SSPROD-29308: Implement CloudAccount client v2 for Secure

Change summary: ----------------- Adding a new CloudAccount client v2 for making Secure BE (cloudauth) APIs to support API-only onboarding support.
sysdiglabs · Sep 5, 2023 · 5be3781 · 5be3781
1 parent e07821e
commit 5be3781
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 0 deletions.
diff --git a/sysdig/internal/client/v2/cloud_account_v2.go b/sysdig/internal/client/v2/cloud_account_v2.go
@@ -0,0 +1,97 @@
+package v2
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+const (
+	cloudAccountsPathV2 = "%s/api/cloudauth/v1/accounts"
+	cloudAccountPathV2  = "%s/api/cloudauth/v1/accounts/%s"
+)
+
+type CloudAccountSecureInterfaceV2 interface {
+	Base
+	CreateCloudAccountSecureV2(ctx context.Context, cloudAccount *CloudAccountSecureV2) (*CloudAccountSecureV2, error)
+	GetCloudAccountSecureV2(ctx context.Context, accountID string) (*CloudAccountSecureV2, error)
+	DeleteCloudAccountSecureV2(ctx context.Context, accountID string) error
+	UpdateCloudAccountSecureV2(ctx context.Context, accountID string, cloudAccount *CloudAccountSecureV2) (*CloudAccountSecureV2, error)
+}
+
+func (client *Client) CreateCloudAccountSecureV2(ctx context.Context, cloudAccount *CloudAccountSecureV2) (*CloudAccountSecureV2, error) {
+	// TODO: convert payload as per cloudauth API request object OR till API is updated return {}, nil
+	payload, err := Marshal(cloudAccount)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := client.requester.Request(ctx, http.MethodPost, client.cloudAccountsV2URL(), payload)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+		err = client.ErrorFromResponse(response)
+		return nil, err
+	}
+
+	// TODO: convert response as per return CloudAccountSecureV2 struct OR till API is updated return {}, nil
+	return Unmarshal[*CloudAccountSecureV2](response.Body)
+}
+
+func (client *Client) GetCloudAccountSecureV2(ctx context.Context, accountID string) (*CloudAccountSecureV2, error) {
+	response, err := client.requester.Request(ctx, http.MethodGet, client.cloudAccountV2URL(accountID), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		return nil, client.ErrorFromResponse(response)
+	}
+
+	return Unmarshal[*CloudAccountSecureV2](response.Body)
+}
+
+func (client *Client) DeleteCloudAccountSecureV2(ctx context.Context, accountID string) error {
+	response, err := client.requester.Request(ctx, http.MethodDelete, client.cloudAccountV2URL(accountID), nil)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusNoContent && response.StatusCode != http.StatusOK {
+		return client.ErrorFromResponse(response)
+	}
+	return nil
+}
+
+func (client *Client) UpdateCloudAccountSecureV2(ctx context.Context, accountID string, cloudAccount *CloudAccountSecureV2) (*CloudAccountSecureV2, error) {
+	payload, err := Marshal(cloudAccount)
+	if err != nil {
+		return nil, err
+	}
+
+	response, err := client.requester.Request(ctx, http.MethodPut, client.cloudAccountV2URL(accountID), payload)
+	if err != nil {
+		return nil, err
+	}
+	defer response.Body.Close()
+
+	if response.StatusCode != http.StatusOK {
+		err = client.ErrorFromResponse(response)
+		return nil, err
+	}
+
+	return Unmarshal[*CloudAccountSecureV2](response.Body)
+}
+
+func (client *Client) cloudAccountsV2URL() string {
+	return fmt.Sprintf(cloudAccountsPathV2, client.config.url)
+}
+
+func (client *Client) cloudAccountV2URL(accountID string) string {
+	return fmt.Sprintf(cloudAccountPathV2, client.config.url, accountID)
+}
diff --git a/sysdig/internal/client/v2/model.go b/sysdig/internal/client/v2/model.go
@@ -411,6 +411,16 @@ type CloudAccountSecure struct {
 	WorkLoadIdentityAccountID    string `json:"workloadIdentityAccountId,omitempty"`
 	WorkLoadIdentityAccountAlias string `json:"workLoadIdentityAccountAlias,omitempty"`
 }
+
+type CloudAccountSecureV2 struct {
+	// TODO: we might need more fields based on the module definition finalized for each provider &
+	// feature combination, resulting in the corresponding components info to be passed in here
+	AccountID         string `json:"accountId"`
+	Provider          string `json:"provider"`
+	IntegrationType   string `json:"integrationType"`
+	AdditionalOptions string `json:"additionalOptions"`
+}
+
 type ScanningPolicy struct {
 	ID             string         `json:"id,omitempty"`
 	Version        string         `json:"version,omitempty"`

diff --git a/sysdig/internal/client/v2/sysdig.go b/sysdig/internal/client/v2/sysdig.go
@@ -43,6 +43,7 @@ type SysdigSecure interface {
 	VulnerabilityExceptionListInterface
 	VulnerabilityExceptionInterface
 	CloudAccountSecureInterface
+	CloudAccountSecureInterfaceV2
 }
 
 func (sr *SysdigRequest) Request(ctx context.Context, method string, url string, payload io.Reader) (*http.Response, error) {