Defender for Cloud Container and SqlServerVirtualMachines Extension Names?

[colinoly]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.3

AzureRM Provider Version

3.81.0

Affected Resource(s)/Data Source(s)

azurerm_security_center_subscription_pricing

Terraform Configuration Files

#SQL
resource "azurerm_security_center_subscription_pricing" "mdc_arm_SqlServerVirtualMachines_appsub" {
  provider      = azurerm.appsub
  tier          = "Standard"
  resource_type = "SqlServerVirtualMachines"

  #***Don't know name value
  #extension {
  #  name = "AzureMonitoringAgentforSQLserveronmachines"
  #  additional_extension_properties = {
  #    "ExclusionTags" = jsonencode([])
  #  }
  #}
}

#Containers
resource "azurerm_security_center_subscription_pricing" "mdc_arm_Containers_appsub" {
  provider      = azurerm.appsub
  tier          = "Standard"
  resource_type = "Containers"

  #***Don't know name value
  #extension {
  #  name = " DefendersensorinAzure"
  #  additional_extension_properties = {
  #  }
  #}

  #***Don't know name value
  #extension {
  #  name = "AzurePolicyforKubernetes"
  #  additional_extension_properties = {
  #  }
  #}

  extension {
    name = "AgentlessDiscoveryForKubernetes"
    additional_extension_properties = {
    }
  }

  extension {
    name = "ContainerRegistriesVulnerabilityAssessments"
    additional_extension_properties = {
    }
  }
}

Debug Output/Panic Output

│ Error: setting Pricing (Subscription: "xxxx"
│ Pricing Name: "SqlServerVirtualMachines"): pricings.PricingsClient#Update: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="Unknown" Message="Unknown service error" Details=[{"properties.extensions[0].name":["Error converting value \"AzureMonitoringAgentforSQLserveronmachines\" to type 'Microsoft.Azure.Security.Service.Common.CoreContracts.Pricing.PricingExtensionNames'. Path 'properties.extensions[0].name', line 1, position 155."]}]
│
│   with azurerm_security_center_subscription_pricing.mdc_arm_SqlServerVirtualMachines_appsub,
│   on app_defenderforcloud.tf line 80, in resource "azurerm_security_center_subscription_pricing" "mdc_arm_SqlServerVirtualMachines_appsub":
│   80: resource "azurerm_security_center_subscription_pricing" "mdc_arm_SqlServerVirtualMachines_appsub" {
│
╵
╷
│ Error: setting Pricing (Subscription: "xxxx"
│ Pricing Name: "Containers"): pricings.PricingsClient#Update: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="Unknown" Message="Unknown service error" Details=[{"properties.extensions[3].name":["Error converting value \"AzurePolicyforKubernetes\" to type 'Microsoft.Azure.Security.Service.Common.CoreContracts.Pricing.PricingExtensionNames'. Path 'properties.extensions[3].name', line 1, position 370."],"properties.extensions[4].name":["Error converting value \" DefendersensorinAzure\" to type 'Microsoft.Azure.Security.Service.Common.CoreContracts.Pricing.PricingExtensionNames'. Path 'properties.extensions[4].name', line 1, position 458."]}]
│
│   with azurerm_security_center_subscription_pricing.mdc_arm_Containers_appsub,
│   on app_defenderforcloud.tf line 128, in resource "azurerm_security_center_subscription_pricing" "mdc_arm_Containers_appsub":
│  128: resource "azurerm_security_center_subscription_pricing" "mdc_arm_Containers_appsub" {
│

Expected Behaviour

Defender for Cloud settings configured as defined

Actual Behaviour

Extension names not known

Steps to Reproduce

1. Plan
2. Apply

Important Factoids

No response

References

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/deploy-microsoft-defender-for-cloud-via-terraform/ba-p/3563710

[sinbai]

Hi @colinoly thanks for opening this issue. I would like to explain that Terraform manages Azure resources through the Azure rest API, and the above error is returned by the rest API instead of Terraform. In addition, after checking the rest API, the possible values for the extension name are listed as AgentlessDiscoveryForKubernetes, OnUploadMalwareScanning,SensitiveDataDiscovery and ContainerRegistriesVulnerabilityAssessments. Given the unknown extension names are not listed in the supported values, I assume that the actual behaviour is expected. It is recommended to contact Microsoft support for information on how to enable the expected extensions by the rest API.