add account mapping for aws and gcp sidekick in api (#1251)

Author: wl-smith

api/cloud_accounts_aws_sidekick_org.go

@@ -18,6 +18,12 @@
 
 package api
 
+import (
+	"encoding/base64"
+	"fmt"
+	"strings"
+)
+
 // GetAwsSidekickOrg gets a single AwsSidekickOrg integration matching the provided integration guid
 func (svc *CloudAccountsService) GetAwsSidekickOrg(guid string) (
 	response AwsSidekickOrgResponse,
@@ -70,7 +76,29 @@ type AwsSidekickOrgData struct {
 	ManagementAccount string `json:"managementAccount,omitempty"`
 	MonitoredAccounts string `json:"monitoredAccounts"`
 
-	AccountID         string                             `json:"awsAccountId,omitempty"`
-	BucketArn         string                             `json:"bucketArn,omitempty"`
-	CrossAccountCreds AwsSidekickCrossAccountCredentials `json:"crossAccountCredentials"`
+	AccountID          string                             `json:"awsAccountId,omitempty"`
+	BucketArn          string                             `json:"bucketArn,omitempty"`
+	CrossAccountCreds  AwsSidekickCrossAccountCredentials `json:"crossAccountCredentials"`
+	AccountMappingFile string                             `json:"accountMappingFile,omitempty"`
+}
+
+func (aws *AwsSidekickOrgData) EncodeAccountMappingFile(mapping []byte) {
+	encodedMappings := base64.StdEncoding.EncodeToString(mapping)
+	aws.AccountMappingFile = fmt.Sprintf("data:application/json;name=i.json;base64,%s", encodedMappings)
+}
+
+func (aws *AwsSidekickOrgData) DecodeAccountMappingFile() ([]byte, error) {
+	if len(aws.AccountMappingFile) == 0 {
+		return []byte{}, nil
+	}
+
+	var (
+		b64      = strings.Split(aws.AccountMappingFile, ",")
+		raw, err = base64.StdEncoding.DecodeString(b64[1])
+	)
+	if err != nil {
+		return []byte{}, err
+	}
+
+	return raw, nil
 }

api/cloud_accounts_aws_sidekick_org_test.go

@@ -30,13 +30,30 @@ import (
 )
 
 func TestCloudAccountsNewAwsSidekickOrgWithCustomTemplateFile(t *testing.T) {
+	accountMappingJSON := []byte(`{
+		"defaultLaceworkAccountAws": "lw_account_1",
+		"integration_mappings": {
+		  "lw_account_2": {
+			"aws_accounts": [
+			  "234556677",
+			  "774564564"
+			]
+		  },
+		  "lw_account_3": {
+			"aws_accounts": [
+			  "553453453",
+			  "934534535"
+			]
+		  }
+		}
+	  }`)
 	awsSidekickOrgData := api.AwsSidekickOrgData{
 		CrossAccountCreds: api.AwsSidekickCrossAccountCredentials{
 			RoleArn:    "arn:foo:bar",
 			ExternalID: "0123456789",
 		},
 	}
-
+	awsSidekickOrgData.EncodeAccountMappingFile(accountMappingJSON)
 	subject := api.NewCloudAccount("integration_name", api.AwsSidekickOrgCloudAccount, awsSidekickOrgData)
 	assert.Equal(t, api.AwsSidekickOrgCloudAccount.String(), subject.Type)
 
@@ -45,6 +62,21 @@ func TestCloudAccountsNewAwsSidekickOrgWithCustomTemplateFile(t *testing.T) {
 
 	assert.Equal(t, subjectData.CrossAccountCreds.RoleArn, "arn:foo:bar")
 	assert.Equal(t, subjectData.CrossAccountCreds.ExternalID, "0123456789")
+	assert.Contains(t,
+		subjectData.AccountMappingFile,
+		"data:application/json;name=i.json;base64,",
+		"check the custom_template_file encoder",
+	)
+	accountMapping, err := subjectData.DecodeAccountMappingFile()
+	assert.Nil(t, err)
+	assert.Equal(t, accountMappingJSON, accountMapping)
+
+	// When there is no custom account mapping file, this function should
+	// return an empty string to match the pattern
+	subjectData.AccountMappingFile = ""
+	accountMapping, err = subjectData.DecodeAccountMappingFile()
+	assert.Nil(t, err)
+	assert.Empty(t, accountMapping)
 }
 
 func TestCloudAccountsAwsSidekickOrgGet(t *testing.T) {

api/cloud_accounts_gcp_sidekick.go

@@ -18,6 +18,12 @@
 
 package api
 
+import (
+	"encoding/base64"
+	"fmt"
+	"strings"
+)
+
 // GetGcpSidekick gets a single GcpSidekick integration matching the provided integration guid
 func (svc *CloudAccountsService) GetGcpSidekick(guid string) (
 	response GcpSidekickIntegrationResponse,
@@ -70,9 +76,10 @@ type GcpSidekickData struct {
 	FilterList        string `json:"filterList,omitempty"`
 	QueryText         string `json:"queryText,omitempty"`
 	//ScanFrequency in hours, 24 == 24 hours
-	ScanFrequency           int  `json:"scanFrequency"`
-	ScanContainers          bool `json:"scanContainers"`
-	ScanHostVulnerabilities bool `json:"scanHostVulnerabilities"`
+	ScanFrequency           int    `json:"scanFrequency"`
+	ScanContainers          bool   `json:"scanContainers"`
+	ScanHostVulnerabilities bool   `json:"scanHostVulnerabilities"`
+	AccountMappingFile      string `json:"accountMappingFile,omitempty"`
 }
 
 type GcpSidekickCredentials struct {
@@ -82,3 +89,24 @@ type GcpSidekickCredentials struct {
 	PrivateKey   string `json:"privateKey,omitempty"`
 	TokenUri     string `json:"tokenUri,omitempty"`
 }
+
+func (gcp *GcpSidekickData) EncodeAccountMappingFile(mapping []byte) {
+	encodedMappings := base64.StdEncoding.EncodeToString(mapping)
+	gcp.AccountMappingFile = fmt.Sprintf("data:application/json;name=i.json;base64,%s", encodedMappings)
+}
+
+func (gcp *GcpSidekickData) DecodeAccountMappingFile() ([]byte, error) {
+	if len(gcp.AccountMappingFile) == 0 {
+		return []byte{}, nil
+	}
+
+	var (
+		b64      = strings.Split(gcp.AccountMappingFile, ",")
+		raw, err = base64.StdEncoding.DecodeString(b64[1])
+	)
+	if err != nil {
+		return []byte{}, err
+	}
+
+	return raw, nil
+}

api/cloud_accounts_gcp_sidekick_test.go

@@ -71,11 +71,29 @@ var (
 )
 
 func TestCloudAccountsGcpSidekickCreate(t *testing.T) {
+	accountMappingJSON := []byte(`{
+		"defaultLaceworkAccountAws": "lw_account_1",
+		"integration_mappings": {
+		  "lw_account_2": {
+			"aws_accounts": [
+			  "234556677",
+			  "774564564"
+			]
+		  },
+		  "lw_account_3": {
+			"aws_accounts": [
+			  "553453453",
+			  "934534535"
+			]
+		  }
+		}
+	  }`)
 	integration := api.NewCloudAccount("integration_name", api.GcpSidekickCloudAccount, gcpSidekickData)
 	assert.Equal(t, api.GcpSidekickCloudAccount.String(), integration.Type)
 
 	// casting the data interface{} to type GcpSidekickData
 	integrationData := integration.Data.(api.GcpSidekickData)
+	integrationData.EncodeAccountMappingFile(accountMappingJSON)
 
 	assert.Equal(t, integrationData.IDType, "PROJECT")
 	assert.Equal(t, integrationData.ID, "12345")
@@ -90,6 +108,21 @@ func TestCloudAccountsGcpSidekickCreate(t *testing.T) {
 	assert.Equal(t, integrationData.Credentials.PrivateKeyID, "privateKeyID")
 	assert.Equal(t, integrationData.Credentials.PrivateKey, "privateKey")
 	assert.Equal(t, integrationData.Credentials.TokenUri, "tokenTest")
+	assert.Contains(t,
+		integrationData.AccountMappingFile,
+		"data:application/json;name=i.json;base64,",
+		"check the custom_template_file encoder",
+	)
+	accountMapping, err := integrationData.DecodeAccountMappingFile()
+	assert.Nil(t, err)
+	assert.Equal(t, accountMappingJSON, accountMapping)
+
+	// When there is no custom account mapping file, this function should
+	// return an empty string to match the pattern
+	integrationData.AccountMappingFile = ""
+	accountMapping, err = integrationData.DecodeAccountMappingFile()
+	assert.Nil(t, err)
+	assert.Empty(t, accountMapping)
 }
 
 func TestCloudAccountsGcpSidekickGet(t *testing.T) {