Merge branch 'master' into gpalmz/azure-metric-filtering

DataDog · Jan 3, 2025 · b1b8166 · b1b8166
2 parents 941c4ba + ac5d614
commit b1b8166
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 41 deletions.
diff --git a/datadog/fwprovider/resource_datadog_integration_aws_account.go b/datadog/fwprovider/resource_datadog_integration_aws_account.go
@@ -201,24 +201,26 @@ func (r *integrationAwsAccountResource) Schema(_ context.Context, _ resource.Sch
 			},
 			"aws_partition": schema.StringAttribute{
 				Required:    true,
-				Description: "AWS Account partition",
+				Description: "AWS Account partition.",
 				Validators: []validator.String{
 					stringvalidator.OneOf("aws", "aws-cn", "aws-us-gov"),
 				},
 			},
 			"account_tags": schema.ListAttribute{
 				Optional:    true,
 				Computed:    true,
-				Description: "Tags to apply to all metrics in the account",
+				Description: "Tags to apply to all metrics in the account.",
 				ElementType: types.StringType,
 			},
 			"id": utils.ResourceIDAttribute(),
 		},
 		Blocks: map[string]schema.Block{
 			"auth_config": schema.SingleNestedBlock{
-				Attributes: map[string]schema.Attribute{},
+				Description: "Configure how Datadog authenticates to your AWS Account. Either `aws_auth_config_keys` or `aws_auth_config_role` block is required within.",
+				Attributes:  map[string]schema.Attribute{},
 				Blocks: map[string]schema.Block{
 					"aws_auth_config_keys": schema.SingleNestedBlock{
+						Description: "Datadog will use the provided AWS Access Key ID and Secret Access Key to authenticate to your account.",
 						Attributes: map[string]schema.Attribute{
 							"access_key_id": schema.StringAttribute{
 								Optional:    true,
@@ -245,21 +247,21 @@ func (r *integrationAwsAccountResource) Schema(_ context.Context, _ resource.Sch
 							"external_id": schema.StringAttribute{
 								Optional:    true,
 								Computed:    true,
-								Description: "AWS IAM External ID for associated role",
+								Description: "AWS IAM External ID for associated role. If omitted, one will be generated.",
 								PlanModifiers: []planmodifier.String{
 									stringplanmodifier.UseStateForUnknown(),
 								},
 							},
 							"role_name": schema.StringAttribute{
 								Optional:    true,
-								Description: "AWS IAM Role name",
+								Description: "AWS IAM Role name.",
 							},
 						},
 					},
 				},
 			},
 			"aws_regions": schema.SingleNestedBlock{
-				Description: "AWS Regions to collect data from.",
+				Description: "AWS Regions to collect data from. Defaults to `include_all` if block is empty.",
 				Attributes: map[string]schema.Attribute{
 					"include_all": schema.BoolAttribute{
 						Optional:    true,
@@ -275,14 +277,15 @@ func (r *integrationAwsAccountResource) Schema(_ context.Context, _ resource.Sch
 				},
 			},
 			"logs_config": schema.SingleNestedBlock{
-				Attributes: map[string]schema.Attribute{},
+				Description: "Configure log autosubscription for your Datadog Forwarder Lambda functions. The `lambda_fowarder` block is required within, but may be empty to use defaults.",
+				Attributes:  map[string]schema.Attribute{},
 				Blocks: map[string]schema.Block{
 					"lambda_forwarder": schema.SingleNestedBlock{
 						Attributes: map[string]schema.Attribute{
 							"lambdas": schema.ListAttribute{
 								Optional:    true,
 								Computed:    true,
-								Description: "List of Datadog Lambda Log Forwarder ARNs in your AWS account.",
+								Description: "List of Datadog Lambda Log Forwarder ARNs in your AWS account. Defaults to `[]`.",
 								ElementType: types.StringType,
 								Default:     listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							},
@@ -291,7 +294,7 @@ func (r *integrationAwsAccountResource) Schema(_ context.Context, _ resource.Sch
 								Computed: true,
 								Description: "List of service IDs set to enable automatic log collection. Use " +
 									"[`datadog_integration_aws_available_logs_services` data source](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/data-sources/integration_aws_available_logs_services) " +
-									"to get allowed values.",
+									"to get allowed values. Defaults to `[]`.",
 								ElementType: types.StringType,
 								Default:     listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							},
@@ -300,6 +303,7 @@ func (r *integrationAwsAccountResource) Schema(_ context.Context, _ resource.Sch
 				},
 			},
 			"metrics_config": schema.SingleNestedBlock{
+				Description: "Configure metrics collection from AWS CloudWatch. The `namespace_filters` block is required within, but may be empty to use defaults.",
 				Attributes: map[string]schema.Attribute{
 					"automute_enabled": schema.BoolAttribute{
 						Optional:    true,
@@ -343,14 +347,15 @@ func (r *integrationAwsAccountResource) Schema(_ context.Context, _ resource.Sch
 								"tags": schema.ListAttribute{
 									Optional:    true,
 									Computed:    true,
-									Description: "The AWS resource tags to filter on for the service specified by `namespace`.",
+									Description: "The AWS resource tags to filter on for the service specified by `namespace`. Defaults to `[]`.",
 									ElementType: types.StringType,
 									Default:     listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 								},
 							},
 						},
 					},
 					"namespace_filters": schema.SingleNestedBlock{
+						Description: "AWS Metrics namespace filters. Defaults to a pre-set `exclude_only` list if block is empty.",
 						Attributes: map[string]schema.Attribute{
 							"exclude_only": schema.ListAttribute{
 								Optional: true,
@@ -380,6 +385,7 @@ func (r *integrationAwsAccountResource) Schema(_ context.Context, _ resource.Sch
 				},
 			},
 			"resources_config": schema.SingleNestedBlock{
+				Description: "AWS Resources Collection config. May be empty to use defaults.",
 				Attributes: map[string]schema.Attribute{
 					"cloud_security_posture_management_collection": schema.BoolAttribute{
 						Optional: true,
@@ -400,19 +406,19 @@ func (r *integrationAwsAccountResource) Schema(_ context.Context, _ resource.Sch
 			},
 			"traces_config": schema.SingleNestedBlock{
 				Attributes:  map[string]schema.Attribute{},
-				Description: "AWS Traces Collection config.",
+				Description: "AWS Traces Collection config. The `xray_services` block is required within, but may be empty to use defaults.",
 				Blocks: map[string]schema.Block{
 					"xray_services": schema.SingleNestedBlock{
-						Description: "AWS X-Ray services to collect traces from.",
+						Description: "AWS X-Ray services to collect traces from. Defaults to `include_only`.",
 						Attributes: map[string]schema.Attribute{
 							"include_all": schema.BoolAttribute{
 								Optional:    true,
-								Description: "Include all services",
+								Description: "Include all services.",
 							},
 							"include_only": schema.ListAttribute{
 								Optional:    true,
 								Computed:    true,
-								Description: "Include only these services",
+								Description: "Include only these services. Defaults to `[]`.",
 								ElementType: types.StringType,
 								Default:     listdefault.StaticValue(types.ListValueMust(types.StringType, []attr.Value{})),
 							},
@@ -442,7 +448,7 @@ func (r *integrationAwsAccountResource) Read(ctx context.Context, request resour
 			response.State.RemoveResource(ctx)
 			return
 		}
-		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error retrieving IntegrationAwsAccount"))
+		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error retrieving AWS Account Integration"))
 		return
 	}
 	if err := utils.CheckForUnparsed(resp); err != nil {
@@ -471,7 +477,7 @@ func (r *integrationAwsAccountResource) Create(ctx context.Context, request reso
 
 	resp, _, err := r.Api.CreateAWSAccount(r.Auth, *body)
 	if err != nil {
-		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error retrieving IntegrationAwsAccount"))
+		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error creating AWS Account Integration"))
 		return
 	}
 	if err := utils.CheckForUnparsed(resp); err != nil {
@@ -501,7 +507,7 @@ func (r *integrationAwsAccountResource) Update(ctx context.Context, request reso
 	awsAccountConfigId := state.ID.String()
 	resp, _, err := r.Api.UpdateAWSAccount(r.Auth, awsAccountConfigId, *body)
 	if err != nil {
-		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error retrieving IntegrationAwsAccount"))
+		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error updating AWS Account Integration"))
 		return
 	}
 	if err := utils.CheckForUnparsed(resp); err != nil {
@@ -528,7 +534,7 @@ func (r *integrationAwsAccountResource) Delete(ctx context.Context, request reso
 		if httpResp != nil && httpResp.StatusCode == 404 {
 			return
 		}
-		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error deleting integration_aws_account"))
+		response.Diagnostics.Append(utils.FrameworkErrorDiag(err, "error deleting AWS Account Integration"))
 		return
 	}
 }

diff --git a/docs/resources/integration_aws_account.md b/docs/resources/integration_aws_account.md
@@ -66,6 +66,29 @@ resource "datadog_integration_aws_account" "foo" {
     }
   }
 }
+
+# Create new integration_aws_account resource with all Datadog-provided defaults configured
+resource "datadog_integration_aws_account" "foo-defaults" {
+  aws_account_id = "234567890123"
+  aws_partition  = "aws"
+  aws_regions {}
+
+  auth_config {
+    aws_auth_config_role {
+      role_name = "DatadogIntegrationRole"
+    }
+  }
+  logs_config {
+    lambda_forwarder {}
+  }
+  metrics_config {
+    namespace_filters {}
+  }
+  resources_config {}
+  traces_config {
+    xray_services {}
+  }
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -74,17 +97,17 @@ resource "datadog_integration_aws_account" "foo" {
 ### Required
 
 - `aws_account_id` (String) Your AWS Account ID without dashes.
-- `aws_partition` (String) AWS Account partition
-- `auth_config` (Block) (see [below for nested schema](#nestedblock--auth_config))
+- `aws_partition` (String) AWS Account partition.
+- `auth_config` (Block) Configure how Datadog authenticates to your AWS account. Either `aws_auth_config_keys` or `aws_auth_config_role` block is required within. (see [below for nested schema](#nestedblock--auth_config))
+- `aws_regions` (Block) AWS regions to collect data from. Defaults to `include_all` if block is empty. (see [below for nested schema](#nestedblock--aws_regions))
+- `logs_config` (Block) Configure log autosubscription for your Datadog Forwarder Lambda functions. The `lambda_fowarder` block is required within, but may be empty to use defaults. (see [below for nested schema](#nestedblock--logs_config))
+- `metrics_config` (Block) Configure metrics collection from AWS CloudWatch. The `namespace_filters` block is required within, but may be empty to use defaults. (see [below for nested schema](#nestedblock--metrics_config))
+- `resources_config` (Block) AWS resources collection config. May be empty to use defaults. (see [below for nested schema](#nestedblock--resources_config))
+- `traces_config` (Block) AWS traces collection config. The `xray_services` block is required within, but may be empty to use defaults. (see [below for nested schema](#nestedblock--traces_config))
 
 ### Optional
 
-- `account_tags` (List of String) Tags to apply to all metrics in the account
-- `aws_regions` (Block, Optional) AWS Regions to collect data from. (see [below for nested schema](#nestedblock--aws_regions))
-- `logs_config` (Block, Optional) (see [below for nested schema](#nestedblock--logs_config))
-- `metrics_config` (Block, Optional) (see [below for nested schema](#nestedblock--metrics_config))
-- `resources_config` (Block, Optional) (see [below for nested schema](#nestedblock--resources_config))
-- `traces_config` (Block, Optional) AWS Traces Collection config. (see [below for nested schema](#nestedblock--traces_config))
+- `account_tags` (List of String) Tags to apply to all metrics in the account. Defaults to `[]`.
 
 ### Read-Only
 
@@ -101,7 +124,7 @@ Optional:
 <a id="nestedblock--auth_config--aws_auth_config_keys"></a>
 ### Nested Schema for `auth_config.aws_auth_config_keys`
 
-Optional:
+Required:
 
 - `access_key_id` (String) AWS Access Key ID
 - `secret_access_key` (String, Sensitive) AWS Secret Access Key. This value is write-only; changes made outside of Terraform will not be drift-detected.
@@ -110,12 +133,13 @@ Optional:
 <a id="nestedblock--auth_config--aws_auth_config_role"></a>
 ### Nested Schema for `auth_config.aws_auth_config_role`
 
-Optional:
+Required:
 
-- `external_id` (String) AWS IAM External ID for associated role
-- `role_name` (String) AWS IAM Role name
+- `role_name` (String) AWS IAM role name.
 
+Optional:
 
+- `external_id` (String) AWS IAM external ID for associated role. If omitted, one is generated.
 
 <a id="nestedblock--aws_regions"></a>
 ### Nested Schema for `aws_regions`
@@ -125,33 +149,35 @@ Optional:
 - `include_all` (Boolean) Include all regions. Defaults to `true`.
 - `include_only` (List of String) Include only these regions.
 
-
 <a id="nestedblock--logs_config"></a>
 ### Nested Schema for `logs_config`
 
-Optional:
+Required:
 
-- `lambda_forwarder` (Block, Optional) (see [below for nested schema](#nestedblock--logs_config--lambda_forwarder))
+- `lambda_forwarder` (Block) Leave empty to omit logs config. (see [below for nested schema](#nestedblock--logs_config--lambda_forwarder))
 
 <a id="nestedblock--logs_config--lambda_forwarder"></a>
 ### Nested Schema for `logs_config.lambda_forwarder`
 
 Optional:
 
-- `lambdas` (List of String) List of Datadog Lambda Log Forwarder ARNs in your AWS account.
-- `sources` (List of String) List of service IDs set to enable automatic log collection. Use [`datadog_integration_aws_available_logs_services` data source](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/data-sources/integration_aws_available_logs_services) to get allowed values.
+- `lambdas` (List of String) List of Datadog Lambda Log Forwarder ARNs in your AWS account. Defaults to `[]`.
+- `sources` (List of String) List of service IDs set to enable automatic log collection. Use [`datadog_integration_aws_available_logs_services` data source](https://registry.terraform.io/providers/DataDog/datadog/latest/docs/data-sources/integration_aws_available_logs_services) to get allowed values. Defaults to `[]`.
 
 
 <a id="nestedblock--metrics_config"></a>
 ### Nested Schema for `metrics_config`
 
+Required:
+
+- `namespace_filters` (Block) AWS metrics namespace filters. Defaults to a pre-set `exclude_only` list if block is empty. (see [below for nested schema](#nestedblock--metrics_config--namespace_filters))
+
 Optional:
 
 - `automute_enabled` (Boolean) Enable EC2 automute for AWS metrics Defaults to `true`.
 - `collect_cloudwatch_alarms` (Boolean) Enable CloudWatch alarms collection Defaults to `false`.
 - `collect_custom_metrics` (Boolean) Enable custom metrics collection Defaults to `false`.
 - `enabled` (Boolean) Enable AWS metrics collection Defaults to `true`.
-- `namespace_filters` (Block, Optional) (see [below for nested schema](#nestedblock--metrics_config--namespace_filters))
 - `tag_filters` (Block List) AWS Metrics Collection tag filters list. The array of custom AWS resource tags (in the form `key:value`) defines a filter that Datadog uses when collecting metrics from a specified service. Wildcards, such as `?` (match a single character) and `*` (match multiple characters), and exclusion using `!` before the tag are supported. For EC2, only hosts that match one of the defined tags will be imported into Datadog. The rest will be ignored. For example, `env:production,instance-type:c?.*,!region:us-east-1`. (see [below for nested schema](#nestedblock--metrics_config--tag_filters))
 
 <a id="nestedblock--metrics_config--namespace_filters"></a>
@@ -172,7 +198,7 @@ Required:
 
 Optional:
 
-- `tags` (List of String) The AWS resource tags to filter on for the service specified by `namespace`.
+- `tags` (List of String) The AWS resource tags to filter on for the service specified by `namespace`. Defaults to `[]`.
 
 
 
@@ -188,17 +214,17 @@ Optional:
 <a id="nestedblock--traces_config"></a>
 ### Nested Schema for `traces_config`
 
-Optional:
+Required:
 
-- `xray_services` (Block, Optional) AWS X-Ray services to collect traces from. (see [below for nested schema](#nestedblock--traces_config--xray_services))
+- `xray_services` (Block) AWS X-Ray services to collect traces from. Defaults to `include_only`. (see [below for nested schema](#nestedblock--traces_config--xray_services))
 
 <a id="nestedblock--traces_config--xray_services"></a>
 ### Nested Schema for `traces_config.xray_services`
 
 Optional:
 
-- `include_all` (Boolean) Include all services
-- `include_only` (List of String) Include only these services
+- `include_all` (Boolean) Include all services.
+- `include_only` (List of String) Include only these services. Defaults to `[]`.
 
 
 <a id="upgrading"></a>

diff --git a/examples/resources/datadog_integration_aws_account/resource.tf b/examples/resources/datadog_integration_aws_account/resource.tf
@@ -42,3 +42,26 @@ resource "datadog_integration_aws_account" "foo" {
     }
   }
 }
+
+# Create new integration_aws_account resource with all Datadog-provided defaults configured
+resource "datadog_integration_aws_account" "foo-defaults" {
+  aws_account_id = "234567890123"
+  aws_partition  = "aws"
+  aws_regions {}
+
+  auth_config {
+    aws_auth_config_role {
+      role_name = "DatadogIntegrationRole"
+    }
+  }
+  logs_config {
+    lambda_forwarder {}
+  }
+  metrics_config {
+    namespace_filters {}
+  }
+  resources_config {}
+  traces_config {
+    xray_services {}
+  }
+}