Merge pull request #23 from quantum-sec/feature/XDR-4690

XDR-4690: Move workbook module here from standalone package

modules/sentinel-workbook/README.md

@@ -0,0 +1,45 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3.2.1 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | ~> 2.2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_null"></a> [null](#provider\_null) | ~> 3.2.1 |
+| <a name="provider_template"></a> [template](#provider\_template) | ~> 2.2.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_sentinel_workbook"></a> [sentinel\_workbook](#module\_sentinel\_workbook) | git::[email protected]:quantum-sec/package-azure.git//modules/azure-arm-deployment | 1.5.1 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [null_resource.parameters](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [template_file.template](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | The name of the workbook that will be deployed in Microsoft Sentinel. | `string` | `"Quantum-Workbook"` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group in which this resource will be provisioned. | `string` | n/a | yes |
+| <a name="input_workbook_content"></a> [workbook\_content](#input\_workbook\_content) | Content of the workbook to deploy | `string` | n/a | yes |
+| <a name="input_workbook_source_id"></a> [workbook\_source\_id](#input\_workbook\_source\_id) | The resource id of log analytics workspace on which the workbook will be deployed. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The unique identifier of the ARM template deployment. |
+| <a name="output_output_content"></a> [output\_content](#output\_output\_content) | The JSON content of the outputs of the ARM template deployment. |
+<!-- END_TF_DOCS -->

modules/sentinel-workbook/azuredeploy.json

@@ -0,0 +1,66 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0-${parameters_md5}",
+  "parameters": {
+    "workbookDisplayName": {
+      "type": "String",
+      "defaultValue": "Quantum Sample Workbook",
+      "metadata": {
+        "description": "The friendly name for the workbook that is used in the Gallery or Saved List.  This name must be unique within a resource group."
+      }
+    },
+    "workbookType": {
+      "type": "String",
+      "defaultValue": "sentinel",
+      "metadata": {
+        "description": "The gallery that the workbook will been shown under. Supported values include workbook, tsg, etc. Usually, this is 'workbook'"
+      }
+    },
+    "workbookSourceId": {
+      "type": "String",
+      "defaultValue": "",
+      "metadata": {
+        "description": "The id of resource instance to which the workbook will be associated"
+      }
+    },
+    "workbookId": {
+      "type": "String",
+      "defaultValue": "[newGuid()]",
+      "metadata": {
+        "description": "The unique guid for this workbook instance"
+      }
+    },
+    "workbookContent": {
+      "type": "String",
+      "metadata": {
+        "description": "JSON definition of the workbook to be deployed"
+      }
+    },
+    "parameters_md5": {
+      "type": "String"
+    }
+  },
+  "resources": [
+    {
+      "name": "[parameters('workbookId')]",
+      "type": "microsoft.insights/workbooks",
+      "location": "[resourceGroup().location]",
+      "apiVersion": "2021-03-08",
+      "dependsOn": [],
+      "kind": "shared",
+      "properties": {
+        "displayName": "[parameters('workbookDisplayName')]",
+        "serializedData": "[parameters('workbookContent')]",
+        "version": "1.0",
+        "sourceId": "[parameters('workbookSourceId')]",
+        "category": "[parameters('workbookType')]"
+      }
+    }
+  ],
+  "outputs": {
+    "workbookId": {
+      "type": "String",
+      "value": "[resourceId( 'microsoft.insights/workbooks', parameters('workbookId'))]"
+    }
+  }
+}

modules/sentinel-workbook/main.tf

@@ -0,0 +1,64 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# DEPLOY A MICROSOFT SENTINEL WORKBOOK
+# ---------------------------------------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 1.2"
+
+  required_providers {
+    null = {
+      source  = "hashicorp/null"
+      version = "~> 3.2.1"
+    }
+
+    template = {
+      source  = "hashicorp/template"
+      version = "~> 2.2.0"
+    }
+  }
+}
+
+locals {
+  parameters_override = merge({
+    workbookType        = "sentinel",
+    workbookSourceId    = var.workbook_source_id,
+    workbookDisplayName = var.name,
+    workbookContent     = var.workbook_content,
+  })
+  parameters_md5 = md5(jsonencode(local.parameters_override))
+}
+
+data "template_file" "template" {
+  # This function is needed as we added ignore_changes to parameters inside lifecycle, for reference see the link below.
+  # https://github.com/quantum-sec/package-azure/blob/e33ccef7619dceea456d5e27bbb0246aca600085/modules/azure-arm-deployment/main.tf#L18-L23
+  template = file("${path.module}/azuredeploy.json")
+  vars = {
+    parameters_md5 = local.parameters_md5
+  }
+}
+
+resource "null_resource" "parameters" {
+  triggers = {
+    md5          = local.parameters_md5
+    template_md5 = md5(data.template_file.template.rendered)
+  }
+}
+
+module "sentinel_workbook" {
+  source = "git::[email protected]:quantum-sec/package-azure.git//modules/azure-arm-deployment?ref=1.5.1"
+
+  depends_on = [
+    null_resource.parameters,
+    data.template_file.template,
+  ]
+
+  name                = var.name
+  resource_group_name = var.resource_group_name
+  deployment_mode     = "Incremental"
+  arm_script          = data.template_file.template.rendered
+
+  parameters_override = merge(
+    local.parameters_override, {
+      parameters_md5 = local.parameters_md5
+  })
+}

modules/sentinel-workbook/outputs.tf

@@ -0,0 +1,9 @@
+output "id" {
+  description = "The unique identifier of the ARM template deployment."
+  value       = module.sentinel_workbook.id
+}
+
+output "output_content" {
+  description = "The JSON content of the outputs of the ARM template deployment."
+  value       = module.sentinel_workbook.output_content
+}

modules/sentinel-workbook/vars.tf

@@ -0,0 +1,24 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# MODULE VARIABLES
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "resource_group_name" {
+  description = "The name of the resource group in which this resource will be provisioned."
+  type        = string
+}
+
+variable "name" {
+  description = "The name of the workbook that will be deployed in Microsoft Sentinel."
+  type        = string
+  default     = "Quantum-Workbook"
+}
+
+variable "workbook_source_id" {
+  description = "The resource id of log analytics workspace on which the workbook will be deployed."
+  type        = string
+}
+
+variable "workbook_content" {
+  description = "Content of the workbook to deploy"
+  type        = string
+}