From 36c14b1948c185529d715305859bf81b9e3c6783 Mon Sep 17 00:00:00 2001 From: Ao Zhang Date: Mon, 6 Nov 2023 22:55:07 -0800 Subject: [PATCH 1/4] WIP: add azure sidekick api --- api/cloud_accounts_azure_sidekick.go | 87 ++++++ api/cloud_accounts_azure_sidekick_test.go | 305 ++++++++++++++++++++++ 2 files changed, 392 insertions(+) create mode 100644 api/cloud_accounts_azure_sidekick.go create mode 100644 api/cloud_accounts_azure_sidekick_test.go diff --git a/api/cloud_accounts_azure_sidekick.go b/api/cloud_accounts_azure_sidekick.go new file mode 100644 index 000000000..876471c74 --- /dev/null +++ b/api/cloud_accounts_azure_sidekick.go @@ -0,0 +1,87 @@ +// +// Author:: Ao Zhang () +// Copyright:: Copyright 2023, Lacework Inc. +// License:: Apache License, Version 2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package api + +import ( + "fmt" + "strings" +) + +// GetAzureSidekick gets a single AzureSidekick integration matching the provided integration guid +func (svc *CloudAccountsService) GetAzureSidekick(guid string) ( + response AzureSidekickIntegrationResponse, + err error, +) { + err = svc.get(guid, &response) + return +} + +// CreateAzureSidekick creates an AzureSidekick Cloud Account integration +func (svc *CloudAccountsService) CreateAzureSidekick(data CloudAccount) ( + response AzureSidekickIntegrationResponse, + err error, +) { + err = svc.create(data, &response) + return +} + +// UpdateAzureSidekick updates a single AzureSidekick integration on the Lacework Server +func (svc *CloudAccountsService) UpdateAzureSidekick(data CloudAccount) ( + response AzureSidekickIntegrationResponse, + err error, +) { + err = svc.update(data.ID(), data, &response) + return +} + +type AzureSidekickIntegrationResponse struct { + Data V2AzureSidekickIntegration `json:"data"` +} + +type AzureSidekickToken struct { + ServerToken string `json:"serverToken"` + Uri string `json:"uri"` +} + +type V2AzureSidekickIntegration struct { + v2CommonIntegrationData + AzureSidekickToken `json:"serverToken"` + Data AzureSidekickData `json:"data"` +} + +type AzureSidekickData struct { + Credentials AzureSidekickCredentials `json:"credentials"` + IntegrationType string `json:"integrationType"` // SUBSCRIPTION or TENANT + SubscriptionId string `json:"subscriptionId"` + TenantId string `json:"tenantId"` + BlobContainerName string `json:"blobContainerName"` + SubscriptionList string `json:"subscriptionList,omitempty"` + QueryText string `json:"queryText,omitempty"` + ScanFrequency int `json:"scanFrequency"` // in hours + ScanContainers bool `json:"scanContainers"` + ScanHostVulnerabilities bool `json:"scanHostVulnerabilities"` + ScanMultiVolume bool `json:"scanMultiVolume"` + ScanStoppedInstances bool `json:"scanStoppedInstances"` +} + +type AzureSidekickCredentials struct { + ClientID string `json:"clientId"` + CredentialType string `json:"credentialType"` + ClientSecret string `json:"clientSecret,omitempty"` // SharedCredentials or SharedAccess +} diff --git a/api/cloud_accounts_azure_sidekick_test.go b/api/cloud_accounts_azure_sidekick_test.go new file mode 100644 index 000000000..0a59bbfbe --- /dev/null +++ b/api/cloud_accounts_azure_sidekick_test.go @@ -0,0 +1,305 @@ +// +// Author:: Ao Zhang () +// Copyright:: Copyright 2023, Lacework Inc. +// License:: Apache License, Version 2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package api_test + +import ( + "fmt" + "net/http" + "testing" + + "github.com/lacework/go-sdk/api" + "github.com/lacework/go-sdk/internal/intgguid" + "github.com/lacework/go-sdk/internal/lacework" + "github.com/stretchr/testify/assert" +) + +// These two objects are used to test Create, Get and Update operations. +var ( + azureSidekickData = api.AzureSidekickData{ + IntegrationType: "SUBSCRIPTION", + SubscriptionId: "54321", + TenantId: "98765", + BlobContainerName: "blobContainer", + ScanFrequency: 24, + ScanContainers: true, + ScanHostVulnerabilities: true, + Credentials: api.AzureSidekickCredentials{ + ClientID: "Client123", + CredentialType: "ShareCredentials", + ClientSecret: "Secret", + }, + SubscriptionList: "sub1,sub2", + QueryText: "queryText", + } + + azureUpdatedSidekickData = api.AzureSidekickData{ + IntegrationType: "SUBSCRIPTION", + SubscriptionId: "12345", + TenantId: "87654", + SubscriptionId: "updated-54321", + BlobContainerName: "updated-blobContainer", + ScanFrequency: 12, + ScanContainers: false, + ScanHostVulnerabilities: true, + Credentials: api.AzureSidekickCredentials{ + ClientID: "updated-Client123", + CredentialType: "updated-SharedCredentials", + ClientSecret: "updated-secret", + }, + SubscriptionList: "updated-proj1,proj2", + QueryText: "updated-queryText", + } +) + +// TODO: update this +func TestCloudAccountsAzureSidekickCreate(t *testing.T) { + accountMappingJSON := []byte(`{ + "defaultLaceworkAccountAws": "lw_account_1", + "integration_mappings": { + "lw_account_2": { + "aws_accounts": [ + "234556677", + "774564564" + ] + }, + "lw_account_3": { + "aws_accounts": [ + "553453453", + "934534535" + ] + } + } + }`) + integration := api.NewCloudAccount("integration_name", api.AzureSidekickCloudAccount, azureSidekickData) + assert.Equal(t, api.AzureSidekickCloudAccount.String(), integration.Type) + + // casting the data interface{} to type AzureSidekickData + integrationData := integration.Data.(api.AzureSidekickData) + integrationData.EncodeAccountMappingFile(accountMappingJSON) + + assert.Equal(t, integrationData.IDType, "PROJECT") + assert.Equal(t, integrationData.ID, "12345") + assert.Equal(t, integrationData.ScanningProjectId, "54321") + assert.Equal(t, integrationData.SharedBucket, "storageBucket") + assert.Equal(t, integrationData.ScanFrequency, 24) + assert.Equal(t, integrationData.ScanContainers, true) + assert.Equal(t, integrationData.ScanHostVulnerabilities, true) + + assert.Equal(t, integrationData.Credentials.ClientID, "Client123") + assert.Equal(t, integrationData.Credentials.ClientEmail, "client@test.com") + assert.Equal(t, integrationData.Credentials.PrivateKeyID, "privateKeyID") + assert.Equal(t, integrationData.Credentials.PrivateKey, "privateKey") + assert.Equal(t, integrationData.Credentials.TokenUri, "tokenTest") + assert.Contains(t, + integrationData.AccountMappingFile, + "data:application/json;name=i.json;base64,", + "check the custom_template_file encoder", + ) + accountMapping, err := integrationData.DecodeAccountMappingFile() + assert.Nil(t, err) + assert.Equal(t, accountMappingJSON, accountMapping) + + // When there is no custom account mapping file, this function should + // return an empty string to match the pattern + integrationData.AccountMappingFile = "" + accountMapping, err = integrationData.DecodeAccountMappingFile() + assert.Nil(t, err) + assert.Empty(t, accountMapping) +} + +func TestCloudAccountsAzureSidekickGet(t *testing.T) { + var ( + intgGUID = intgguid.New() + apiPath = fmt.Sprintf("CloudAccounts/%s", intgGUID) + fakeServer = lacework.MockServer() + ) + fakeServer.MockToken("TOKEN") + defer fakeServer.Close() + + fakeServer.MockAPI(apiPath, func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "GET", r.Method, "GetAzureSidekick() should be a GET method") + fmt.Fprintf(w, generateCloudAccountResponse(getAzureData(intgGUID, azureSidekickData))) + + }) + + c, err := api.NewClient("test", + api.WithToken("TOKEN"), + api.WithURL(fakeServer.URL()), + ) + assert.Nil(t, err) + + response, err := c.V2.CloudAccounts.GetAzureSidekick(intgGUID) + assert.Nil(t, err) + assert.NotNil(t, response) + + integration := response.Data + assert.Equal(t, intgGUID, integration.IntgGuid) + assert.Equal(t, "integration_test", integration.Name) + assert.True(t, integration.State.Ok) + + integrationData := integration.Data + assert.Equal(t, "PROJECT", integrationData.IDType) + assert.Equal(t, "12345", integrationData.ID) + assert.Equal(t, "54321", integrationData.ScanningProjectId) + assert.Equal(t, "storageBucket", integrationData.SharedBucket) + assert.Equal(t, 24, integrationData.ScanFrequency) + assert.Equal(t, true, integrationData.ScanContainers) + assert.Equal(t, true, integrationData.ScanHostVulnerabilities) + assert.Equal(t, "Client123", integrationData.Credentials.ClientID) + assert.Equal(t, "client@test.com", integrationData.Credentials.ClientEmail) + assert.Equal(t, "privateKeyID", integrationData.Credentials.PrivateKeyID) + assert.Equal(t, "privateKey", integrationData.Credentials.PrivateKey) + assert.Equal(t, "tokenTest", integrationData.Credentials.TokenUri) + assert.Equal(t, "proj1,proj2", integrationData.FilterList) + assert.Equal(t, "queryText", integrationData.QueryText) + assert.Equal(t, "token_"+integration.IntgGuid, integration.ServerToken) +} + +func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { + var ( + intgGUID = intgguid.New() + apiPath = fmt.Sprintf("CloudAccounts/%s", intgGUID) + fakeServer = lacework.MockServer() + ) + fakeServer.MockToken("TOKEN") + defer fakeServer.Close() + + // Step 1 - Start Fake Server to return updated data + fakeServer.MockAPI(apiPath, func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, "PATCH", r.Method, "UpdateAzureSidekick() should be a PATCH method") + + if assert.NotNil(t, r.Body) { + body := httpBodySniffer(r) + assert.Contains(t, body, intgGUID, "INTG_GUID missing") + assert.Contains(t, body, "integration_test", "cloud account name is missing") + assert.Contains(t, body, "AzureSidekick", "wrong cloud account type") + assert.Contains(t, body, azureSidekickData.Credentials.ClientID, "wrong client ID") + assert.Contains(t, body, azureSidekickData.Credentials.ClientEmail, "wrong client email") + assert.Contains(t, body, azureSidekickData.SharedBucket, "wrong client email") + assert.Contains(t, body, "enabled\":1", "cloud account is not enabled") + } + + fmt.Fprintf(w, generateCloudAccountResponse(getAzureData(intgGUID, azureUpdatedSidekickData))) + }) + + c, err := api.NewClient("test", + api.WithToken("TOKEN"), + api.WithURL(fakeServer.URL()), + ) + assert.Nil(t, err) + + // Step 2 - Create New Account + cloudAccount := api.NewCloudAccount("integration_test", + api.AzureSidekickCloudAccount, + azureSidekickData, + ) + + integrationData := cloudAccount.Data.(api.AzureSidekickData) + assert.Equal(t, "integration_test", cloudAccount.Name) + assert.Equal(t, "AzureSidekick", cloudAccount.Type) + assert.Equal(t, 1, cloudAccount.Enabled) + assert.Equal(t, "PROJECT", integrationData.IDType) + assert.Equal(t, "12345", integrationData.ID) + assert.Equal(t, "54321", integrationData.ScanningProjectId) + assert.Equal(t, "storageBucket", integrationData.SharedBucket) + assert.Equal(t, 24, integrationData.ScanFrequency) + assert.Equal(t, true, integrationData.ScanContainers) + assert.Equal(t, true, integrationData.ScanHostVulnerabilities) + assert.Equal(t, "Client123", integrationData.Credentials.ClientID) + assert.Equal(t, "client@test.com", integrationData.Credentials.ClientEmail) + assert.Equal(t, "privateKeyID", integrationData.Credentials.PrivateKeyID) + assert.Equal(t, "privateKey", integrationData.Credentials.PrivateKey) + assert.Equal(t, "tokenTest", integrationData.Credentials.TokenUri) + assert.Equal(t, "proj1,proj2", integrationData.FilterList) + assert.Equal(t, "queryText", integrationData.QueryText) + + // Step 3 - Get Updated data from Fake server + cloudAccount.IntgGuid = intgGUID + response, err := c.V2.CloudAccounts.UpdateAzureSidekick(cloudAccount) + assert.Nil(t, err, "Cannot update integration") + assert.NotNil(t, response) + integration := response.Data + assert.Equal(t, intgGUID, integration.IntgGuid) + + integrationData = integration.Data + assert.Equal(t, "integration_test", cloudAccount.Name) + assert.Equal(t, "AzureSidekick", cloudAccount.Type) + assert.Equal(t, 1, cloudAccount.Enabled) + assert.Equal(t, "PROJECT", integrationData.IDType) + assert.Equal(t, "12345", integrationData.ID) + assert.Equal(t, "updated-54321", integrationData.ScanningProjectId) + assert.Equal(t, "updated-storageBucket", integrationData.SharedBucket) + assert.Equal(t, 12, integrationData.ScanFrequency) + assert.Equal(t, false, integrationData.ScanContainers) + assert.Equal(t, true, integrationData.ScanHostVulnerabilities) + assert.Equal(t, "updated-Client123", integrationData.Credentials.ClientID) + assert.Equal(t, "updated-client@test.com", integrationData.Credentials.ClientEmail) + assert.Equal(t, "updated-privateKeyID", integrationData.Credentials.PrivateKeyID) + assert.Equal(t, "updated-privateKey", integrationData.Credentials.PrivateKey) + assert.Equal(t, "updated-tokenTest", integrationData.Credentials.TokenUri) + assert.Equal(t, "updated-proj1,proj2", integrationData.FilterList) + assert.Equal(t, "updated-queryText", integrationData.QueryText) +} + +// getAzureData converts integration data to json string +func getAzureData(id string, data api.AzureSidekickData) string { + + scanFrequency := fmt.Sprintf("%d", data.ScanFrequency) + scanContainers := fmt.Sprintf("%t", data.ScanContainers) + scanHostVulnerabilities := fmt.Sprintf("%t", data.ScanHostVulnerabilities) + + return ` + { + "createdOrUpdatedBy": "ammar.ekbote@lacework.net", + "createdOrUpdatedTime": "2021-06-01T19:28:00.092Z", + "enabled": 1, + "intgGuid": "` + id + `", + "isOrg": 0, + "name": "integration_test", + "state": { + "details": {}, + "lastSuccessfulTime": 1624456896915, + "lastUpdatedTime": 1624456896915, + "ok": true + }, + "type": "AzureSidekick", + "data": { + "credentials": { + "clientId": "` + data.Credentials.ClientID + `", + "privateKeyId": "` + data.Credentials.PrivateKeyID + `", + "clientEmail": "` + data.Credentials.ClientEmail + `", + "privateKey": "` + data.Credentials.PrivateKey + `", + "tokenuri": "` + data.Credentials.TokenUri + `" + }, + "idType": "` + data.IDType + `", + "id": "` + data.ID + `", + "scanningProjectId": "` + data.ScanningProjectId + `", + "sharedBucketName": "` + data.SharedBucket + `", + "filterList": "` + data.FilterList + `", + "queryText": "` + data.QueryText + `", + "scanFrequency": ` + scanFrequency + `, + "scanContainers": ` + scanContainers + `, + "scanHostVulnerabilities": ` + scanHostVulnerabilities + ` + }, + "serverToken": { + "serverToken": "token_` + id + `" + } + } + ` +} From 683fa0a42a2ba2c375876514a2ac225e8b5a8990 Mon Sep 17 00:00:00 2001 From: Ao Zhang Date: Tue, 7 Nov 2023 15:00:35 -0800 Subject: [PATCH 2/4] update tests --- api/cloud_accounts_azure_sidekick.go | 4 +- api/cloud_accounts_azure_sidekick_test.go | 145 ++++++++-------------- api/cloud_accounts_gcp_sidekick_test.go | 2 +- 3 files changed, 53 insertions(+), 98 deletions(-) diff --git a/api/cloud_accounts_azure_sidekick.go b/api/cloud_accounts_azure_sidekick.go index 876471c74..4981cb475 100644 --- a/api/cloud_accounts_azure_sidekick.go +++ b/api/cloud_accounts_azure_sidekick.go @@ -82,6 +82,6 @@ type AzureSidekickData struct { type AzureSidekickCredentials struct { ClientID string `json:"clientId"` - CredentialType string `json:"credentialType"` - ClientSecret string `json:"clientSecret,omitempty"` // SharedCredentials or SharedAccess + ClientSecret string `json:"clientSecret,omitempty"` + CredentialType string `json:"credentialType"` // SharedCredentials or SharedAccess } diff --git a/api/cloud_accounts_azure_sidekick_test.go b/api/cloud_accounts_azure_sidekick_test.go index 0a59bbfbe..fe116ac5b 100644 --- a/api/cloud_accounts_azure_sidekick_test.go +++ b/api/cloud_accounts_azure_sidekick_test.go @@ -33,94 +33,59 @@ import ( var ( azureSidekickData = api.AzureSidekickData{ IntegrationType: "SUBSCRIPTION", - SubscriptionId: "54321", - TenantId: "98765", - BlobContainerName: "blobContainer", + SubscriptionId: "54321", + TenantId: "98765", + BlobContainerName: "blobContainer", ScanFrequency: 24, ScanContainers: true, ScanHostVulnerabilities: true, Credentials: api.AzureSidekickCredentials{ - ClientID: "Client123", + ClientID: "Client123", CredentialType: "ShareCredentials", - ClientSecret: "Secret", + ClientSecret: "Secret", }, SubscriptionList: "sub1,sub2", - QueryText: "queryText", + QueryText: "queryText", } azureUpdatedSidekickData = api.AzureSidekickData{ - IntegrationType: "SUBSCRIPTION", - SubscriptionId: "12345", - TenantId: "87654", - SubscriptionId: "updated-54321", - BlobContainerName: "updated-blobContainer", + IntegrationType: "SUBSCRIPTION", + SubscriptionId: "updated-54321", + TenantId: "updated-98765", + BlobContainerName: "updated-blobContainer", ScanFrequency: 12, ScanContainers: false, ScanHostVulnerabilities: true, Credentials: api.AzureSidekickCredentials{ - ClientID: "updated-Client123", - CredentialType: "updated-SharedCredentials", - ClientSecret: "updated-secret", + ClientID: "updated-Client123", + CredentialType: "SharedAccess", + ClientSecret: "updated-secret", }, SubscriptionList: "updated-proj1,proj2", - QueryText: "updated-queryText", + QueryText: "updated-queryText", } ) -// TODO: update this func TestCloudAccountsAzureSidekickCreate(t *testing.T) { - accountMappingJSON := []byte(`{ - "defaultLaceworkAccountAws": "lw_account_1", - "integration_mappings": { - "lw_account_2": { - "aws_accounts": [ - "234556677", - "774564564" - ] - }, - "lw_account_3": { - "aws_accounts": [ - "553453453", - "934534535" - ] - } - } - }`) integration := api.NewCloudAccount("integration_name", api.AzureSidekickCloudAccount, azureSidekickData) assert.Equal(t, api.AzureSidekickCloudAccount.String(), integration.Type) // casting the data interface{} to type AzureSidekickData integrationData := integration.Data.(api.AzureSidekickData) - integrationData.EncodeAccountMappingFile(accountMappingJSON) - assert.Equal(t, integrationData.IDType, "PROJECT") + // TODO: I don't think this will work because we aren't returning the fields + assert.Equal(t, integrationData.IntegrationType, "SUBSCRIPTION") assert.Equal(t, integrationData.ID, "12345") - assert.Equal(t, integrationData.ScanningProjectId, "54321") - assert.Equal(t, integrationData.SharedBucket, "storageBucket") + assert.Equal(t, integrationData.SubscriptionId, "54321") + assert.Equal(t, integrationData.TenantId, "98765") + assert.Equal(t, integrationData.BlobContainerName, "blobContainer") assert.Equal(t, integrationData.ScanFrequency, 24) assert.Equal(t, integrationData.ScanContainers, true) assert.Equal(t, integrationData.ScanHostVulnerabilities, true) assert.Equal(t, integrationData.Credentials.ClientID, "Client123") - assert.Equal(t, integrationData.Credentials.ClientEmail, "client@test.com") - assert.Equal(t, integrationData.Credentials.PrivateKeyID, "privateKeyID") - assert.Equal(t, integrationData.Credentials.PrivateKey, "privateKey") - assert.Equal(t, integrationData.Credentials.TokenUri, "tokenTest") - assert.Contains(t, - integrationData.AccountMappingFile, - "data:application/json;name=i.json;base64,", - "check the custom_template_file encoder", - ) - accountMapping, err := integrationData.DecodeAccountMappingFile() - assert.Nil(t, err) - assert.Equal(t, accountMappingJSON, accountMapping) - - // When there is no custom account mapping file, this function should - // return an empty string to match the pattern - integrationData.AccountMappingFile = "" - accountMapping, err = integrationData.DecodeAccountMappingFile() - assert.Nil(t, err) - assert.Empty(t, accountMapping) + assert.Equal(t, integrationData.Credentials.ClientSecret, "Secret") + assert.Equal(t, integrationData.Credentials.CredentialType, "SharedCredentials") } func TestCloudAccountsAzureSidekickGet(t *testing.T) { @@ -135,7 +100,6 @@ func TestCloudAccountsAzureSidekickGet(t *testing.T) { fakeServer.MockAPI(apiPath, func(w http.ResponseWriter, r *http.Request) { assert.Equal(t, "GET", r.Method, "GetAzureSidekick() should be a GET method") fmt.Fprintf(w, generateCloudAccountResponse(getAzureData(intgGUID, azureSidekickData))) - }) c, err := api.NewClient("test", @@ -154,19 +118,17 @@ func TestCloudAccountsAzureSidekickGet(t *testing.T) { assert.True(t, integration.State.Ok) integrationData := integration.Data - assert.Equal(t, "PROJECT", integrationData.IDType) - assert.Equal(t, "12345", integrationData.ID) - assert.Equal(t, "54321", integrationData.ScanningProjectId) - assert.Equal(t, "storageBucket", integrationData.SharedBucket) + assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationType) + assert.Equal(t, "12345", integrationData.SubscriptionId) + assert.Equal(t, "98765", integrationData.TenantId) + assert.Equal(t, "blobContainer", integrationData.BlobContainerName) assert.Equal(t, 24, integrationData.ScanFrequency) assert.Equal(t, true, integrationData.ScanContainers) assert.Equal(t, true, integrationData.ScanHostVulnerabilities) assert.Equal(t, "Client123", integrationData.Credentials.ClientID) - assert.Equal(t, "client@test.com", integrationData.Credentials.ClientEmail) - assert.Equal(t, "privateKeyID", integrationData.Credentials.PrivateKeyID) - assert.Equal(t, "privateKey", integrationData.Credentials.PrivateKey) - assert.Equal(t, "tokenTest", integrationData.Credentials.TokenUri) - assert.Equal(t, "proj1,proj2", integrationData.FilterList) + assert.Equal(t, "Secret", integrationData.Credentials.ClientSecret) + assert.Equal(t, "SharedCredentials", integrationData.Credentials.CredentialType) + assert.Equal(t, "sub1,sub2", integrationData.SubscriptionList) assert.Equal(t, "queryText", integrationData.QueryText) assert.Equal(t, "token_"+integration.IntgGuid, integration.ServerToken) } @@ -190,8 +152,7 @@ func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { assert.Contains(t, body, "integration_test", "cloud account name is missing") assert.Contains(t, body, "AzureSidekick", "wrong cloud account type") assert.Contains(t, body, azureSidekickData.Credentials.ClientID, "wrong client ID") - assert.Contains(t, body, azureSidekickData.Credentials.ClientEmail, "wrong client email") - assert.Contains(t, body, azureSidekickData.SharedBucket, "wrong client email") + assert.Contains(t, body, azureSidekickData.BlobContainerName, "wrong blob container name") assert.Contains(t, body, "enabled\":1", "cloud account is not enabled") } @@ -214,19 +175,17 @@ func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { assert.Equal(t, "integration_test", cloudAccount.Name) assert.Equal(t, "AzureSidekick", cloudAccount.Type) assert.Equal(t, 1, cloudAccount.Enabled) - assert.Equal(t, "PROJECT", integrationData.IDType) - assert.Equal(t, "12345", integrationData.ID) - assert.Equal(t, "54321", integrationData.ScanningProjectId) - assert.Equal(t, "storageBucket", integrationData.SharedBucket) + assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationType) + assert.Equal(t, "54321", integrationData.SubscriptionId) + assert.Equal(t, "98765", integrationData.TenantId) + assert.Equal(t, "blobContainer", integrationData.BlobContainerName) assert.Equal(t, 24, integrationData.ScanFrequency) assert.Equal(t, true, integrationData.ScanContainers) assert.Equal(t, true, integrationData.ScanHostVulnerabilities) assert.Equal(t, "Client123", integrationData.Credentials.ClientID) - assert.Equal(t, "client@test.com", integrationData.Credentials.ClientEmail) - assert.Equal(t, "privateKeyID", integrationData.Credentials.PrivateKeyID) - assert.Equal(t, "privateKey", integrationData.Credentials.PrivateKey) - assert.Equal(t, "tokenTest", integrationData.Credentials.TokenUri) - assert.Equal(t, "proj1,proj2", integrationData.FilterList) + assert.Equal(t, "Secret", integrationData.Credentials.ClientSecret) + assert.Equal(t, "SharedCredentials", integrationData.Credentials.SharedCredential) + assert.Equal(t, "sub1,sub2", integrationData.SubscriptionList) assert.Equal(t, "queryText", integrationData.QueryText) // Step 3 - Get Updated data from Fake server @@ -241,19 +200,17 @@ func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { assert.Equal(t, "integration_test", cloudAccount.Name) assert.Equal(t, "AzureSidekick", cloudAccount.Type) assert.Equal(t, 1, cloudAccount.Enabled) - assert.Equal(t, "PROJECT", integrationData.IDType) - assert.Equal(t, "12345", integrationData.ID) - assert.Equal(t, "updated-54321", integrationData.ScanningProjectId) - assert.Equal(t, "updated-storageBucket", integrationData.SharedBucket) + assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationType) + assert.Equal(t, "updated-54321", integrationData.SubscriptionId) + assert.Equal(t, "updated-98765", integrationData.TenantId) + assert.Equal(t, "updated-blobContainer", integrationData.BlobContainerName) assert.Equal(t, 12, integrationData.ScanFrequency) assert.Equal(t, false, integrationData.ScanContainers) assert.Equal(t, true, integrationData.ScanHostVulnerabilities) assert.Equal(t, "updated-Client123", integrationData.Credentials.ClientID) - assert.Equal(t, "updated-client@test.com", integrationData.Credentials.ClientEmail) - assert.Equal(t, "updated-privateKeyID", integrationData.Credentials.PrivateKeyID) - assert.Equal(t, "updated-privateKey", integrationData.Credentials.PrivateKey) - assert.Equal(t, "updated-tokenTest", integrationData.Credentials.TokenUri) - assert.Equal(t, "updated-proj1,proj2", integrationData.FilterList) + assert.Equal(t, "updated-Secret", integrationData.Credentials.ClientSecret) + assert.Equal(t, "SharedAccess", integrationData.Credentials.CredentialType) + assert.Equal(t, "updated-sub1,sub2", integrationData.SubscriptionList) assert.Equal(t, "updated-queryText", integrationData.QueryText) } @@ -282,16 +239,14 @@ func getAzureData(id string, data api.AzureSidekickData) string { "data": { "credentials": { "clientId": "` + data.Credentials.ClientID + `", - "privateKeyId": "` + data.Credentials.PrivateKeyID + `", - "clientEmail": "` + data.Credentials.ClientEmail + `", - "privateKey": "` + data.Credentials.PrivateKey + `", - "tokenuri": "` + data.Credentials.TokenUri + `" + "clientSecret": "` + data.Credentials.ClientSecret + `", + "credentialType": "` + data.Credentials.CredentialType + `" }, - "idType": "` + data.IDType + `", - "id": "` + data.ID + `", - "scanningProjectId": "` + data.ScanningProjectId + `", - "sharedBucketName": "` + data.SharedBucket + `", - "filterList": "` + data.FilterList + `", + "integrationType": "` + data.IntegrationType + `", + "subscriptionId": "` + data.SubscriptionId + `", + "tenantId": "` + data.TenantId + `", + "blobContainerName": "` + data.BlobContainerName + `", + "subscriptionList": "` + data.SubscriptionList + `", "queryText": "` + data.QueryText + `", "scanFrequency": ` + scanFrequency + `, "scanContainers": ` + scanContainers + `, diff --git a/api/cloud_accounts_gcp_sidekick_test.go b/api/cloud_accounts_gcp_sidekick_test.go index fc3b190b7..71ab63163 100644 --- a/api/cloud_accounts_gcp_sidekick_test.go +++ b/api/cloud_accounts_gcp_sidekick_test.go @@ -193,7 +193,7 @@ func TestCloudAccountsGcpSidekickUpdate(t *testing.T) { assert.Contains(t, body, "GcpSidekick", "wrong cloud account type") assert.Contains(t, body, gcpSidekickData.Credentials.ClientID, "wrong client ID") assert.Contains(t, body, gcpSidekickData.Credentials.ClientEmail, "wrong client email") - assert.Contains(t, body, gcpSidekickData.SharedBucket, "wrong client email") + assert.Contains(t, body, gcpSidekickData.SharedBucket, "wrong shared bucket name") assert.Contains(t, body, "enabled\":1", "cloud account is not enabled") } From fb9baf663f72f9fe19d23cef51cd159299121aef Mon Sep 17 00:00:00 2001 From: Ao Zhang Date: Tue, 7 Nov 2023 15:25:36 -0800 Subject: [PATCH 3/4] fix tests --- api/cloud_accounts.go | 2 ++ api/cloud_accounts_azure_sidekick.go | 7 +---- api/cloud_accounts_azure_sidekick_test.go | 36 +++++++++++------------ 3 files changed, 20 insertions(+), 25 deletions(-) diff --git a/api/cloud_accounts.go b/api/cloud_accounts.go index ca600ff7d..ebb54282a 100644 --- a/api/cloud_accounts.go +++ b/api/cloud_accounts.go @@ -97,6 +97,7 @@ const ( GcpCfgCloudAccount GcpGkeAuditCloudAccount GcpSidekickCloudAccount + AzureSidekickCloudAccount GcpAlPubSubCloudAccount OciCfgCloudAccount ) @@ -117,6 +118,7 @@ var CloudAccountTypes = map[cloudAccountType]string{ GcpCfgCloudAccount: "GcpCfg", GcpGkeAuditCloudAccount: "GcpGkeAudit", GcpSidekickCloudAccount: "GcpSidekick", + AzureSidekickCloudAccount: "AzureSidekick", GcpAlPubSubCloudAccount: "GcpAlPubSub", OciCfgCloudAccount: "OciCfg", } diff --git a/api/cloud_accounts_azure_sidekick.go b/api/cloud_accounts_azure_sidekick.go index 4981cb475..14baadc6b 100644 --- a/api/cloud_accounts_azure_sidekick.go +++ b/api/cloud_accounts_azure_sidekick.go @@ -18,11 +18,6 @@ package api -import ( - "fmt" - "strings" -) - // GetAzureSidekick gets a single AzureSidekick integration matching the provided integration guid func (svc *CloudAccountsService) GetAzureSidekick(guid string) ( response AzureSidekickIntegrationResponse, @@ -82,6 +77,6 @@ type AzureSidekickData struct { type AzureSidekickCredentials struct { ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret,omitempty"` + ClientSecret string `json:"clientSecret,omitempty"` CredentialType string `json:"credentialType"` // SharedCredentials or SharedAccess } diff --git a/api/cloud_accounts_azure_sidekick_test.go b/api/cloud_accounts_azure_sidekick_test.go index fe116ac5b..1af81dbe0 100644 --- a/api/cloud_accounts_azure_sidekick_test.go +++ b/api/cloud_accounts_azure_sidekick_test.go @@ -33,36 +33,36 @@ import ( var ( azureSidekickData = api.AzureSidekickData{ IntegrationType: "SUBSCRIPTION", - SubscriptionId: "54321", - TenantId: "98765", - BlobContainerName: "blobContainer", + SubscriptionId: "54321", + TenantId: "98765", + BlobContainerName: "blobContainer", ScanFrequency: 24, ScanContainers: true, ScanHostVulnerabilities: true, Credentials: api.AzureSidekickCredentials{ - ClientID: "Client123", - CredentialType: "ShareCredentials", - ClientSecret: "Secret", + ClientID: "Client123", + CredentialType: "SharedCredentials", + ClientSecret: "Secret", }, SubscriptionList: "sub1,sub2", - QueryText: "queryText", + QueryText: "queryText", } azureUpdatedSidekickData = api.AzureSidekickData{ - IntegrationType: "SUBSCRIPTION", - SubscriptionId: "updated-54321", - TenantId: "updated-98765", - BlobContainerName: "updated-blobContainer", + IntegrationType: "SUBSCRIPTION", + SubscriptionId: "updated-54321", + TenantId: "updated-98765", + BlobContainerName: "updated-blobContainer", ScanFrequency: 12, ScanContainers: false, ScanHostVulnerabilities: true, Credentials: api.AzureSidekickCredentials{ - ClientID: "updated-Client123", + ClientID: "updated-Client123", CredentialType: "SharedAccess", - ClientSecret: "updated-secret", + ClientSecret: "updated-Secret", }, - SubscriptionList: "updated-proj1,proj2", - QueryText: "updated-queryText", + SubscriptionList: "updated-sub1,sub2", + QueryText: "updated-queryText", } ) @@ -73,9 +73,7 @@ func TestCloudAccountsAzureSidekickCreate(t *testing.T) { // casting the data interface{} to type AzureSidekickData integrationData := integration.Data.(api.AzureSidekickData) - // TODO: I don't think this will work because we aren't returning the fields assert.Equal(t, integrationData.IntegrationType, "SUBSCRIPTION") - assert.Equal(t, integrationData.ID, "12345") assert.Equal(t, integrationData.SubscriptionId, "54321") assert.Equal(t, integrationData.TenantId, "98765") assert.Equal(t, integrationData.BlobContainerName, "blobContainer") @@ -119,7 +117,7 @@ func TestCloudAccountsAzureSidekickGet(t *testing.T) { integrationData := integration.Data assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationType) - assert.Equal(t, "12345", integrationData.SubscriptionId) + assert.Equal(t, "54321", integrationData.SubscriptionId) assert.Equal(t, "98765", integrationData.TenantId) assert.Equal(t, "blobContainer", integrationData.BlobContainerName) assert.Equal(t, 24, integrationData.ScanFrequency) @@ -184,7 +182,7 @@ func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { assert.Equal(t, true, integrationData.ScanHostVulnerabilities) assert.Equal(t, "Client123", integrationData.Credentials.ClientID) assert.Equal(t, "Secret", integrationData.Credentials.ClientSecret) - assert.Equal(t, "SharedCredentials", integrationData.Credentials.SharedCredential) + assert.Equal(t, "SharedCredentials", integrationData.Credentials.CredentialType) assert.Equal(t, "sub1,sub2", integrationData.SubscriptionList) assert.Equal(t, "queryText", integrationData.QueryText) From f40daca0a2ef8e44a8c52b8c29732a25e3742c6f Mon Sep 17 00:00:00 2001 From: Ao Zhang Date: Tue, 7 Nov 2023 19:41:11 -0800 Subject: [PATCH 4/4] fix: comments: renaming; removing credentialType --- api/cloud_accounts_azure_sidekick.go | 11 +++--- api/cloud_accounts_azure_sidekick_test.go | 45 ++++++++++------------- 2 files changed, 24 insertions(+), 32 deletions(-) diff --git a/api/cloud_accounts_azure_sidekick.go b/api/cloud_accounts_azure_sidekick.go index 14baadc6b..d79f9916f 100644 --- a/api/cloud_accounts_azure_sidekick.go +++ b/api/cloud_accounts_azure_sidekick.go @@ -4,7 +4,7 @@ // License:: Apache License, Version 2.0 // // Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. +// you may not use this file except in compliance with the License.n // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 @@ -62,8 +62,8 @@ type V2AzureSidekickIntegration struct { type AzureSidekickData struct { Credentials AzureSidekickCredentials `json:"credentials"` - IntegrationType string `json:"integrationType"` // SUBSCRIPTION or TENANT - SubscriptionId string `json:"subscriptionId"` + IntegrationLevel string `json:"integrationLevel"` // SUBSCRIPTION or TENANT + ScanningSubscriptionId string `json:"scanningSubscriptionId"` TenantId string `json:"tenantId"` BlobContainerName string `json:"blobContainerName"` SubscriptionList string `json:"subscriptionList,omitempty"` @@ -76,7 +76,6 @@ type AzureSidekickData struct { } type AzureSidekickCredentials struct { - ClientID string `json:"clientId"` - ClientSecret string `json:"clientSecret,omitempty"` - CredentialType string `json:"credentialType"` // SharedCredentials or SharedAccess + ClientID string `json:"clientId"` + ClientSecret string `json:"clientSecret,omitempty"` } diff --git a/api/cloud_accounts_azure_sidekick_test.go b/api/cloud_accounts_azure_sidekick_test.go index 1af81dbe0..bdef67df9 100644 --- a/api/cloud_accounts_azure_sidekick_test.go +++ b/api/cloud_accounts_azure_sidekick_test.go @@ -32,34 +32,32 @@ import ( // These two objects are used to test Create, Get and Update operations. var ( azureSidekickData = api.AzureSidekickData{ - IntegrationType: "SUBSCRIPTION", - SubscriptionId: "54321", + IntegrationLevel: "SUBSCRIPTION", + ScanningSubscriptionId: "54321", TenantId: "98765", BlobContainerName: "blobContainer", ScanFrequency: 24, ScanContainers: true, ScanHostVulnerabilities: true, Credentials: api.AzureSidekickCredentials{ - ClientID: "Client123", - CredentialType: "SharedCredentials", - ClientSecret: "Secret", + ClientID: "Client123", + ClientSecret: "Secret", }, SubscriptionList: "sub1,sub2", QueryText: "queryText", } azureUpdatedSidekickData = api.AzureSidekickData{ - IntegrationType: "SUBSCRIPTION", - SubscriptionId: "updated-54321", + IntegrationLevel: "SUBSCRIPTION", + ScanningSubscriptionId: "updated-54321", TenantId: "updated-98765", BlobContainerName: "updated-blobContainer", ScanFrequency: 12, ScanContainers: false, ScanHostVulnerabilities: true, Credentials: api.AzureSidekickCredentials{ - ClientID: "updated-Client123", - CredentialType: "SharedAccess", - ClientSecret: "updated-Secret", + ClientID: "updated-Client123", + ClientSecret: "updated-Secret", }, SubscriptionList: "updated-sub1,sub2", QueryText: "updated-queryText", @@ -73,8 +71,8 @@ func TestCloudAccountsAzureSidekickCreate(t *testing.T) { // casting the data interface{} to type AzureSidekickData integrationData := integration.Data.(api.AzureSidekickData) - assert.Equal(t, integrationData.IntegrationType, "SUBSCRIPTION") - assert.Equal(t, integrationData.SubscriptionId, "54321") + assert.Equal(t, integrationData.IntegrationLevel, "SUBSCRIPTION") + assert.Equal(t, integrationData.ScanningSubscriptionId, "54321") assert.Equal(t, integrationData.TenantId, "98765") assert.Equal(t, integrationData.BlobContainerName, "blobContainer") assert.Equal(t, integrationData.ScanFrequency, 24) @@ -83,7 +81,6 @@ func TestCloudAccountsAzureSidekickCreate(t *testing.T) { assert.Equal(t, integrationData.Credentials.ClientID, "Client123") assert.Equal(t, integrationData.Credentials.ClientSecret, "Secret") - assert.Equal(t, integrationData.Credentials.CredentialType, "SharedCredentials") } func TestCloudAccountsAzureSidekickGet(t *testing.T) { @@ -116,8 +113,8 @@ func TestCloudAccountsAzureSidekickGet(t *testing.T) { assert.True(t, integration.State.Ok) integrationData := integration.Data - assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationType) - assert.Equal(t, "54321", integrationData.SubscriptionId) + assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationLevel) + assert.Equal(t, "54321", integrationData.ScanningSubscriptionId) assert.Equal(t, "98765", integrationData.TenantId) assert.Equal(t, "blobContainer", integrationData.BlobContainerName) assert.Equal(t, 24, integrationData.ScanFrequency) @@ -125,7 +122,6 @@ func TestCloudAccountsAzureSidekickGet(t *testing.T) { assert.Equal(t, true, integrationData.ScanHostVulnerabilities) assert.Equal(t, "Client123", integrationData.Credentials.ClientID) assert.Equal(t, "Secret", integrationData.Credentials.ClientSecret) - assert.Equal(t, "SharedCredentials", integrationData.Credentials.CredentialType) assert.Equal(t, "sub1,sub2", integrationData.SubscriptionList) assert.Equal(t, "queryText", integrationData.QueryText) assert.Equal(t, "token_"+integration.IntgGuid, integration.ServerToken) @@ -173,8 +169,8 @@ func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { assert.Equal(t, "integration_test", cloudAccount.Name) assert.Equal(t, "AzureSidekick", cloudAccount.Type) assert.Equal(t, 1, cloudAccount.Enabled) - assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationType) - assert.Equal(t, "54321", integrationData.SubscriptionId) + assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationLevel) + assert.Equal(t, "54321", integrationData.ScanningSubscriptionId) assert.Equal(t, "98765", integrationData.TenantId) assert.Equal(t, "blobContainer", integrationData.BlobContainerName) assert.Equal(t, 24, integrationData.ScanFrequency) @@ -182,7 +178,6 @@ func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { assert.Equal(t, true, integrationData.ScanHostVulnerabilities) assert.Equal(t, "Client123", integrationData.Credentials.ClientID) assert.Equal(t, "Secret", integrationData.Credentials.ClientSecret) - assert.Equal(t, "SharedCredentials", integrationData.Credentials.CredentialType) assert.Equal(t, "sub1,sub2", integrationData.SubscriptionList) assert.Equal(t, "queryText", integrationData.QueryText) @@ -198,8 +193,8 @@ func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { assert.Equal(t, "integration_test", cloudAccount.Name) assert.Equal(t, "AzureSidekick", cloudAccount.Type) assert.Equal(t, 1, cloudAccount.Enabled) - assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationType) - assert.Equal(t, "updated-54321", integrationData.SubscriptionId) + assert.Equal(t, "SUBSCRIPTION", integrationData.IntegrationLevel) + assert.Equal(t, "updated-54321", integrationData.ScanningSubscriptionId) assert.Equal(t, "updated-98765", integrationData.TenantId) assert.Equal(t, "updated-blobContainer", integrationData.BlobContainerName) assert.Equal(t, 12, integrationData.ScanFrequency) @@ -207,7 +202,6 @@ func TestCloudAccountsAzureSidekickUpdate(t *testing.T) { assert.Equal(t, true, integrationData.ScanHostVulnerabilities) assert.Equal(t, "updated-Client123", integrationData.Credentials.ClientID) assert.Equal(t, "updated-Secret", integrationData.Credentials.ClientSecret) - assert.Equal(t, "SharedAccess", integrationData.Credentials.CredentialType) assert.Equal(t, "updated-sub1,sub2", integrationData.SubscriptionList) assert.Equal(t, "updated-queryText", integrationData.QueryText) } @@ -237,11 +231,10 @@ func getAzureData(id string, data api.AzureSidekickData) string { "data": { "credentials": { "clientId": "` + data.Credentials.ClientID + `", - "clientSecret": "` + data.Credentials.ClientSecret + `", - "credentialType": "` + data.Credentials.CredentialType + `" + "clientSecret": "` + data.Credentials.ClientSecret + `" }, - "integrationType": "` + data.IntegrationType + `", - "subscriptionId": "` + data.SubscriptionId + `", + "integrationLevel": "` + data.IntegrationLevel + `", + "scanningSubscriptionId": "` + data.ScanningSubscriptionId + `", "tenantId": "` + data.TenantId + `", "blobContainerName": "` + data.BlobContainerName + `", "subscriptionList": "` + data.SubscriptionList + `",