Add audit config in anomaly detector test

opensearch-project · Oct 19, 2023 · a8092c2 · a8092c2
1 parent fc90c72
commit a8092c2
Showing 1 changed file with 98 additions and 0 deletions.
diff --git a/provider/resource_opensearch_anomaly_detection_test.go b/provider/resource_opensearch_anomaly_detection_test.go
@@ -79,7 +79,56 @@ func testCheckOpensearchAnomalyDetectionDestroy(s *terraform.State) error {
 }
 
 var testAccOpensearchAnomalyDetection = `
+resource "opensearch_audit_config" "test" {
+  enabled = true
+
+  audit {
+    enable_rest              = true
+    disabled_rest_categories = ["GRANTED_PRIVILEGES", "AUTHENTICATED"]
+
+    enable_transport              = true
+    disabled_transport_categories = ["GRANTED_PRIVILEGES", "AUTHENTICATED"]
+
+    resolve_bulk_requests = true
+    log_request_body      = true
+    resolve_indices       = true
+
+    # Note: if set false, AWS OpenSearch will return HTTP 409 (Conflict)
+    exclude_sensitive_headers = true
+
+    ignore_users    = ["dashboardserver"]
+    ignore_requests = ["SearchRequest", "indices:data/read/*", "/_cluster/health"]
+  }
+
+  compliance {
+    enabled = true
+
+    # Note: if both internal/external are set true, AWS OpenSearch will return HTTP 409 (Conflict)
+    internal_config = true
+    external_config = false
+
+    read_metadata_only = true
+    read_ignore_users  = ["read-ignore-1"]
+
+    read_watched_field {
+      index  = "read-index-1"
+      fields = ["field-1", "field-2"]
+    }
+
+    read_watched_field {
+      index  = "read-index-2"
+      fields = ["field-3"]
+    }
+
+    write_metadata_only   = true
+    write_log_diffs       = false
+    write_watched_indices = ["write-index-1", "write-index-2", "log-*", "*"]
+    write_ignore_users    = ["write-ignore-1"]
+  }
+}
+
 resource "opensearch_anomaly_detection" "test-detector12" {
+  depends_on = [opensearch_audit_config.test]
   body = <<EOF
 {
   "name": "test-detector12",
@@ -135,7 +184,56 @@ EOF
 `
 
 var testAccOpensearchAnomalyDetectionUpdate = `
+resource "opensearch_audit_config" "test" {
+  enabled = true
+
+  audit {
+    enable_rest              = true
+    disabled_rest_categories = ["GRANTED_PRIVILEGES", "AUTHENTICATED"]
+
+    enable_transport              = true
+    disabled_transport_categories = ["GRANTED_PRIVILEGES", "AUTHENTICATED"]
+
+    resolve_bulk_requests = true
+    log_request_body      = true
+    resolve_indices       = true
+
+    # Note: if set false, AWS OpenSearch will return HTTP 409 (Conflict)
+    exclude_sensitive_headers = true
+
+    ignore_users    = ["dashboardserver"]
+    ignore_requests = ["SearchRequest", "indices:data/read/*", "/_cluster/health"]
+  }
+
+  compliance {
+    enabled = true
+
+    # Note: if both internal/external are set true, AWS OpenSearch will return HTTP 409 (Conflict)
+    internal_config = true
+    external_config = false
+
+    read_metadata_only = true
+    read_ignore_users  = ["read-ignore-1"]
+
+    read_watched_field {
+      index  = "read-index-1"
+      fields = ["field-1", "field-2"]
+    }
+
+    read_watched_field {
+      index  = "read-index-2"
+      fields = ["field-3"]
+    }
+
+    write_metadata_only   = true
+    write_log_diffs       = false
+    write_watched_indices = ["write-index-1", "write-index-2", "log-*", "*"]
+    write_ignore_users    = ["write-ignore-1"]
+  }
+}
+
 resource "opensearch_anomaly_detection" "test-detector12" {
+  depends_on = [opensearch_audit_config.test]
   body = <<EOF
 {
   "name": "test-detector12",