chore: create org specific integration test

Author: wl-smith

examples/resource_lacework_integration_gcp_org_agentless_scanning/main.tf

@@ -7,12 +7,12 @@ terraform {
 }
 
 provider "lacework" {
-    organization = true
+  organization = true
 }
 
-variable "name" {
+variable "integration_name" {
   type    = string
-  default = "GCP Agentless Scanning org_example"
+  default = "GCP Agentless Scanning Example"
 }
 
 variable "client_id" {
@@ -47,15 +47,15 @@ variable "integration_type" {
 
 variable "project_id" {
   type    = string
-  default = "org-example-project-id"
+  default = "example-project-id"
 }
 
 variable "bucket_name" {
   type    = string
   default = "storage bucket id"
 }
 
-variable "scanning_project_id" {
+variable "scanning-project-id" {
   type = string
   default = "scanning-project-id"
 }
@@ -70,11 +70,6 @@ variable "filter_list" {
   default = ["proj1", "proj2"]
 }
 
-variable "scan_frequency" {
-  type = number 
-  default = 24
-}
-
 variable "org_account_mappings" {
   type = list(object({
     default_lacework_account = string
@@ -88,7 +83,7 @@ variable "org_account_mappings" {
 }
 
 resource "lacework_integration_gcp_agentless_scanning" "org_example" {
-  name = var.name
+  name = var.integration_name
   credentials {
     client_id      = var.client_id
     client_email   = var.client_email
@@ -99,12 +94,6 @@ resource "lacework_integration_gcp_agentless_scanning" "org_example" {
   resource_level = "ORGANIZATION"
   resource_id    = "techally-test"
   bucket_name = var.bucket_name
-  scanning_project_id = "gcp-lw-scanner"
-  scan_frequency            = var.scan_frequency
-  scan_containers           = true
-  scan_host_vulnerabilities = true
-  scan_multi_volume         = false
-  scan_stopped_instances    = true
   query_text = var.query_text
   filter_list = var.filter_list
 
@@ -125,33 +114,29 @@ resource "lacework_integration_gcp_agentless_scanning" "org_example" {
 }
 
 output "name" {
-  value = lacework_integration_gcp_agentless_scanning.org_example.name
+  value = lacework_integration_gcp_agentless_scanning.example.name
 }
 
 output "client_id" {
-  value = lacework_integration_gcp_agentless_scanning.org_example.credentials[0].client_id
+  value = lacework_integration_gcp_agentless_scanning.example.credentials[0].client_id
 }
 
 output "client_email" {
-  value = lacework_integration_gcp_agentless_scanning.org_example.credentials[0].client_email
+  value = lacework_integration_gcp_agentless_scanning.example.credentials[0].client_email
 }
 
 output "bucket_name" {
-  value = lacework_integration_gcp_agentless_scanning.org_example.bucket_name
+  value = lacework_integration_gcp_agentless_scanning.example.bucket_name
 }
 
 output "scanning_project_id" {
-  value = lacework_integration_gcp_agentless_scanning.org_example.scanning_project_id
+  value = lacework_integration_gcp_agentless_scanning.example.scanning_project_id
 }
 
 output "scan_frequency" {
-  value = lacework_integration_gcp_agentless_scanning.org_example.scan_frequency
+  value = lacework_integration_gcp_agentless_scanning.example.scan_frequency
 }
 
 output "server_token" {
-  value = lacework_integration_gcp_agentless_scanning.org_example.server_token
+  value = lacework_integration_gcp_agentless_scanning.example.server_token
 }
-
-output "org_account_mappings" {
-  value = lacework_integration_gcp_agentless_scanning.org_example.org_account_mappings
-}

integration/resource_lacework_integration_gcp_agentless_scanning_test.go

@@ -20,58 +20,12 @@ func TestIntegrationGcpAgentlessScanningCreate(t *testing.T) {
 	if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
 		terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
 			TerraformDir: "../examples/resource_lacework_integration_gcp_agentless_scanning",
-			Vars: map[string]interface{}{
-				"integration_name": integration_name,
-				"client_id":        gcreds.ClientID,
-				"client_email":     gcreds.ClientEmail,
-				"private_key_id":   gcreds.PrivateKeyID,
-				"bucket_name":      "storage bucket id",
-			},
-			EnvVars: map[string]string{
-				"TF_VAR_private_key": gcreds.PrivateKey,
-				"LW_API_TOKEN":       LwApiToken,
-			},
-		})
-		defer terraform.Destroy(t, terraformOptions)
-
-		// Create new Google Agentless Scanning integration
-		create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
-		createData := GetGcpAgentlessScanningResponse(create)
-		assert.Equal(t, integration_name, createData.Data.Name)
-
-		// Update Gcp integration
-		terraformOptions.Vars["integration_name"] = update_integration_name
-
-		update := terraform.ApplyAndIdempotent(t, terraformOptions)
-		updateData := GetGcpAgentlessScanningResponse(update)
-		assert.Equal(t, update_integration_name, updateData.Data.Name)
-	}
-}
-
-func TestIntegrationGcpAgentlessOrgScanningCreate(t *testing.T) {
-	gcreds, err := googleLoadDefaultCredentials()
-	integration_name := "GCP Agentless Scanning Example Integration Test"
-	update_integration_name := fmt.Sprintf("%s Updated", integration_name)
-	if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
-		terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-			TerraformDir: "../examples/resource_lacework_integration_gcp_org_agentless_scanning",
 			Vars: map[string]interface{}{
 				"name":           integration_name,
 				"client_id":      gcreds.ClientID,
 				"client_email":   gcreds.ClientEmail,
 				"private_key_id": gcreds.PrivateKeyID,
 				"bucket_name":    "storage bucket id",
-				"org_account_mappings": []map[string]interface{}{
-					{
-						"default_lacework_account": "customerdemo",
-						"mapping": []map[string]interface{}{
-							{
-								"lacework_account": "abc",
-								"gcp_projects":     []string{"lw-scanner-5"},
-							},
-						},
-					},
-				},
 			},
 			EnvVars: map[string]string{
 				"TF_VAR_private_key": gcreds.PrivateKey,
@@ -86,24 +40,7 @@ func TestIntegrationGcpAgentlessOrgScanningCreate(t *testing.T) {
 		assert.Equal(t, integration_name, createData.Data.Name)
 
 		// Update Gcp integration
-		terraformOptions.Vars = map[string]interface{}{
-			"name":           update_integration_name,
-			"client_id":      gcreds.ClientID,
-			"client_email":   gcreds.ClientEmail,
-			"private_key_id": gcreds.PrivateKeyID,
-			"bucket_name":    "storage bucket id",
-			"org_account_mappings": []map[string]interface{}{
-				{
-					"default_lacework_account": "customerdemo",
-					"mapping": []map[string]interface{}{
-						{
-							"lacework_account": "abc",
-							"gcp_projects":     []string{"lw-scanner-5"},
-						},
-					},
-				},
-			},
-		}
+		terraformOptions.Vars["integration_name"] = update_integration_name
 
 		update := terraform.ApplyAndIdempotent(t, terraformOptions)
 		updateData := GetGcpAgentlessScanningResponse(update)

integration/resource_lacework_integration_gcp_org_agentless_scanning_test.go

@@ -0,0 +1,72 @@
+package integration
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIntegrationGcpAgentlessOrgScanningCreateAndUpdate(t *testing.T) {
+	gcreds, err := googleLoadDefaultCredentials()
+	integration_name := "GCP Org Agentless Scanning Example Integration Test"
+	update_integration_name := fmt.Sprintf("%s Updated", integration_name)
+	if assert.Nil(t, err, "this test requires you to set GOOGLE_CREDENTIALS environment variable") {
+		terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+			TerraformDir: "../examples/resource_lacework_integration_gcp_org_agentless_scanning",
+			Vars: map[string]interface{}{
+				"name":           integration_name,
+				"client_id":      gcreds.ClientID,
+				"client_email":   gcreds.ClientEmail,
+				"private_key_id": gcreds.PrivateKeyID,
+				"bucket_name":    "storage bucket id",
+				"org_account_mappings": []map[string]interface{}{
+					{
+						"default_lacework_account": "customerdemo",
+						"mapping": []map[string]interface{}{
+							{
+								"lacework_account": "abc",
+								"gcp_projects":     []string{"techally-test"},
+							},
+						},
+					},
+				},
+			},
+			EnvVars: map[string]string{
+				"TF_VAR_private_key": gcreds.PrivateKey,
+				"LW_API_TOKEN":       LwApiToken,
+			},
+		})
+		defer terraform.Destroy(t, terraformOptions)
+
+		// Create new Google Agentless Scanning integration
+		create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
+		createData := GetGcpAgentlessScanningResponse(create)
+		assert.Equal(t, integration_name, createData.Data.Name)
+
+		// Update Gcp integration
+		terraformOptions.Vars = map[string]interface{}{
+			"name":           update_integration_name,
+			"client_id":      gcreds.ClientID,
+			"client_email":   gcreds.ClientEmail,
+			"private_key_id": gcreds.PrivateKeyID,
+			"bucket_name":    "storage bucket id",
+			"org_account_mappings": []map[string]interface{}{
+				{
+					"default_lacework_account": "customerdemo",
+					"mapping": []map[string]interface{}{
+						{
+							"lacework_account": "abc",
+							"gcp_projects":     []string{"techally-test"},
+						},
+					},
+				},
+			},
+		}
+
+		update := terraform.ApplyAndIdempotent(t, terraformOptions)
+		updateData := GetGcpAgentlessScanningResponse(update)
+		assert.Equal(t, update_integration_name, updateData.Data.Name)
+	}
+}

lacework/account_mapping_helper.go

@@ -5,7 +5,7 @@ import (
 )
 
 type accountMappingsFile struct {
-	DefaultLaceworkAccount string                 `json:"defaultLaceworkAccountAws"`
+	DefaultLaceworkAccount string                 `json:"defaultLaceworkAccount"`
 	Mappings               map[string]interface{} `json:"integration_mappings"`
 }
 
@@ -58,21 +58,57 @@ func flattenOrgAccountMappings(mappingFile *accountMappingsFile, mappingsType st
 
 func flattenMappings(mappings map[string]interface{}, mappingsType string) *schema.Set {
 	var (
-		orgAccountMappingsSchema = awsCloudTrailIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
-		mappingSchema            = orgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
-		accountsSchema           = mappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
-		res                      = schema.NewSet(schema.HashResource(mappingSchema), []interface{}{})
+		awsOrgAccountMappingsSchema = awsCloudTrailIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
+		awsMappingSchema            = awsOrgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
+		awsAccountsSchema           = awsMappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
+		awsRes                      = schema.NewSet(schema.HashResource(awsMappingSchema), []interface{}{})
 	)
 
 	for laceworkAccount, m := range mappings {
 		mappingValue := m.(map[string]interface{})
-		res.Add(map[string]interface{}{
+		awsRes.Add(map[string]interface{}{
 			"lacework_account": laceworkAccount,
-			mappingsType: schema.NewSet(schema.HashSchema(accountsSchema),
+			mappingsType: schema.NewSet(schema.HashSchema(awsAccountsSchema),
 				mappingValue[mappingsType].([]interface{}),
 			),
 		})
 	}
 
-	return res
+	return awsRes
+}
+
+func flattenOrgGcpAccountMappings(mappingFile *accountMappingsFile, mappingsType string) []map[string]interface{} {
+	orgAccMappings := make([]map[string]interface{}, 0, 1)
+
+	if mappingFile.Empty() {
+		return orgAccMappings
+	}
+
+	mappings := map[string]interface{}{
+		"default_lacework_account": mappingFile.DefaultLaceworkAccount,
+		"mapping":                  flattenGcpMappings(mappingFile.Mappings, mappingsType),
+	}
+
+	orgAccMappings = append(orgAccMappings, mappings)
+	return orgAccMappings
+}
+
+func flattenGcpMappings(mappings map[string]interface{}, mappingsType string) *schema.Set {
+	var (
+		gcpOrgAccountMappingsSchema = gcpAgentlessScanningIntegrationSchema["org_account_mappings"].Elem.(*schema.Resource)
+		gcpMappingSchema            = gcpOrgAccountMappingsSchema.Schema["mapping"].Elem.(*schema.Resource)
+		gcpAccountsSchema           = gcpMappingSchema.Schema[mappingsType].Elem.(*schema.Schema)
+		gcpRes                      = schema.NewSet(schema.HashResource(gcpMappingSchema), []interface{}{})
+	)
+
+	for laceworkAccount, m := range mappings {
+		mappingValue := m.(map[string]interface{})
+		gcpRes.Add(map[string]interface{}{
+			"lacework_account": laceworkAccount,
+			mappingsType: schema.NewSet(schema.HashSchema(gcpAccountsSchema),
+				mappingValue[mappingsType].([]interface{}),
+			),
+		})
+	}
+	return gcpRes
 }