chore: re-add compliance enable/disable commands (#1106)

* chore: re-add compliance enable/disable commands

Signed-off-by: Ross <[email protected]>

* chore: fix goimports issues

Signed-off-by: Ross <[email protected]>

* chore: Address review comments. Update databox reports to Map to help simplify code

Signed-off-by: Ross <[email protected]>

* chore: fix goimports issues

Signed-off-by: Ross <[email protected]>

* chore: fix failing unit tests

Signed-off-by: Ross <[email protected]>

* chore: fix failing integration tests

Signed-off-by: Ross <[email protected]>

Signed-off-by: Ross <[email protected]>

Author: rmoles

api/api.go

@@ -130,6 +130,8 @@ const (
 	apiV2OrganizationInfo = "v2/OrganizationInfo"
 
 	apiSuppressions = "v2/suppressions/%s/allExceptions"
+
+	apiRecommendations = "v2/recommendations/%s"
 )
 
 // WithApiV2 configures the client to use the API version 2 (/api/v2)

api/v2.go

@@ -59,6 +59,7 @@ type V2Endpoints struct {
 	Vulnerabilities         *v2VulnerabilitiesService
 	Alerts                  *AlertsService
 	Suppressions            *SuppressionsServiceV2
+	Recommendations         *RecommendationsServiceV2
 }
 
 func NewV2Endpoints(c *Client) *V2Endpoints {
@@ -94,6 +95,11 @@ func NewV2Endpoints(c *Client) *V2Endpoints {
 			&AzureSuppressionsV2{c},
 			&GcpSuppressionsV2{c},
 		},
+		&RecommendationsServiceV2{c,
+			&AwsRecommendationsV2{c},
+			&AzureRecommendationsV2{c},
+			&GcpRecommendationsV2{c},
+		},
 	}
 
 	v2.Schemas.Services = map[integrationSchema]V2Service{

api/v2_recommendations.go

@@ -0,0 +1,143 @@
+//
+// Author:: Ross Moles (<[email protected]>)
+// Copyright:: Copyright 2023, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package api
+
+import (
+	"fmt"
+)
+
+// RecommendationsServiceV2 is a service that interacts with the V2 Recommendations
+// endpoints from the Lacework Server
+type RecommendationsServiceV2 struct {
+	client *Client
+	Aws    recommendationServiceV2
+	Azure  recommendationServiceV2
+	Gcp    recommendationServiceV2
+}
+
+type recommendationServiceV2 interface {
+	List() ([]RecV2, error)
+	Patch(recommendations RecommendationStateV2) (RecommendationResponseV2, error)
+	GetReport(reportType string) ([]RecV2, error)
+}
+
+type RecommendationTypeV2 string
+
+const (
+	AwsRecommendation   RecommendationTypeV2 = "aws"
+	AzureRecommendation RecommendationTypeV2 = "azure"
+	GcpRecommendation   RecommendationTypeV2 = "gcp"
+)
+
+func (svc *RecommendationsServiceV2) list(cloudType RecommendationTypeV2) ([]RecV2, error) {
+	var response RecommendationResponseV2
+	err := svc.client.RequestDecoder("GET", fmt.Sprintf(apiRecommendations, cloudType), nil, &response)
+	return response.RecommendationList(), err
+}
+
+func (svc *RecommendationsServiceV2) patch(cloudType RecommendationTypeV2, recommendations RecommendationStateV2) (
+	response RecommendationResponseV2,
+	err error,
+) {
+	err = svc.client.RequestEncoderDecoder("PATCH", fmt.Sprintf(apiRecommendations, cloudType), recommendations, &response)
+	return
+}
+
+type RecommendationStateV2 map[string]string
+
+type RecommendationDataV2 map[string]RecommendationEnabledV2
+
+type RecV2 struct {
+	ID    string
+	State bool
+}
+
+type RecommendationEnabledV2 struct {
+	Enabled bool `json:"enabled"`
+}
+
+type RecommendationResponseV2 struct {
+	Data    []RecommendationDataV2 `json:"data"`
+	Ok      bool                   `json:"ok"`
+	Message string                 `json:"message"`
+}
+
+func (res *RecommendationResponseV2) RecommendationList() (recommendations []RecV2) {
+	if len(res.Data) > 0 {
+		for k, v := range res.Data[0] {
+			recommendations = append(recommendations, RecV2{k, v.Enabled})
+		}
+	}
+	return
+}
+
+type ReportSchema struct {
+	Name              string            `json:"name"`
+	RecommendationIDs map[string]string `json:"recommendationIDs"`
+}
+
+func NewRecommendationV2State(recommendations []RecV2, state bool) RecommendationStateV2 {
+	request := make(map[string]string)
+	for _, rec := range recommendations {
+		if state {
+			request[rec.ID] = "enable"
+
+		} else {
+			request[rec.ID] = "disable"
+		}
+	}
+	return request
+}
+
+func NewRecommendationV2(recommendations []RecV2) RecommendationStateV2 {
+	request := make(map[string]string)
+	for _, rec := range recommendations {
+		if rec.State {
+			request[rec.ID] = "enable"
+
+		} else {
+			request[rec.ID] = "disable"
+		}
+	}
+	return request
+}
+
+// ReportStatus This is an experimental feature. Returned RecommendationID's are not guaranteed to be correct.
+func (res *RecommendationResponseV2) ReportStatus() map[string]bool {
+	var recommendations = make(map[string]bool)
+
+	for _, rec := range res.RecommendationList() {
+		recommendations[rec.ID] = rec.State
+	}
+
+	return recommendations
+}
+
+// filterRecommendations This is an experimental feature. Returned RecommendationID's are not guaranteed to be correct.
+func filterRecommendations(allRecommendations []RecV2, schema ReportSchema) []RecV2 {
+	var recommendations []RecV2
+
+	for _, rec := range allRecommendations {
+		_, ok := schema.RecommendationIDs[rec.ID]
+		if ok {
+			recommendations = append(recommendations, rec)
+		}
+	}
+	return recommendations
+}

api/v2_recommendations_aws.go

@@ -0,0 +1,69 @@
+//
+// Author:: Ross Moles (<[email protected]>)
+// Copyright:: Copyright 2023, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package api
+
+import (
+	"encoding/json"
+	"errors"
+
+	"github.com/lacework/go-sdk/internal/databox"
+)
+
+// AwsRecommendationsV2 is a service that interacts with the V2 Recommendations
+// endpoints from the Lacework Server
+type AwsRecommendationsV2 struct {
+	client *Client
+}
+
+func (svc *AwsRecommendationsV2) List() ([]RecV2, error) {
+	return svc.client.V2.Recommendations.list(AwsRecommendation)
+}
+
+func (svc *AwsRecommendationsV2) Patch(recommendations RecommendationStateV2) (RecommendationResponseV2, error) {
+	return svc.client.V2.Recommendations.patch(AwsRecommendation, recommendations)
+}
+
+// GetReport This is an experimental feature. Returned RecommendationID's are not guaranteed to be correct. Scoped to Lacework Account/Subaccount
+func (svc *AwsRecommendationsV2) GetReport(reportType string) ([]RecV2, error) {
+	report := struct {
+		Ids map[string]string `json:"recommendation_ids"`
+	}{}
+
+	schemaBytes, ok := databox.Get("/reports/aws/cis.json")
+	if !ok {
+		return []RecV2{}, errors.New(
+			"compliance report schema not found",
+		)
+	}
+
+	err := json.Unmarshal(schemaBytes, &report)
+	if err != nil {
+		return []RecV2{}, err
+	}
+
+	schema := ReportSchema{reportType, report.Ids}
+
+	// fetch all aws recommendations
+	allRecommendations, err := svc.client.V2.Recommendations.Aws.List()
+	if err != nil {
+		return []RecV2{}, err
+	}
+	filteredRecommendations := filterRecommendations(allRecommendations, schema)
+	return filteredRecommendations, nil
+}

api/v2_recommendations_aws_test.go

@@ -0,0 +1,61 @@
+//
+// Author:: Darren Murray (<[email protected]>)
+// Copyright:: Copyright 2022, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package api_test
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/lacework/go-sdk/api"
+	"github.com/lacework/go-sdk/internal/lacework"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRecommendationsAwsGetReport(t *testing.T) {
+	var (
+		expectedLen = 160
+		fakeServer  = lacework.MockServer()
+	)
+
+	fakeServer.MockToken("TOKEN")
+	fakeServer.UseApiV2()
+	fakeServer.MockAPI("recommendations/aws",
+		func(w http.ResponseWriter, r *http.Request) {
+			assert.Equal(t, "GET", r.Method, "GetReport() should be a GET method")
+			Recommendations := generateRecommendations()
+			fmt.Fprintf(w, Recommendations)
+		},
+	)
+	defer fakeServer.Close()
+
+	c, err := api.NewClient("test",
+		api.WithToken("TOKEN"),
+		api.WithURL(fakeServer.URL()),
+	)
+	assert.Nil(t, err)
+
+	response, err := c.V2.Recommendations.Aws.GetReport("CIS_1_1")
+	assert.Nil(t, err)
+	assert.NotNil(t, response)
+	assert.Equal(t, expectedLen, len(response))
+	for _, rec := range response {
+		assert.NotEmpty(t, rec.ID)
+	}
+}

api/v2_recommendations_azure.go

@@ -0,0 +1,86 @@
+//
+// Author:: Ross Moles (<[email protected]>)
+// Copyright:: Copyright 2023, Lacework Inc.
+// License:: Apache License, Version 2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/lacework/go-sdk/internal/databox"
+)
+
+// AzureRecommendationsV2 is a service that interacts with the V2 Recommendations
+// endpoints from the Lacework Server
+type AzureRecommendationsV2 struct {
+	client *Client
+}
+
+func (svc *AzureRecommendationsV2) List() ([]RecV2, error) {
+	return svc.client.V2.Recommendations.list(AzureRecommendation)
+}
+
+func (svc *AzureRecommendationsV2) Patch(recommendations RecommendationStateV2) (RecommendationResponseV2, error) {
+	return svc.client.V2.Recommendations.patch(AzureRecommendation, recommendations)
+}
+
+// GetReport This is an experimental feature. Returned RecommendationID's are not guaranteed to be correct. Scoped to Lacework Account/Subaccount
+func (svc *AzureRecommendationsV2) GetReport(reportType string) ([]RecV2, error) {
+	var (
+		schemaBytes []byte
+		ok          bool
+	)
+	report := struct {
+		Ids map[string]string `json:"recommendation_ids"`
+	}{}
+
+	switch reportType {
+	case "CIS_1_0":
+		schemaBytes, ok = databox.Get("/reports/azure/cis.json")
+		if !ok {
+			return []RecV2{}, errors.New(
+				"compliance report schema not found",
+			)
+		}
+	case "CIS_1_3_1":
+		schemaBytes, ok = databox.Get("/reports/azure/cis_131.json")
+		if !ok {
+			return []RecV2{}, errors.New(
+				"compliance report schema not found",
+			)
+		}
+	default:
+		return nil, fmt.Errorf("unable to find recommendations for report type %s", reportType)
+	}
+
+	err := json.Unmarshal(schemaBytes, &report)
+	if err != nil {
+		return []RecV2{}, err
+	}
+
+	schema := ReportSchema{reportType, report.Ids}
+
+	// fetch all azure recommendations
+	allRecommendations, err := svc.client.V2.Recommendations.Azure.List()
+	if err != nil {
+		return []RecV2{}, err
+	}
+	filteredRecommendations := filterRecommendations(allRecommendations, schema)
+	return filteredRecommendations, nil
+}