From 960a8b7f53a52febb66e89dce20f28211569a3fb Mon Sep 17 00:00:00 2001 From: Darren <75614232+dmurray-lacework@users.noreply.github.com> Date: Wed, 17 Mar 2021 23:12:54 +0000 Subject: [PATCH] feat(cli): add Azure list-tenants sub-command (#341) Signed-off-by: Darren Murray Co-authored-by: Salim Afiune Maya --- cli/cmd/compliance.go | 20 ++++----- cli/cmd/compliance_azure.go | 62 ++++++++++++++++++++++++---- integration/compliance_azure_test.go | 33 +++++++++++++++ 3 files changed, 93 insertions(+), 22 deletions(-) create mode 100644 integration/compliance_azure_test.go diff --git a/cli/cmd/compliance.go b/cli/cmd/compliance.go index 08ba96990..37ee90266 100644 --- a/cli/cmd/compliance.go +++ b/cli/cmd/compliance.go @@ -93,25 +93,19 @@ Use the following command to list all available integrations in your account: Short: "compliance for Azure Cloud", Long: `Manage compliance reports for Azure Cloud. -To get the latest Azure compliance assessment report, use the command: +To list all Azure Tenants configured in your account: - $ lacework compliance azure get-report + $ lacework compliance azure list-tenants -These reports run on a regular schedule, typically once a day. +To list all Azure Subscriptions from a Tenant, use the command: -To find out which Azure tenants/subscriptions are connected to your -Lacework account, use the following command: - - $ lacework integrations list --type AZURE_CFG - -Then, choose one integration, copy the GUID and visualize its details -using the command: + $ lacework compliance azure list-subscriptions - $ lacework integration show +To get the latest Azure compliance assessment report, use the command: -To list all Azure subscriptions from a tenant, use the command: + $ lacework compliance azure get-report - $ lacework compliance azure list-subscriptions +These reports run on a regular schedule, typically once a day. To run an ad-hoc compliance assessment use the command: diff --git a/cli/cmd/compliance_azure.go b/cli/cmd/compliance_azure.go index c37e4281e..8844abc73 100644 --- a/cli/cmd/compliance_azure.go +++ b/cli/cmd/compliance_azure.go @@ -34,18 +34,13 @@ var ( // complianceAzureListSubsCmd represents the list-subscriptions sub-command inside the azure command complianceAzureListSubsCmd = &cobra.Command{ Use: "list-subscriptions ", - Aliases: []string{"list-subs", "list"}, + Aliases: []string{"list-subs"}, Short: "list subscriptions from tenant", - Long: `List all Azure subscriptions from the provided tenant ID. + Long: `List all Azure subscriptions from the provided Tenant ID. -Use the following command to list all Azure integrations in your account: +Use the following command to list all Azure Tenants configured in your account: - $ lacework integrations list --type AZURE_CFG - -Then, select one GUID from an integration and visualize its details using the command: - - $ lacework integration show -`, + $ lacework compliance az list`, Args: cobra.ExactArgs(1), RunE: func(_ *cobra.Command, args []string) error { response, err := cli.LwApi.Compliance.ListAzureSubscriptions(args[0]) @@ -68,6 +63,54 @@ Then, select one GUID from an integration and visualize its details using the co }, } + // complianceAzureListTenantsCmd represents the list-tenants sub-command inside the azure command + complianceAzureListTenantsCmd = &cobra.Command{ + Use: "list-tenants", + Aliases: []string{"list"}, + Short: "list all Azure Tenants configured", + Long: `List all Azure Tenants configured in your account.`, + Args: cobra.NoArgs, + RunE: func(_ *cobra.Command, _ []string) error { + azureIntegrations, err := cli.LwApi.Integrations.ListAzureCfg() + if err != nil { + return errors.Wrap(err, "unable to get azure integrations") + } + if len(azureIntegrations.Data) == 0 { + msg := `There are no Azure Tenants configured in your account. + +Get started by integrating your Azure Tenants to analyze configuration compliance using the command: + + $ lacework integration create + +Or, if you prefer to do it via the WebUI, log in to your account at: + + https://%s.lacework.net + +Then navigate to Settings > Integrations > Cloud Accounts. +` + cli.OutputHuman(fmt.Sprintf(msg, cli.Account)) + return nil + } + + azureTenants := make([]string, 0) + for _, i := range azureIntegrations.Data { + azureTenants = append(azureTenants, i.Data.TenantID) + } + + if cli.JSONOutput() { + return cli.OutputJSON(azureTenants) + } + + var rows [][]string + for _, tenant := range azureTenants { + rows = append(rows, []string{tenant}) + } + + cli.OutputHuman(renderSimpleTable([]string{"Azure Tenants"}, rows)) + return nil + }, + } + // complianceAzureGetReportCmd represents the get-report sub-command inside the azure command complianceAzureGetReportCmd = &cobra.Command{ Use: "get-report ", @@ -201,6 +244,7 @@ To run an ad-hoc compliance assessment use the command: func init() { // add sub-commands to the azure command complianceAzureCmd.AddCommand(complianceAzureListSubsCmd) + complianceAzureCmd.AddCommand(complianceAzureListTenantsCmd) complianceAzureCmd.AddCommand(complianceAzureGetReportCmd) complianceAzureCmd.AddCommand(complianceAzureRunAssessmentCmd) diff --git a/integration/compliance_azure_test.go b/integration/compliance_azure_test.go new file mode 100644 index 000000000..5da10b1f7 --- /dev/null +++ b/integration/compliance_azure_test.go @@ -0,0 +1,33 @@ +// +// Author:: Darren Murray () +// Copyright:: Copyright 2020, Lacework Inc. +// License:: Apache License, Version 2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +package integration + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestComplianceAzureListTenants(t *testing.T) { + out, err, exitcode := LaceworkCLIWithTOMLConfig("compliance", "az", "list-tenants") + + assert.Empty(t, err.String(), "STDERR should be empty") + assert.Equal(t, 0, exitcode, "EXITCODE is not the expected one") + assert.Contains(t, out.String(), "TENANTS", + "STDOUT table headers changed, please check") +}