feat(RAIN-70441): add CLI command to support migration (#1369)

Manan-Bhatia-0 · web-flow · commit 8d3ed7f2023a · 2023-09-06T11:07:28.000-07:00
* feat: add cli support for gcpv2 migration
diff --git a/api/api.go b/api/api.go
@@ -127,6 +127,8 @@ const (
 	apiSuppressions = "v2/suppressions/%s/allExceptions"
 
 	apiRecommendations = "v2/recommendations/%s"
+
+	apiV2MigrateGcpAtSes = "v2/migrateGcpAtSes"
 )
 
 // WithApiV2 configures the client to use the API version 2 (/api/v2)
diff --git a/api/cloud_accounts.go b/api/cloud_accounts.go
@@ -20,6 +20,7 @@ package api
 
 import (
 	"fmt"
+	"time"
 
 	"github.com/pkg/errors"
 
@@ -172,6 +173,30 @@ func (svc *CloudAccountsService) Delete(guid string) error {
 	)
 }
 
+// Migrate marks a Cloud Account integration that matches the provided guid for migration
+func (svc *CloudAccountsService) Migrate(guid string) error {
+	if guid == "" {
+		return errors.New("specify an intgGuid")
+	}
+
+	data := MigrateRequestData{
+		MigrateData{
+			IntgGuid: guid,
+			Props: Props{
+				Migrate:            true,
+				MigrationTimestamp: time.Now(),
+			},
+		},
+	}
+
+	return svc.client.RequestEncoderDecoder(
+		"PATCH",
+		apiV2MigrateGcpAtSes,
+		data,
+		nil,
+	)
+}
+
 // Get returns a raw response of the Cloud Account with the matching integration guid.
 //
 // To return a more specific Go struct of a Cloud Account integration, use the proper
diff --git a/api/cloud_accounts_gcp_at.go b/api/cloud_accounts_gcp_at.go
@@ -18,6 +18,8 @@
 
 package api
 
+import "time"
+
 // GetGcpAtSes gets a single GcpAtSes integration matching the provided integration guid
 func (svc *CloudAccountsService) GetGcpAtSes(guid string) (
 	response GcpAtSesIntegrationResponse,
@@ -59,3 +61,17 @@ type GcpAtSesCredentials struct {
 	PrivateKeyID string `json:"privateKeyId,omitempty"`
 	PrivateKey   string `json:"privateKey,omitempty"`
 }
+
+type Props struct {
+	Migrate            bool      `json:"migrate"`
+	MigrationTimestamp time.Time `json:"migrationTimestamp"`
+}
+
+type MigrateData struct {
+	IntgGuid string `json:"intgGuid"`
+	Props    Props  `json:"props"`
+}
+
+type MigrateRequestData struct {
+	Data MigrateData `json:"data"`
+}
diff --git a/api/cloud_accounts_test.go b/api/cloud_accounts_test.go
@@ -263,6 +263,56 @@ func TestCloudAccountsListByType(t *testing.T) {
 	}
 }
 
+func TestCloudAccountMigrate(t *testing.T) {
+	var (
+		intgGUID   = intgguid.New()
+		apiPath    = "migrateGcpAtSes"
+		fakeServer = lacework.MockServer()
+	)
+	fakeServer.MockToken("TOKEN")
+	defer fakeServer.Close()
+
+	fakeServer.MockAPI(apiPath, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, "PATCH", r.Method, "cloudAccountMigrate() should be a PATCH method")
+
+		if assert.NotNil(t, r.Body) {
+			body := httpBodySniffer(r)
+			assert.Contains(t, body, intgGUID, "INTG_GUID missing")
+			assert.Contains(t, body, "props", "migration props are missing")
+			assert.Contains(t, body, "migrate\":true",
+				"migrate field is missing or it is set to false")
+			assert.Contains(t, body, "migrationTimestamp", "migration timestamp is missing")
+		}
+		fmt.Fprintf(w, generateCloudAccountResponse(singleGcpAtCloudAccount(intgGUID)))
+	})
+
+	c, err := api.NewClient("test",
+		api.WithToken("TOKEN"),
+		api.WithURL(fakeServer.URL()),
+	)
+	assert.Nil(t, err)
+
+	cloudAccount := api.NewCloudAccount("integration_name",
+		api.GcpAtSesCloudAccount,
+		api.GcpAtSesData{
+			Credentials: api.GcpAtSesCredentials{
+				ClientID:     "123456789",
+				ClientEmail:  "test@project.iam.gserviceaccount.com",
+				PrivateKeyID: "",
+				PrivateKey:   "",
+			},
+		},
+	)
+	assert.Equal(t, "integration_name", cloudAccount.Name, "GcpAtSes cloud account name mismatch")
+	assert.Equal(t, "GcpAtSes", cloudAccount.Type,
+		"a new GcpAtSes cloud account should match its type")
+	assert.Equal(t, 1, cloudAccount.Enabled, "a new GcpAtSes cloud account should be enabled")
+	cloudAccount.IntgGuid = intgGUID
+
+	err = c.V2.CloudAccounts.Migrate(intgGUID)
+	assert.Nil(t, err)
+}
+
 func generateCloudAccounts(guids []string, iType string) string {
 	cloudAccounts := make([]string, len(guids))
 	for i, guid := range guids {
diff --git a/cli/cmd/cloud_account.go b/cli/cmd/cloud_account.go
@@ -62,6 +62,14 @@ var (
 		Args:    cobra.ExactArgs(1),
 		RunE:    cloudAccountDelete,
 	}
+
+	// cloudAccountMigrateCmd represents the migrate sub-command inside the cloud accounts command
+	cloudAccountMigrateCmd = &cobra.Command{
+		Use:   "migrate",
+		Short: "Mark a cloud account integration for migration",
+		Args:  cobra.ExactArgs(1),
+		RunE:  cloudAccountMigrate,
+	}
 )
 
 func init() {
@@ -71,6 +79,7 @@ func init() {
 	cloudAccountCommand.AddCommand(cloudAccountShowCmd)
 	cloudAccountCommand.AddCommand(cloudAccountDeleteCmd)
 	cloudAccountCommand.AddCommand(cloudAccountCreateCmd)
+	cloudAccountCommand.AddCommand(cloudAccountMigrateCmd)
 
 	// add type flag to cloud accounts list command
 	cloudAccountListCmd.Flags().StringVarP(&cloudAccountType,
@@ -140,6 +149,17 @@ func cloudAccountDelete(_ *cobra.Command, args []string) error {
 	return nil
 }
 
+func cloudAccountMigrate(_ *cobra.Command, args []string) error {
+	cli.StartProgress(" Initiating migration for cloud account...")
+	err := cli.LwApi.V2.CloudAccounts.Migrate(args[0])
+	cli.StopProgress()
+	if err != nil {
+		return errors.Wrap(err, "unable to initiate migration for cloud-account.")
+	}
+	cli.OutputHuman("The cloud account %s was marked for migration.\n", args[0])
+	return nil
+}
+
 func cloudAccountShow(_ *cobra.Command, args []string) error {
 	var (
 		cloudAccount api.CloudAccountResponse
diff --git a/integration/test_resources/help/cloud-account b/integration/test_resources/help/cloud-account
@@ -10,6 +10,7 @@ Available Commands:
   create       Create a new cloud account integration
   delete       Delete a cloud account integration
   list         List all available cloud account integrations
+  migrate      Mark a cloud account integration for migration
   show         Show a single cloud account integration
 
 Flags:
diff --git a/integration/test_resources/help/cloud-account_migrate b/integration/test_resources/help/cloud-account_migrate
@@ -0,0 +1,21 @@
+Mark a cloud account integration for migration
+
+Usage:
+  lacework cloud-account migrate [flags]
+
+Flags:
+  -h, --help   help for migrate
+
+Global Flags:
+  -a, --account string      account subdomain of URL (i.e. <ACCOUNT>.lacework.net)
+  -k, --api_key string      access key id
+  -s, --api_secret string   secret access key
+      --api_token string    access token (replaces the use of api_key and api_secret)
+      --debug               turn on debug logging
+      --json                switch commands output from human-readable to json format
+      --nocache             turn off caching
+      --nocolor             turn off colors
+      --noninteractive      turn off interactive mode (disable spinners, prompts, etc.)
+      --organization        access organization level data sets (org admins only)
+  -p, --profile string      switch between profiles configured at ~/.lacework.toml
+      --subaccount string   sub-account name inside your organization (org admins only)

Original file line number	Diff line number	Diff line change
`@@ -127,6 +127,8 @@ const (`
`127`	`127`	`apiSuppressions = "v2/suppressions/%s/allExceptions"`
`128`	`128`
`129`	`129`	`apiRecommendations = "v2/recommendations/%s"`
	`130`	`+`
	`131`	`+ apiV2MigrateGcpAtSes = "v2/migrateGcpAtSes"`
`130`	`132`	`)`
`131`	`133`
`132`	`134`	`// WithApiV2 configures the client to use the API version 2 (/api/v2)`