feat(dspm): expose configuration properties for AWS/Azure DSPM Cloud Accounts#1820
feat(dspm): expose configuration properties for AWS/Azure DSPM Cloud Accounts#1820kirklandnuts merged 2 commits intomainfrom
Conversation
| // RequestEncoderDecoderWithToken performs an HTTP request using a server token | ||
| // for authentication instead of the client's API key token. Used for endpoints | ||
| // authenticated via ServerTokenProps (e.g., POST /api/v2/dspm/status). | ||
| func (c *Client) RequestEncoderDecoderWithToken(method, path, token string, data, v interface{}) error { | ||
| body, err := jsonReader(data) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| apiPath, err := url.Parse(c.apiPath(path)) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| u := c.baseURL.ResolveReference(apiPath) | ||
| request, err := http.NewRequest(method, u.String(), body) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| request.Header.Set("Authorization", token) | ||
| request.Header.Set("Content-Type", "application/json") | ||
| request.Header.Set("Accept", "application/json") | ||
|
|
||
| for k, v := range c.headers { | ||
| request.Header.Set(k, v) | ||
| } | ||
|
|
||
| res, err := c.DoDecoder(request, v) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| defer res.Body.Close() | ||
| return nil | ||
| } | ||
|
|
There was a problem hiding this comment.
This is needed because we want to update the status of a DSPM integration depending on the configuration values via the POST /api/v2/dspm/status API. This API is authenticated via server token rather than access token (created using API key) - unless I'm mistaken, we've yet to call any server token authenticated APIs from go-sdk.
@PengyuanZhao Having said that, I wanted to check with you if this looks alright to you, or if I'm missing anything.
@wilderj If we conclude that we don't want to make any server token authenticated calls from go-sdk, then we'll need to modify api-server to expose another API that's authenticated via access token (or add it as an auth method on the existing API, if that's possible).
3 participants
Summary
This PR exposes props used to configure various parameters for DSPM integrations:
ScanIntervalHours: how frequently the DSPM integration will scan, in hoursMaxDownloadBytes: max size of files to scan, in bytesDatastoreFilters: optionally include/exclude specific datastores when scanningThese changes are required to enable users to configure their DSPM integrations directly using Terraform (rather than having to configure via the UI). For additional context, see lacework/terraform-azure-dspm#8 and lacework/terraform-aws-dspm#8.
How did you test this change?
See testing description for lacework/terraform-azure-dspm#8 and lacework/terraform-aws-dspm#8.
Issue
https://lacework.atlassian.net/browse/AWLS2-960