From cf9529a9b2e93237c919fef555a1e2841ee6b384 Mon Sep 17 00:00:00 2001
From: Michael Hsieh <michael.hsieh@lacework.net>
Date: Wed, 27 Nov 2024 00:52:39 +0000
Subject: [PATCH] feat: add support for azure active directory activity log

---
 cli/cmd/generate_azure.go | 16 +++++++++++++++-
 lwgenerate/azure/azure.go | 25 ++++++++++++++++++++-----
 2 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/cli/cmd/generate_azure.go b/cli/cmd/generate_azure.go
index 8fe5881b0..2c75b0c98 100644
--- a/cli/cmd/generate_azure.go
+++ b/cli/cmd/generate_azure.go
@@ -1,11 +1,11 @@
 package cmd
 
 import (
+	"github.com/AlecAivazis/survey/v2"
 	"strconv"
 	"strings"
 	"time"
 
-	"github.com/AlecAivazis/survey/v2"
 	"github.com/imdario/mergo"
 	"github.com/spf13/cobra"
 
@@ -190,6 +190,7 @@ the new cloud account. In interactive mode, this command will:
 				azure.WithStorageAccountName(GenerateAzureCommandState.StorageAccountName),
 				azure.WithStorageLocation(GenerateAzureCommandState.StorageLocation),
 				azure.WithActivityLogIntegrationName(GenerateAzureCommandState.ActivityLogIntegrationName),
+				azure.WithActiveDirectoryActivityLogIntegrationName(GenerateAzureCommandState.ActiveDirectoryActivityLogIntegrationName),
 				azure.WithConfigIntegrationName(GenerateAzureCommandState.ConfigIntegrationName),
 				azure.WithEntraIdActivityLogIntegrationName(GenerateAzureCommandState.EntraIdIntegrationName),
 				azure.WithEventHubLocation(GenerateAzureCommandState.EventHubLocation),
@@ -225,6 +226,7 @@ the new cloud account. In interactive mode, this command will:
 			data := azure.NewTerraform(
 				GenerateAzureCommandState.Config,
 				GenerateAzureCommandState.ActivityLog,
+				GenerateAzureCommandState.ActiveDirectoryActivityLog,
 				GenerateAzureCommandState.EntraIdActivityLog,
 				GenerateAzureCommandState.CreateAdIntegration,
 				mods...)
@@ -373,12 +375,24 @@ func initGenerateAzureTfCommandFlags() {
 		false,
 		"enable activity log integration")
 
+	generateAzureTfCommand.PersistentFlags().BoolVar(
+		&GenerateAzureCommandState.ActiveDirectoryActivityLog,
+		"active_directory_activity_log",
+		false,
+		"enable active directory activity log integration")
+
 	generateAzureTfCommand.PersistentFlags().StringVar(
 		&GenerateAzureCommandState.ActivityLogIntegrationName,
 		"activity_log_integration_name",
 		"",
 		"specify a custom activity log integration name")
 
+	generateAzureTfCommand.PersistentFlags().StringVar(
+		&GenerateAzureCommandState.ActiveDirectoryActivityLogIntegrationName,
+		"active_directory_activity_log_integration_name",
+		"",
+		"specify a custom active directory activity log integration name")
+
 	generateAzureTfCommand.PersistentFlags().BoolVar(
 		&GenerateAzureCommandState.EntraIdActivityLog,
 		"entra_id_activity_log",
diff --git a/lwgenerate/azure/azure.go b/lwgenerate/azure/azure.go
index ff1516813..a522dcbb3 100644
--- a/lwgenerate/azure/azure.go
+++ b/lwgenerate/azure/azure.go
@@ -11,6 +11,9 @@ type GenerateAzureTfConfigurationArgs struct {
 	// Should we configure Activity Log integration in LW?
 	ActivityLog bool
 
+	// Should we configure Active Directory Activity Log in LW?
+	ActiveDirectoryActivityLog bool
+
 	// Should we add Config integration in LW?
 	Config bool
 
@@ -26,6 +29,10 @@ type GenerateAzureTfConfigurationArgs struct {
 	// If ActivityLog is true, give the user the opportunity to name their integration. Defaults to "TF activity log"
 	ActivityLogIntegrationName string
 
+	// If ActiveDirectoryActivityLog is true, give the user the opportunity to name their integration. Defaults to
+	// "TF active directory activity log"
+	ActiveDirectoryActivityLogIntegrationName string
+
 	// If EntraIdIntegration is true, give the user the opportunity to name their integration.
 	// Defaults to "TF Entra ID activity log"
 	EntraIdIntegrationName string
@@ -123,14 +130,15 @@ type AzureTerraformModifier func(c *GenerateAzureTfConfigurationArgs)
 //
 // Note: Additional configuration details may be set using modifiers of the AzureTerraformModifier type
 func NewTerraform(
-	enableConfig bool, enableActivityLog bool, enableEntraIdActivityLog, createAdIntegration bool,
+	enableConfig bool, enableActivityLog bool, enableActiveDirectoryActivityLog bool, enableEntraIdActivityLog, createAdIntegration bool,
 	mods ...AzureTerraformModifier,
 ) *GenerateAzureTfConfigurationArgs {
 	config := &GenerateAzureTfConfigurationArgs{
-		ActivityLog:         enableActivityLog,
-		Config:              enableConfig,
-		EntraIdActivityLog:  enableEntraIdActivityLog,
-		CreateAdIntegration: createAdIntegration,
+		ActivityLog:                enableActivityLog,
+		ActiveDirectoryActivityLog: enableActiveDirectoryActivityLog,
+		Config:                     enableConfig,
+		EntraIdActivityLog:         enableEntraIdActivityLog,
+		CreateAdIntegration:        createAdIntegration,
 	}
 	for _, m := range mods {
 		m(config)
@@ -190,6 +198,13 @@ func WithActivityLogIntegrationName(name string) AzureTerraformModifier {
 	}
 }
 
+// WithActivityLogIntegrationName Set the Activity Log Integration name to be displayed on the Lacework UI
+func WithActiveDirectoryActivityLogIntegrationName(name string) AzureTerraformModifier {
+	return func(c *GenerateAzureTfConfigurationArgs) {
+		c.ActiveDirectoryActivityLogIntegrationName = name
+	}
+}
+
 // WithEntraIdActivityLogIntegrationName Set the Entra ID Activity Log Integration name
 // to be displayed on the Lacework UI
 func WithEntraIdActivityLogIntegrationName(name string) AzureTerraformModifier {