From 8f9576cf2c29a6436f55d9151e941c788a50674e Mon Sep 17 00:00:00 2001 From: ipcrm Date: Thu, 13 Jun 2024 13:40:44 +0000 Subject: [PATCH] fix(GROW-2950): remove gcp audit log storage references --- cli/cmd/generate_gcp.go | 132 ++------------------ integration/gcp_generation_test.go | 189 ----------------------------- 2 files changed, 8 insertions(+), 313 deletions(-) diff --git a/cli/cmd/generate_gcp.go b/cli/cmd/generate_gcp.go index 78fbfbba3..8c1fd067a 100644 --- a/cli/cmd/generate_gcp.go +++ b/cli/cmd/generate_gcp.go @@ -34,16 +34,9 @@ var ( "you want to monitor: (optional)" QuestionGcpRegions = "Specify a comma separated list of regions to deploy Agentless:" - GcpAdvancedOptAuditLog = "Configure additional Audit Log options" - QuestionGcpUseExistingBucket = "Use an existing bucket?" - QuestionGcpExistingBucketName = "Specify an existing bucket name:" - QuestionGcpConfigureNewBucket = "Configure settings for new bucket?" - QuestionGcpBucketRegion = "Specify the bucket region: (optional)" - QuestionGcpCustomBucketName = "Specify a custom bucket name: (optional)" - QuestionGcpBucketLifecycle = "Specify the bucket lifecycle rule age: (optional)" - QuestionGcpEnableUBLA = "Enable uniform bucket level access(UBLA)?" - QuestionGcpUseExistingSink = "Use an existing sink?" - QuestionGcpExistingSinkName = "Specify the existing sink name" + GcpAdvancedOptAuditLog = "Configure additional Audit Log options" + QuestionGcpUseExistingSink = "Use an existing sink?" + QuestionGcpExistingSinkName = "Specify the existing sink name" GcpAdvancedOptIntegrationName = "Customize integration name(s)" QuestionGcpConfigurationIntegrationName = "Specify a custom configuration integration name: (optional)" @@ -110,16 +103,11 @@ See help output for more details on the parameter value(s) required for Terrafor gcp.WithExistingServiceAccount(GenerateGcpCommandState.ExistingServiceAccount), gcp.WithConfigurationIntegrationName(GenerateGcpCommandState.ConfigurationIntegrationName), gcp.WithAuditLogLabels(GenerateGcpCommandState.AuditLogLabels), - gcp.WithBucketLabels(GenerateGcpCommandState.BucketLabels), gcp.WithPubSubSubscriptionLabels(GenerateGcpCommandState.PubSubSubscriptionLabels), gcp.WithPubSubTopicLabels(GenerateGcpCommandState.PubSubTopicLabels), - gcp.WithCustomBucketName(GenerateGcpCommandState.CustomBucketName), - gcp.WithBucketRegion(GenerateGcpCommandState.BucketRegion), - gcp.WithExistingLogBucketName(GenerateGcpCommandState.ExistingLogBucketName), gcp.WithExistingLogSinkName(GenerateGcpCommandState.ExistingLogSinkName), gcp.WithAuditLogIntegrationName(GenerateGcpCommandState.AuditLogIntegrationName), gcp.WithLaceworkProfile(GenerateGcpCommandState.LaceworkProfile), - gcp.WithLogBucketLifecycleRuleAge(GenerateGcpCommandState.LogBucketLifecycleRuleAge), gcp.WithFoldersToInclude(GenerateGcpCommandState.FoldersToInclude), gcp.WithFoldersToExclude(GenerateGcpCommandState.FoldersToExclude), gcp.WithCustomFilter(GenerateGcpCommandState.CustomFilter), @@ -283,20 +271,17 @@ See help output for more details on the parameter value(s) required for Terrafor ) type GcpGenerateCommandExtraState struct { - AskAdvanced bool - Output string - ConfigureNewBucketSettings bool - UseExistingServiceAccount bool - UseExistingBucket bool - UseExistingSink bool - TerraformApply bool + AskAdvanced bool + Output string + UseExistingServiceAccount bool + UseExistingSink bool + TerraformApply bool } func (gcp *GcpGenerateCommandExtraState) isEmpty() bool { return gcp.Output == "" && !gcp.AskAdvanced && !gcp.UseExistingServiceAccount && - !gcp.UseExistingBucket && !gcp.UseExistingSink && !gcp.TerraformApply } @@ -361,22 +346,6 @@ func initGenerateGcpTfCommandFlags() { "configuration_integration_name", "", "specify a custom configuration integration name") - generateGcpTfCommand.PersistentFlags().StringVar( - &GenerateGcpCommandState.CustomBucketName, - "custom_bucket_name", - "", - "override prefix based storage bucket name generation with a custom name") - // TODO: Implement AuditLogLabels, BucketLabels, PubSubSubscriptionLabels & PubSubTopicLabels - generateGcpTfCommand.PersistentFlags().StringVar( - &GenerateGcpCommandState.BucketRegion, - "bucket_region", - "", - "specify bucket region") - generateGcpTfCommand.PersistentFlags().StringVar( - &GenerateGcpCommandState.ExistingLogBucketName, - "existing_bucket_name", - "", - "specify existing bucket name") generateGcpTfCommand.PersistentFlags().StringVar( &GenerateGcpCommandState.ExistingLogSinkName, "existing_sink_name", @@ -393,15 +362,6 @@ func initGenerateGcpTfCommandFlags() { []string{}, "List of GCP regions to deploy for Agentless integration") - // DEPRECATED - generateGcpTfCommand.PersistentFlags().BoolVar( - &GenerateGcpCommandState.EnableForceDestroyBucket, - "enable_force_destroy_bucket", - true, - "enable force bucket destroy") - errcheckWARN(generateGcpTfCommand.PersistentFlags().MarkDeprecated( - "enable_force_destroy_bucket", "by default, force destroy is enabled.", - )) // --- generateGcpTfCommand.PersistentFlags().BoolVar( @@ -409,11 +369,6 @@ func initGenerateGcpTfCommandFlags() { "enable_ubla", true, "enable universal bucket level access(ubla)") - generateGcpTfCommand.PersistentFlags().IntVar( - &GenerateGcpCommandState.LogBucketLifecycleRuleAge, - "bucket_lifecycle_rule_age", - -1, - "specify the lifecycle rule age") generateGcpTfCommand.PersistentFlags().StringVar( &GenerateGcpCommandState.CustomFilter, "custom_filter", @@ -534,10 +489,6 @@ func promptGcpAuditLogQuestions( extraState *GcpGenerateCommandExtraState, ) error { - // Present the user with Bucket Configuration options, if required - if err := promptGcpBucketConfiguration(config, extraState); err != nil { - return err - } err := SurveyMultipleQuestionWithValidation([]SurveyQuestionWithValidationArgs{ { Prompt: &survey.Confirm{Message: QuestionGcpUseExistingSink, Default: extraState.UseExistingSink}, @@ -561,73 +512,6 @@ func promptGcpAuditLogQuestions( return err } -func promptGcpBucketConfiguration( - config *gcp.GenerateGcpTfConfigurationArgs, extraState *GcpGenerateCommandExtraState, -) error { - // Prompt to configure bucket information (not required when using the Pub Sub Audit Log) - if err := SurveyMultipleQuestionWithValidation([]SurveyQuestionWithValidationArgs{ - { - Prompt: &survey.Confirm{Message: QuestionGcpUseExistingBucket, Default: extraState.UseExistingBucket}, - Checks: []*bool{&config.AuditLog, usePubSubActivityDisabled(config)}, - Response: &extraState.UseExistingBucket, - }, - { - Prompt: &survey.Input{Message: QuestionGcpExistingBucketName, Default: config.ExistingLogBucketName}, - Checks: []*bool{&config.AuditLog, &extraState.UseExistingBucket, usePubSubActivityDisabled(config)}, - Required: true, - Response: &config.ExistingLogBucketName, - }, - }, config.AuditLog); err != nil { - return err - } - - newBucket := !extraState.UseExistingBucket - err := SurveyMultipleQuestionWithValidation([]SurveyQuestionWithValidationArgs{ - { - Prompt: &survey.Confirm{Message: QuestionGcpConfigureNewBucket, Default: extraState.ConfigureNewBucketSettings}, - Checks: []*bool{&config.AuditLog, &newBucket, usePubSubActivityDisabled(config)}, - Required: true, - Response: &extraState.ConfigureNewBucketSettings, - }, - { - Prompt: &survey.Input{Message: QuestionGcpBucketRegion, Default: config.BucketRegion}, - Checks: []*bool{&config.AuditLog, - &newBucket, - &extraState.ConfigureNewBucketSettings, - usePubSubActivityDisabled(config)}, - Opts: []survey.AskOpt{survey.WithValidator(validateGcpRegion)}, - Response: &config.BucketRegion, - }, - { - Prompt: &survey.Input{Message: QuestionGcpCustomBucketName, Default: config.CustomBucketName}, - Checks: []*bool{&config.AuditLog, - &newBucket, - &extraState.ConfigureNewBucketSettings, - usePubSubActivityDisabled(config)}, - Response: &config.CustomBucketName, - }, - { - Prompt: &survey.Input{Message: QuestionGcpBucketLifecycle, Default: "-1"}, - Checks: []*bool{&config.AuditLog, - &newBucket, - &extraState.ConfigureNewBucketSettings, - usePubSubActivityDisabled(config)}, - Response: &config.LogBucketLifecycleRuleAge, - }, - { - Prompt: &survey.Confirm{Message: QuestionGcpEnableUBLA, Default: config.EnableUBLA}, - Checks: []*bool{&config.AuditLog, - &newBucket, - &extraState.ConfigureNewBucketSettings, - usePubSubActivityDisabled(config)}, - Required: true, - Response: &config.EnableUBLA, - }, - }, config.AuditLog) - - return err -} - func usePubSubActivityDisabled(config *gcp.GenerateGcpTfConfigurationArgs) *bool { usePubSubActivityDisabled := !config.UsePubSubAudit return &usePubSubActivityDisabled diff --git a/integration/gcp_generation_test.go b/integration/gcp_generation_test.go index bb82e3bdc..36bb508a0 100644 --- a/integration/gcp_generation_test.go +++ b/integration/gcp_generation_test.go @@ -206,7 +206,6 @@ func TestGenerationGcpAuditLogPubSub(t *testing.T) { MsgRsp{cmd.QuestionGcpServiceAccountCredsPath, ""}, MsgRsp{cmd.QuestionGcpConfigureAdvanced, "y"}, MsgMenu{cmd.GcpAdvancedOptAuditLog, 0}, - MsgRsp{cmd.QuestionUsePubSubAudit, "y"}, MsgRsp{cmd.QuestionGcpUseExistingSink, "n"}, MsgRsp{cmd.QuestionGcpCustomFilter, ""}, MsgRsp{cmd.QuestionGcpAnotherAdvancedOpt, "n"}, @@ -245,7 +244,6 @@ func TestGenerationGcpAuditLogPubSubOrg(t *testing.T) { MsgRsp{cmd.QuestionGcpServiceAccountCredsPath, ""}, MsgRsp{cmd.QuestionGcpConfigureAdvanced, "y"}, MsgMenu{cmd.GcpAdvancedOptAuditLog, 0}, - MsgRsp{cmd.QuestionUsePubSubAudit, "y"}, MsgRsp{cmd.QuestionGcpUseExistingSink, "n"}, MsgRsp{cmd.QuestionGcpCustomFilter, ""}, MsgRsp{cmd.QuestionGcpAnotherAdvancedOpt, "n"}, @@ -472,139 +470,6 @@ func TestGenerationGcpSACreds(t *testing.T) { assert.Equal(t, buildTf, tfResult) } -// Test Audit Log with existing Bucket -func TestGenerationGcpAuditLogExistingBucket(t *testing.T) { - os.Setenv("LW_NOCACHE", "true") - defer os.Setenv("LW_NOCACHE", "") - var final string - - tfResult := runGcpGenerateTest(t, - func(c *expect.Console) { - expectsCliOutput(t, c, []MsgRspHandler{ - MsgRsp{cmd.QuestionGcpEnableAgentless, "n"}, - MsgRsp{cmd.QuestionGcpEnableConfiguration, "y"}, - MsgRsp{cmd.QuestionGcpEnableAuditLog, "y"}, - MsgRsp{cmd.QuestionGcpProjectID, projectId}, - MsgRsp{cmd.QuestionGcpOrganizationIntegration, "n"}, - MsgRsp{cmd.QuestionGcpServiceAccountCredsPath, ""}, - MsgRsp{cmd.QuestionGcpConfigureAdvanced, "y"}, - MsgMenu{cmd.GcpAdvancedOptAuditLog, 0}, - MsgRsp{cmd.QuestionUsePubSubAudit, "n"}, - MsgRsp{cmd.QuestionGcpUseExistingBucket, "y"}, - MsgRsp{cmd.QuestionGcpExistingBucketName, "bucketMcBucketFace"}, - MsgRsp{cmd.QuestionGcpUseExistingSink, "n"}, - MsgRsp{cmd.QuestionGcpCustomFilter, ""}, - MsgRsp{cmd.QuestionGcpAnotherAdvancedOpt, "n"}, - MsgRsp{cmd.QuestionRunTfPlan, "n"}, - }) - - final, _ = c.ExpectEOF() - - }, - "generate", - "cloud-account", - "gcp", - ) - - assertTerraformSaved(t, final) - - buildTf, _ := gcp.NewTerraform(false, true, true, false, - gcp.WithProjectId(projectId), - gcp.WithExistingLogBucketName("bucketMcBucketFace"), - ).Generate() - assert.Equal(t, buildTf, tfResult) -} - -// Test Audit Log with new Bucket -func TestGenerationGcpAuditLogNewBucket(t *testing.T) { - os.Setenv("LW_NOCACHE", "true") - defer os.Setenv("LW_NOCACHE", "") - var final string - - tfResult := runGcpGenerateTest(t, - func(c *expect.Console) { - expectsCliOutput(t, c, []MsgRspHandler{ - MsgRsp{cmd.QuestionGcpEnableAgentless, "n"}, - MsgRsp{cmd.QuestionGcpEnableConfiguration, "y"}, - MsgRsp{cmd.QuestionGcpEnableAuditLog, "y"}, - MsgRsp{cmd.QuestionGcpProjectID, projectId}, - MsgRsp{cmd.QuestionGcpOrganizationIntegration, "n"}, - MsgRsp{cmd.QuestionGcpServiceAccountCredsPath, ""}, - MsgRsp{cmd.QuestionGcpConfigureAdvanced, "y"}, - MsgMenu{cmd.GcpAdvancedOptAuditLog, 0}, - MsgRsp{cmd.QuestionUsePubSubAudit, "n"}, - MsgRsp{cmd.QuestionGcpUseExistingBucket, "n"}, - MsgRsp{cmd.QuestionGcpConfigureNewBucket, "n"}, - MsgRsp{cmd.QuestionGcpUseExistingSink, "n"}, - MsgRsp{cmd.QuestionGcpCustomFilter, ""}, - MsgRsp{cmd.QuestionGcpAnotherAdvancedOpt, "n"}, - MsgRsp{cmd.QuestionRunTfPlan, "n"}, - }) - - final, _ = c.ExpectEOF() - }, - "generate", - "cloud-account", - "gcp", - ) - - assertTerraformSaved(t, final) - - buildTf, _ := gcp.NewTerraform(false, true, true, false, - gcp.WithProjectId(projectId), - ).Generate() - assert.Equal(t, buildTf, tfResult) -} - -// Test Audit Log with custom new Bucket -func TestGenerationGcpAuditLogCustomNewBucket(t *testing.T) { - os.Setenv("LW_NOCACHE", "true") - defer os.Setenv("LW_NOCACHE", "") - var final string - bucketName := "my-new-bucket" - - tfResult := runGcpGenerateTest(t, - func(c *expect.Console) { - expectsCliOutput(t, c, []MsgRspHandler{ - MsgRsp{cmd.QuestionGcpEnableAgentless, "n"}, - MsgRsp{cmd.QuestionGcpEnableConfiguration, "y"}, - MsgRsp{cmd.QuestionGcpEnableAuditLog, "y"}, - MsgRsp{cmd.QuestionGcpProjectID, projectId}, - MsgRsp{cmd.QuestionGcpOrganizationIntegration, "n"}, - MsgRsp{cmd.QuestionGcpServiceAccountCredsPath, ""}, - MsgRsp{cmd.QuestionGcpConfigureAdvanced, "y"}, - MsgMenu{cmd.GcpAdvancedOptAuditLog, 0}, - MsgRsp{cmd.QuestionUsePubSubAudit, "n"}, - MsgRsp{cmd.QuestionGcpUseExistingBucket, "n"}, - MsgRsp{cmd.QuestionGcpConfigureNewBucket, "y"}, - MsgRsp{cmd.QuestionGcpBucketRegion, "us-west1"}, - MsgRsp{cmd.QuestionGcpCustomBucketName, bucketName}, - MsgRsp{cmd.QuestionGcpBucketLifecycle, "420"}, - MsgRsp{cmd.QuestionGcpEnableUBLA, "y"}, - MsgRsp{cmd.QuestionGcpUseExistingSink, "n"}, - MsgRsp{cmd.QuestionGcpCustomFilter, ""}, - MsgRsp{cmd.QuestionGcpAnotherAdvancedOpt, "n"}, - MsgRsp{cmd.QuestionRunTfPlan, "n"}, - }) - final, _ = c.ExpectEOF() - }, - "generate", - "cloud-account", - "gcp", - ) - - assertTerraformSaved(t, final) - - buildTf, _ := gcp.NewTerraform(false, true, true, false, - gcp.WithProjectId(projectId), - gcp.WithBucketRegion("us-west1"), - gcp.WithCustomBucketName(bucketName), - gcp.WithLogBucketLifecycleRuleAge(420), - gcp.WithEnableUBLA(true), - ).Generate() - assert.Equal(t, buildTf, tfResult) -} - // Test Audit Log with existing sink. func TestGenerationGcpAuditLogWithExistingSink(t *testing.T) { os.Setenv("LW_NOCACHE", "true") @@ -622,13 +487,6 @@ func TestGenerationGcpAuditLogWithExistingSink(t *testing.T) { MsgRsp{cmd.QuestionGcpServiceAccountCredsPath, ""}, MsgRsp{cmd.QuestionGcpConfigureAdvanced, "y"}, MsgMenu{cmd.GcpAdvancedOptAuditLog, 0}, - MsgRsp{cmd.QuestionUsePubSubAudit, "n"}, - MsgRsp{cmd.QuestionGcpUseExistingBucket, "n"}, - MsgRsp{cmd.QuestionGcpConfigureNewBucket, "y"}, - MsgRsp{cmd.QuestionGcpBucketRegion, "us-west1"}, - MsgRsp{cmd.QuestionGcpCustomBucketName, ""}, - MsgRsp{cmd.QuestionGcpBucketLifecycle, "420"}, - MsgRsp{cmd.QuestionGcpEnableUBLA, "y"}, MsgRsp{cmd.QuestionGcpUseExistingSink, "y"}, MsgRsp{cmd.QuestionGcpExistingSinkName, "sink"}, MsgRsp{cmd.QuestionGcpCustomFilter, ""}, @@ -646,57 +504,11 @@ func TestGenerationGcpAuditLogWithExistingSink(t *testing.T) { buildTf, _ := gcp.NewTerraform(false, true, true, false, gcp.WithProjectId(projectId), - gcp.WithBucketRegion("us-west1"), - gcp.WithLogBucketLifecycleRuleAge(420), - gcp.WithEnableUBLA(true), gcp.WithExistingLogSinkName("sink"), ).Generate() assert.Equal(t, buildTf, tfResult) } -// Test Audit Log with existing bucket -func TestGenerationGcpAuditLogWithExistingBucket(t *testing.T) { - os.Setenv("LW_NOCACHE", "true") - defer os.Setenv("LW_NOCACHE", "") - var final string - filter := "filter" - - tfResult := runGcpGenerateTest(t, - func(c *expect.Console) { - expectsCliOutput(t, c, []MsgRspHandler{ - MsgRsp{cmd.QuestionGcpEnableAgentless, "n"}, - MsgRsp{cmd.QuestionGcpEnableConfiguration, "n"}, - MsgRsp{cmd.QuestionGcpEnableAuditLog, "y"}, - MsgRsp{cmd.QuestionGcpProjectID, projectId}, - MsgRsp{cmd.QuestionGcpOrganizationIntegration, "n"}, - MsgRsp{cmd.QuestionGcpServiceAccountCredsPath, ""}, - MsgRsp{cmd.QuestionGcpConfigureAdvanced, "y"}, - MsgMenu{cmd.GcpAdvancedOptAuditLog, 0}, - MsgRsp{cmd.QuestionUsePubSubAudit, "n"}, - MsgRsp{cmd.QuestionGcpUseExistingBucket, "y"}, - MsgRsp{cmd.QuestionGcpExistingBucketName, "bucketMcBucketFace"}, - MsgRsp{cmd.QuestionGcpUseExistingSink, "n"}, - MsgRsp{cmd.QuestionGcpCustomFilter, filter}, - MsgRsp{cmd.QuestionGcpAnotherAdvancedOpt, "n"}, - MsgRsp{cmd.QuestionRunTfPlan, "n"}, - }) - final, _ = c.ExpectEOF() - }, - "generate", - "cloud-account", - "gcp", - ) - - assertTerraformSaved(t, final) - - buildTf, _ := gcp.NewTerraform(false, false, true, false, - gcp.WithProjectId(projectId), - gcp.WithExistingLogBucketName("bucketMcBucketFace"), - gcp.WithCustomFilter(filter), - ).Generate() - assert.Equal(t, buildTf, tfResult) -} - // Test integrations with existing Service Account details func TestGenerationGcpExistingSA(t *testing.T) { os.Setenv("LW_NOCACHE", "true") @@ -756,7 +568,6 @@ func TestGenerationGcpPubSubUseExistingSA(t *testing.T) { MsgRsp{cmd.QuestionGcpServiceAccountCredsPath, ""}, MsgRsp{cmd.QuestionGcpConfigureAdvanced, "y"}, MsgMenu{cmd.GcpAdvancedOptAuditLog, 0}, - MsgRsp{cmd.QuestionUsePubSubAudit, "y"}, MsgRsp{cmd.QuestionGcpUseExistingSink, "n"}, MsgRsp{cmd.QuestionGcpCustomFilter, ""}, MsgRsp{cmd.QuestionGcpAnotherAdvancedOpt, "y"},