diff --git a/api/_examples/cloud-accounts/aws-eks-audit/main.go b/api/_examples/cloud-accounts/aws-eks-audit/main.go index 34acd7f32..19343ffb7 100644 --- a/api/_examples/cloud-accounts/aws-eks-audit/main.go +++ b/api/_examples/cloud-accounts/aws-eks-audit/main.go @@ -41,8 +41,7 @@ func main() { RoleArn: "arn:aws:iam::123456789000:role/lw-iam-b8c91298", ExternalID: "abc123", }, - SnsArn: "arn:aws:sns:us-west-2:0123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d", - S3BucketArn: "arn:aws:s3:::lacework-example-eks-bucket", + SnsArn: "arn:aws:sns:us-west-2:0123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d", } awsEksAuditCloudAccount := api.NewCloudAccount( diff --git a/api/cloud_accounts_aws_eks_audit.go b/api/cloud_accounts_aws_eks_audit.go index 7e62f3007..352f67704 100644 --- a/api/cloud_accounts_aws_eks_audit.go +++ b/api/cloud_accounts_aws_eks_audit.go @@ -48,7 +48,6 @@ type AwsEksAuditIntegration struct { type AwsEksAuditData struct { Credentials AwsEksAuditCredentials `json:"crossAccountCredentials"` SnsArn string `json:"snsArn"` - S3BucketArn string `json:"s3BucketArn"` } type AwsEksAuditCredentials struct { diff --git a/api/cloud_accounts_aws_eks_audit_test.go b/api/cloud_accounts_aws_eks_audit_test.go index 194136cad..8ef21e015 100644 --- a/api/cloud_accounts_aws_eks_audit_test.go +++ b/api/cloud_accounts_aws_eks_audit_test.go @@ -160,149 +160,3 @@ func singleAwsEksAuditCloudAccount(id string) string { } ` } - -func TestCloudAccountsAwsEksAuditByobGet(t *testing.T) { - var ( - intgGUID = intgguid.New() - apiPath = fmt.Sprintf("CloudAccounts/%s", intgGUID) - fakeServer = lacework.MockServer() - ) - fakeServer.UseApiV2() - fakeServer.MockToken("TOKEN") - defer fakeServer.Close() - - fakeServer.MockAPI(apiPath, func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "GET", r.Method, "GetAwsEksAudit() should be a GET method") - fmt.Fprintf(w, generateCloudAccountResponse(singleAwsEksAuditCloudAccountByob(intgGUID))) - }) - - c, err := api.NewClient("test", - api.WithApiV2(), - api.WithToken("TOKEN"), - api.WithURL(fakeServer.URL()), - ) - assert.Nil(t, err) - - response, err := c.V2.CloudAccounts.GetAwsEksAudit(intgGUID) - assert.Nil(t, err) - assert.NotNil(t, response) - assert.Equal(t, intgGUID, response.Data.IntgGuid) - assert.Equal(t, "integration_name", response.Data.Name) - assert.True(t, response.Data.State.Ok) - assert.Equal(t, "arn:foo:bar", response.Data.Data.Credentials.RoleArn) - assert.Equal(t, "0123456789", response.Data.Data.Credentials.ExternalID) - assert.Equal( - t, - "arn:aws:sns:us-west-2:0123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d", - response.Data.Data.SnsArn, - ) - assert.Equal( - t, - "arn:aws:s3:::lacework-example-eks-bucket", - response.Data.Data.S3BucketArn, - ) -} - -func TestCloudAccountsAwsEksAuditByobUpdate(t *testing.T) { - var ( - intgGUID = intgguid.New() - apiPath = fmt.Sprintf("CloudAccounts/%s", intgGUID) - fakeServer = lacework.MockServer() - ) - fakeServer.UseApiV2() - fakeServer.MockToken("TOKEN") - defer fakeServer.Close() - - fakeServer.MockAPI(apiPath, func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "PATCH", r.Method, "UpdateAwsEksAudit() should be a PATCH method") - - if assert.NotNil(t, r.Body) { - body := httpBodySniffer(r) - assert.Contains(t, body, intgGUID, "INTG_GUID missing") - assert.Contains(t, body, "integration_name", "cloud account name is missing") - assert.Contains(t, body, "AwsEksAudit", "wrong cloud account type") - assert.Contains(t, body, "arn:bubu:lubu", "wrong role arn") - assert.Contains(t, body, "abc123", "wrong external ID") - assert.Contains( - t, - body, - "arn:aws:sns:us-west-2:0123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d", - "wrong sns arn") - assert.Contains( - t, - body, - "arn:aws:s3:::lacework-example-eks-bucket", - "wrong s3 bucket arn") - assert.Contains(t, body, "enabled\":1", "cloud account is not enabled") - } - - fmt.Fprintf(w, generateCloudAccountResponse(singleAwsEksAuditCloudAccountByob(intgGUID))) - }) - - c, err := api.NewClient("test", - api.WithApiV2(), - api.WithToken("TOKEN"), - api.WithURL(fakeServer.URL()), - ) - assert.Nil(t, err) - - cloudAccount := api.NewCloudAccount("integration_name", - api.AwsEksAuditCloudAccount, - api.AwsEksAuditData{ - SnsArn: "arn:aws:sns:us-west-2:0123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d", - S3BucketArn: "arn:aws:s3:::lacework-example-eks-bucket", - Credentials: api.AwsEksAuditCredentials{ - RoleArn: "arn:bubu:lubu", - ExternalID: "abc123", - }, - }, - ) - assert.Equal(t, "integration_name", cloudAccount.Name, "AwsEksAudit cloud account name mismatch") - assert.Equal(t, "AwsEksAudit", cloudAccount.Type, "a new AwsEksAudit cloud account should match its type") - assert.Equal(t, 1, cloudAccount.Enabled, "a new AwsEksAudit cloud account should be enabled") - cloudAccount.IntgGuid = intgGUID - - response, err := c.V2.CloudAccounts.UpdateAwsEksAudit(cloudAccount) - assert.Nil(t, err) - assert.NotNil(t, response) - assert.Equal(t, intgGUID, response.Data.IntgGuid) - assert.Equal(t, - "arn:aws:sns:us-west-2:0123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d", - response.Data.Data.SnsArn) - assert.Equal(t, - "arn:aws:s3:::lacework-example-eks-bucket", - response.Data.Data.S3BucketArn) -} - -func singleAwsEksAuditCloudAccountByob(id string) string { - return ` - { - "createdOrUpdatedBy": "salim.afiunemaya@lacework.net", - "createdOrUpdatedTime": "2021-06-01T19:28:00.092Z", - "enabled": 1, - "intgGuid": "` + id + `", - "isOrg": 0, - "name": "integration_name", - "state": { - "details": { - "complianceOpsDeniedAccess": [ - "GetBucketAcl", - "GetBucketLogging" - ] - }, - "lastSuccessfulTime": 1624456896915, - "lastUpdatedTime": 1624456896915, - "ok": true - }, - "type": "AwsEksAudit", - "data": { - "snsArn": "arn:aws:sns:us-west-2:0123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d", - "s3BucketArn": "arn:aws:s3:::lacework-example-eks-bucket", - "crossAccountCredentials": { - "externalId": "0123456789", - "roleArn": "arn:foo:bar" - } - } - } - ` -}