feat: Test Alert Channels during TF Create (#133)

https://lacework.atlassian.net/browse/ALLY-331

*Example of adding Test Integration to TF Create of Alert Channels

Alert Channel resources run "Test Integration" `v2/AlertChannels/IntGuid/test` during Terraform Create.
The resource is deleted upon failing the Test.

Skip running the Test Integration with `test_integration` flag

```
resource "lacework_alert_channel_datadog" "example" {
  name            = var.channel_name
  ...
  test_integration    = true
}
```

Signed-off-by: Darren Murray <darren.murray@lacework.net>

examples/resource_lacework_alert_channel_datadog/main.tf

@@ -14,8 +14,14 @@ variable "channel_name" {
 }
 
 resource "lacework_alert_channel_datadog" "example" {
-  name            = var.channel_name
-  datadog_site    = "eu"
-  datadog_service = "Events Summary"
-  api_key         = "datadog-key"
+  name             = var.channel_name
+  datadog_site     = "eu"
+  datadog_service  = "Events Summary"
+  api_key          = "datadog-key"
+
+  // test_integration input is used in this example only for testing
+  // purposes, it help us avoid sending a "test" request to the
+  // system we are integrating to. In production, this should remain
+  // turned on ("true") which is the default setting
+  test_integration = false
 }

examples/resource_lacework_alert_channel_email/main.tf

@@ -16,4 +16,10 @@ variable "channel_name" {
 resource "lacework_alert_channel_email" "example" {
   name       = var.channel_name
   recipients = ["foo@example.com"]
+
+  // test_integration input is used in this example only for testing
+  // purposes, it help us avoid sending a "test" request to the
+  // system we are integrating to. In production, this should remain
+  // turned on ("true") which is the default setting
+  test_integration = false
 }

go.sum

@@ -353,8 +353,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78=
-github.com/gruntwork-io/terratest v0.37.2 h1:qHf2y9YjshwVbkQ88RqoqvW9v7QSYXYlpCWomXFpkuw=
-github.com/gruntwork-io/terratest v0.37.2/go.mod h1:CSHpZNJdqYQ+TUrigM100jcahRUV5X6w7K2kZJ8iylY=
+github.com/gruntwork-io/terratest v0.36.8 h1:V4vuJSK23iTDGpu6mkLDUK9xSTWRblABX4RMI9kh+SU=
+github.com/gruntwork-io/terratest v0.36.8/go.mod h1:3zzDkmFBGDcSwQRaXS/LKnobwnff09oo5z/B6SVwRy8=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
@@ -664,9 +664,7 @@ github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6Ac
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
-github.com/vmihailenco/msgpack/v5 v5.2.0/go.mod h1:fEM7KuHcnm0GvDCztRpw9hV0PuoO2ciTismP6vjggcM=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
-github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
 github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=

lacework/alert_channel.go

@@ -0,0 +1,19 @@
+package lacework
+
+import (
+	"github.com/pkg/errors"
+
+	"github.com/lacework/go-sdk/api"
+)
+
+// VerifyAlertChannel tests the integration of an alert channel
+func VerifyAlertChannel(id string, lacework *api.Client) error {
+	if err := lacework.V2.AlertChannels.Test(id); err != nil {
+		// rollback terraform create upon error testing integration
+		if deleteErr := lacework.V2.AlertChannels.Delete(id); deleteErr != nil {
+			return errors.Wrapf(deleteErr, "Unable to rollback changes: %v", err)
+		}
+		return err
+	}
+	return nil
+}

lacework/resource_lacework_alert_channel_aws_cloudwatch.go

@@ -55,6 +55,12 @@ func resourceLaceworkAlertChannelAwsCloudWatch() *schema.Resource {
 					}
 				},
 			},
+			"test_integration": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Whether to test the integration of an alert channel upon creation",
+			},
 			"created_or_updated_time": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -84,6 +90,7 @@ func resourceLaceworkAlertChannelAwsCloudWatchCreate(d *schema.ResourceData, met
 				IssueGrouping: d.Get("group_issues_by").(string),
 			},
 		)
+		testIntegration = d.Get("test_integration").(bool)
 	)
 	if !d.Get("enabled").(bool) {
 		alert.Enabled = 0
@@ -112,6 +119,15 @@ func resourceLaceworkAlertChannelAwsCloudWatchCreate(d *schema.ResourceData, met
 	d.Set("type_name", integration.TypeName)
 	d.Set("org_level", integration.IsOrg == 1)
 
+	if testIntegration {
+		log.Printf("[INFO] Testing %s integration for guid:%s\n", api.DatadogChannelIntegration, d.Id())
+		err := VerifyAlertChannel(d.Id(), lacework)
+		if err != nil {
+			return err
+		}
+		log.Printf("[INFO] Tested %s integration with guid: %s successfully \n", api.DatadogChannelIntegration, d.Id())
+	}
+
 	log.Printf("[INFO] Created %s integration with guid: %v\n", api.AwsCloudWatchIntegration, integration.IntgGuid)
 	return nil
 }

lacework/resource_lacework_alert_channel_aws_s3.go

@@ -58,6 +58,12 @@ func resourceLaceworkAlertChannelAwsS3() *schema.Resource {
 					},
 				},
 			},
+			"test_integration": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Whether to test the integration of an alert channel upon creation",
+			},
 			"created_or_updated_by": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -86,6 +92,7 @@ func resourceLaceworkAlertChannelAwsS3Create(d *schema.ResourceData, meta interf
 				},
 			},
 		)
+		testIntegration = d.Get("test_integration").(bool)
 	)
 	if !d.Get("enabled").(bool) {
 		s3.Enabled = 0
@@ -113,6 +120,15 @@ func resourceLaceworkAlertChannelAwsS3Create(d *schema.ResourceData, meta interf
 	d.Set("type_name", integration.TypeName)
 	d.Set("org_level", integration.IsOrg == 1)
 
+	if testIntegration {
+		log.Printf("[INFO] Testing %s integration for guid:%s\n", api.DatadogChannelIntegration, d.Id())
+		err := VerifyAlertChannel(d.Id(), lacework)
+		if err != nil {
+			return err
+		}
+		log.Printf("[INFO] Tested %s integration with guid: %s successfully \n", api.DatadogChannelIntegration, d.Id())
+	}
+
 	log.Printf("[INFO] Created %s integration with guid: %v\n", api.AwsS3ChannelIntegration, integration.IntgGuid)
 	return nil
 }

lacework/resource_lacework_alert_channel_cisco_webex.go

@@ -37,6 +37,12 @@ func resourceLaceworkAlertChannelCiscoWebex() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+			"test_integration": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Whether to test the integration of an alert channel upon creation",
+			},
 			"created_or_updated_time": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -65,6 +71,7 @@ func resourceLaceworkAlertChannelCiscoWebexCreate(d *schema.ResourceData, meta i
 				WebhookURL: d.Get("webhook_url").(string),
 			},
 		)
+		testIntegration = d.Get("test_integration").(bool)
 	)
 	if !d.Get("enabled").(bool) {
 		webex.Enabled = 0
@@ -92,6 +99,15 @@ func resourceLaceworkAlertChannelCiscoWebexCreate(d *schema.ResourceData, meta i
 	d.Set("type_name", integration.TypeName)
 	d.Set("org_level", integration.IsOrg == 1)
 
+	if testIntegration {
+		log.Printf("[INFO] Testing %s integration for guid:%s\n", api.DatadogChannelIntegration, d.Id())
+		err := VerifyAlertChannel(d.Id(), lacework)
+		if err != nil {
+			return err
+		}
+		log.Printf("[INFO] Tested %s integration with guid: %s successfully \n", api.DatadogChannelIntegration, d.Id())
+	}
+
 	log.Printf("[INFO] Created %s integration with guid: %v\n", api.CiscoWebexChannelIntegration, integration.IntgGuid)
 	return nil
 }

lacework/resource_lacework_alert_channel_datadog.go

@@ -75,6 +75,12 @@ func resourceLaceworkAlertChannelDatadog() *schema.Resource {
 				Sensitive:   true,
 				Description: "The Datadog api key required to submit metrics and events to Datadog",
 			},
+			"test_integration": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Whether to test the integration of an alert channel upon creation",
+			},
 			"intg_guid": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -102,6 +108,7 @@ func resourceLaceworkAlertChannelDatadog() *schema.Resource {
 func resourceLaceworkAlertChannelDatadogCreate(d *schema.ResourceData, meta interface{}) error {
 	site, _ := api.DatadogSite(d.Get("datadog_site").(string))
 	service, _ := api.DatadogService(d.Get("datadog_service").(string))
+	testIntegration := d.Get("test_integration").(bool)
 
 	var (
 		lacework = meta.(*api.Client)
@@ -139,7 +146,16 @@ func resourceLaceworkAlertChannelDatadogCreate(d *schema.ResourceData, meta inte
 	d.Set("type_name", integration.TypeName)
 	d.Set("org_level", integration.IsOrg == 1)
 
-	log.Printf("[INFO] Created %s integration with guid: %v\n", api.DatadogChannelIntegration, integration.IntgGuid)
+	if testIntegration {
+		log.Printf("[INFO] Testing %s integration for guid:%s\n", api.DatadogChannelIntegration, d.Id())
+		err := VerifyAlertChannel(d.Id(), lacework)
+		if err != nil {
+			return err
+		}
+		log.Printf("[INFO] Tested %s integration with guid: %s successfully \n", api.DatadogChannelIntegration, d.Id())
+	}
+
+	log.Printf("[INFO] Created %s integration with guid: %s\n", api.DatadogChannelIntegration, d.Id())
 	return nil
 }
 

lacework/resource_lacework_alert_channel_email.go

@@ -44,6 +44,12 @@ func resourceLaceworkAlertChannelEmail() *schema.Resource {
 					},
 				},
 			},
+			"test_integration": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Whether to test the integration of an alert channel upon creation",
+			},
 			"intg_guid": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -79,6 +85,7 @@ func resourceLaceworkAlertChannelEmailCreate(d *schema.ResourceData, meta interf
 				},
 			},
 		)
+		testIntegration = d.Get("test_integration").(bool)
 	)
 	if !d.Get("enabled").(bool) {
 		emailAlertChan.Enabled = 0
@@ -99,6 +106,15 @@ func resourceLaceworkAlertChannelEmailCreate(d *schema.ResourceData, meta interf
 	d.Set("type_name", response.Data.Type)
 	d.Set("org_level", response.Data.IsOrg == 1)
 
+	if testIntegration {
+		log.Printf("[INFO] Testing %s integration for guid:%s\n", api.DatadogChannelIntegration, d.Id())
+		err := VerifyAlertChannel(d.Id(), lacework)
+		if err != nil {
+			return err
+		}
+		log.Printf("[INFO] Tested %s integration with guid: %s successfully \n", api.DatadogChannelIntegration, d.Id())
+	}
+
 	log.Printf("[INFO] Created %s integration with guid: %s\n", api.EmailUserAlertChannel, response.Data.IntgGuid)
 	return nil
 }

lacework/resource_lacework_alert_channel_gcp_pub_sub.go

@@ -98,6 +98,12 @@ func resourceLaceworkAlertChannelGcpPubSub() *schema.Resource {
 					},
 				},
 			},
+			"test_integration": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Whether to test the integration of an alert channel upon creation",
+			},
 			"created_or_updated_by": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -130,6 +136,7 @@ func resourceLaceworkAlertChannelGcpPubSubCreate(d *schema.ResourceData, meta in
 				},
 			},
 		)
+		testIntegration = d.Get("test_integration").(bool)
 	)
 	if !d.Get("enabled").(bool) {
 		s3.Enabled = 0
@@ -157,6 +164,15 @@ func resourceLaceworkAlertChannelGcpPubSubCreate(d *schema.ResourceData, meta in
 	d.Set("type_name", integration.TypeName)
 	d.Set("org_level", integration.IsOrg == 1)
 
+	if testIntegration {
+		log.Printf("[INFO] Testing %s integration for guid:%s\n", api.DatadogChannelIntegration, d.Id())
+		err := VerifyAlertChannel(d.Id(), lacework)
+		if err != nil {
+			return err
+		}
+		log.Printf("[INFO] Tested %s integration with guid: %s successfully \n", api.DatadogChannelIntegration, d.Id())
+	}
+
 	log.Printf("[INFO] Created %s integration with guid: %v\n", api.GcpPubSubChannelIntegration, integration.IntgGuid)
 	return nil
 }

lacework/resource_lacework_alert_channel_jira_cloud.go

@@ -78,6 +78,12 @@ func resourceLaceworkAlertChannelJiraCloud() *schema.Resource {
 					}
 				},
 			},
+			"test_integration": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Whether to test the integration of an alert channel upon creation",
+			},
 			"created_or_updated_time": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -110,6 +116,7 @@ func resourceLaceworkAlertChannelJiraCloudCreate(d *schema.ResourceData, meta in
 			Username:      d.Get("username").(string),
 			ApiToken:      d.Get("api_token").(string),
 		}
+		testIntegration = d.Get("test_integration").(bool)
 	)
 
 	if len(customTemplateJSON) != 0 {
@@ -144,6 +151,15 @@ func resourceLaceworkAlertChannelJiraCloudCreate(d *schema.ResourceData, meta in
 	d.Set("type_name", integration.TypeName)
 	d.Set("org_level", integration.IsOrg == 1)
 
+	if testIntegration {
+		log.Printf("[INFO] Testing %s integration for guid:%s\n", api.DatadogChannelIntegration, d.Id())
+		err := VerifyAlertChannel(d.Id(), lacework)
+		if err != nil {
+			return err
+		}
+		log.Printf("[INFO] Tested %s integration with guid: %s successfully \n", api.DatadogChannelIntegration, d.Id())
+	}
+
 	log.Printf("[INFO] Created %s integration with guid: %v\n", api.JiraIntegration, integration.IntgGuid)
 	return nil
 }

lacework/resource_lacework_alert_channel_jira_server.go

@@ -77,6 +77,12 @@ func resourceLaceworkAlertChannelJiraServer() *schema.Resource {
 					}
 				},
 			},
+			"test_integration": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     true,
+				Description: "Whether to test the integration of an alert channel upon creation",
+			},
 			"created_or_updated_time": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -109,6 +115,7 @@ func resourceLaceworkAlertChannelJiraServerCreate(d *schema.ResourceData, meta i
 			Username:      d.Get("username").(string),
 			Password:      d.Get("password").(string),
 		}
+		testIntegration = d.Get("test_integration").(bool)
 	)
 
 	if len(customTemplateJSON) != 0 {
@@ -143,6 +150,15 @@ func resourceLaceworkAlertChannelJiraServerCreate(d *schema.ResourceData, meta i
 	d.Set("type_name", integration.TypeName)
 	d.Set("org_level", integration.IsOrg == 1)
 
+	if testIntegration {
+		log.Printf("[INFO] Testing %s integration for guid:%s\n", api.DatadogChannelIntegration, d.Id())
+		err := VerifyAlertChannel(d.Id(), lacework)
+		if err != nil {
+			return err
+		}
+		log.Printf("[INFO] Tested %s integration with guid: %s successfully \n", api.DatadogChannelIntegration, d.Id())
+	}
+
 	log.Printf("[INFO] Created %s integration with guid: %v\n", api.JiraIntegration, integration.IntgGuid)
 	return nil
 }