feat(api): Implement GcpGkeAudit CloudAccount interface (#821)

* feat(api): Implement GcpGkeAudit CloudAccount interface Signed-off-by: Ross <[email protected]> * chore(api): Fix failing gke unit tests Signed-off-by: Ross <[email protected]>
lacework · Jun 16, 2022 · fd01c7f · fd01c7f
1 parent af66b8e
commit fd01c7f
Show file tree

Hide file tree

Showing 4 changed files with 389 additions and 0 deletions.
diff --git a/api/_examples/cloud-accounts/gcp-gke-audit/main.go b/api/_examples/cloud-accounts/gcp-gke-audit/main.go
@@ -0,0 +1,65 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/lacework/go-sdk/api"
+)
+
+func main() {
+	// TODO @afiune maybe think about a way to inject CI credentials and
+	// run these examples as part of our CI pipelines
+	lacework, err := api.NewClient(os.Getenv("LW_ACCOUNT"),
+		api.WithSubaccount(os.Getenv("LW_SUBACCOUNT")),
+		api.WithApiKeys(os.Getenv("LW_API_KEY"), os.Getenv("LW_API_SECRET")),
+		api.WithApiV2(),
+	)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	res, err := lacework.V2.CloudAccounts.List()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, account := range res.Data {
+		support := "Unsupported"
+		switch account.Type {
+		case api.GcpGkeAuditCloudAccount.String():
+			support = "Supported"
+		}
+
+		// Output: INTEGRATION-GUID:INTEGRATION-TYPE:[Supported|Unsupported]
+		fmt.Printf("%s:%s:%s\n", account.IntgGuid, account.Type, support)
+	}
+
+	gcpGkeAuditData := api.GcpGkeAuditData{
+		Credentials: api.GcpGkeAuditCredentials{
+			ClientEmail:  "[email protected]",
+			ClientId:     "0123456789",
+			PrivateKey:   "",
+			PrivateKeyId: "",
+		},
+		IntegrationType:  "Project",
+		OrganizationId:   "OrgId",
+		ProjectId:        "ProjectMcProjectFace",
+		SubscriptionName: "projects/ProjectMcProjectFace/subscriptions/SubscribeyMcSubscribeFace",
+	}
+
+	gcpGkeAuditCloudAccount := api.NewCloudAccount(
+		"cloud-from-golang",
+		api.GcpGkeAuditCloudAccount,
+		gcpGkeAuditData,
+	)
+
+	gcpGkeAuditResponse, err := lacework.V2.CloudAccounts.Create(gcpGkeAuditCloudAccount)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Output: GcpGkeAudit Cloud Account created: THE-INTEGRATION-GUID
+	fmt.Printf("Cloud Account created: %s", gcpGkeAuditResponse.Data.IntgGuid)
+}
diff --git a/api/cloud_accounts.go b/api/cloud_accounts.go
@@ -93,6 +93,7 @@ const (
 	AzureCfgCloudAccount
 	GcpAtSesCloudAccount
 	GcpCfgCloudAccount
+	GcpGkeAuditCloudAccount
 )
 
 // CloudAccountTypes is the list of available Cloud Account integration types
@@ -107,6 +108,7 @@ var CloudAccountTypes = map[cloudAccountType]string{
 	AzureCfgCloudAccount:      "AzureCfg",
 	GcpAtSesCloudAccount:      "GcpAtSes",
 	GcpCfgCloudAccount:        "GcpCfg",
+	GcpGkeAuditCloudAccount:   "GcpGkeAudit",
 }
 
 // String returns the string representation of a Cloud Account integration type

diff --git a/api/cloud_accounts_gcp_gke_audit.go b/api/cloud_accounts_gcp_gke_audit.go
@@ -0,0 +1,62 @@
+//
+// Author:: Salim Afiune Maya (<[email protected]>)
+// Copyright:: Copyright 2021, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package api
+
+// GetGcpGkeAudit gets a single GcpGkeAudit integration matching the provided integration guid
+func (svc *CloudAccountsService) GetGcpGkeAudit(guid string) (
+	response GcpGkeAuditIntegrationResponse,
+	err error,
+) {
+	err = svc.get(guid, &response)
+	return
+}
+
+// UpdateGcpGkeAudit updates a single GcpGkeAudit integration on the Lacework Server
+func (svc *CloudAccountsService) UpdateGcpGkeAudit(data CloudAccount) (
+	response GcpGkeAuditIntegrationResponse,
+	err error,
+) {
+	err = svc.update(data.ID(), data, &response)
+	return
+}
+
+type GcpGkeAuditIntegrationResponse struct {
+	Data GcpGkeAuditIntegration `json:"data"`
+}
+
+type GcpGkeAuditIntegration struct {
+	v2CommonIntegrationData
+	Data GcpGkeAuditData `json:"data"`
+}
+
+type GcpGkeAuditData struct {
+	Credentials     GcpGkeAuditCredentials `json:"credentials"`
+	IntegrationType string                 `json:"integrationType"`
+	// OrganizationId is optional for a project level integration, therefore we omit if empty
+	OrganizationId   string `json:"organizationId,omitempty"`
+	ProjectId        string `json:"projectId"`
+	SubscriptionName string `json:"subscriptionName"`
+}
+
+type GcpGkeAuditCredentials struct {
+	ClientId     string `json:"clientId"`
+	ClientEmail  string `json:"clientEmail"`
+	PrivateKeyId string `json:"PrivateKeyID"`
+	PrivateKey   string `json:"PrivateKey"`
+}