Skip to content

Commit

Permalink
chore: create org specific integration test
Browse files Browse the repository at this point in the history
  • Loading branch information
wl-smith committed Aug 16, 2023
1 parent 0844bca commit 56f08f1
Show file tree
Hide file tree
Showing 5 changed files with 350 additions and 323 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ terraform {
}

provider "lacework" {
organization = true
organization = true
}

variable "name" {
variable "lacework_integration_name" {
type = string
default = "GCP Agentless Scanning org_example"
default = "GCP Agentless Scanning Example"
}

variable "client_id" {
Expand Down Expand Up @@ -47,15 +47,15 @@ variable "integration_type" {

variable "project_id" {
type = string
default = "org-example-project-id"
default = "example-project-id"
}

variable "bucket_name" {
type = string
default = "storage bucket id"
}

variable "scanning_project_id" {
variable "scanning-project-id" {
type = string
default = "scanning-project-id"
}
Expand All @@ -70,11 +70,6 @@ variable "filter_list" {
default = ["proj1", "proj2"]
}

variable "scan_frequency" {
type = number
default = 24
}

variable "org_account_mappings" {
type = list(object({
default_lacework_account = string
Expand All @@ -88,7 +83,7 @@ variable "org_account_mappings" {
}

resource "lacework_integration_gcp_agentless_scanning" "org_example" {
name = var.name
name = var.lacework_integration_name
credentials {
client_id = var.client_id
client_email = var.client_email
Expand All @@ -99,12 +94,6 @@ resource "lacework_integration_gcp_agentless_scanning" "org_example" {
resource_level = "ORGANIZATION"
resource_id = "techally-test"
bucket_name = var.bucket_name
scanning_project_id = "gcp-lw-scanner"
scan_frequency = var.scan_frequency
scan_containers = true
scan_host_vulnerabilities = true
scan_multi_volume = false
scan_stopped_instances = true
query_text = var.query_text
filter_list = var.filter_list

Expand All @@ -125,33 +114,29 @@ resource "lacework_integration_gcp_agentless_scanning" "org_example" {
}

output "name" {
value = lacework_integration_gcp_agentless_scanning.org_example.name
value = lacework_integration_gcp_agentless_scanning.example.name
}

output "client_id" {
value = lacework_integration_gcp_agentless_scanning.org_example.credentials[0].client_id
value = lacework_integration_gcp_agentless_scanning.example.credentials[0].client_id
}

output "client_email" {
value = lacework_integration_gcp_agentless_scanning.org_example.credentials[0].client_email
value = lacework_integration_gcp_agentless_scanning.example.credentials[0].client_email
}

output "bucket_name" {
value = lacework_integration_gcp_agentless_scanning.org_example.bucket_name
value = lacework_integration_gcp_agentless_scanning.example.bucket_name
}

output "scanning_project_id" {
value = lacework_integration_gcp_agentless_scanning.org_example.scanning_project_id
value = lacework_integration_gcp_agentless_scanning.example.scanning_project_id
}

output "scan_frequency" {
value = lacework_integration_gcp_agentless_scanning.org_example.scan_frequency
value = lacework_integration_gcp_agentless_scanning.example.scan_frequency
}

output "server_token" {
value = lacework_integration_gcp_agentless_scanning.org_example.server_token
value = lacework_integration_gcp_agentless_scanning.example.server_token
}

output "org_account_mappings" {
value = lacework_integration_gcp_agentless_scanning.org_example.org_account_mappings
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,58 +20,12 @@ func TestIntegrationGcpAgentlessScanningCreate(t *testing.T) {
if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
TerraformDir: "../examples/resource_lacework_integration_gcp_agentless_scanning",
Vars: map[string]interface{}{
"integration_name": integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
},
EnvVars: map[string]string{
"TF_VAR_private_key": gcreds.PrivateKey,
"LW_API_TOKEN": LwApiToken,
},
})
defer terraform.Destroy(t, terraformOptions)

// Create new Google Agentless Scanning integration
create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
createData := GetGcpAgentlessScanningResponse(create)
assert.Equal(t, integration_name, createData.Data.Name)

// Update Gcp integration
terraformOptions.Vars["integration_name"] = update_integration_name

update := terraform.ApplyAndIdempotent(t, terraformOptions)
updateData := GetGcpAgentlessScanningResponse(update)
assert.Equal(t, update_integration_name, updateData.Data.Name)
}
}

func TestIntegrationGcpAgentlessOrgScanningCreate(t *testing.T) {
gcreds, err := googleLoadDefaultCredentials()
integration_name := "GCP Agentless Scanning Example Integration Test"
update_integration_name := fmt.Sprintf("%s Updated", integration_name)
if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
TerraformDir: "../examples/resource_lacework_integration_gcp_org_agentless_scanning",
Vars: map[string]interface{}{
"name": integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
"org_account_mappings": []map[string]interface{}{
{
"default_lacework_account": "customerdemo",
"mapping": []map[string]interface{}{
{
"lacework_account": "abc",
"gcp_projects": []string{"lw-scanner-5"},
},
},
},
},
},
EnvVars: map[string]string{
"TF_VAR_private_key": gcreds.PrivateKey,
Expand All @@ -86,24 +40,7 @@ func TestIntegrationGcpAgentlessOrgScanningCreate(t *testing.T) {
assert.Equal(t, integration_name, createData.Data.Name)

// Update Gcp integration
terraformOptions.Vars = map[string]interface{}{
"name": update_integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
"org_account_mappings": []map[string]interface{}{
{
"default_lacework_account": "customerdemo",
"mapping": []map[string]interface{}{
{
"lacework_account": "abc",
"gcp_projects": []string{"lw-scanner-5"},
},
},
},
},
}
terraformOptions.Vars["integration_name"] = update_integration_name

update := terraform.ApplyAndIdempotent(t, terraformOptions)
updateData := GetGcpAgentlessScanningResponse(update)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
package integration

import (
"fmt"
"testing"

"github.com/gruntwork-io/terratest/modules/terraform"
"github.com/stretchr/testify/assert"
)

func TestIntegrationGcpAgentlessOrgScanningCreateAndUpdate(t *testing.T) {
gcreds, err := googleLoadDefaultCredentials()
integration_name := "GCP Org Agentless Scanning Example Integration Test"
update_integration_name := fmt.Sprintf("%s Updated", integration_name)
if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
TerraformDir: "../examples/resource_lacework_integration_gcp_org_agentless_scanning",
Vars: map[string]interface{}{
"name": integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
"org_account_mappings": []map[string]interface{}{
{
"default_lacework_account": "customerdemo",
"mapping": []map[string]interface{}{
{
"lacework_account": "abc",
"gcp_projects": []string{"techally-test"},
},
},
},
},
},
EnvVars: map[string]string{
"TF_VAR_private_key": gcreds.PrivateKey,
"LW_API_TOKEN": LwApiToken,
},
})
defer terraform.Destroy(t, terraformOptions)

// Create new Google Agentless Scanning integration
create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
createData := GetGcpAgentlessScanningResponse(create)
assert.Equal(t, integration_name, createData.Data.Name)

// Update Gcp integration
terraformOptions.Vars = map[string]interface{}{
"name": update_integration_name,
"client_id": gcreds.ClientID,
"client_email": gcreds.ClientEmail,
"private_key_id": gcreds.PrivateKeyID,
"bucket_name": "storage bucket id",
"org_account_mappings": []map[string]interface{}{
{
"default_lacework_account": "customerdemo",
"mapping": []map[string]interface{}{
{
"lacework_account": "abc",
"gcp_projects": []string{"techally-test"},
},
},
},
},
}

update := terraform.ApplyAndIdempotent(t, terraformOptions)
updateData := GetGcpAgentlessScanningResponse(update)
assert.Equal(t, update_integration_name, updateData.Data.Name)
}
}
52 changes: 44 additions & 8 deletions lacework/account_mapping_helper.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import (
)

type accountMappingsFile struct {
DefaultLaceworkAccount string `json:"defaultLaceworkAccountAws"`
DefaultLaceworkAccount string `json:"defaultLaceworkAccount"`
Mappings map[string]interface{} `json:"integration_mappings"`
}

Expand Down Expand Up @@ -58,21 +58,57 @@ func flattenOrgAccountMappings(mappingFile *accountMappingsFile, mappingsType st

func flattenMappings(mappings map[string]interface{}, mappingsType string) *schema.Set {
var (
orgAccountMappingsSchema = awsCloudTrailIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
mappingSchema = orgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
accountsSchema = mappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
res = schema.NewSet(schema.HashResource(mappingSchema), []interface{}{})
awsOrgAccountMappingsSchema = awsCloudTrailIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
awsMappingSchema = awsOrgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
awsAccountsSchema = awsMappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
awsRes = schema.NewSet(schema.HashResource(awsMappingSchema), []interface{}{})
)

for laceworkAccount, m := range mappings {
mappingValue := m.(map[string]interface{})
res.Add(map[string]interface{}{
awsRes.Add(map[string]interface{}{
"lacework_account": laceworkAccount,
mappingsType: schema.NewSet(schema.HashSchema(accountsSchema),
mappingsType: schema.NewSet(schema.HashSchema(awsAccountsSchema),
mappingValue[mappingsType].([]interface{}),
),
})
}

return res
return awsRes
}

func flattenOrgGcpAccountMappings(mappingFile *accountMappingsFile, mappingsType string) []map[string]interface{} {
orgAccMappings := make([]map[string]interface{}, 0, 1)

if mappingFile.Empty() {
return orgAccMappings
}

mappings := map[string]interface{}{
"default_lacework_account": mappingFile.DefaultLaceworkAccount,
"mapping": flattenGcpMappings(mappingFile.Mappings, mappingsType),
}

orgAccMappings = append(orgAccMappings, mappings)
return orgAccMappings
}

func flattenGcpMappings(mappings map[string]interface{}, mappingsType string) *schema.Set {
var (
gcpOrgAccountMappingsSchema = gcpAgentlessScanningIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
gcpMappingSchema = gcpOrgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
gcpAccountsSchema = gcpMappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
gcpRes = schema.NewSet(schema.HashResource(gcpMappingSchema), []interface{}{})
)

for laceworkAccount, m := range mappings {
mappingValue := m.(map[string]interface{})
gcpRes.Add(map[string]interface{}{
"lacework_account": laceworkAccount,
mappingsType: schema.NewSet(schema.HashSchema(gcpAccountsSchema),
mappingValue[mappingsType].([]interface{}),
),
})
}
return gcpRes
}
Loading

0 comments on commit 56f08f1

Please sign in to comment.