feat: add agentless to generate command for AWS (#1423)

* feat(GROW-2540): add Agentless to generate command

Author: PengyuanZhao

cli/cmd/generate_aws.go

@@ -15,6 +15,7 @@ import (
 
 var (
 	// Define question text here so they can be reused in testing
+	QuestionEnableAgentless             = "Enable Agentless integration?"
 	QuestionAwsEnableConfig             = "Enable configuration integration?"
 	QuestionCustomizeConfigName         = "Customize Config integration name?"
 	QuestionConfigName                  = "Specify name of config integration (optional)"
@@ -57,6 +58,7 @@ var (
 
 	// select options
 	AwsAdvancedOptDone     = "Done"
+	AdvancedOptAgentless   = "Additional Agentless options (placeholder)"
 	AdvancedOptCloudTrail  = "Additional CloudTrail options"
 	AdvancedOptIamRole     = "Configure Lacework integration with an existing IAM role"
 	AdvancedOptAwsAccounts = "Add additional AWS Accounts to Lacework"
@@ -137,6 +139,7 @@ See help output for more details on the parameter value(s) required for Terrafor
 			// Create new struct
 			data := aws.NewTerraform(
 				GenerateAwsCommandState.AwsRegion,
+				GenerateAwsCommandState.Agentless,
 				GenerateAwsCommandState.Config,
 				GenerateAwsCommandState.Cloudtrail,
 				mods...)
@@ -315,6 +318,11 @@ func (a *AwsGenerateCommandExtraState) writeCache() {
 func initGenerateAwsTfCommandFlags() {
 	// add flags to sub commands
 	// TODO Share the help with the interactive generation
+	generateAwsTfCommand.PersistentFlags().BoolVar(
+		&GenerateAwsCommandState.Agentless,
+		"agentless",
+		false,
+		"enable agentless integration")
 	generateAwsTfCommand.PersistentFlags().BoolVar(
 		&GenerateAwsCommandState.Cloudtrail,
 		"cloudtrail",
@@ -486,6 +494,10 @@ func validateAwsProfile(val interface{}) error {
 	return validateStringWithRegex(val, fmt.Sprintf(`^%s$`, AwsProfileRegex), "invalid profile name supplied")
 }
 
+func promptAgentlessQuestions(config *aws.GenerateAwsTfConfigurationArgs) error {
+	return nil
+}
+
 func promptAwsCtQuestions(config *aws.GenerateAwsTfConfigurationArgs, extraState *AwsGenerateCommandExtraState) error {
 	// Only ask these questions if configure cloudtrail is true
 	if err := SurveyMultipleQuestionWithValidation([]SurveyQuestionWithValidationArgs{
@@ -770,6 +782,11 @@ func askAdvancedAwsOptions(config *aws.GenerateAwsTfConfigurationArgs, extraStat
 		// we can have other accounts even if we only have Config integration (Scenario 7)
 		var options []string
 
+		// Only show Advanced Agentless options if Agentless integration is set to true
+		if config.Agentless {
+			options = append(options, AdvancedOptAgentless)
+		}
+
 		// Determine if user specified name for Config is potentially required
 		if config.Config {
 			options = append(options, QuestionCustomizeConfigName)
@@ -799,6 +816,10 @@ func askAdvancedAwsOptions(config *aws.GenerateAwsTfConfigurationArgs, extraStat
 
 		// Based on response, prompt for actions
 		switch answer {
+		case AdvancedOptAgentless:
+			if err := promptAgentlessQuestions(config); err != nil {
+				return err
+			}
 		case AdvancedOptCloudTrail:
 			if err := promptAwsCtQuestions(config, extraState); err != nil {
 				return err
@@ -843,11 +864,6 @@ func askAdvancedAwsOptions(config *aws.GenerateAwsTfConfigurationArgs, extraStat
 	return nil
 }
 
-func configOrCloudtrailEnabled(config *aws.GenerateAwsTfConfigurationArgs) *bool {
-	cloudtrailOrConfigEnabled := config.Cloudtrail || config.Config
-	return &cloudtrailOrConfigEnabled
-}
-
 func awsConfigIsEmpty(g *aws.GenerateAwsTfConfigurationArgs) bool {
 	return !g.Cloudtrail &&
 		!g.Config &&
@@ -893,6 +909,10 @@ func promptAwsGenerate(
 	// These are the core questions that should be asked.  Region required for provider block
 	if err := SurveyMultipleQuestionWithValidation(
 		[]SurveyQuestionWithValidationArgs{
+			{
+				Prompt:   &survey.Confirm{Message: QuestionEnableAgentless, Default: config.Agentless},
+				Response: &config.Agentless,
+			},
 			{
 				Prompt:   &survey.Confirm{Message: QuestionAwsEnableConfig, Default: config.Config},
 				Response: &config.Config,
@@ -905,20 +925,19 @@ func promptAwsGenerate(
 		return err
 	}
 
+	// Validate one of agentless, config or cloudtrail was enabled; otherwise error out
+	if !config.Agentless && !config.Config && !config.Cloudtrail {
+		return errors.New("must enable agentless, cloudtrail or config")
+	}
+
 	if err := SurveyQuestionInteractiveOnly(SurveyQuestionWithValidationArgs{
 		Prompt:   &survey.Input{Message: QuestionAwsRegion, Default: config.AwsRegion},
 		Response: &config.AwsRegion,
 		Opts:     []survey.AskOpt{survey.WithValidator(survey.Required), survey.WithValidator(validateAwsRegion)},
-		Checks:   []*bool{configOrCloudtrailEnabled(config)},
 	}); err != nil {
 		return err
 	}
 
-	// Validate one of config or cloudtrail was enabled; otherwise error out
-	if !config.Config && !config.Cloudtrail {
-		return errors.New("must enable cloudtrail or config")
-	}
-
 	// Find out if the customer wants to specify more advanced features
 	if err := SurveyQuestionInteractiveOnly(SurveyQuestionWithValidationArgs{
 		Prompt:   &survey.Confirm{Message: QuestionAwsConfigAdvanced, Default: extraState.AskAdvanced},

cli/cmd/generate_aws_test.go

@@ -36,7 +36,7 @@ func TestMissingValidEntityToConfigure(t *testing.T) {
 	data := aws.GenerateAwsTfConfigurationArgs{}
 	err := promptAwsGenerate(&data, &aws.ExistingIamRoleDetails{}, &AwsGenerateCommandExtraState{Output: "/tmp"})
 	assert.Error(t, err)
-	assert.Equal(t, "must enable cloudtrail or config", err.Error())
+	assert.Equal(t, "must enable agentless, cloudtrail or config", err.Error())
 }
 
 func TestArnRegex(t *testing.T) {

cli/docs/lacework_generate_cloud-account_aws.md

@@ -37,6 +37,7 @@ lacework generate cloud-account aws [flags]
 ### Options
 
 ```
+      --agentless                             enable agentless integration
       --apply                                 run terraform apply without executing plan or prompting
       --aws_profile string                    specify aws profile
       --aws_region string                     specify aws region