Skip to content

Commit

Permalink
chore: create org specific integration test
Browse files Browse the repository at this point in the history
  • Loading branch information
wl-smith committed Aug 24, 2023
1 parent 5cc8142 commit a1eb19e
Show file tree
Hide file tree
Showing 6 changed files with 375 additions and 320 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ terraform {
}

provider "lacework" {
organization = true
organization = true
}

variable "name" {
variable "integration_name" {
type = string
default = "GCP Agentless Scanning org_example"
default = "GCP Agentless Scanning Example"
}

variable "client_id" {
Expand Down Expand Up @@ -47,15 +47,15 @@ variable "integration_type" {

variable "project_id" {
type = string
default = "org-example-project-id"
default = "example-project-id"
}

variable "bucket_name" {
type = string
default = "storage bucket id"
}

variable "scanning_project_id" {
variable "scanning-project-id" {
type = string
default = "scanning-project-id"
}
Expand All @@ -70,14 +70,9 @@ variable "filter_list" {
default = ["proj1", "proj2"]
}

variable "scan_frequency" {
type = number
default = 24
}

variable "org_account_mappings" {
type = list(object({
default_lacework_account = string
default_lacework_account_aws = string
mapping = list(object({
lacework_account = string
gcp_projects = list(string)
Expand All @@ -88,7 +83,7 @@ variable "org_account_mappings" {
}

resource "lacework_integration_gcp_agentless_scanning" "org_example" {
name = var.name
name = var.integration_name
credentials {
client_id = var.client_id
client_email = var.client_email
Expand All @@ -97,21 +92,21 @@ resource "lacework_integration_gcp_agentless_scanning" "org_example" {
token_uri = var.token_uri
}
resource_level = "ORGANIZATION"
resource_id = "techally-test"
bucket_name = var.bucket_name
scanning_project_id = "gcp-lw-scanner"
scan_frequency = var.scan_frequency
resource_id = "294451184225"
scanning_project_id = "techally-test"
scan_frequency = 24
scan_containers = true
scan_host_vulnerabilities = true
scan_multi_volume = false
scan_stopped_instances = true
bucket_name = var.bucket_name
query_text = var.query_text
filter_list = var.filter_list

dynamic "org_account_mappings" {
for_each = var.org_account_mappings
content {
default_lacework_account = org_account_mappings.value["default_lacework_account"]
default_lacework_account_aws = org_account_mappings.value["default_lacework_account_aws"]

dynamic "mapping" {
for_each = org_account_mappings.value["mapping"]
Expand Down Expand Up @@ -154,4 +149,4 @@ output "server_token" {

output "org_account_mappings" {
value = lacework_integration_gcp_agentless_scanning.org_example.org_account_mappings
}
}
12 changes: 11 additions & 1 deletion integration/integration.go
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,6 @@ func GetContainerRegisteryGar(result string) api.GcpGarIntegrationResponse {

func GetGcpAgentlessScanningResponse(result string) api.GcpSidekickIntegrationResponse {
id := GetIDFromTerraResults(result)

res, err := LwClient.V2.CloudAccounts.GetGcpSidekick(id)

if err != nil {
Expand All @@ -199,6 +198,17 @@ func GetGcpAgentlessScanningResponse(result string) api.GcpSidekickIntegrationRe
return res
}

func GetGcpAgentlessOrgScanningResponse(result string) api.GcpSidekickIntegrationResponse {
id := GetIDFromTerraResults(result)
res, err := LwOrgClient.V2.CloudAccounts.GetGcpSidekick(id)

if err != nil {
log.Fatalf("Unable to find integration id: %s\n Response: %v", id, res)
}

return res
}

func GetContainerRegisteryGcr(result string) api.GcpGcrIntegrationResponse {
id := GetIDFromTerraResults(result)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,66 +47,3 @@ func TestIntegrationGcpAgentlessScanningCreate(t *testing.T) {
assert.Equal(t, update_integration_name, updateData.Data.Name)
}
}

func TestIntegrationGcpAgentlessOrgScanningCreate(t *testing.T) {
gcreds, err := googleLoadDefaultCredentials()
integration_name := "GCP Agentless Scanning Example Integration Test"
update_integration_name := fmt.Sprintf("%s Updated", integration_name)
if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
TerraformDir: "../examples/resource_lacework_integration_gcp_org_agentless_scanning",
Vars: map[string]interface{}{
"name": integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
"org_account_mappings": []map[string]interface{}{
{
"default_lacework_account": "customerdemo",
"mapping": []map[string]interface{}{
{
"lacework_account": "abc",
"gcp_projects": []string{"lw-scanner-5"},
},
},
},
},
},
EnvVars: map[string]string{
"TF_VAR_private_key": gcreds.PrivateKey,
"LW_API_TOKEN": LwApiToken,
},
})
defer terraform.Destroy(t, terraformOptions)

// Create new Google Agentless Scanning integration
create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
createData := GetGcpAgentlessScanningResponse(create)
assert.Equal(t, integration_name, createData.Data.Name)

// Update Gcp integration
terraformOptions.Vars = map[string]interface{}{
"name": update_integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
"org_account_mappings": []map[string]interface{}{
{
"default_lacework_account": "customerdemo",
"mapping": []map[string]interface{}{
{
"lacework_account": "abc",
"gcp_projects": []string{"lw-scanner-5"},
},
},
},
},
}

update := terraform.ApplyAndIdempotent(t, terraformOptions)
updateData := GetGcpAgentlessScanningResponse(update)
assert.Equal(t, update_integration_name, updateData.Data.Name)
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
package integration

import (
"fmt"
"testing"

"github.com/gruntwork-io/terratest/modules/terraform"
"github.com/stretchr/testify/assert"
)

func TestIntegrationGcpAgentlessOrgScanningCreateAndUpdate(t *testing.T) {
gcreds, err := googleLoadDefaultCredentials()
integration_name := "GCP Org Agentless Scanning Example Integration Test"
update_integration_name := fmt.Sprintf("%s Updated", integration_name)
if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
TerraformDir: "../examples/resource_lacework_integration_gcp_org_agentless_scanning",
Vars: map[string]interface{}{
"integration_name": integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
"org_account_mappings": []map[string]interface{}{
{
"default_lacework_account_aws": "customerdemo",
"mapping": []map[string]interface{}{
{
"lacework_account": "tech-ally",
"gcp_projects": []string{"techally-test"},
},
},
},
},
},
EnvVars: map[string]string{
"TF_VAR_private_key": gcreds.PrivateKey,
"LW_API_TOKEN": LwApiToken,
},
})
defer terraform.Destroy(t, terraformOptions)

// Create new Google Agentless Scanning integration
create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
createData := GetGcpAgentlessOrgScanningResponse(create)
assert.Equal(t, integration_name, createData.Data.Name)

// Update Gcp integration
terraformOptions.Vars = map[string]interface{}{
"integration_name": update_integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
"org_account_mappings": []map[string]interface{}{
{
"default_lacework_account_aws": "customerdemo",
"mapping": []map[string]interface{}{
{
"lacework_account": "abc",
"gcp_projects": []string{"techally-test"},
},
},
},
},
}

update := terraform.ApplyAndIdempotent(t, terraformOptions)
updateData := GetGcpAgentlessOrgScanningResponse(update)
assert.Equal(t, update_integration_name, updateData.Data.Name)
}
}
74 changes: 59 additions & 15 deletions lacework/account_mapping_helper.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
package lacework

import (
"fmt"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)

type accountMappingsFile struct {
DefaultLaceworkAccount string `json:"defaultLaceworkAccountAws"`
DefaultLaceworkAccount string `json:"defaultLaceworkAccount"`
Mappings map[string]interface{} `json:"integration_mappings"`
}

Expand All @@ -17,26 +19,32 @@ var awsMappingType string = "aws_accounts"
var gcpMappingType string = "gcp_projects"

func getResourceOrgAccountMappings(d *schema.ResourceData, mappingsType string) *accountMappingsFile {
fmt.Println("MAPPINGS TYPE: ", mappingsType)
accountMapFile := new(accountMappingsFile)
accMapsInt := d.Get("org_account_mappings").([]interface{})
if len(accMapsInt) != 0 && accMapsInt[0] != nil {
accountMappings := accMapsInt[0].(map[string]interface{})

accountMapFile = &accountMappingsFile{
DefaultLaceworkAccount: accountMappings["default_lacework_account"].(string),
DefaultLaceworkAccount: accountMappings["default_lacework_account_aws"].(string),
Mappings: map[string]interface{}{},
}

mappingSet := accountMappings["mapping"].(*schema.Set)
for _, m := range mappingSet.List() {
mapping := m.(map[string]interface{})
accountMapFile.Mappings[mapping["lacework_account"].(string)] = map[string]interface{}{
mappingsType: castStringSlice(mapping[mappingsType].(*schema.Set).List()),
if mappingsType == "gcp_projects" {
accountMapFile.Mappings[mapping["lacework_account"].(string)] = map[string]interface{}{
"gcp_projects": castStringSlice(mapping[mappingsType].(*schema.Set).List()),
}
} else {
accountMapFile.Mappings[mapping["lacework_account"].(string)] = map[string]interface{}{
"aws_accounts": castStringSlice(mapping[mappingsType].(*schema.Set).List()),
}
}
}

}

return accountMapFile
}

Expand All @@ -48,8 +56,8 @@ func flattenOrgAccountMappings(mappingFile *accountMappingsFile, mappingsType st
}

mappings := map[string]interface{}{
"default_lacework_account": mappingFile.DefaultLaceworkAccount,
"mapping": flattenMappings(mappingFile.Mappings, mappingsType),
"default_lacework_account_aws": mappingFile.DefaultLaceworkAccount,
"mapping": flattenMappings(mappingFile.Mappings, mappingsType),
}

orgAccMappings = append(orgAccMappings, mappings)
Expand All @@ -58,21 +66,57 @@ func flattenOrgAccountMappings(mappingFile *accountMappingsFile, mappingsType st

func flattenMappings(mappings map[string]interface{}, mappingsType string) *schema.Set {
var (
orgAccountMappingsSchema = awsCloudTrailIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
mappingSchema = orgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
accountsSchema = mappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
res = schema.NewSet(schema.HashResource(mappingSchema), []interface{}{})
awsOrgAccountMappingsSchema = awsCloudTrailIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
awsMappingSchema = awsOrgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
awsAccountsSchema = awsMappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
awsRes = schema.NewSet(schema.HashResource(awsMappingSchema), []interface{}{})
)

for laceworkAccount, m := range mappings {
mappingValue := m.(map[string]interface{})
res.Add(map[string]interface{}{
awsRes.Add(map[string]interface{}{
"lacework_account": laceworkAccount,
mappingsType: schema.NewSet(schema.HashSchema(accountsSchema),
mappingValue[mappingsType].([]interface{}),
"aws_accounts": schema.NewSet(schema.HashSchema(awsAccountsSchema),
mappingValue["aws_accounts"].([]interface{}),
),
})
}

return res
return awsRes
}

func flattenOrgGcpAccountMappings(mappingFile *accountMappingsFile, mappingsType string) []map[string]interface{} {
orgAccMappings := make([]map[string]interface{}, 0, 1)

if mappingFile.Empty() {
return orgAccMappings
}

mappings := map[string]interface{}{
"default_lacework_account_aws": mappingFile.DefaultLaceworkAccount,
"mapping": flattenGcpMappings(mappingFile.Mappings, mappingsType),
}

orgAccMappings = append(orgAccMappings, mappings)
return orgAccMappings
}

func flattenGcpMappings(mappings map[string]interface{}, mappingsType string) *schema.Set {
var (
gcpOrgAccountMappingsSchema = gcpAgentlessScanningIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
gcpMappingSchema = gcpOrgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
gcpAccountsSchema = gcpMappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
gcpRes = schema.NewSet(schema.HashResource(gcpMappingSchema), []interface{}{})
)

for laceworkAccount, m := range mappings {
mappingValue := m.(map[string]interface{})
gcpRes.Add(map[string]interface{}{
"lacework_account": laceworkAccount,
"gcp_projects": schema.NewSet(schema.HashSchema(gcpAccountsSchema),
mappingValue["gcp_projects"].([]interface{}),
),
})
}
return gcpRes
}
Loading

0 comments on commit a1eb19e

Please sign in to comment.