feat: remove restriction on org level integration

Signed-off-by: Lei Jin <lei.jin@lacework.net>
lacework · Jul 16, 2024 · e18c4b9 · e18c4b9
1 parent d9018d0
commit e18c4b9
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 31 deletions.
diff --git a/lwgenerate/gcp/gcp.go b/lwgenerate/gcp/gcp.go
@@ -141,10 +141,6 @@ type GenerateGcpTfConfigurationArgs struct {
 
 	Projects []string
 
-	// GCP organization id for agentless integration. Agentless integration requires an organization id
-	// even for project level integration
-	AgentlessOrganizationId string
-
 	// Default GCP Provider labels
 	ProviderDefaultLabels map[string]interface{}
 
@@ -177,11 +173,6 @@ func (args *GenerateGcpTfConfigurationArgs) validate() error {
 		return errors.New("an Organization ID must be provided for an Organization Integration")
 	}
 
-	// Validate if an organization id has been provided that this is and organization integration
-	if !args.OrganizationIntegration && args.GcpOrganizationId != "" {
-		return errors.New("to provide an Organization ID, Organization Integration must be true")
-	}
-
 	// Validate existing Service Account values, if set
 	if args.ExistingServiceAccount != nil {
 		if args.ExistingServiceAccount.Name == "" ||
@@ -235,13 +226,6 @@ func WithUsePubSubAudit(usePubSub bool) GcpTerraformModifier {
 	}
 }
 
-// WithAgentlessOrganizationId Set the agentless organization id for GCP provider
-func WithAgentlessOrganizationId(organizationId string) GcpTerraformModifier {
-	return func(c *GenerateGcpTfConfigurationArgs) {
-		c.AgentlessOrganizationId = organizationId
-	}
-}
-
 // WithGcpServiceAccountCredentials Set the path for the GCP Service Account to be utilized by the GCP provider
 func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier {
 	return func(c *GenerateGcpTfConfigurationArgs) {
@@ -642,9 +626,9 @@ func createAgentless(args *GenerateGcpTfConfigurationArgs) ([]*hclwrite.Block, e
 			}
 			if args.OrganizationIntegration {
 				attributes["integration_type"] = "ORGANIZATION"
+			}
+			if len(args.GcpOrganizationId) > 0 {
 				attributes["organization_id"] = args.GcpOrganizationId
-			} else if len(args.AgentlessOrganizationId) > 0 {
-				attributes["organization_id"] = args.AgentlessOrganizationId
 			}
 		}
 		if i > 0 {

diff --git a/lwgenerate/gcp/gcp_test.go b/lwgenerate/gcp/gcp_test.go
@@ -44,6 +44,17 @@ func TestGenerateGcpTfConfigurationArgs_Generate_AuditLog(t *testing.T) {
 				gcp.WithProjectId(projectName)),
 			ReqProvider(projectName, moduleImportProjectLevelPubSubAuditLogWithoutConfiguration),
 		},
+		{
+			"TestGenerationProjectLevelPubSubAuditLogWithoutConfigWithOrgId",
+			gcp.NewTerraform(
+				false,
+				false,
+				true,
+				true,
+				gcp.WithGcpServiceAccountCredentials("/path/to/credentials"),
+				gcp.WithProjectId(projectName), gcp.WithOrganizationId("123456789")),
+			ReqProvider(projectName, moduleImportProjectLevelPubSubAuditLogWithoutConfiguration),
+		},
 		{
 			"TestGenerationProjectLevelAuditLogWithoutCredentialsAndProject",
 			gcp.NewTerraform(false, false, true, false),
@@ -513,6 +524,16 @@ func TestGenerateGcpTfConfigurationArgs_Generate_Configuration(t *testing.T) {
 			),
 			ReqProvider(projectName, moduleImportProjectLevelConfigurationExistingSA),
 		},
+		{
+			"TestGenerationProjectLevelConfigurationExistingSAWithOrgId",
+			gcp.NewTerraform(false, true, false, false,
+				gcp.WithGcpServiceAccountCredentials("/path/to/credentials"),
+				gcp.WithProjectId(projectName),
+				gcp.WithOrganizationId("123456789"),
+				gcp.WithExistingServiceAccount(gcp.NewExistingServiceAccountDetails("foo", "123456789")),
+			),
+			ReqProvider(projectName, moduleImportProjectLevelConfigurationExistingSA),
+		},
 		{
 			"TestGenerationProjectLevelConfigurationCustomIntegrationName",
 			gcp.NewTerraform(false, true, false, false,
@@ -720,7 +741,7 @@ func TestGenerateGcpTfConfigurationArgs_Generate_Agentless(t *testing.T) {
 			"TestGenerationProjectLevelAgentless",
 			gcp.NewTerraform(true, false, false, false,
 				gcp.WithProjectId(projectName),
-				gcp.WithAgentlessOrganizationId("123456789"),
+				gcp.WithOrganizationId("123456789"),
 				gcp.WithRegions([]string{"us-east1"}),
 			),
 			fmt.Sprintf("%s\n%s", RequiredProviders, moduleImportProjectLevelAgentless),
@@ -730,7 +751,6 @@ func TestGenerateGcpTfConfigurationArgs_Generate_Agentless(t *testing.T) {
 			gcp.NewTerraform(true, false, false, false,
 				gcp.WithProjectId(projectName),
 				gcp.WithRegions([]string{"us-east1"}),
-				gcp.WithAgentlessOrganizationId("123456789"),
 				gcp.WithProjectFilterList([]string{"p1", "p2"}),
 			),
 			fmt.Sprintf("%s\n%s", RequiredProviders, moduleImportProjectLevelAgentlessWithProjectFilterList),
@@ -771,16 +791,6 @@ func TestGenerationOrganizationLevelAuditLogNoOrgId(t *testing.T) {
 	assert.EqualError(t, err, "invalid inputs: an Organization ID must be provided for an Organization Integration")
 }
 
-func TestGenerationOrganizationLevelAuditLogNoOrgIntegrationFlag(t *testing.T) {
-	hcl, err := gcp.NewTerraform(false, false, true, false,
-		gcp.WithGcpServiceAccountCredentials("/path/to/credentials"),
-		gcp.WithProjectId(projectName),
-		gcp.WithOrganizationId("123456789"),
-	).Generate()
-	assert.Empty(t, hcl)
-	assert.EqualError(t, err, "invalid inputs: to provide an Organization ID, Organization Integration must be true")
-}
-
 func TestGenerationNoIntegration(t *testing.T) {
 	hcl, err := gcp.NewTerraform(false, false, false, false,
 		gcp.WithGcpServiceAccountCredentials("/path/to/credentials"),
@@ -1205,7 +1215,6 @@ module "lacework_gcp_agentless_scanning_global" {
   source              = "lacework/agentless-scanning/gcp"
   version             = "~> 2.0"
   global              = true
-  organization_id     = "123456789"
   project_filter_list = ["p1", "p2"]
   regional            = true