Merge pull request #171 from lacework/afiune/integration/aws-cloudwatch

feature: AWS CloudWatch Alert Channel Integrations
lacework · Jul 22, 2020 · 8ec44fe · 8ec44fe
2 parents a8ce9a9 + f967206
commit 8ec44fe
Show file tree

Hide file tree

Showing 13 changed files with 735 additions and 166 deletions.
diff --git a/api/_examples/aws-cloudwatch-alert-channel/main.go b/api/_examples/aws-cloudwatch-alert-channel/main.go
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/lacework/go-sdk/api"
+)
+
+func main() {
+	lacework, err := api.NewClient("account", api.WithApiKeys("KEY", "SECRET"))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	alert := api.NewAwsCloudWatchAlertChannel("aws-cloudwatch-alert-from-golang",
+		api.AwsCloudWatchData{
+			EventBusArn:      "arn:aws:events:us-west-2:1234567890:event-bus/default",
+			MinAlertSeverity: 1,
+		},
+	)
+
+	response, err := lacework.Integrations.CreateAwsCloudWatchAlertChannel(alert)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Output: Aws CloudWatch alert channel created: THE-INTEGRATION-GUID
+	fmt.Printf("Aws CloudWatch alert channel created: %s", response.Data[0].IntgGuid)
+}
diff --git a/api/_examples/slack-channel-alert/main.go → api/_examples/slack-alert-channel/main.go b/api/_examples/slack-channel-alert/main.go → api/_examples/slack-alert-channel/main.go
@@ -13,18 +13,18 @@ func main() {
 		log.Fatal(err)
 	}
 
-	mySlackChannel := api.NewSlackChannelIntegration("slack-alert-from-golang",
+	mySlackChannel := api.NewSlackAlertChannel("slack-alert-from-golang",
 		api.SlackChannelData{
 			SlackUrl:         "https://hooks.slack.com/services/ABCD/12345/abcd1234",
 			MinAlertSeverity: 3,
 		},
 	)
 
-	response, err := lacework.Integrations.CreateSlackChannel(mySlackChannel)
+	response, err := lacework.Integrations.CreateSlackAlertChannel(mySlackChannel)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	// Output: Slack Channel alert created: THE-INTEGRATION-GUID
-	fmt.Printf("Slack Channel alert created: %s", response.Data[0].IntgGuid)
+	// Output: Slack alert channel created: THE-INTEGRATION-GUID
+	fmt.Printf("Slack alert channel created: %s", response.Data[0].IntgGuid)
 }
diff --git a/api/integration_alert_channels.go b/api/integration_alert_channels.go
@@ -0,0 +1,55 @@
+//
+// Author:: Salim Afiune Maya (<[email protected]>)
+// Copyright:: Copyright 2020, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package api
+
+// Enum for Alert Severity Levels
+type AlertLevel int
+
+const (
+	CriticalAlertLevel AlertLevel = 1 // Critical only
+	HighAlertLevel     AlertLevel = 2 // High and above
+	MediumAlertLevel   AlertLevel = 3 // Medium and above
+	LowAlertLevel      AlertLevel = 4 // Low and above
+	AllAlertLevel      AlertLevel = 5 // Info and above (which is All of them)
+)
+
+// AlertLevels is the list of available alert levels
+var AlertLevels = map[AlertLevel]string{
+	CriticalAlertLevel: "Critical",
+	HighAlertLevel:     "High",
+	MediumAlertLevel:   "Medium",
+	LowAlertLevel:      "Low",
+	AllAlertLevel:      "All",
+}
+
+// String returns the string representation of an alert level
+func (i AlertLevel) String() string {
+	return AlertLevels[i]
+}
+
+// Int returns the int representation of an alert level
+func (i AlertLevel) Int() int {
+	return int(i)
+}
+
+// Valid returns whether the AlertLevel is valid or not
+func (i AlertLevel) Valid() bool {
+	_, ok := AlertLevels[i]
+	return ok
+}
diff --git a/api/integration_alert_channels_aws_cloudwatch.go b/api/integration_alert_channels_aws_cloudwatch.go
@@ -0,0 +1,101 @@
+//
+// Author:: Salim Afiune Maya (<[email protected]>)
+// Copyright:: Copyright 2020, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package api
+
+// NewAwsCloudWatchAlertChannel returns an instance of AwsCloudWatchAlertChannel
+// with the provided name and data.
+//
+// Basic usage: Initialize a new AwsCloudWatchAlertChannel struct, then
+//              use the new instance to do CRUD operations
+//
+//   client, err := api.NewClient("account")
+//   if err != nil {
+//     return err
+//   }
+//
+//   awsCloudWatch := api.NewAwsCloudWatchAlertChannel("foo",
+//     api.AwsCloudWatchData{
+//       EventBusArn: "arn:aws:events:us-west-2:1234567890:event-bus/default",
+//       MinAlertSeverity: api.MediumAlertLevel,
+//     },
+//   )
+//
+//   client.Integrations.CreateAwsCloudWatchAlertChannel(awsCloudWatch)
+//
+func NewAwsCloudWatchAlertChannel(name string, data AwsCloudWatchData) AwsCloudWatchAlertChannel {
+	return AwsCloudWatchAlertChannel{
+		commonIntegrationData: commonIntegrationData{
+			Name:    name,
+			Type:    AwsCloudWatchIntegration.String(),
+			Enabled: 1,
+		},
+		Data: data,
+	}
+}
+
+// CreateAwsCloudWatchAlertChannel creates a AWS CloudWatch alert channel on the Lacework Server
+func (svc *IntegrationsService) CreateAwsCloudWatchAlertChannel(integration AwsCloudWatchAlertChannel) (
+	response AwsCloudWatchResponse,
+	err error,
+) {
+	err = svc.create(integration, &response)
+	return
+}
+
+// GetAwsCloudWatchAlertChannel gets a AWS CloudWatch alert channel that matches with
+// the provided integration guid on the Lacework Server
+func (svc *IntegrationsService) GetAwsCloudWatchAlertChannel(guid string) (
+	response AwsCloudWatchResponse,
+	err error,
+) {
+	err = svc.get(guid, &response)
+	return
+}
+
+// UpdateAwsCloudWatchAlertChannel updates a single AWS CloudWatch alert channel
+func (svc *IntegrationsService) UpdateAwsCloudWatchAlertChannel(data AwsCloudWatchAlertChannel) (
+	response AwsCloudWatchResponse,
+	err error,
+) {
+	err = svc.update(data.IntgGuid, data, &response)
+	return
+}
+
+// ListAwsCloudWatchAlertChannel lists the CLOUDWATCH_EB external integrations available on the Lacework Server
+func (svc *IntegrationsService) ListAwsCloudWatchAlertChannel() (response AwsCloudWatchResponse, err error) {
+	err = svc.listByType(AwsCloudWatchIntegration, &response)
+	return
+}
+
+type AwsCloudWatchResponse struct {
+	Data    []AwsCloudWatchAlertChannel `json:"data"`
+	Ok      bool                        `json:"ok"`
+	Message string                      `json:"message"`
+}
+
+type AwsCloudWatchAlertChannel struct {
+	commonIntegrationData
+	Data AwsCloudWatchData `json:"DATA"`
+}
+
+type AwsCloudWatchData struct {
+	IssueGrouping    string     `json:"ISSUE_GROUPING,omitempty" mapstructure:"ISSUE_GROUPING"`
+	EventBusArn      string     `json:"EVENT_BUS_ARN" mapstructure:"EVENT_BUS_ARN"`
+	MinAlertSeverity AlertLevel `json:"MIN_ALERT_SEVERITY,omitempty" mapstructure:"MIN_ALERT_SEVERITY"`
+}