diff --git a/lwgenerate/gcp/gcp.go b/lwgenerate/gcp/gcp.go index 52e9cd2fb..791b83ec0 100644 --- a/lwgenerate/gcp/gcp.go +++ b/lwgenerate/gcp/gcp.go @@ -141,10 +141,6 @@ type GenerateGcpTfConfigurationArgs struct { Projects []string - // GCP organization id for agentless integration. Agentless integration requires an organization id - // even for project level integration - AgentlessOrganizationId string - // Default GCP Provider labels ProviderDefaultLabels map[string]interface{} @@ -177,11 +173,6 @@ func (args *GenerateGcpTfConfigurationArgs) validate() error { return errors.New("an Organization ID must be provided for an Organization Integration") } - // Validate if an organization id has been provided that this is and organization integration - if !args.OrganizationIntegration && args.GcpOrganizationId != "" { - return errors.New("to provide an Organization ID, Organization Integration must be true") - } - // Validate existing Service Account values, if set if args.ExistingServiceAccount != nil { if args.ExistingServiceAccount.Name == "" || @@ -235,13 +226,6 @@ func WithUsePubSubAudit(usePubSub bool) GcpTerraformModifier { } } -// WithAgentlessOrganizationId Set the agentless organization id for GCP provider -func WithAgentlessOrganizationId(organizationId string) GcpTerraformModifier { - return func(c *GenerateGcpTfConfigurationArgs) { - c.AgentlessOrganizationId = organizationId - } -} - // WithGcpServiceAccountCredentials Set the path for the GCP Service Account to be utilized by the GCP provider func WithGcpServiceAccountCredentials(path string) GcpTerraformModifier { return func(c *GenerateGcpTfConfigurationArgs) { @@ -642,9 +626,9 @@ func createAgentless(args *GenerateGcpTfConfigurationArgs) ([]*hclwrite.Block, e } if args.OrganizationIntegration { attributes["integration_type"] = "ORGANIZATION" + } + if len(args.GcpOrganizationId) > 0 { attributes["organization_id"] = args.GcpOrganizationId - } else if len(args.AgentlessOrganizationId) > 0 { - attributes["organization_id"] = args.AgentlessOrganizationId } } if i > 0 { diff --git a/lwgenerate/gcp/gcp_test.go b/lwgenerate/gcp/gcp_test.go index 1dbeff972..0865b3a19 100644 --- a/lwgenerate/gcp/gcp_test.go +++ b/lwgenerate/gcp/gcp_test.go @@ -44,6 +44,17 @@ func TestGenerateGcpTfConfigurationArgs_Generate_AuditLog(t *testing.T) { gcp.WithProjectId(projectName)), ReqProvider(projectName, moduleImportProjectLevelPubSubAuditLogWithoutConfiguration), }, + { + "TestGenerationProjectLevelPubSubAuditLogWithoutConfigWithOrgId", + gcp.NewTerraform( + false, + false, + true, + true, + gcp.WithGcpServiceAccountCredentials("/path/to/credentials"), + gcp.WithProjectId(projectName), gcp.WithOrganizationId("123456789")), + ReqProvider(projectName, moduleImportProjectLevelPubSubAuditLogWithoutConfiguration), + }, { "TestGenerationProjectLevelAuditLogWithoutCredentialsAndProject", gcp.NewTerraform(false, false, true, false), @@ -513,6 +524,16 @@ func TestGenerateGcpTfConfigurationArgs_Generate_Configuration(t *testing.T) { ), ReqProvider(projectName, moduleImportProjectLevelConfigurationExistingSA), }, + { + "TestGenerationProjectLevelConfigurationExistingSAWithOrgId", + gcp.NewTerraform(false, true, false, false, + gcp.WithGcpServiceAccountCredentials("/path/to/credentials"), + gcp.WithProjectId(projectName), + gcp.WithOrganizationId("123456789"), + gcp.WithExistingServiceAccount(gcp.NewExistingServiceAccountDetails("foo", "123456789")), + ), + ReqProvider(projectName, moduleImportProjectLevelConfigurationExistingSA), + }, { "TestGenerationProjectLevelConfigurationCustomIntegrationName", gcp.NewTerraform(false, true, false, false, @@ -720,7 +741,7 @@ func TestGenerateGcpTfConfigurationArgs_Generate_Agentless(t *testing.T) { "TestGenerationProjectLevelAgentless", gcp.NewTerraform(true, false, false, false, gcp.WithProjectId(projectName), - gcp.WithAgentlessOrganizationId("123456789"), + gcp.WithOrganizationId("123456789"), gcp.WithRegions([]string{"us-east1"}), ), fmt.Sprintf("%s\n%s", RequiredProviders, moduleImportProjectLevelAgentless), @@ -730,7 +751,6 @@ func TestGenerateGcpTfConfigurationArgs_Generate_Agentless(t *testing.T) { gcp.NewTerraform(true, false, false, false, gcp.WithProjectId(projectName), gcp.WithRegions([]string{"us-east1"}), - gcp.WithAgentlessOrganizationId("123456789"), gcp.WithProjectFilterList([]string{"p1", "p2"}), ), fmt.Sprintf("%s\n%s", RequiredProviders, moduleImportProjectLevelAgentlessWithProjectFilterList), @@ -771,16 +791,6 @@ func TestGenerationOrganizationLevelAuditLogNoOrgId(t *testing.T) { assert.EqualError(t, err, "invalid inputs: an Organization ID must be provided for an Organization Integration") } -func TestGenerationOrganizationLevelAuditLogNoOrgIntegrationFlag(t *testing.T) { - hcl, err := gcp.NewTerraform(false, false, true, false, - gcp.WithGcpServiceAccountCredentials("/path/to/credentials"), - gcp.WithProjectId(projectName), - gcp.WithOrganizationId("123456789"), - ).Generate() - assert.Empty(t, hcl) - assert.EqualError(t, err, "invalid inputs: to provide an Organization ID, Organization Integration must be true") -} - func TestGenerationNoIntegration(t *testing.T) { hcl, err := gcp.NewTerraform(false, false, false, false, gcp.WithGcpServiceAccountCredentials("/path/to/credentials"), @@ -1205,7 +1215,6 @@ module "lacework_gcp_agentless_scanning_global" { source = "lacework/agentless-scanning/gcp" version = "~> 2.0" global = true - organization_id = "123456789" project_filter_list = ["p1", "p2"] regional = true