feat(AwsEksAudit): Add support for AwsEksAudit apiv2 cloud account in…

…tegration (#292) * feat(AwsEksAudit): Add support for AwsEksAudit apiv2 cloud account integration Signed-off-by: Ross <[email protected]>
lacework · Apr 1, 2022 · 4db5abe · 4db5abe
1 parent b6f3297
commit 4db5abe
Show file tree

Hide file tree

Showing 51 changed files with 635 additions and 54 deletions.
diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.16.0
+1.18.0
diff --git a/README.md b/README.md
@@ -43,7 +43,7 @@ Further [usage documentation is available on the Terraform website](https://www.
 Developing the Provider
 ---------------------------
 
-If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (version 1.11+ is *required*). You'll also need to correctly setup a [GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding `$GOPATH/bin` to your `$PATH`.
+If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (version 1.18+ is *required*). You'll also need to correctly setup a [GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding `$GOPATH/bin` to your `$PATH`.
 
 To compile the provider, run `make build`. This will build the provider and put the provider binary in the `$GOPATH/bin` directory.
 

diff --git a/examples/resource_lacework_integration_aws_eks_audit_log/main.tf b/examples/resource_lacework_integration_aws_eks_audit_log/main.tf
@@ -0,0 +1,53 @@
+terraform {
+  required_providers {
+    lacework = {
+      source = "lacework/lacework"
+    }
+  }
+}
+
+variable "name" {
+  type    = string
+  default = "AWS EKS audit log integration example"
+}
+
+variable "sns_arn" {
+  type      = string
+  default   = "arn:aws:sns:us-west-2:123456789123:foo-lacework-eks"
+}
+
+variable "external_id" {
+  type      = string
+  default   = "12345"
+}
+
+variable "role_arn" {
+  type      = string
+  default   = "arn:aws:iam::249446771485:role/lacework-iam-example-role"
+}
+
+resource "lacework_integration_aws_eks_audit_log" "example" {
+  name    = var.name
+  sns_arn = var.sns_arn
+  credentials {
+    role_arn    = var.role_arn
+    external_id = var.external_id
+  }
+  retries = 10
+}
+
+output "name" {
+  value = lacework_integration_aws_eks_audit_log.example.name
+}
+
+output "sns_arn" {
+  value = lacework_integration_aws_eks_audit_log.example.sns_arn
+}
+
+output "role_arn" {
+  value = lacework_integration_aws_eks_audit_log.example.credentials[0].role_arn
+}
+
+output "external_id" {
+  value = lacework_integration_aws_eks_audit_log.example.credentials[0].external_id
+}
diff --git a/integration/integration.go b/integration/integration.go
@@ -45,6 +45,29 @@ func lwOrgTestClient() (lw *api.Client) {
 	return
 }
 
+func GetCloudAccountIntegrationName(result string) string {
+	var res api.CloudAccountResponse
+	id := GetIDFromTerraResults(result)
+
+	err := LwClient.V2.CloudAccounts.Get(id, &res)
+	if err != nil {
+		log.Fatalf("Unable to find integration id: %s\n Response: %v", id, res)
+	}
+
+	return res.Data.Name
+}
+
+func GetCloudAccountEksAuditLogData(result string) api.AwsEksAuditData {
+	id := GetIDFromTerraResults(result)
+
+	response, err := LwClient.V2.CloudAccounts.GetAwsEksAudit(id)
+	if err != nil {
+		log.Fatalf("Unable to find eks audit log id: %s\n Response: %v", id, response)
+	}
+
+	return response.Data.Data
+}
+
 func GetIntegrationName(result string, integration string) string {
 	var res api.V2CommonIntegration
 	id := GetIDFromTerraResults(result)

diff --git a/integration/resource_lacework_integration_aws_eks_audit_log_test.go b/integration/resource_lacework_integration_aws_eks_audit_log_test.go
@@ -0,0 +1,68 @@
+package integration
+
+import (
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+// TestIntegrationAwsEksAuditLog applies integration terraform:
+// => '../examples/resource_lacework_integration_aws_eks_audit_log'
+//
+// It uses the go-sdk to verify the created integration,
+// applies an update with new integration name and destroys it
+func TestIntegrationAwsEksAuditLog(t *testing.T) {
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: "../examples/resource_lacework_integration_aws_eks_audit_log",
+		Vars: map[string]interface{}{
+			"role_arn":    "arn:aws:iam::249446771485:role/lacework-iam-example-role",
+			"external_id": "12345",
+			"sns_arn":     "arn:aws:sns:us-west-2:123456789123:foo-lacework-eks",
+		},
+	})
+	defer terraform.Destroy(t, terraformOptions)
+
+	// Create new AwsEksAudit Integration
+	create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
+	createData := GetCloudAccountEksAuditLogData(create)
+	actualRoleArn := terraform.Output(t, terraformOptions, "role_arn")
+	actualExternalId := terraform.Output(t, terraformOptions, "external_id")
+	actualSnsArn := terraform.Output(t, terraformOptions, "sns_arn")
+	assert.Equal(
+		t,
+		"AWS EKS audit log integration example",
+		GetCloudAccountIntegrationName(create),
+	)
+	assert.Equal(t, "arn:aws:iam::249446771485:role/lacework-iam-example-role", createData.Credentials.RoleArn)
+	assert.Equal(t, "12345", createData.Credentials.ExternalID)
+	assert.Equal(t, "arn:aws:sns:us-west-2:123456789123:foo-lacework-eks", createData.SnsArn)
+	assert.Equal(t, "arn:aws:iam::249446771485:role/lacework-iam-example-role", actualRoleArn)
+	assert.Equal(t, "12345", actualExternalId)
+	assert.Equal(t, "arn:aws:sns:us-west-2:123456789123:foo-lacework-eks", actualSnsArn)
+
+	// Update AwsEksAudit Integration
+	terraformOptions.Vars = map[string]interface{}{
+		"name":        "AwsEksAudit log integration updated",
+		"role_arn":    "arn:aws:iam::249446771485:role/lacework-iam-example-role",
+		"external_id": "12345",
+		"sns_arn":     "arn:aws:sns:us-west-2:123456789123:foo-lacework-eks",
+	}
+
+	update := terraform.ApplyAndIdempotent(t, terraformOptions)
+	updateData := GetCloudAccountEksAuditLogData(update)
+	actualRoleArn = terraform.Output(t, terraformOptions, "role_arn")
+	actualExternalId = terraform.Output(t, terraformOptions, "external_id")
+	actualSnsArn = terraform.Output(t, terraformOptions, "sns_arn")
+	assert.Equal(
+		t,
+		"AwsEksAudit log integration updated",
+		GetCloudAccountIntegrationName(update),
+	)
+	assert.Equal(t, "arn:aws:iam::249446771485:role/lacework-iam-example-role", updateData.Credentials.RoleArn)
+	assert.Equal(t, "12345", updateData.Credentials.ExternalID)
+	assert.Equal(t, "arn:aws:sns:us-west-2:123456789123:foo-lacework-eks", updateData.SnsArn)
+	assert.Equal(t, "arn:aws:iam::249446771485:role/lacework-iam-example-role", actualRoleArn)
+	assert.Equal(t, "12345", actualExternalId)
+	assert.Equal(t, "arn:aws:sns:us-west-2:123456789123:foo-lacework-eks", actualSnsArn)
+}
diff --git a/lacework/provider.go b/lacework/provider.go
@@ -81,6 +81,7 @@ func Provider() *schema.Provider {
 			"lacework_alert_rule":                        resourceLaceworkAlertRule(),
 			"lacework_integration_aws_cfg":               resourceLaceworkIntegrationAwsCfg(),
 			"lacework_integration_aws_ct":                resourceLaceworkIntegrationAwsCloudTrail(),
+			"lacework_integration_aws_eks_audit_log":     resourceLaceworkIntegrationAwsEksAuditLog(),
 			"lacework_integration_aws_govcloud_cfg":      resourceLaceworkIntegrationAwsGovCloudCfg(),
 			"lacework_integration_aws_govcloud_ct":       resourceLaceworkIntegrationAwsGovCloudCT(),
 			"lacework_integration_azure_cfg":             resourceLaceworkIntegrationAzureCfg(),

diff --git a/lacework/resource_lacework_integration_aws_ct.go b/lacework/resource_lacework_integration_aws_ct.go
@@ -12,6 +12,17 @@ import (
 	"github.com/lacework/go-sdk/api"
 )
 
+func resourceLaceworkIntegrationAwsCloudTrail() *schema.Resource {
+	return &schema.Resource{
+		Create:   resourceLaceworkIntegrationAwsCloudTrailCreate,
+		Read:     resourceLaceworkIntegrationAwsCloudTrailRead,
+		Update:   resourceLaceworkIntegrationAwsCloudTrailUpdate,
+		Delete:   resourceLaceworkIntegrationAwsCloudTrailDelete,
+		Schema:   awsCloudTrailIntegrationSchema,
+		Importer: &schema.ResourceImporter{State: importLaceworkIntegration},
+	}
+}
+
 var awsCloudTrailIntegrationSchema = map[string]*schema.Schema{
 	"name": {
 		Type:        schema.TypeString,
@@ -111,17 +122,6 @@ var awsCloudTrailIntegrationSchema = map[string]*schema.Schema{
 	},
 }
 
-func resourceLaceworkIntegrationAwsCloudTrail() *schema.Resource {
-	return &schema.Resource{
-		Create:   resourceLaceworkIntegrationAwsCloudTrailCreate,
-		Read:     resourceLaceworkIntegrationAwsCloudTrailRead,
-		Update:   resourceLaceworkIntegrationAwsCloudTrailUpdate,
-		Delete:   resourceLaceworkIntegrationAwsCloudTrailDelete,
-		Schema:   awsCloudTrailIntegrationSchema,
-		Importer: &schema.ResourceImporter{State: importLaceworkIntegration},
-	}
-}
-
 func resourceLaceworkIntegrationAwsCloudTrailCreate(d *schema.ResourceData, meta interface{}) error {
 	var (
 		lacework     = meta.(*api.Client)