": "[and(steps('datadogConfig').resourceCollection.cspm_enabled, steps('datadogConfig').resourceCollection.resource_collection_enabled)]"
}
}
}
49 changes: 39 additions & 10 deletions azure/deploy-to-azure/azure-integration/CreateUIDefinition.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
"steps": [
{
"name": "servicePrincipal",
"type": "Microsoft.Common.Section",
"label": "Service Principal",
"elements": [
{
Expand Down Expand Up @@ -81,7 +80,6 @@
},
{
"name": "datadogConfig",
"type": "Microsoft.Common.Section",
"label": "Datadog Configuration",
"elements": [
{
Expand Down Expand Up @@ -248,12 +246,6 @@
"toolTip": "Whether or not to use automute for hosts",
"defaultValue": "true"
},
{
"name": "cspm_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Cloud Security Management",
"toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria."
},
{
"name": "custom_metrics_enabled",
"type": "Microsoft.Common.CheckBox",
Expand All @@ -262,6 +254,42 @@
}
],
"visible": true
},
{
"name": "resourceCollection",
"type": "Microsoft.Common.Section",
"label": "Resource Collection",
"elements": [
{
"name": "resource_collection_info",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Collect configuration information about the resources monitored with this App Registration."
}
},
{
"name": "resource_collection_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Enable Resource Collection",
"toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment."
},
{
"name": "cspm_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Enable Cloud Security Management:",
"toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.",
"visible": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]"
},
{
"name": "cspm_placeholder",
"type": "Microsoft.Common.TextBlock",
"visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]",
"options": {
"text": "Enable Cloud Security Management: Requires Resource Collection"
}
}
],
"visible": true
}
]
}
Expand All @@ -279,8 +307,9 @@
"appServicePlanFilters": "[steps('datadogConfig').integrationConfig.appServicePlanFilters]",
"containerAppFilters": "[steps('datadogConfig').integrationConfig.containerAppFilters]",
"automute": "[steps('datadogConfig').integrationConfig.automute]",
"cspm_enabled": "[steps('datadogConfig').integrationConfig.cspm_enabled]",
"custom_metrics_enabled": "[steps('datadogConfig').integrationConfig.custom_metrics_enabled]"
"custom_metrics_enabled": "[steps('datadogConfig').integrationConfig.custom_metrics_enabled]",
"resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]",
"cspm_enabled": "[and(steps('datadogConfig').resourceCollection.cspm_enabled, steps('datadogConfig').resourceCollection.resource_collection_enabled)]"
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,86 +4,93 @@
"parameters": {
"location": {
"defaultValue": "westus2",
"type": "String",
"type": "string",
"metadata": {
"description": "Resources location"
}
},
"servicePrincipalClientId": {
"type": "String",
"type": "string",
"metadata": {
"description": "Service principal Client Id"
}
},
"servicePrincipalObjectId": {
"type": "String",
"type": "string",
"metadata": {
"description": "Service principal object Id, needed for Role Assignment"
}
},
"servicePrincipalClientSecret": {
"type": "SecureString",
"type": "securestring",
"metadata": {
"description": "Service principal client secret"
}
},
"subscriptionID": {
"type": "String",
"type": "string",
"metadata": {
"description": "Subscription Id"
}
},
"resourcegroup": {
"type": "String",
"type": "string",
"metadata": {
"description": "resource group"
}
},
"datadogApplicationKey": {
"type": "SecureString",
"type": "securestring",
"metadata": {
"description": "Your Datadog Application key"
}
},
"datadogApiKey": {
"type": "SecureString",
"type": "securestring",
"metadata": {
"description": "Your Datadog API key"
}
},
"hostFilters": {
"defaultValue": "",
"type": "String",
"type": "string",
"metadata": {
"description": "Filter to include/exclude hosts"
}
},
"appServicePlanFilters": {
"defaultValue": "",
"type": "String",
"type": "string",
"metadata": {
"description": "Filter to include/exclude app service plans"
}
},
"containerAppFilters": {
"defaultValue": "",
"type": "String",
"type": "string",
"metadata": {
"description": "Filter to include/exclude container apps"
}
},
"automute": {
"defaultValue": true,
"type": "Bool",
"type": "bool",
"metadata": {
"description": "Whether or not to use automute for hosts"
}
},
"resource_collection_enabled": {
"defaultValue": true,
"type": "bool",
"metadata": {
"description": "Collect resources for various Datadog products"
}
},
"cspm_enabled": {
"defaultValue": true,
"type": "Bool",
"type": "bool",
"metadata": {
"description": "Collect resources for Cloud Security Management"
"description": "Enable the Cloud Security Management product"
}
},
"custom_metrics_enabled": {
Expand All @@ -95,21 +102,21 @@
},
"datadogSite": {
"defaultValue": "datadoghq.com",
"type": "String",
"type": "string",
"metadata": {
"description": "The datadog site, e.g. eu1.datadoghq.com"
}
},
"newguid": {
"defaultValue": "[newGuid()]",
"type": "String",
"type": "string",
"metadata": {
"description": "Just a Guid to append to deployment script name"
}
},
"managementGroupName": {
"defaultValue": "[managementGroup().name]",
"type": "String",
"type": "string",
"metadata": {
"description": "Management group Id, to assign a role assignment to"
}
Expand Down Expand Up @@ -167,6 +174,9 @@
"automute": {
"value": "[parameters('automute')]"
},
"resource_collection_enabled": {
"value": "[parameters('resource_collection_enabled')]"
},
"cspm_enabled": {
"value": "[parameters('cspm_enabled')]"
},
Expand Down Expand Up @@ -208,15 +218,18 @@
"hostFilters": {
"type": "string"
},
"appServicePlanFilters":{
"appServicePlanFilters": {
"type": "string"
},
"containerAppFilters":{
"containerAppFilters": {
"type": "string"
},
"automute": {
"type": "bool"
},
"resource_collection_enabled": {
"type": "bool"
},
"cspm_enabled": {
"type": "bool"
},
Expand Down Expand Up @@ -266,6 +279,10 @@
"name": "automute",
"value": "[parameters('automute')]"
},
{
"name": "resource_collection_enabled",
"value": "[parameters('resource_collection_enabled')]"
},
{
"name": "cspm_enabled",
"value": "[parameters('cspm_enabled')]"
Expand All @@ -283,20 +300,20 @@
"value": "[subscription().tenantId]"
},
{
"name":"source",
"name": "source",
"value": "arm_template_mgmt_group"
},
{
"name":"managementGroupId",
"value":"[parameters('managementGroupName')]"
"name": "managementGroupId",
"value": "[parameters('managementGroupName')]"
}
],
"retentionInterval": "PT1H",
"timeout": "PT2M",
"containerSettings": {},
"cleanupPreference": "Always",
"azPowerShellVersion": "8.1",
"scriptContent": "Invoke-WebRequest -SkipCertificateCheck -ContentType \"application/json\" -Method Post -Uri \"https://api.$Env:datadogSite/api/v1/integration/azure\" -Headers @{\"Accept\"=\"application/json\"; \"DD-APPLICATION-KEY\"=$Env:datadogApplicationKey; \"DD-API-KEY\"=$Env:datadogApiKey} -Body (@{\"automute\"=[bool]::Parse($Env:automute); \"cspm_enabled\"=[bool]::Parse($Env:cspm_enabled); \"custom_metrics_enabled\"=[bool]::Parse($Env:custom_metrics_enabled); \"client_id\"=$Env:clientId; \"client_secret\"=$Env:clientSecret; \"tenant_name\"=$Env:tenantName; \"source\"=$Env:source; \"management_group_id\"=$Env:managementGroupId} | ConvertTo-Json )"
"scriptContent": "Invoke-WebRequest -SkipCertificateCheck -ContentType \"application/json\" -Method Post -Uri \"https://api.$Env:datadogSite/api/v1/integration/azure\" -Headers @{\"Accept\"=\"application/json\"; \"DD-APPLICATION-KEY\"=$Env:datadogApplicationKey; \"DD-API-KEY\"=$Env:datadogApiKey} -Body (@{\"automute\"=[bool]::Parse($Env:automute); \"resource_collection_enabled\"=[bool]::Parse($Env:resource_collection_enabled); \"cspm_enabled\"=[bool]::Parse($Env:cspm_enabled); \"custom_metrics_enabled\"=[bool]::Parse($Env:custom_metrics_enabled); \"client_id\"=$Env:clientId; \"client_secret\"=$Env:clientSecret; \"tenant_name\"=$Env:tenantName; \"source\"=$Env:source; \"management_group_id\"=$Env:managementGroupId} | ConvertTo-Json )"
}
},
{
Expand Down
Loading

0 comments on commit 80e7f42

Please sign in to comment.