Skip to content

feat(azure): add sensor-single module with VNet flow log support#4

Merged
HassanBaker merged 7 commits into
mainfrom
hbaker/add-azure-singe-sensor-module
Jun 16, 2026
Merged

feat(azure): add sensor-single module with VNet flow log support#4
HassanBaker merged 7 commits into
mainfrom
hbaker/add-azure-singe-sensor-module

Conversation

@HassanBaker

Copy link
Copy Markdown
Collaborator

Description

Add the Azure single-instance sensor module (modules/azure/sensor-single/) and a companion vnet_flow_storage_access submodule for VNet flow log ingestion. Includes a complete flow-sensor example demonstrating the deployment.

Type of Change

  • New feature (non-breaking change which adds functionality)

Affected Modules

  • Azure modules
  • Examples
  • Tests

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have run terraform fmt -recursive
  • I have run terraform validate on affected modules
  • I have updated the CHANGELOG.md (if applicable)

Testing

  • terraform validate passes on modules/azure/sensor-single/ and the example
  • examples/azure/flow-sensor/tests/example.tftest.hcl validates module structure and variable wiring

Additional Notes

New files (17 files, +924 lines):

  • modules/azure/sensor-single/ — Single Corelight sensor VM with dual NICs (management + monitoring), cloud-init config, optional public IP, and user-assigned managed identity support
  • modules/azure/sensor-single/submodules/vnet_flow_storage_access/ — Creates a managed identity with Storage Blob Data Reader on a flow logs storage account
  • examples/azure/flow-sensor/ — End-to-end example wiring the sensor to VNet flow log ingestion, with tfvars.example and test coverage

Hassan Baker and others added 6 commits June 2, 2026 15:20
Creates a user-assigned Managed Identity with Storage Blob Data Reader
access to a storage account containing Azure VNet Flow Logs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds the Azure sensor-single module (single VM deployment) with
vnet_flow_storage_access submodule, and a flow-sensor example mirroring
the existing AWS flow-sensor example for parity.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
terraform fmt alignment fixes in main.tf and test file, and regenerate
README docs blocks to match terraform-docs output format (anchor tags,
sorted inputs, complete variable list).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The list default values need `<pre>[<br/>  ...]</pre>` format to match
terraform-docs output exactly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use a full-length RSA public key in flow-sensor test fixtures to pass
Azure VM key validation. Add AVD-AZU-0047 and AVD-AZU-0051 to Trivy
ignore list since the sensor module intentionally exposes configurable
CIDRs for monitoring ingress and outbound Fleet connectivity.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comment thread examples/azure/flow-sensor/variables.tf
Comment thread examples/azure/flow-sensor/variables.tf
Comment thread examples/azure/flow-sensor/variables.tf
Comment thread examples/azure/flow-sensor/main.tf
Comment thread modules/azure/sensor-single/README.md
- Add section comments to variables.tf documenting variable groups
- Update community_string description to mention Fleet
- Fix submodule README example source to use full GitHub URL
- Link scripts/azure/copy-azure-image.sh in prerequisites

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@HassanBaker HassanBaker force-pushed the hbaker/add-azure-singe-sensor-module branch from a225602 to c1eef2a Compare June 15, 2026 15:13
@HassanBaker HassanBaker merged commit d604bf5 into main Jun 16, 2026
6 checks passed
@HassanBaker HassanBaker deleted the hbaker/add-azure-singe-sensor-module branch June 16, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants