chore: create org specific integration test

Author: wl-smith

examples/resource_lacework_integration_gcp_org_agentless_scanning/main.tf

@@ -7,12 +7,12 @@ terraform {
 }
 
 provider "lacework" {
-    organization = true
+  organization = true
 }
 
-variable "name" {
+variable "integration_name" {
   type    = string
-  default = "GCP Agentless Scanning org_example"
+  default = "GCP Agentless Scanning Example"
 }
 
 variable "client_id" {
@@ -47,15 +47,15 @@ variable "integration_type" {
 
 variable "project_id" {
   type    = string
-  default = "org-example-project-id"
+  default = "example-project-id"
 }
 
 variable "bucket_name" {
   type    = string
   default = "storage bucket id"
 }
 
-variable "scanning_project_id" {
+variable "scanning-project-id" {
   type = string
   default = "scanning-project-id"
 }
@@ -70,11 +70,6 @@ variable "filter_list" {
   default = ["proj1", "proj2"]
 }
 
-variable "scan_frequency" {
-  type = number 
-  default = 24
-}
-
 variable "org_account_mappings" {
   type = list(object({
     default_lacework_account = string
@@ -88,7 +83,7 @@ variable "org_account_mappings" {
 }
 
 resource "lacework_integration_gcp_agentless_scanning" "org_example" {
-  name = var.name
+  name = var.integration_name
   credentials {
     client_id      = var.client_id
     client_email   = var.client_email
@@ -97,14 +92,14 @@ resource "lacework_integration_gcp_agentless_scanning" "org_example" {
     token_uri 	   = var.token_uri
   }
   resource_level = "ORGANIZATION"
-  resource_id    = "techally-test"
-  bucket_name = var.bucket_name
-  scanning_project_id = "gcp-lw-scanner"
-  scan_frequency            = var.scan_frequency
+  resource_id    = "294451184225"
+  scanning_project_id = "techally-test"
+  scan_frequency            = 24
   scan_containers           = true
   scan_host_vulnerabilities = true
   scan_multi_volume         = false
   scan_stopped_instances    = true
+  bucket_name = var.bucket_name
   query_text = var.query_text
   filter_list = var.filter_list
 
@@ -154,4 +149,4 @@ output "server_token" {
 
 output "org_account_mappings" {
   value = lacework_integration_gcp_agentless_scanning.org_example.org_account_mappings
-}
+}

integration/integration.go

@@ -189,7 +189,6 @@ func GetContainerRegisteryGar(result string) api.GcpGarIntegrationResponse {
 
 func GetGcpAgentlessScanningResponse(result string) api.GcpSidekickIntegrationResponse {
 	id := GetIDFromTerraResults(result)
-
 	res, err := LwClient.V2.CloudAccounts.GetGcpSidekick(id)
 
 	if err != nil {
@@ -199,6 +198,17 @@ func GetGcpAgentlessScanningResponse(result string) api.GcpSidekickIntegrationRe
 	return res
 }
 
+func GetGcpAgentlessOrgScanningResponse(result string) api.GcpSidekickIntegrationResponse {
+	id := GetIDFromTerraResults(result)
+	res, err := LwOrgClient.V2.CloudAccounts.GetGcpSidekick(id)
+
+	if err != nil {
+		log.Fatalf("Unable to find integration id: %s\n Response: %v", id, res)
+	}
+
+	return res
+}
+
 func GetContainerRegisteryGcr(result string) api.GcpGcrIntegrationResponse {
 	id := GetIDFromTerraResults(result)
 

integration/resource_lacework_integration_gcp_agentless_scanning_test.go

@@ -47,66 +47,3 @@ func TestIntegrationGcpAgentlessScanningCreate(t *testing.T) {
 		assert.Equal(t, update_integration_name, updateData.Data.Name)
 	}
 }
-
-func TestIntegrationGcpAgentlessOrgScanningCreate(t *testing.T) {
-	gcreds, err := googleLoadDefaultCredentials()
-	integration_name := "GCP Agentless Scanning Example Integration Test"
-	update_integration_name := fmt.Sprintf("%s Updated", integration_name)
-	if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
-		terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-			TerraformDir: "../examples/resource_lacework_integration_gcp_org_agentless_scanning",
-			Vars: map[string]interface{}{
-				"name":           integration_name,
-				"client_id":      gcreds.ClientID,
-				"client_email":   gcreds.ClientEmail,
-				"private_key_id": gcreds.PrivateKeyID,
-				"bucket_name":    "storage bucket id",
-				"org_account_mappings": []map[string]interface{}{
-					{
-						"default_lacework_account": "customerdemo",
-						"mapping": []map[string]interface{}{
-							{
-								"lacework_account": "abc",
-								"gcp_projects":     []string{"lw-scanner-5"},
-							},
-						},
-					},
-				},
-			},
-			EnvVars: map[string]string{
-				"TF_VAR_private_key": gcreds.PrivateKey,
-				"LW_API_TOKEN":       LwApiToken,
-			},
-		})
-		defer terraform.Destroy(t, terraformOptions)
-
-		// Create new Google Agentless Scanning integration
-		create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
-		createData := GetGcpAgentlessScanningResponse(create)
-		assert.Equal(t, integration_name, createData.Data.Name)
-
-		// Update Gcp integration
-		terraformOptions.Vars = map[string]interface{}{
-			"name":           update_integration_name,
-			"client_id":      gcreds.ClientID,
-			"client_email":   gcreds.ClientEmail,
-			"private_key_id": gcreds.PrivateKeyID,
-			"bucket_name":    "storage bucket id",
-			"org_account_mappings": []map[string]interface{}{
-				{
-					"default_lacework_account": "customerdemo",
-					"mapping": []map[string]interface{}{
-						{
-							"lacework_account": "abc",
-							"gcp_projects":     []string{"lw-scanner-5"},
-						},
-					},
-				},
-			},
-		}
-
-		update := terraform.ApplyAndIdempotent(t, terraformOptions)
-		updateData := GetGcpAgentlessScanningResponse(update)
-		assert.Equal(t, update_integration_name, updateData.Data.Name)
-	}
-}

integration/resource_lacework_integration_gcp_org_agentless_scanning_test.go

@@ -0,0 +1,72 @@
+package integration
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIntegrationGcpAgentlessOrgScanningCreateAndUpdate(t *testing.T) {
+	gcreds, err := googleLoadDefaultCredentials()
+	integration_name := "GCP Org Agentless Scanning Example Integration Test"
+	update_integration_name := fmt.Sprintf("%s Updated", integration_name)
+	if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
+		terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+			TerraformDir: "../examples/resource_lacework_integration_gcp_org_agentless_scanning",
+			Vars: map[string]interface{}{
+				"integration_name": integration_name,
+				"client_id":        gcreds.ClientID,
+				"client_email":     gcreds.ClientEmail,
+				"private_key_id":   gcreds.PrivateKeyID,
+				"bucket_name":      "storage bucket id",
+				"org_account_mappings": []map[string]interface{}{
+					{
+						"default_lacework_account_aws": "customerdemo",
+						"mapping": []map[string]interface{}{
+							{
+								"lacework_account": "tech-ally",
+								"gcp_projects":     []string{"techally-test"},
+							},
+						},
+					},
+				},
+			},
+			EnvVars: map[string]string{
+				"TF_VAR_private_key": gcreds.PrivateKey,
+				"LW_API_TOKEN":       LwApiToken,
+			},
+		})
+		defer terraform.Destroy(t, terraformOptions)
+
+		// Create new Google Agentless Scanning integration
+		create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
+		createData := GetGcpAgentlessOrgScanningResponse(create)
+		assert.Equal(t, integration_name, createData.Data.Name)
+
+		// Update Gcp integration
+		terraformOptions.Vars = map[string]interface{}{
+			"integration_name": update_integration_name,
+			"client_id":        gcreds.ClientID,
+			"client_email":     gcreds.ClientEmail,
+			"private_key_id":   gcreds.PrivateKeyID,
+			"bucket_name":      "storage bucket id",
+			"org_account_mappings": []map[string]interface{}{
+				{
+					"default_lacework_account_aws": "customerdemo",
+					"mapping": []map[string]interface{}{
+						{
+							"lacework_account": "abc",
+							"gcp_projects":     []string{"techally-test"},
+						},
+					},
+				},
+			},
+		}
+
+		update := terraform.ApplyAndIdempotent(t, terraformOptions)
+		updateData := GetGcpAgentlessOrgScanningResponse(update)
+		assert.Equal(t, update_integration_name, updateData.Data.Name)
+	}
+}

lacework/account_mapping_helper.go

@@ -5,7 +5,7 @@ import (
 )
 
 type accountMappingsFile struct {
-	DefaultLaceworkAccount string                 `json:"defaultLaceworkAccountAws"`
+	DefaultLaceworkAccount string                 `json:"defaultLaceworkAccount"`
 	Mappings               map[string]interface{} `json:"integration_mappings"`
 }
 
@@ -30,13 +30,18 @@ func getResourceOrgAccountMappings(d *schema.ResourceData, mappingsType string)
 		mappingSet := accountMappings["mapping"].(*schema.Set)
 		for _, m := range mappingSet.List() {
 			mapping := m.(map[string]interface{})
-			accountMapFile.Mappings[mapping["lacework_account"].(string)] = map[string]interface{}{
-				mappingsType: castStringSlice(mapping[mappingsType].(*schema.Set).List()),
+			if mappingsType == "gcp_projects" {
+				accountMapFile.Mappings[mapping["lacework_account"].(string)] = map[string]interface{}{
+					"gcp_projects": castStringSlice(mapping[mappingsType].(*schema.Set).List()),
+				}
+			} else {
+				accountMapFile.Mappings[mapping["lacework_account"].(string)] = map[string]interface{}{
+					"aws_accounts": castStringSlice(mapping[mappingsType].(*schema.Set).List()),
+				}
 			}
 		}
 
 	}
-
 	return accountMapFile
 }
 
@@ -58,21 +63,57 @@ func flattenOrgAccountMappings(mappingFile *accountMappingsFile, mappingsType st
 
 func flattenMappings(mappings map[string]interface{}, mappingsType string) *schema.Set {
 	var (
-		orgAccountMappingsSchema = awsCloudTrailIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
-		mappingSchema            = orgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
-		accountsSchema           = mappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
-		res                      = schema.NewSet(schema.HashResource(mappingSchema), []interface{}{})
+		awsOrgAccountMappingsSchema = awsCloudTrailIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
+		awsMappingSchema            = awsOrgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
+		awsAccountsSchema           = awsMappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
+		awsRes                      = schema.NewSet(schema.HashResource(awsMappingSchema), []interface{}{})
 	)
 
 	for laceworkAccount, m := range mappings {
 		mappingValue := m.(map[string]interface{})
-		res.Add(map[string]interface{}{
+		awsRes.Add(map[string]interface{}{
 			"lacework_account": laceworkAccount,
-			mappingsType: schema.NewSet(schema.HashSchema(accountsSchema),
-				mappingValue[mappingsType].([]interface{}),
+			"aws_accounts": schema.NewSet(schema.HashSchema(awsAccountsSchema),
+				mappingValue["aws_accounts"].([]interface{}),
 			),
 		})
 	}
 
-	return res
+	return awsRes
+}
+
+func flattenOrgGcpAccountMappings(mappingFile *accountMappingsFile) []map[string]interface{} {
+	orgAccMappings := make([]map[string]interface{}, 0, 1)
+
+	if mappingFile.Empty() {
+		return orgAccMappings
+	}
+
+	mappings := map[string]interface{}{
+		"default_lacework_account": mappingFile.DefaultLaceworkAccount,
+		"mapping":                  flattenGcpMappings(mappingFile.Mappings),
+	}
+
+	orgAccMappings = append(orgAccMappings, mappings)
+	return orgAccMappings
+}
+
+func flattenGcpMappings(mappings map[string]interface{}) *schema.Set {
+	var (
+		gcpOrgAccountMappingsSchema = gcpAgentlessScanningIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
+		gcpMappingSchema            = gcpOrgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
+		gcpAccountsSchema           = gcpMappingSchema.Schema["mapping"].Elem.(*schema.Schema)
+		gcpRes                      = schema.NewSet(schema.HashResource(gcpMappingSchema), []interface{}{})
+	)
+
+	for laceworkAccount, m := range mappings {
+		mappingValue := m.(map[string]interface{})
+		gcpRes.Add(map[string]interface{}{
+			"lacework_account": laceworkAccount,
+			"gcp_projects": schema.NewSet(schema.HashSchema(gcpAccountsSchema),
+				mappingValue["gcp_projects"].([]interface{}),
+			),
+		})
+	}
+	return gcpRes
 }