Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AZURE] Update ARM templates to include resource collection #711

Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@
"steps": [
{
"name": "servicePrincipal",
"type": "Microsoft.Common.Section",
"label": "Service Principal",
"elements": [
{
Expand Down Expand Up @@ -121,7 +120,6 @@
},
{
"name": "datadogConfig",
"type": "Microsoft.Common.Section",
"label": "Datadog Configuration",
"elements": [
{
Expand Down Expand Up @@ -272,12 +270,6 @@
"toolTip": "Whether or not to use automute for hosts",
"defaultValue": "true"
},
{
"name": "cspm_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Cloud Security Management",
"toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria."
},
{
"name": "custom_metrics_enabled",
"type": "Microsoft.Common.CheckBox",
Expand All @@ -286,6 +278,42 @@
}
],
"visible": true
},
{
"name": "resourceCollection",
"type": "Microsoft.Common.Section",
"label": "Resource Collection",
"elements": [
{
"name": "resource_collection_info",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Collect configuration information about the resources monitored with this App Registration."
}
},
{
"name": "resource_collection_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Enable Resource Collection",
"toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment."
},
{
"name": "cspm_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Enable Cloud Security Management:",
"toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.",
"visible": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]"
},
{
"name": "cspm_placeholder",
"type": "Microsoft.Common.TextBlock",
"visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]",
"options": {
"text": "Enable Cloud Security Management: Requires Resource Collection"
}
}
],
"visible": true
}
]
}
Expand All @@ -304,8 +332,9 @@
"appServicePlanFilters": "[steps('datadogConfig').metrics.appServicePlanFilters]",
"containerAppFilters": "[steps('datadogConfig').metrics.containerAppFilters]",
"automute": "[steps('datadogConfig').metrics.automute]",
"cspm_enabled": "[steps('datadogConfig').metrics.cspm_enabled]",
"custom_metrics_enabled": "[steps('datadogConfig').metrics.custom_metrics_enabled]"
"custom_metrics_enabled": "[steps('datadogConfig').metrics.custom_metrics_enabled]",
"resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]",
"cspm_enabled": "[and(steps('datadogConfig').resourceCollection.cspm_enabled, steps('datadogConfig').resourceCollection.resource_collection_enabled)]"
}
}
}
49 changes: 39 additions & 10 deletions azure/deploy-to-azure/azure-integration/CreateUIDefinition.json
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
"steps": [
{
"name": "servicePrincipal",
"type": "Microsoft.Common.Section",
"label": "Service Principal",
"elements": [
{
Expand Down Expand Up @@ -81,7 +80,6 @@
},
{
"name": "datadogConfig",
"type": "Microsoft.Common.Section",
"label": "Datadog Configuration",
"elements": [
{
Expand Down Expand Up @@ -248,12 +246,6 @@
"toolTip": "Whether or not to use automute for hosts",
"defaultValue": "true"
},
{
"name": "cspm_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Cloud Security Management",
"toolTip": "When enabled, Datadog performs configuration checks across your Azure environment by continuously scanning every resource. Use Datadog's executive reporting summaries to track conformance to industry benchmark criteria."
},
{
"name": "custom_metrics_enabled",
"type": "Microsoft.Common.CheckBox",
Expand All @@ -262,6 +254,42 @@
}
],
"visible": true
},
{
"name": "resourceCollection",
"type": "Microsoft.Common.Section",
"label": "Resource Collection",
"elements": [
{
"name": "resource_collection_info",
"type": "Microsoft.Common.TextBlock",
"options": {
"text": "Collect configuration information about the resources monitored with this App Registration."
}
},
{
"name": "resource_collection_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Enable Resource Collection",
"toolTip": "When enabled, Datadog collects metadata and configuration info from cloud resources (compute instances, databases, load balancers, etc.) in your Azure environment."
},
{
"name": "cspm_enabled",
"type": "Microsoft.Common.CheckBox",
"label": "Enable Cloud Security Management:",
"toolTip": "When enabled, Datadog's Cloud Security Management product will scan resource configurations for resources monitored by this app registration. Note: This requires Resource Collection to be enabled.",
"visible": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]"
},
{
"name": "cspm_placeholder",
"type": "Microsoft.Common.TextBlock",
"visible": "[not(steps('datadogConfig').resourceCollection.resource_collection_enabled)]",
"options": {
"text": "Enable Cloud Security Management: Requires Resource Collection"
}
}
],
"visible": true
}
]
}
Expand All @@ -279,8 +307,9 @@
"appServicePlanFilters": "[steps('datadogConfig').integrationConfig.appServicePlanFilters]",
"containerAppFilters": "[steps('datadogConfig').integrationConfig.containerAppFilters]",
"automute": "[steps('datadogConfig').integrationConfig.automute]",
"cspm_enabled": "[steps('datadogConfig').integrationConfig.cspm_enabled]",
"custom_metrics_enabled": "[steps('datadogConfig').integrationConfig.custom_metrics_enabled]"
"custom_metrics_enabled": "[steps('datadogConfig').integrationConfig.custom_metrics_enabled]",
"resource_collection_enabled": "[steps('datadogConfig').resourceCollection.resource_collection_enabled]",
"cspm_enabled": "[and(steps('datadogConfig').resourceCollection.cspm_enabled, steps('datadogConfig').resourceCollection.resource_collection_enabled)]"
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,86 +4,93 @@
"parameters": {
"location": {
"defaultValue": "westus2",
"type": "String",
"type": "string",
"metadata": {
"description": "Resources location"
}
},
"servicePrincipalClientId": {
"type": "String",
"type": "string",
"metadata": {
"description": "Service principal Client Id"
}
},
"servicePrincipalObjectId": {
"type": "String",
"type": "string",
"metadata": {
"description": "Service principal object Id, needed for Role Assignment"
}
},
"servicePrincipalClientSecret": {
"type": "SecureString",
"type": "securestring",
"metadata": {
"description": "Service principal client secret"
}
},
"subscriptionID": {
"type": "String",
"type": "string",
"metadata": {
"description": "Subscription Id"
}
},
"resourcegroup": {
"type": "String",
"type": "string",
"metadata": {
"description": "resource group"
}
},
"datadogApplicationKey": {
"type": "SecureString",
"type": "securestring",
"metadata": {
"description": "Your Datadog Application key"
}
},
"datadogApiKey": {
"type": "SecureString",
"type": "securestring",
"metadata": {
"description": "Your Datadog API key"
}
},
"hostFilters": {
"defaultValue": "",
"type": "String",
"type": "string",
"metadata": {
"description": "Filter to include/exclude hosts"
}
},
"appServicePlanFilters": {
"defaultValue": "",
"type": "String",
"type": "string",
"metadata": {
"description": "Filter to include/exclude app service plans"
}
},
"containerAppFilters": {
"defaultValue": "",
"type": "String",
"type": "string",
"metadata": {
"description": "Filter to include/exclude container apps"
}
},
"automute": {
"defaultValue": true,
"type": "Bool",
"type": "bool",
"metadata": {
"description": "Whether or not to use automute for hosts"
}
},
"resource_collection_enabled": {
"defaultValue": true,
"type": "bool",
"metadata": {
"description": "Collect resources for various Datadog products"
}
},
"cspm_enabled": {
"defaultValue": true,
"type": "Bool",
"type": "bool",
"metadata": {
"description": "Collect resources for Cloud Security Management"
"description": "Enable the Cloud Security Management product"
}
},
"custom_metrics_enabled": {
Expand All @@ -95,21 +102,21 @@
},
"datadogSite": {
"defaultValue": "datadoghq.com",
"type": "String",
"type": "string",
"metadata": {
"description": "The datadog site, e.g. eu1.datadoghq.com"
}
},
"newguid": {
"defaultValue": "[newGuid()]",
"type": "String",
"type": "string",
"metadata": {
"description": "Just a Guid to append to deployment script name"
}
},
"managementGroupName": {
"defaultValue": "[managementGroup().name]",
"type": "String",
"type": "string",
"metadata": {
"description": "Management group Id, to assign a role assignment to"
}
Expand Down Expand Up @@ -167,6 +174,9 @@
"automute": {
"value": "[parameters('automute')]"
},
"resource_collection_enabled": {
"value": "[parameters('resource_collection_enabled')]"
},
"cspm_enabled": {
"value": "[parameters('cspm_enabled')]"
},
Expand Down Expand Up @@ -208,15 +218,18 @@
"hostFilters": {
"type": "string"
},
"appServicePlanFilters":{
"appServicePlanFilters": {
"type": "string"
},
"containerAppFilters":{
"containerAppFilters": {
"type": "string"
},
"automute": {
"type": "bool"
},
"resource_collection_enabled": {
"type": "bool"
},
"cspm_enabled": {
"type": "bool"
},
Expand Down Expand Up @@ -266,9 +279,13 @@
"name": "automute",
"value": "[parameters('automute')]"
},
{
"name": "resource_collection_enabled",
"value": "[parameters('resource_collection_enabled')]"
},
{
"name": "cspm_enabled",
"value": "[parameters('cspm_enabled')]"
"value": "[and(parameters('cspm_enabled'), parameters('resource_collection_enabled'))]"
},
{
"name": "custom_metrics_enabled",
Expand All @@ -283,20 +300,20 @@
"value": "[subscription().tenantId]"
},
{
"name":"source",
"name": "source",
"value": "arm_template_mgmt_group"
},
{
"name":"managementGroupId",
"value":"[parameters('managementGroupName')]"
"name": "managementGroupId",
"value": "[parameters('managementGroupName')]"
}
],
"retentionInterval": "PT1H",
"timeout": "PT2M",
"containerSettings": {},
"cleanupPreference": "Always",
"azPowerShellVersion": "8.1",
"scriptContent": "Invoke-WebRequest -SkipCertificateCheck -ContentType \"application/json\" -Method Post -Uri \"https://api.$Env:datadogSite/api/v1/integration/azure\" -Headers @{\"Accept\"=\"application/json\"; \"DD-APPLICATION-KEY\"=$Env:datadogApplicationKey; \"DD-API-KEY\"=$Env:datadogApiKey} -Body (@{\"automute\"=[bool]::Parse($Env:automute); \"cspm_enabled\"=[bool]::Parse($Env:cspm_enabled); \"custom_metrics_enabled\"=[bool]::Parse($Env:custom_metrics_enabled); \"client_id\"=$Env:clientId; \"client_secret\"=$Env:clientSecret; \"tenant_name\"=$Env:tenantName; \"source\"=$Env:source; \"management_group_id\"=$Env:managementGroupId} | ConvertTo-Json )"
"scriptContent": "Invoke-WebRequest -SkipCertificateCheck -ContentType \"application/json\" -Method Post -Uri \"https://api.$Env:datadogSite/api/v1/integration/azure\" -Headers @{\"Accept\"=\"application/json\"; \"DD-APPLICATION-KEY\"=$Env:datadogApplicationKey; \"DD-API-KEY\"=$Env:datadogApiKey} -Body (@{\"automute\"=[bool]::Parse($Env:automute); \"resource_collection_enabled\"=[bool]::Parse($Env:resource_collection_enabled); \"cspm_enabled\"=[bool]::Parse($Env:cspm_enabled); \"custom_metrics_enabled\"=[bool]::Parse($Env:custom_metrics_enabled); \"client_id\"=$Env:clientId; \"client_secret\"=$Env:clientSecret; \"tenant_name\"=$Env:tenantName; \"source\"=$Env:source; \"management_group_id\"=$Env:managementGroupId} | ConvertTo-Json )"
}
},
{
Expand Down
Loading