From bc77b5d610f6c8d8283d98358b524e291fe1e89f Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 16:04:03 -0500 Subject: [PATCH 01/16] [AZINTS-1972] add resource collection and make cspm depend on it --- .../azure-integration/CreateUIDefinition.json | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index d386d7209..3e14fe422 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -248,11 +248,18 @@ "toolTip": "Whether or not to use automute for hosts", "defaultValue": "true" }, + { + "name": "resource_collection_enabled", + "type": "Microsoft.Common.CheckBox", + "label": "Resource Collection", + "toolTip": "When enabled, Datadog will collect metadata about your Azure resources and display it in the Datadog UI. This includes tags, resource relationships, and more." + }, { "name": "cspm_enabled", "type": "Microsoft.Common.CheckBox", "label": "Cloud Security Management", - "toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria." + "toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria.", + "visible": "[equals(steps('datadogConfig').integrationConfig.resource_collection_enabled, true)]" }, { "name": "custom_metrics_enabled", From 1b0dd524b2b912432398817a458c5f7661b3c59f Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 16:09:36 -0500 Subject: [PATCH 02/16] [AZINTS-1972] try disabled instead of visible --- azure/deploy-to-azure/azure-integration/CreateUIDefinition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index 3e14fe422..f3f2ad88c 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -259,7 +259,7 @@ "type": "Microsoft.Common.CheckBox", "label": "Cloud Security Management", "toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria.", - "visible": "[equals(steps('datadogConfig').integrationConfig.resource_collection_enabled, true)]" + "disabled": "[not(steps('datadogConfig').integrationConfig.resource_collection_enabled)]" }, { "name": "custom_metrics_enabled", From 6d45c71984480bf3031574e7a3309bc954ef5bd9 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 16:39:32 -0500 Subject: [PATCH 03/16] [AZINTS-1972] trying out some options --- .../azure-integration/CreateUIDefinition.json | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index f3f2ad88c..4dc4d53af 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -259,7 +259,32 @@ "type": "Microsoft.Common.CheckBox", "label": "Cloud Security Management", "toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria.", - "disabled": "[not(steps('datadogConfig').integrationConfig.resource_collection_enabled)]" + "visible": "[not(steps('datadogConfig').integrationConfig.resource_collection_enabled)]" + }, + { + "name": "cspm_placeholder", + "type": "Microsoft.Common.TextBlock", + "visible": "[steps('datadogConfig').integrationConfig.resource_collection_enabled]", + "options": { + "text": "Resource Collection is required to enabled Cloud Security Management" + }, + "toolTip": "Resource Collection is required to enabled Cloud Security Management" + }, + { + "name": "resource_collection", + "type": "Microsoft.Common.Section", + "label": "Example section", + "elements": [ + { + "name": "hi", + "type": "Microsoft.Common.TextBlock", + "visible": true, + "options": { + "text": "hi mom!" + } + } + ], + "visible": true }, { "name": "custom_metrics_enabled", From d2110385b48543c1bc855f9aecb89151f95840e7 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 16:46:44 -0500 Subject: [PATCH 04/16] [AZINTS-1972] remove subsection and flip visibility --- .../azure-integration/CreateUIDefinition.json | 25 +++---------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index 4dc4d53af..a6abdc594 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -259,32 +259,15 @@ "type": "Microsoft.Common.CheckBox", "label": "Cloud Security Management", "toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria.", - "visible": "[not(steps('datadogConfig').integrationConfig.resource_collection_enabled)]" + "visible": "[steps('datadogConfig').integrationConfig.resource_collection_enabled]" }, { "name": "cspm_placeholder", "type": "Microsoft.Common.TextBlock", - "visible": "[steps('datadogConfig').integrationConfig.resource_collection_enabled]", + "visible": "[not(steps('datadogConfig').integrationConfig.resource_collection_enabled)]", "options": { - "text": "Resource Collection is required to enabled Cloud Security Management" - }, - "toolTip": "Resource Collection is required to enabled Cloud Security Management" - }, - { - "name": "resource_collection", - "type": "Microsoft.Common.Section", - "label": "Example section", - "elements": [ - { - "name": "hi", - "type": "Microsoft.Common.TextBlock", - "visible": true, - "options": { - "text": "hi mom!" - } - } - ], - "visible": true + "text": "Cloud Security Management: Resource Collection is required to enable this" + } }, { "name": "custom_metrics_enabled", From b87926d644282afedcc2b632a8a11d8b04825232 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 16:56:36 -0500 Subject: [PATCH 05/16] [AZINTS-1972] remove extra spaces --- azure/deploy-to-azure/azure-integration/CreateUIDefinition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index a6abdc594..5e6263ad1 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -266,7 +266,7 @@ "type": "Microsoft.Common.TextBlock", "visible": "[not(steps('datadogConfig').integrationConfig.resource_collection_enabled)]", "options": { - "text": "Cloud Security Management: Resource Collection is required to enable this" + "text": "Cloud Security Management: Resource Collection is required to enable this" } }, { From 1a539b13ea115dffed9232175c32f2d464a6d115 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 17:30:57 -0500 Subject: [PATCH 06/16] [AZINTS-1972] update wording and add output --- .../azure-integration/CreateUIDefinition.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index 5e6263ad1..c731aab85 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -252,13 +252,13 @@ "name": "resource_collection_enabled", "type": "Microsoft.Common.CheckBox", "label": "Resource Collection", - "toolTip": "When enabled, Datadog will collect metadata about your Azure resources and display it in the Datadog UI. This includes tags, resource relationships, and more." + "toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment." }, { "name": "cspm_enabled", "type": "Microsoft.Common.CheckBox", "label": "Cloud Security Management", - "toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria.", + "toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for this cloud account. Note: This requires Resource Collection to be enabled.", "visible": "[steps('datadogConfig').integrationConfig.resource_collection_enabled]" }, { @@ -295,6 +295,7 @@ "containerAppFilters": "[steps('datadogConfig').integrationConfig.containerAppFilters]", "automute": "[steps('datadogConfig').integrationConfig.automute]", "cspm_enabled": "[steps('datadogConfig').integrationConfig.cspm_enabled]", + "resource_collection_enabled": "[steps('datadogConfig').integrationConfig.resource_collection_enabled]", "custom_metrics_enabled": "[steps('datadogConfig').integrationConfig.custom_metrics_enabled]" } } From ad143e4ff70c43db9267e261def46d6cabcc8357 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 17:32:24 -0500 Subject: [PATCH 07/16] [AZINTS-1972] fix wording again --- azure/deploy-to-azure/azure-integration/CreateUIDefinition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index c731aab85..83ad48a3e 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -258,7 +258,7 @@ "name": "cspm_enabled", "type": "Microsoft.Common.CheckBox", "label": "Cloud Security Management", - "toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for this cloud account. Note: This requires Resource Collection to be enabled.", + "toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.", "visible": "[steps('datadogConfig').integrationConfig.resource_collection_enabled]" }, { From e2b7088f8ccb8eb59f6fb9f5256e88de7fe1707c Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 17:36:29 -0500 Subject: [PATCH 08/16] [AZINTS-1972] update management group ui definition --- .../CreateUIDefinition-managementgroups.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json index 0e06d6fb9..8095c04eb 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json @@ -272,12 +272,27 @@ "toolTip": "Whether or not to use automute for hosts", "defaultValue": "true" }, + { + "name": "resource_collection_enabled", + "type": "Microsoft.Common.CheckBox", + "label": "Resource Collection", + "toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment." + }, { "name": "cspm_enabled", "type": "Microsoft.Common.CheckBox", "label": "Cloud Security Management", + "visible": "[steps('datadogConfig').metrics.resource_collection_enabled]", "toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria." }, + { + "name": "cspm_placeholder", + "type": "Microsoft.Common.TextBlock", + "visible": "[not(steps('datadogConfig').metrics.resource_collection_enabled)]", + "options": { + "text": "Cloud Security Management: Resource Collection is required to enable this" + } + }, { "name": "custom_metrics_enabled", "type": "Microsoft.Common.CheckBox", @@ -305,6 +320,7 @@ "containerAppFilters": "[steps('datadogConfig').metrics.containerAppFilters]", "automute": "[steps('datadogConfig').metrics.automute]", "cspm_enabled": "[steps('datadogConfig').metrics.cspm_enabled]", + "resource_collection_enabled": "[steps('datadogConfig').metrics.resource_collection_enabled]", "custom_metrics_enabled": "[steps('datadogConfig').metrics.custom_metrics_enabled]" } } From 997acf0e38bf48f2ce38f1ee1cf611585082f630 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Thu, 16 Nov 2023 18:08:49 -0500 Subject: [PATCH 09/16] [AZINTS-1972] update azuredeploys --- .../azuredeploy-managementgroups.json | 67 ++++++++++++------- .../azure-integration/azuredeploy.json | 17 ++++- 2 files changed, 56 insertions(+), 28 deletions(-) diff --git a/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json b/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json index e23fdd6e0..8910768c9 100644 --- a/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json +++ b/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json @@ -4,86 +4,93 @@ "parameters": { "location": { "defaultValue": "westus2", - "type": "String", + "type": "string", "metadata": { "description": "Resources location" } }, "servicePrincipalClientId": { - "type": "String", + "type": "string", "metadata": { "description": "Service principal Client Id" } }, "servicePrincipalObjectId": { - "type": "String", + "type": "string", "metadata": { "description": "Service principal object Id, needed for Role Assignment" } }, "servicePrincipalClientSecret": { - "type": "SecureString", + "type": "securestring", "metadata": { "description": "Service principal client secret" } }, "subscriptionID": { - "type": "String", + "type": "string", "metadata": { "description": "Subscription Id" } }, "resourcegroup": { - "type": "String", + "type": "string", "metadata": { "description": "resource group" } }, "datadogApplicationKey": { - "type": "SecureString", + "type": "securestring", "metadata": { "description": "Your Datadog Application key" } }, "datadogApiKey": { - "type": "SecureString", + "type": "securestring", "metadata": { "description": "Your Datadog API key" } }, "hostFilters": { "defaultValue": "", - "type": "String", + "type": "string", "metadata": { "description": "Filter to include/exclude hosts" } }, "appServicePlanFilters": { "defaultValue": "", - "type": "String", + "type": "string", "metadata": { "description": "Filter to include/exclude app service plans" } }, "containerAppFilters": { "defaultValue": "", - "type": "String", + "type": "string", "metadata": { "description": "Filter to include/exclude container apps" } }, "automute": { "defaultValue": true, - "type": "Bool", + "type": "bool", "metadata": { "description": "Whether or not to use automute for hosts" } }, + "resource_collection_enabled": { + "defaultValue": true, + "type": "bool", + "metadata": { + "description": "Collect resources for various Datadog products" + } + }, "cspm_enabled": { "defaultValue": true, - "type": "Bool", + "type": "bool", "metadata": { - "description": "Collect resources for Cloud Security Management" + "description": "Enable the Cloud Security Management product" } }, "custom_metrics_enabled": { @@ -95,21 +102,21 @@ }, "datadogSite": { "defaultValue": "datadoghq.com", - "type": "String", + "type": "string", "metadata": { "description": "The datadog site, e.g. eu1.datadoghq.com" } }, "newguid": { "defaultValue": "[newGuid()]", - "type": "String", + "type": "string", "metadata": { "description": "Just a Guid to append to deployment script name" } }, "managementGroupName": { "defaultValue": "[managementGroup().name]", - "type": "String", + "type": "string", "metadata": { "description": "Management group Id, to assign a role assignment to" } @@ -167,8 +174,11 @@ "automute": { "value": "[parameters('automute')]" }, + "resource_collection_enabled": { + "value": "[parameters('resource_collection_enabled')]" + }, "cspm_enabled": { - "value": "[parameters('cspm_enabled')]" + "value": "[and(parameters('cspm_enabled'), parameters('resource_collection_enabled'))]" }, "custom_metrics_enabled": { "value": "[parameters('custom_metrics_enabled')]" @@ -208,15 +218,18 @@ "hostFilters": { "type": "string" }, - "appServicePlanFilters":{ + "appServicePlanFilters": { "type": "string" }, - "containerAppFilters":{ + "containerAppFilters": { "type": "string" }, "automute": { "type": "bool" }, + "resource_collection_enabled": { + "type": "bool" + }, "cspm_enabled": { "type": "bool" }, @@ -266,9 +279,13 @@ "name": "automute", "value": "[parameters('automute')]" }, + { + "name": "resource_collection_enabled", + "value": "[parameters('resource_collection_enabled')]" + }, { "name": "cspm_enabled", - "value": "[parameters('cspm_enabled')]" + "value": "[and(parameters('cspm_enabled'), parameters('resource_collection_enabled'))]" }, { "name": "custom_metrics_enabled", @@ -283,12 +300,12 @@ "value": "[subscription().tenantId]" }, { - "name":"source", + "name": "source", "value": "arm_template_mgmt_group" }, { - "name":"managementGroupId", - "value":"[parameters('managementGroupName')]" + "name": "managementGroupId", + "value": "[parameters('managementGroupName')]" } ], "retentionInterval": "PT1H", @@ -296,7 +313,7 @@ "containerSettings": {}, "cleanupPreference": "Always", "azPowerShellVersion": "8.1", - "scriptContent": "Invoke-WebRequest -SkipCertificateCheck -ContentType \"application/json\" -Method Post -Uri \"https://api.$Env:datadogSite/api/v1/integration/azure\" -Headers @{\"Accept\"=\"application/json\"; \"DD-APPLICATION-KEY\"=$Env:datadogApplicationKey; \"DD-API-KEY\"=$Env:datadogApiKey} -Body (@{\"automute\"=[bool]::Parse($Env:automute); \"cspm_enabled\"=[bool]::Parse($Env:cspm_enabled); \"custom_metrics_enabled\"=[bool]::Parse($Env:custom_metrics_enabled); \"client_id\"=$Env:clientId; \"client_secret\"=$Env:clientSecret; \"tenant_name\"=$Env:tenantName; \"source\"=$Env:source; \"management_group_id\"=$Env:managementGroupId} | ConvertTo-Json )" + "scriptContent": "Invoke-WebRequest -SkipCertificateCheck -ContentType \"application/json\" -Method Post -Uri \"https://api.$Env:datadogSite/api/v1/integration/azure\" -Headers @{\"Accept\"=\"application/json\"; \"DD-APPLICATION-KEY\"=$Env:datadogApplicationKey; \"DD-API-KEY\"=$Env:datadogApiKey} -Body (@{\"automute\"=[bool]::Parse($Env:automute); \"resource_collection_enabled\"=[bool]::Parse($Env:resource_collection_enabled); \"cspm_enabled\"=[bool]::Parse($Env:cspm_enabled); \"custom_metrics_enabled\"=[bool]::Parse($Env:custom_metrics_enabled); \"client_id\"=$Env:clientId; \"client_secret\"=$Env:clientSecret; \"tenant_name\"=$Env:tenantName; \"source\"=$Env:source; \"management_group_id\"=$Env:managementGroupId} | ConvertTo-Json )" } }, { diff --git a/azure/deploy-to-azure/azure-integration/azuredeploy.json b/azure/deploy-to-azure/azure-integration/azuredeploy.json index adb7fd650..5863827c7 100644 --- a/azure/deploy-to-azure/azure-integration/azuredeploy.json +++ b/azure/deploy-to-azure/azure-integration/azuredeploy.json @@ -78,11 +78,18 @@ "description": "Whether or not to use automute for hosts" } }, + "resource_collection_enabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Collect resources for various Datadog products" + } + }, "cspm_enabled": { "type": "bool", "defaultValue": true, "metadata": { - "description": "Collect resources for Cloud Security Management" + "description": "Enable the Cloud Security Management product" } }, "custom_metrics_enabled": { @@ -194,9 +201,13 @@ "name": "automute", "value": "[parameters('automute')]" }, + { + "name": "resource_collection_enabled", + "value": "[parameters('resource_collection_enabled')]" + }, { "name": "cspm_enabled", - "value": "[parameters('cspm_enabled')]" + "value": "[and(parameters('cspm_enabled'), parameters('resource_collection_enabled'))]" }, { "name": "custom_metrics_enabled", @@ -220,7 +231,7 @@ "containerSettings": {}, "cleanupPreference": "Always", "azPowerShellVersion": "8.1", - "scriptContent": "Invoke-WebRequest -SkipCertificateCheck -ContentType \"application/json\" -Method Post -Uri \"https://api.$Env:datadogSite/api/v1/integration/azure\" -Headers @{\"Accept\"=\"application/json\"; \"DD-APPLICATION-KEY\"=$Env:datadogApplicationKey; \"DD-API-KEY\"=$Env:datadogApiKey} -Body (@{\"automute\"=[bool]::Parse($Env:automute); \"cspm_enabled\"=[bool]::Parse($Env:cspm_enabled); \"custom_metrics_enabled\"=[bool]::Parse($Env:custom_metrics_enabled); \"client_id\"=$Env:clientId; \"client_secret\"=$Env:clientSecret; \"tenant_name\"=$Env:tenantName; \"source\"=$Env:source; \"subscription_count\"=[int]::Parse($Env:subscription_count)} | ConvertTo-Json )" + "scriptContent": "Invoke-WebRequest -SkipCertificateCheck -ContentType \"application/json\" -Method Post -Uri \"https://api.$Env:datadogSite/api/v1/integration/azure\" -Headers @{\"Accept\"=\"application/json\"; \"DD-APPLICATION-KEY\"=$Env:datadogApplicationKey; \"DD-API-KEY\"=$Env:datadogApiKey} -Body (@{\"automute\"=[bool]::Parse($Env:automute); \"resource_collection_enabled\"=[bool]::Parse($Env:resource_collection_enabled); \"cspm_enabled\"=[bool]::Parse($Env:cspm_enabled); \"custom_metrics_enabled\"=[bool]::Parse($Env:custom_metrics_enabled); \"client_id\"=$Env:clientId; \"client_secret\"=$Env:clientSecret; \"tenant_name\"=$Env:tenantName; \"source\"=$Env:source; \"subscription_count\"=[int]::Parse($Env:subscription_count)} | ConvertTo-Json )" } }, { From 8123798d0839ae31ee7ad981df7a50b3a313ace3 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Fri, 17 Nov 2023 14:43:38 -0500 Subject: [PATCH 10/16] [AZINTS-1972] trying something --- azure/deploy-to-azure/azure-integration/CreateUIDefinition.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index 83ad48a3e..9d72506ba 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -266,7 +266,7 @@ "type": "Microsoft.Common.TextBlock", "visible": "[not(steps('datadogConfig').integrationConfig.resource_collection_enabled)]", "options": { - "text": "Cloud Security Management: Resource Collection is required to enable this" + "text": "Cloud Security Management: \t \t \t \t \t \t \t \t \t \t \t \t Resource Collection is required to enable this" } }, { From d18d4f995d619ba1ba24a9fffd3e4d09cf5b1a52 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Fri, 17 Nov 2023 16:26:07 -0500 Subject: [PATCH 11/16] [AZINTS-1972] Update Subscription level to move resource collection stuff to be its own section --- .../azure-integration/CreateUIDefinition.json | 52 +++++++++++++------ 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index 9d72506ba..f362d3f38 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -33,7 +33,6 @@ "steps": [ { "name": "servicePrincipal", - "type": "Microsoft.Common.Section", "label": "Service Principal", "elements": [ { @@ -81,7 +80,6 @@ }, { "name": "datadogConfig", - "type": "Microsoft.Common.Section", "label": "Datadog Configuration", "elements": [ { @@ -248,32 +246,54 @@ "toolTip": "Whether or not to use automute for hosts", "defaultValue": "true" }, + { + "name": "custom_metrics_enabled", + "type": "Microsoft.Common.CheckBox", + "label": "Collect Custom Metrics", + "toolTip": "This option will enable custom metric collection from all Application Insights instances within the scope of this configuration. These custom metrics will appear in datadog under the namespace application_insights.custom.<METRIC_NAME>.
Note that Standard App Insights metrics are collected automatically and are available under the azure.insights_components.* namespace." + } + ], + "visible": true + }, + { + "name": "resourceCollection", + "type": "Microsoft.Common.Section", + "label": "Resource Collection", + "elements": [ + { + "name": "resource_collection_info", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "Collect configuration information about the resources monitored with this App Registration." + } + }, { "name": "resource_collection_enabled", "type": "Microsoft.Common.CheckBox", - "label": "Resource Collection", + "label": "Enable Resource Collection", "toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment." }, + { + "name": "insights_info", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "Where to view insights:" + } + }, { "name": "cspm_enabled", "type": "Microsoft.Common.CheckBox", - "label": "Cloud Security Management", + "label": "• Cloud Security Management:", "toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.", - "visible": "[steps('datadogConfig').integrationConfig.resource_collection_enabled]" + "visible": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]" }, { "name": "cspm_placeholder", "type": "Microsoft.Common.TextBlock", - "visible": "[not(steps('datadogConfig').integrationConfig.resource_collection_enabled)]", + "visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]", "options": { - "text": "Cloud Security Management: \t \t \t \t \t \t \t \t \t \t \t \t Resource Collection is required to enable this" + "text": "• Cloud Security Management: To enable this, Resource Collection must be enabled" } - }, - { - "name": "custom_metrics_enabled", - "type": "Microsoft.Common.CheckBox", - "label": "Collect Custom Metrics", - "toolTip": "This option will enable custom metric collection from all Application Insights instances within the scope of this configuration. These custom metrics will appear in datadog under the namespace application_insights.custom.<METRIC_NAME>.
Note that Standard App Insights metrics are collected automatically and are available under the azure.insights_components.* namespace." } ], "visible": true @@ -294,9 +314,9 @@ "appServicePlanFilters": "[steps('datadogConfig').integrationConfig.appServicePlanFilters]", "containerAppFilters": "[steps('datadogConfig').integrationConfig.containerAppFilters]", "automute": "[steps('datadogConfig').integrationConfig.automute]", - "cspm_enabled": "[steps('datadogConfig').integrationConfig.cspm_enabled]", - "resource_collection_enabled": "[steps('datadogConfig').integrationConfig.resource_collection_enabled]", - "custom_metrics_enabled": "[steps('datadogConfig').integrationConfig.custom_metrics_enabled]" + "custom_metrics_enabled": "[steps('datadogConfig').integrationConfig.custom_metrics_enabled]", + "cspm_enabled": "[steps('datadogConfig').resourceCollection.cspm_enabled]", + "resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]" } } } From 89a67c910b909597aac7f255a3edfff3918b81fd Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Fri, 17 Nov 2023 16:44:29 -0500 Subject: [PATCH 12/16] [AZINTS-1972] Update Management Group level to move resource collection stuff to be its own section --- .../CreateUIDefinition-managementgroups.json | 54 +++++++++++++------ 1 file changed, 37 insertions(+), 17 deletions(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json index 8095c04eb..f6babe803 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json @@ -73,7 +73,6 @@ "steps": [ { "name": "servicePrincipal", - "type": "Microsoft.Common.Section", "label": "Service Principal", "elements": [ { @@ -121,7 +120,6 @@ }, { "name": "datadogConfig", - "type": "Microsoft.Common.Section", "label": "Datadog Configuration", "elements": [ { @@ -272,32 +270,54 @@ "toolTip": "Whether or not to use automute for hosts", "defaultValue": "true" }, + { + "name": "custom_metrics_enabled", + "type": "Microsoft.Common.CheckBox", + "label": "Collect Custom Metrics", + "toolTip": "This option will enable custom metric collection from all Application Insights instances within the scope of this configuration. These custom metrics will appear in datadog under the namespace application_insights.custom.<METRIC_NAME>.
Note that Standard App Insights metrics are collected automatically and are available under the azure.insights_components.* namespace." + } + ], + "visible": true + }, + { + "name": "resourceCollection", + "type": "Microsoft.Common.Section", + "label": "Resource Collection", + "elements": [ + { + "name": "resource_collection_info", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "Collect configuration information about the resources monitored with this App Registration." + } + }, { "name": "resource_collection_enabled", "type": "Microsoft.Common.CheckBox", - "label": "Resource Collection", + "label": "Enable Resource Collection", "toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment." }, + { + "name": "insights_info", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "Where to view insights:" + } + }, { "name": "cspm_enabled", "type": "Microsoft.Common.CheckBox", - "label": "Cloud Security Management", - "visible": "[steps('datadogConfig').metrics.resource_collection_enabled]", - "toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria." + "label": "• Cloud Security Management:", + "toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.", + "visible": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]" }, { "name": "cspm_placeholder", "type": "Microsoft.Common.TextBlock", - "visible": "[not(steps('datadogConfig').metrics.resource_collection_enabled)]", + "visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]", "options": { - "text": "Cloud Security Management: Resource Collection is required to enable this" + "text": "• Cloud Security Management: To enable this, Resource Collection must be enabled" } - }, - { - "name": "custom_metrics_enabled", - "type": "Microsoft.Common.CheckBox", - "label": "Collect Custom Metrics", - "toolTip": "This option will enable custom metric collection from all Application Insights instances within the scope of this configuration. These custom metrics will appear in datadog under the namespace application_insights.custom.<METRIC_NAME>.
Note that Standard App Insights metrics are collected automatically and are available under the azure.insights_components.* namespace." } ], "visible": true @@ -319,9 +339,9 @@ "appServicePlanFilters": "[steps('datadogConfig').metrics.appServicePlanFilters]", "containerAppFilters": "[steps('datadogConfig').metrics.containerAppFilters]", "automute": "[steps('datadogConfig').metrics.automute]", - "cspm_enabled": "[steps('datadogConfig').metrics.cspm_enabled]", - "resource_collection_enabled": "[steps('datadogConfig').metrics.resource_collection_enabled]", - "custom_metrics_enabled": "[steps('datadogConfig').metrics.custom_metrics_enabled]" + "custom_metrics_enabled": "[steps('datadogConfig').metrics.custom_metrics_enabled]", + "resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]", + "cspm_enabled": "[steps('datadogConfig').resourceCollection.cspm_enabled]" } } } From 314f193100948b17af898e65517b5302d689c3a1 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Mon, 20 Nov 2023 14:22:34 -0700 Subject: [PATCH 13/16] [AZINTS-1972] Reformat templates based on feedback --- .../CreateUIDefinition-managementgroups.json | 11 ++--------- .../azure-integration/CreateUIDefinition.json | 11 ++--------- 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json index f6babe803..089f1cc00 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json @@ -297,17 +297,10 @@ "label": "Enable Resource Collection", "toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment." }, - { - "name": "insights_info", - "type": "Microsoft.Common.TextBlock", - "options": { - "text": "Where to view insights:" - } - }, { "name": "cspm_enabled", "type": "Microsoft.Common.CheckBox", - "label": "• Cloud Security Management:", + "label": "Enable Cloud Security Management:", "toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.", "visible": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]" }, @@ -316,7 +309,7 @@ "type": "Microsoft.Common.TextBlock", "visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]", "options": { - "text": "• Cloud Security Management: To enable this, Resource Collection must be enabled" + "text": "Enable Cloud Security Management: To enable this, Resource Collection must be enabled" } } ], diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index f362d3f38..627049443 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -273,17 +273,10 @@ "label": "Enable Resource Collection", "toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment." }, - { - "name": "insights_info", - "type": "Microsoft.Common.TextBlock", - "options": { - "text": "Where to view insights:" - } - }, { "name": "cspm_enabled", "type": "Microsoft.Common.CheckBox", - "label": "• Cloud Security Management:", + "label": "Enable Cloud Security Management:", "toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.", "visible": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]" }, @@ -292,7 +285,7 @@ "type": "Microsoft.Common.TextBlock", "visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]", "options": { - "text": "• Cloud Security Management: To enable this, Resource Collection must be enabled" + "text": "Enable Cloud Security Management: To enable this, Resource Collection must be enabled" } } ], From 2382a96fe505b5caf3162255d4f7d9cc714b0f81 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Mon, 20 Nov 2023 14:47:35 -0700 Subject: [PATCH 14/16] [AZINTS-1972] Update wording --- .../azure-integration/CreateUIDefinition-managementgroups.json | 2 +- azure/deploy-to-azure/azure-integration/CreateUIDefinition.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json index 089f1cc00..eb3fa7486 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json @@ -309,7 +309,7 @@ "type": "Microsoft.Common.TextBlock", "visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]", "options": { - "text": "Enable Cloud Security Management: To enable this, Resource Collection must be enabled" + "text": "Enable Cloud Security Management: Requires Resource Collection" } } ], diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index 627049443..82113dd17 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -285,7 +285,7 @@ "type": "Microsoft.Common.TextBlock", "visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]", "options": { - "text": "Enable Cloud Security Management: To enable this, Resource Collection must be enabled" + "text": "Enable Cloud Security Management: Requires Resource Collection" } } ], From a8b90ca15cc1f4cf58e18c74d03e9c456e9d4591 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Mon, 20 Nov 2023 15:58:43 -0700 Subject: [PATCH 15/16] [AZINTS-1972] move logic into ui definition template instead of deploy template --- .../CreateUIDefinition-managementgroups.json | 2 +- .../deploy-to-azure/azure-integration/CreateUIDefinition.json | 4 ++-- .../azure-integration/azuredeploy-managementgroups.json | 2 +- azure/deploy-to-azure/azure-integration/azuredeploy.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json index eb3fa7486..f440205a5 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition-managementgroups.json @@ -334,7 +334,7 @@ "automute": "[steps('datadogConfig').metrics.automute]", "custom_metrics_enabled": "[steps('datadogConfig').metrics.custom_metrics_enabled]", "resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]", - "cspm_enabled": "[steps('datadogConfig').resourceCollection.cspm_enabled]" + "cspm_enabled": "[and(steps('datadogConfig').resourceCollection.cspm_enabled, steps('datadogConfig').resourceCollection.resource_collection_enabled)]" } } } diff --git a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json index 82113dd17..93b01acdc 100644 --- a/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json +++ b/azure/deploy-to-azure/azure-integration/CreateUIDefinition.json @@ -308,8 +308,8 @@ "containerAppFilters": "[steps('datadogConfig').integrationConfig.containerAppFilters]", "automute": "[steps('datadogConfig').integrationConfig.automute]", "custom_metrics_enabled": "[steps('datadogConfig').integrationConfig.custom_metrics_enabled]", - "cspm_enabled": "[steps('datadogConfig').resourceCollection.cspm_enabled]", - "resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]" + "resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]", + "cspm_enabled": "[and(steps('datadogConfig').resourceCollection.cspm_enabled, steps('datadogConfig').resourceCollection.resource_collection_enabled)]" } } } diff --git a/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json b/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json index 8910768c9..3942c0eef 100644 --- a/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json +++ b/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json @@ -178,7 +178,7 @@ "value": "[parameters('resource_collection_enabled')]" }, "cspm_enabled": { - "value": "[and(parameters('cspm_enabled'), parameters('resource_collection_enabled'))]" + "value": "[parameters('cspm_enabled')]" }, "custom_metrics_enabled": { "value": "[parameters('custom_metrics_enabled')]" diff --git a/azure/deploy-to-azure/azure-integration/azuredeploy.json b/azure/deploy-to-azure/azure-integration/azuredeploy.json index 5863827c7..b14a5c1c7 100644 --- a/azure/deploy-to-azure/azure-integration/azuredeploy.json +++ b/azure/deploy-to-azure/azure-integration/azuredeploy.json @@ -207,7 +207,7 @@ }, { "name": "cspm_enabled", - "value": "[and(parameters('cspm_enabled'), parameters('resource_collection_enabled'))]" + "value": "[parameters('cspm_enabled')]" }, { "name": "custom_metrics_enabled", From 40304b5b25bf9c097078ad558adac67f7fa2c293 Mon Sep 17 00:00:00 2001 From: Ava Silver Date: Mon, 20 Nov 2023 16:04:17 -0700 Subject: [PATCH 16/16] [AZINTS-1972] remove redundant `and` logic --- .../azure-integration/azuredeploy-managementgroups.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json b/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json index 3942c0eef..07fadceb5 100644 --- a/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json +++ b/azure/deploy-to-azure/azure-integration/azuredeploy-managementgroups.json @@ -285,7 +285,7 @@ }, { "name": "cspm_enabled", - "value": "[and(parameters('cspm_enabled'), parameters('resource_collection_enabled'))]" + "value": "[parameters('cspm_enabled')]" }, { "name": "custom_metrics_enabled",