Skip to content

Commit

Permalink
refactor: encourage the use of anonymous queries (#280)
Browse files Browse the repository at this point in the history
The motivation of this change it to avoid making our users set the query
id twice, it makes no sense to allow them to configure a different query
id, especially not since the platform enforces that both, the query id and
the query text match.

Furthermore, we have introduced the concept of anonymous queries, such
queries are encouraged and should the default way that users create and
manage LQL queries.

This change updates all documentation and tests to avoid adding the
query id inside the query text.

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
  • Loading branch information
afiune authored Mar 2, 2022
1 parent 953300a commit b7c2d4c
Show file tree
Hide file tree
Showing 4 changed files with 80 additions and 7 deletions.
2 changes: 1 addition & 1 deletion examples/resource_lacework_query/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ variable "query_id" {
variable "query" {
type = string
default = <<EOT
Lql_Terraform_Query {
{
source {
CloudTrailRawEvents
}
Expand Down
79 changes: 76 additions & 3 deletions integration/resource_lacework_query_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,63 @@ func TestQueryCreate(t *testing.T) {
assert.Equal(t, queryStringK8, actualQuery)
}

func TestQueryDeprecatedSytaxWithID(t *testing.T) {
terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
TerraformDir: "../examples/resource_lacework_query",
Vars: map[string]interface{}{
"query_id": "Lql_Terraform_Query",
"query": queryDeprecatedSyntaxWithID},
})
defer terraform.Destroy(t, terraformOptions)

// Create new Query
create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
createProps := GetQueryProps(create)

actualQueryID := terraform.Output(t, terraformOptions, "query_id")
actualQuery := terraform.Output(t, terraformOptions, "query")

assert.Equal(t, "Lql_Terraform_Query", createProps.Data.QueryID)
assert.Equal(t, queryDeprecatedSyntaxWithID, createProps.Data.QueryText)

assert.Equal(t, "Lql_Terraform_Query", actualQueryID)
assert.Equal(t, queryDeprecatedSyntaxWithID, actualQuery)

// Update Query
terraformOptions.Vars = map[string]interface{}{
"query_id": "Lql_Terraform_Query",
"query": updateQueryDeprecatedSyntaxWithID,
}

update := terraform.ApplyAndIdempotent(t, terraformOptions)
updateProps := GetQueryProps(update)

actualQueryID = terraform.Output(t, terraformOptions, "query_id")
actualQuery = terraform.Output(t, terraformOptions, "query")

assert.Equal(t, "Lql_Terraform_Query", updateProps.Data.QueryID)
assert.Equal(t, updateQueryDeprecatedSyntaxWithID, updateProps.Data.QueryText)

assert.Equal(t, "Lql_Terraform_Query", actualQueryID)
assert.Equal(t, updateQueryDeprecatedSyntaxWithID, actualQuery)

// Run apply again
thirdApply := terraform.ApplyAndIdempotent(t, terraformOptions)

thirdApplyProps := GetQueryProps(thirdApply)

actualQueryID = terraform.Output(t, terraformOptions, "query_id")
actualQuery = terraform.Output(t, terraformOptions, "query")

assert.Equal(t, "Lql_Terraform_Query", thirdApplyProps.Data.QueryID)
assert.Equal(t, updateQueryDeprecatedSyntaxWithID, thirdApplyProps.Data.QueryText)

assert.Equal(t, "Lql_Terraform_Query", actualQueryID)
assert.Equal(t, updateQueryDeprecatedSyntaxWithID, actualQuery)
}

var (
queryString = `Lql_Terraform_Query {
queryString = `{
source {
CloudTrailRawEvents
}
Expand All @@ -139,7 +194,7 @@ var (
EVENT
}
}`
queryStringK8 = `Lql_Terraform_Query {
queryStringK8 = `{
source {
LW_ACT_K8S_AUDIT
}
Expand All @@ -157,7 +212,7 @@ var (
}
}`

updatedQueryString = `Lql_Terraform_Query {
updatedQueryString = `{
source {
CloudTrailRawEvents
}
Expand All @@ -176,4 +231,22 @@ var (
EVENT
}
}`

queryDeprecatedSyntaxWithID = `Lql_Terraform_Query {
source {
CloudTrailRawEvents
}
filter {
ERROR_CODE is null
}
return distinct {
EVENT
}
}`

updateQueryDeprecatedSyntaxWithID = `Lql_Terraform_Query{
source { CloudTrailRawEvents }
filter { ERROR_CODE is null }
return distinct { EVENT }
}`
)
2 changes: 1 addition & 1 deletion website/docs/r/policy.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ Create a Lacework Policy to check for a change of password from an RDS cluster.
resource "lacework_query" "AWS_CTA_AuroraPasswordChange" {
query_id = "TF_AWS_CTA_AuroraPasswordChange"
query = <<EOT
TF_AWS_CTA_AuroraPasswordChange {
{
source {
CloudTrailRawEvents
}
Expand Down
4 changes: 2 additions & 2 deletions website/docs/r/query.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Query all EC2 instances with public IP addresses.
resource "lacework_query" "example" {
query_id = "TF_AWS_Config_EC2InstanceWithPublicIPAddress"
query = <<EOT
TF_AWS_Config_EC2InstanceWithPublicIPAddress {
{
source {
LW_CFG_AWS_EC2_INSTANCES
}
Expand Down Expand Up @@ -50,7 +50,7 @@ Query CloutTrail events and filter only S3 buckets with ACL 'public-read', 'publ
resource "lacework_query" "example" {
query_id = "TF_AWS_CTA_S3PublicACLCreated"
query = <<EOT
TF_AWS_CTA_S3PublicACLCreated {
{
source {
CloudTrailRawEvents
}
Expand Down

0 comments on commit b7c2d4c

Please sign in to comment.