From d8c19c2e8d807a2985ca864347715263cb014f2a Mon Sep 17 00:00:00 2001
From: Matthew <mbfrahry@gmail.com>
Date: Tue, 6 Aug 2024 16:33:29 -0700
Subject: [PATCH] sentinel - fix tests for 4.0

---
 ...entinel_alert_rule_fusion_resource_test.go | 20 +++++++++++++++----
 .../sentinel_alert_rule_nrt_resource_test.go  | 18 +++++++++++++++++
 ...entinel_alert_rule_template_data_source.go |  4 ++--
 .../sentinel_automation_rule_resource.go      |  1 -
 ...at_intelligence_indicator_resource_test.go |  3 +--
 5 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go
index e1e7bdfa0d10..01f483ed4387 100644
--- a/internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go
+++ b/internal/services/sentinel/sentinel_alert_rule_fusion_resource_test.go
@@ -34,7 +34,7 @@ func TestAccSentinelAlertRuleFusion_basic(t *testing.T) {
 	})
 }
 
-func TestAccSentinelAlertRuleFusion_disable(t *testing.T) {
+func TestAccSentinelAlertRuleFusion_enable(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_sentinel_alert_rule_fusion", "test")
 	r := SentinelAlertRuleFusionResource{}
 
@@ -47,7 +47,7 @@ func TestAccSentinelAlertRuleFusion_disable(t *testing.T) {
 		},
 		data.ImportStep(),
 		{
-			Config: r.disabled(data),
+			Config: r.enabled(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
 			),
@@ -134,30 +134,35 @@ func (r SentinelAlertRuleFusionResource) basic(data acceptance.TestData) string
 data "azurerm_sentinel_alert_rule_template" "test" {
   display_name               = "Advanced Multistage Attack Detection"
   log_analytics_workspace_id = azurerm_log_analytics_solution.test.workspace_resource_id
+
+  depends_on = [azurerm_sentinel_log_analytics_workspace_onboarding.test]
 }
 
 resource "azurerm_sentinel_alert_rule_fusion" "test" {
   name                       = "acctest-SentinelAlertRule-Fusion-%d"
   log_analytics_workspace_id = azurerm_log_analytics_solution.test.workspace_resource_id
   alert_rule_template_guid   = data.azurerm_sentinel_alert_rule_template.test.name
+  enabled                    = false
 }
 `, r.template(data), data.RandomInteger)
 }
 
-func (r SentinelAlertRuleFusionResource) disabled(data acceptance.TestData) string {
+func (r SentinelAlertRuleFusionResource) enabled(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %s
 
 data "azurerm_sentinel_alert_rule_template" "test" {
   display_name               = "Advanced Multistage Attack Detection"
   log_analytics_workspace_id = azurerm_log_analytics_solution.test.workspace_resource_id
+
+  depends_on = [azurerm_sentinel_log_analytics_workspace_onboarding.test]
 }
 
 resource "azurerm_sentinel_alert_rule_fusion" "test" {
   name                       = "acctest-SentinelAlertRule-Fusion-%d"
   log_analytics_workspace_id = azurerm_log_analytics_solution.test.workspace_resource_id
   alert_rule_template_guid   = data.azurerm_sentinel_alert_rule_template.test.name
-  enabled                    = false
+  enabled                    = true
 }
 `, r.template(data), data.RandomInteger)
 }
@@ -169,6 +174,8 @@ func (r SentinelAlertRuleFusionResource) sourceSetting(data acceptance.TestData,
 data "azurerm_sentinel_alert_rule_template" "test" {
   display_name               = "Advanced Multistage Attack Detection"
   log_analytics_workspace_id = azurerm_log_analytics_solution.test.workspace_resource_id
+
+  depends_on = [azurerm_sentinel_log_analytics_workspace_onboarding.test]
 }
 
 resource "azurerm_sentinel_alert_rule_fusion" "test" {
@@ -245,6 +252,7 @@ resource "azurerm_sentinel_alert_rule_fusion" "import" {
   name                       = azurerm_sentinel_alert_rule_fusion.test.name
   log_analytics_workspace_id = azurerm_sentinel_alert_rule_fusion.test.log_analytics_workspace_id
   alert_rule_template_guid   = azurerm_sentinel_alert_rule_fusion.test.alert_rule_template_guid
+  enabled                    = azurerm_sentinel_alert_rule_fusion.test.enabled
 }
 `, r.basic(data))
 }
@@ -279,5 +287,9 @@ resource "azurerm_log_analytics_solution" "test" {
     product   = "OMSGallery/SecurityInsights"
   }
 }
+
+resource "azurerm_sentinel_log_analytics_workspace_onboarding" "test" {
+  workspace_id = azurerm_log_analytics_workspace.test.id
+}
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
 }
diff --git a/internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go b/internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go
index 71bfaed166a6..91e1f4a9e6cc 100644
--- a/internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go
+++ b/internal/services/sentinel/sentinel_alert_rule_nrt_resource_test.go
@@ -167,6 +167,10 @@ AzureActivity |
   where ActivityStatus == "Succeeded" |
   make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
 QUERY
+
+  event_grouping {
+    aggregation_method = "SingleAlert"
+  }
 }
 `, r.template(data), data.RandomInteger)
 }
@@ -231,6 +235,9 @@ resource "azurerm_sentinel_alert_rule_nrt" "test" {
     OperatingSystemType = "OSType"
   }
 
+  event_grouping {
+    aggregation_method = "SingleAlert"
+  }
 }
 `, r.template(data), data.RandomInteger)
 }
@@ -250,6 +257,9 @@ resource "azurerm_sentinel_alert_rule_nrt" "test" {
     OperatingSystemType = "OSType"
   }
 
+  event_grouping {
+    aggregation_method = "SingleAlert"
+  }
 }
 `, r.template(data), data.RandomInteger)
 }
@@ -264,6 +274,10 @@ resource "azurerm_sentinel_alert_rule_nrt" "import" {
   display_name               = azurerm_sentinel_alert_rule_nrt.test.display_name
   severity                   = azurerm_sentinel_alert_rule_nrt.test.severity
   query                      = azurerm_sentinel_alert_rule_nrt.test.query
+
+  event_grouping {
+    aggregation_method = "azurerm_sentinel_alert_rule_nrt.test.event_grouping.0.aggregation_method"
+  }
 }
 `, r.basic(data))
 }
@@ -284,6 +298,10 @@ resource "azurerm_sentinel_alert_rule_nrt" "test" {
   severity                   = "Low"
   alert_rule_template_guid   = data.azurerm_sentinel_alert_rule_template.test.name
   query                      = "Heartbeat"
+
+  event_grouping {
+    aggregation_method = "SingleAlert"
+  }
 }
 `, r.template(data), data.RandomInteger)
 }
diff --git a/internal/services/sentinel/sentinel_alert_rule_template_data_source.go b/internal/services/sentinel/sentinel_alert_rule_template_data_source.go
index 1e9c4fff5b79..c6c2271c0d5d 100644
--- a/internal/services/sentinel/sentinel_alert_rule_template_data_source.go
+++ b/internal/services/sentinel/sentinel_alert_rule_template_data_source.go
@@ -166,14 +166,14 @@ func dataSourceSentinelAlertRuleTemplateRead(d *pluginsdk.ResourceData, meta int
 		nameToLog = name
 		resp, err = getAlertRuleTemplateByName(ctx, client, workspaceID, name)
 		if err != nil {
-			return fmt.Errorf("an Alert Rule Template named %q was not found", name)
+			return fmt.Errorf("finding Alert Rule Template named %q: %+v", name, err)
 		}
 	} else {
 		nameToLog = displayName
 		var realName *string
 		resp, realName, err = getAlertRuleTemplateByDisplayName(ctx, client, workspaceID, displayName)
 		if err != nil {
-			return fmt.Errorf("an Alert Rule Template with the Display Name %q was not found", displayName)
+			return fmt.Errorf("finding Alert Rule Template with the Display Name %q: %+v", displayName, err)
 		}
 		name = *realName
 	}
diff --git a/internal/services/sentinel/sentinel_automation_rule_resource.go b/internal/services/sentinel/sentinel_automation_rule_resource.go
index 706efa977a90..61c9f17c2383 100644
--- a/internal/services/sentinel/sentinel_automation_rule_resource.go
+++ b/internal/services/sentinel/sentinel_automation_rule_resource.go
@@ -280,7 +280,6 @@ func resourceSentinelAutomationRuleCreateOrUpdate(d *pluginsdk.ResourceData, met
 				IsEnabled:    d.Get("enabled").(bool),
 				TriggersOn:   automationrules.TriggersOn(d.Get("triggers_on").(string)),
 				TriggersWhen: automationrules.TriggersWhen(d.Get("triggers_when").(string)),
-				Conditions:   expandAutomationRuleConditions(d.Get("condition").([]interface{})),
 			},
 			Actions: actions,
 		},
diff --git a/internal/services/sentinel/sentinel_threat_intelligence_indicator_resource_test.go b/internal/services/sentinel/sentinel_threat_intelligence_indicator_resource_test.go
index 497b46a84f69..5575fb70b679 100644
--- a/internal/services/sentinel/sentinel_threat_intelligence_indicator_resource_test.go
+++ b/internal/services/sentinel/sentinel_threat_intelligence_indicator_resource_test.go
@@ -164,8 +164,7 @@ resource "azurerm_log_analytics_workspace" "test" {
 }
 
 resource "azurerm_sentinel_log_analytics_workspace_onboarding" "test" {
-  resource_group_name = azurerm_resource_group.test.name
-  workspace_name      = azurerm_log_analytics_workspace.test.name
+  workspace_id = azurerm_log_analytics_workspace.test.id
 }
 `, data.RandomInteger, data.Locations.Primary)
 }