feat(CAD-360): Support Resource Group v2 in CLI (#1340)

* feat(CAD-360): RGv2 CRUD support in CLI

Signed-off-by: Zeki Sherif <[email protected]>

* style: formatting

Signed-off-by: Darren Murray <[email protected]>

* Update api/resource_groups.go

Co-authored-by: Darren <[email protected]>

* chore: address comments

Signed-off-by: Zeki Sherif <[email protected]>

* fix: fix time issue

---------

Signed-off-by: Zeki Sherif <[email protected]>
Signed-off-by: Darren Murray <[email protected]>
Co-authored-by: Darren Murray <[email protected]>
Co-authored-by: Darren <[email protected]>

Author: thekeys93

api/_examples/resource-groups/main.go

@@ -23,8 +23,17 @@ func main() {
 	}
 
 	for _, account := range res.Data {
+		var resourceGuid string
+		resourceType := account.Type
+
+		if account.Props != nil {
+			resourceGuid = account.ResourceGuid
+		} else {
+			resourceGuid = account.ResourceGroupGuid
+		}
+
 		support := "Unsupported"
-		switch account.Type {
+		switch resourceType {
 		case api.AwsResourceGroup.String():
 			support = "Supported"
 		case api.AzureResourceGroup.String():
@@ -40,8 +49,63 @@ func main() {
 		}
 
 		// Output: RESOURCE_GUID:RESOURCE_TYPE:[Supported|Unsupported]
-		fmt.Printf("%s:%s:%s\n", account.ResourceGuid, account.Type, support)
+		fmt.Printf("%s:%s:%s\n", resourceGuid, resourceType, support)
+	}
+
+	rgExpression := api.RGExpression{
+		Operator: "AND",
+		Children: []*api.RGChild{
+			{
+				FilterName: "filter1",
+			},
+		},
+	}
+
+	rgFilter := api.RGFilter{
+		Field:     "Region",
+		Operation: "STARTS_WITH",
+		Values:    []string{"us-"},
+	}
+
+	rgQuery := api.RGQuery{
+		Expression: &rgExpression,
+		Filters: map[string]*api.RGFilter{
+			"filter1": &rgFilter,
+		},
+	}
+
+	myResourceGroupWithQuery := api.NewResourceGroupWithQuery(
+		"resource-group-with-query-from-golang",
+		api.AwsResourceGroup,
+		"Resource groups in `us` regions",
+		&rgQuery,
+	)
+
+	println("Creating a resource group v2")
+	rgV2Resp, err := lacework.V2.ResourceGroups.Create(myResourceGroupWithQuery)
+
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("Succesfully created resource group \n %+v\n", rgV2Resp)
+
+	println("Updating v2 resource group name")
+	rgV2Resp.Data.NameV2 = "resource-group-with-query-from-golang-updated"
+
+	updatedResponse, err := lacework.V2.ResourceGroups.UpdateAws(&rgV2Resp.Data)
+
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Printf("Succesfully updated resource group \n %+v\n", updatedResponse)
+
+	fmt.Printf("Deleting resource group %s\n", updatedResponse.Data.ResourceGroupGuid)
+	err = lacework.V2.ResourceGroups.Delete(updatedResponse.Data.ResourceGroupGuid)
+	if err != nil {
+		log.Fatal(err)
 	}
+	println("Successfully deleted resource group")
 
 	props := api.LwAccountResourceGroupProps{
 		Description: "All Lacework accounts",

api/feature_flags.go

@@ -4,6 +4,8 @@ import (
 	"fmt"
 )
 
+const ApiV2CliFeatureFlag = "PUBLIC.rgv2.cli"
+
 type FeatureFlagsService struct {
 	client *Client
 }

api/resource_groups.go

@@ -22,10 +22,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"strconv"
-
-	"github.com/pkg/errors"
+	"time"
 
 	"github.com/lacework/go-sdk/lwtime"
+	"github.com/pkg/errors"
 )
 
 // ResourceGroupsService is the service that interacts with
@@ -48,6 +48,8 @@ type ResourceGroup interface {
 	ID() string
 	ResourceGroupType() ResourceGroupType
 	ResetResourceGUID()
+	ResetRGV2Fields()
+	IsV2Group() bool
 }
 
 type ResourceGroupType int
@@ -81,41 +83,6 @@ func (i ResourceGroupType) String() string {
 	return ResourceGroupTypes[i]
 }
 
-// NewResourceGroup returns an instance of the ResourceGroupData struct with the
-// provided ResourceGroup type, name and the props field as an interface{}.
-//
-// NOTE: This function must be used by any ResourceGroup type.
-//
-// Basic usage: Initialize a new ContainerResourceGroup struct, then
-//
-//	             use the new instance to do CRUD operations
-//
-//	  client, err := api.NewClient("account")
-//	  if err != nil {
-//	    return err
-//	  }
-//
-//	  group := api.NewResourceGroup("container resource group",
-//	    api.ContainerResourceGroup,
-//	    api.ContainerResourceGroupData{
-//	      Props: api.ContainerResourceGroupProps{
-//				Description:     "all containers,
-//				ContainerLabels: ContainerResourceGroupAllLabels,
-//				ContainerTags:   ContainerResourceGroupAllTags,
-//			},
-//	    },
-//	  )
-//
-//	  client.V2.ResourceGroups.Create(group)
-func NewResourceGroup(name string, iType ResourceGroupType, props interface{}) ResourceGroupData {
-	return ResourceGroupData{
-		Name:    name,
-		Type:    iType.String(),
-		Enabled: 1,
-		Props:   props,
-	}
-}
-
 // FindResourceGroupType looks up inside the list of available resource group types
 // the matching type from the provided string, if none, returns NoneResourceGroup
 func FindResourceGroupType(resourceGroup string) (ResourceGroupType, bool) {
@@ -200,24 +167,6 @@ func castResourceGroupResponse(data resourceGroupWorkaroundData, response interf
 	return nil
 }
 
-func setResourceGroupResponse(response resourceGroupWorkaroundData) (ResourceGroupResponse, error) {
-	isDefault, err := strconv.Atoi(response.IsDefault)
-	if err != nil {
-		return ResourceGroupResponse{}, err
-	}
-	return ResourceGroupResponse{
-		Data: ResourceGroupData{
-			Guid:         response.Guid,
-			IsDefault:    isDefault,
-			ResourceGuid: response.ResourceGuid,
-			Name:         response.Name,
-			Type:         response.Type,
-			Enabled:      response.Enabled,
-			Props:        response.Props,
-		},
-	}, nil
-}
-
 func setResourceGroupsResponse(workaround resourceGroupsWorkaroundResponse) (ResourceGroupsResponse, error) {
 	var data []ResourceGroupData
 	for _, r := range workaround.Data {
@@ -250,9 +199,9 @@ func (svc *ResourceGroupsService) Delete(guid string) error {
 // To return a more specific Go struct of a Resource Group, use the proper
 // method such as GetContainerResourceGroup() where the function name is composed by:
 //
-//	Get<Type>(guid)
+//  Get<Type>(guid)
 //
-//	  Where <Type> is the Resource Group type.
+//    Where <Type> is the Resource Group type.
 func (svc *ResourceGroupsService) Get(guid string, response interface{}) error {
 	var rawResponse resourceGroupWorkaroundResponse
 	err := svc.get(guid, &rawResponse)
@@ -290,11 +239,26 @@ func (group ResourceGroupData) ResourceGroupType() ResourceGroupType {
 }
 
 func (group ResourceGroupData) ID() string {
-	return group.ResourceGuid
+	if !group.IsV2Group() {
+		return group.ResourceGuid
+	} else {
+		return group.ResourceGroupGuid
+	}
+}
+
+func (group *ResourceGroupData) ResetRGV2Fields() {
+	group.UpdatedBy = ""
+	group.UpdatedTime = nil
+	group.CreatedBy = ""
+	group.CreatedTime = nil
+	group.IsDefaultBoolean = nil
+	group.IsOrg = nil
 }
 
 func (group *ResourceGroupData) ResetResourceGUID() {
 	group.ResourceGuid = ""
+	group.ResourceGroupGuid = ""
+	group.ResetRGV2Fields()
 }
 
 func (group ResourceGroupData) Status() string {
@@ -304,6 +268,10 @@ func (group ResourceGroupData) Status() string {
 	return "Disabled"
 }
 
+func (group ResourceGroupData) IsV2Group() bool {
+	return group.Query != nil
+}
+
 type ResourceGroupResponse struct {
 	Data ResourceGroupData `json:"data"`
 }
@@ -313,13 +281,26 @@ type ResourceGroupsResponse struct {
 }
 
 type ResourceGroupData struct {
+	// RGv1 Fields
 	Guid         string      `json:"guid,omitempty"`
 	IsDefault    int         `json:"isDefault,omitempty"`
 	ResourceGuid string      `json:"resourceGuid,omitempty"`
-	Name         string      `json:"resourceName"`
+	Name         string      `json:"resourceName,omitempty"`
 	Type         string      `json:"resourceType"`
-	Enabled      int         `json:"enabled,omitempty"`
-	Props        interface{} `json:"props"`
+	Enabled      int         `json:"enabled"`
+	Props        interface{} `json:"props,omitempty"`
+
+	// RG v2 Fields. `Enabled` and `Type` fields are the same in RGv1 nd RGv2
+	NameV2            string     `json:"name,omitempty"`
+	Query             *RGQuery   `json:"query,omitempty"`
+	Description       string     `json:"description,omitempty"`
+	ResourceGroupGuid string     `json:"resourceGroupGuid,omitempty"`
+	CreatedTime       *time.Time `json:"lastUpdated,omitempty"`
+	CreatedBy         string     `json:"createdBy,omitempty"`
+	UpdatedTime       *time.Time `json:"updatedTime,omitempty"`
+	UpdatedBy         string     `json:"updatedBy,omitempty"`
+	IsDefaultBoolean  *bool      `json:"isDefaultBoolean,omitempty"`
+	IsOrg             *bool      `json:"isOrg,omitempty"`
 }
 
 // RAIN-21510 workaround
@@ -339,4 +320,15 @@ type resourceGroupWorkaroundData struct {
 	Type         string      `json:"resourceType"`
 	Enabled      int         `json:"enabled,omitempty"`
 	Props        interface{} `json:"props"`
+
+	NameV2            string     `json:"name,omitempty"`
+	Query             *RGQuery   `json:"query,omitempty"`
+	Description       string     `json:"description,omitempty"`
+	ResourceGroupGuid string     `json:"resourceGroupGuid,omitempty"`
+	CreatedTime       *time.Time `json:"lastUpdated,omitempty"`
+	CreatedBy         string     `json:"createdBy,omitempty"`
+	UpdatedTime       *time.Time `json:"updatedTime,omitempty"`
+	UpdatedBy         string     `json:"updatedBy,omitempty"`
+	IsDefaultBoolean  *bool      `json:"isDefaultBoolean,omitempty"`
+	IsOrg             *bool      `json:"isOrg,omitempty"`
 }

api/resource_groups_aws.go

@@ -33,7 +33,7 @@ var (
 
 // GetAws gets a single Aws ResourceGroup matching the
 // provided resource guid
-func (svc *ResourceGroupsService) GetAws(guid string) (
+func (svc *ResourceGroupsVersionService) GetAws(guid string) (
 	response AwsResourceGroupResponse,
 	err error,
 ) {
@@ -47,8 +47,9 @@ func (svc *ResourceGroupsService) GetAws(guid string) (
 }
 
 // UpdateAws updates a single Aws ResourceGroup on the Lacework Server
-func (svc *ResourceGroupsService) UpdateAws(data ResourceGroup) (
+func (svc *ResourceGroupsVersionService) UpdateAws(data ResourceGroup) (
 	response AwsResourceGroupResponse, err error) {
+
 	if data == nil {
 		err = errors.New("resource group must not be empty")
 		return
@@ -65,7 +66,7 @@ func (svc *ResourceGroupsService) UpdateAws(data ResourceGroup) (
 }
 
 // CreateAws creates a single Aws ResourceGroup on the Lacework Server
-func (svc *ResourceGroupsService) CreateAws(data ResourceGroup) (
+func (svc *ResourceGroupsVersionService) CreateAws(data ResourceGroup) (
 	response AwsResourceGroupResponse,
 	err error,
 ) {
@@ -118,6 +119,17 @@ type AwsResourceGroupData struct {
 	Type         string                `json:"resourceType"`
 	Enabled      int                   `json:"enabled,omitempty"`
 	Props        AwsResourceGroupProps `json:"props"`
+
+	NameV2            string        `json:"name"`
+	Query             *RGQuery      `json:"query"`
+	Description       string        `json:"description,omitempty"`
+	ResourceGroupGuid string        `json:"resourceGroupGuid,omitempty"`
+	CreatedTime       *lwtime.Epoch `json:"lastUpdated,omitempty"`
+	CreatedBy         string        `json:"createdBy,omitempty"`
+	UpdatedTime       *lwtime.Epoch `json:"updatedTime,omitempty"`
+	UpdatedBy         string        `json:"updatedBy,omitempty"`
+	IsDefaultBoolean  *bool         `json:"isDefaultBoolean,omitempty"`
+	IsOrg             *bool         `json:"isOrg,omitempty"`
 }
 
 type AwsResourceGroupProps struct {

api/resource_groups_azure.go

@@ -33,7 +33,7 @@ var (
 
 // GetAzure gets a single Azure ResourceGroup matching the
 // provided resource guid
-func (svc *ResourceGroupsService) GetAzure(guid string) (
+func (svc *ResourceGroupsVersionService) GetAzure(guid string) (
 	response AzureResourceGroupResponse,
 	err error,
 ) {
@@ -47,7 +47,7 @@ func (svc *ResourceGroupsService) GetAzure(guid string) (
 }
 
 // UpdateAzure updates a single Azure ResourceGroup on the Lacework Server
-func (svc *ResourceGroupsService) UpdateAzure(data ResourceGroup) (
+func (svc *ResourceGroupsVersionService) UpdateAzure(data ResourceGroup) (
 	response AzureResourceGroupResponse,
 	err error,
 ) {
@@ -67,7 +67,7 @@ func (svc *ResourceGroupsService) UpdateAzure(data ResourceGroup) (
 }
 
 // CreateAzure creates a single Azure ResourceGroup on the Lacework Server
-func (svc *ResourceGroupsService) CreateAzure(data ResourceGroup) (
+func (svc *ResourceGroupsVersionService) CreateAzure(data ResourceGroup) (
 	response AzureResourceGroupResponse,
 	err error,
 ) {

api/resource_groups_container.go

@@ -34,7 +34,7 @@ var (
 
 // GetContainer gets a single Container ResourceGroup matching the
 // provided resource guid
-func (svc *ResourceGroupsService) GetContainer(guid string) (
+func (svc *ResourceGroupsVersionService) GetContainer(guid string) (
 	response ContainerResourceGroupResponse,
 	err error,
 ) {
@@ -48,7 +48,7 @@ func (svc *ResourceGroupsService) GetContainer(guid string) (
 }
 
 // UpdateContainer updates a single Container ResourceGroup on the Lacework Server
-func (svc *ResourceGroupsService) UpdateContainer(data ResourceGroup) (
+func (svc *ResourceGroupsVersionService) UpdateContainer(data ResourceGroup) (
 	response ContainerResourceGroupResponse,
 	err error,
 ) {
@@ -64,7 +64,7 @@ func (svc *ResourceGroupsService) UpdateContainer(data ResourceGroup) (
 }
 
 // CreateContainer creates a single Container ResourceGroup on the Lacework Server
-func (svc *ResourceGroupsService) CreateContainer(data ResourceGroup) (
+func (svc *ResourceGroupsVersionService) CreateContainer(data ResourceGroup) (
 	response ContainerResourceGroupResponse,
 	err error,
 ) {