From 1d44193d5539ceed7a7125773de689f7eb686912 Mon Sep 17 00:00:00 2001
From: Vatasha White <vatasha.white@lacework.net>
Date: Tue, 9 Nov 2021 11:12:40 -0800
Subject: [PATCH 1/3] test: fix s3 alert channel integration test

---
 .../main.tf                                   | 21 +++++++--
 ...urce_lacework_alert_channel_aws_s3_test.go | 44 +++++++++++++------
 integration/s3_alert_channel_env_vars.go      | 20 +++++++++
 3 files changed, 69 insertions(+), 16 deletions(-)
 create mode 100644 integration/s3_alert_channel_env_vars.go

diff --git a/examples/resource_lacework_alert_channel_aws_s3/main.tf b/examples/resource_lacework_alert_channel_aws_s3/main.tf
index 2ae238006..c3d62ffe1 100644
--- a/examples/resource_lacework_alert_channel_aws_s3/main.tf
+++ b/examples/resource_lacework_alert_channel_aws_s3/main.tf
@@ -13,12 +13,27 @@ variable "channel_name" {
   default = "AwsS3 Alert Channel Example"
 }
 
+variable "bucket_arn" {
+  type      = string
+  sensitive = true
+}
+
+variable "external_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "role_arn" {
+  type      = string
+  sensitive = true
+}
+
 resource "lacework_alert_channel_aws_s3" "example" {
   name       = var.channel_name
-  bucket_arn = "arn:aws:s3:::bucket_name/key_name"
+  bucket_arn = var.bucket_arn
   credentials {
-    external_id = "12345"
-    role_arn    = "arn:aws:iam::1234567890:role/lacework_iam_example_role"
+    external_id = var.external_id
+    role_arn    = var.role_arn
   }
 
   // test_integration input is used in this example only for testing
diff --git a/integration/resource_lacework_alert_channel_aws_s3_test.go b/integration/resource_lacework_alert_channel_aws_s3_test.go
index 7d1e2f774..9e77ff55c 100644
--- a/integration/resource_lacework_alert_channel_aws_s3_test.go
+++ b/integration/resource_lacework_alert_channel_aws_s3_test.go
@@ -12,20 +12,38 @@ import (
 //
 // It uses the go-sdk to verify the created integration,
 // applies an update with new alert channel name and destroys it
-func _TestAlertChannelAwsS3Create(t *testing.T) {
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/resource_lacework_alert_channel_aws_s3",
-	})
-	defer terraform.Destroy(t, terraformOptions)
+func TestAlertChannelAwsS3Create(t *testing.T) {
+	awsCreds, err := s3LoadCredentials("AWS_S3")
+	s3BucketArn := s3LoadBucketArn()
+	if assert.Nil(t, err, "this test requires you to set AWS_S3 environment variable") {
+		terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+			TerraformDir: "../examples/resource_lacework_alert_channel_aws_s3",
+			Vars: map[string]interface{}{
+				"role_arn":    awsCreds.RoleArn,
+				"external_id": awsCreds.ExternalID,
+			},
+			EnvVars: map[string]string{
+				"TF_VAR_bucket_arn": s3BucketArn,
+			},
+		})
+		defer terraform.Destroy(t, terraformOptions)
 
-	// Create new AwsS3 Alert Channel
-	create := terraform.InitAndApply(t, terraformOptions)
-	assert.Equal(t, "AwsS3 Alert Channel Example", GetIntegrationName(create))
+		// Create new AwsS3 Alert Channel
+		create := terraform.InitAndApply(t, terraformOptions)
+		assert.Equal(t, "AwsS3 Alert Channel Example", GetIntegrationName(create))
 
-	// Update AwsS3 Alert Channel
-	terraformOptions.Vars = map[string]interface{}{
-		"channel_name": "AwsS3 Alert Channel Updated"}
+		// Update AwsS3 Alert Channel
+		terraformOptions.Vars = map[string]interface{}{
+			"channel_name": "AwsS3 Alert Channel Updated",
+			"role_arn":     awsCreds.RoleArn,
+			"external_id":  awsCreds.ExternalID,
+		}
 
-	update := terraform.Apply(t, terraformOptions)
-	assert.Equal(t, "AwsS3 Alert Channel Updated", GetIntegrationName(update))
+		terraformOptions.EnvVars = map[string]string{
+			"TF_VAR_bucket_arn": s3BucketArn,
+		}
+
+		update := terraform.Apply(t, terraformOptions)
+		assert.Equal(t, "AwsS3 Alert Channel Updated", GetIntegrationName(update))
+	}
 }
diff --git a/integration/s3_alert_channel_env_vars.go b/integration/s3_alert_channel_env_vars.go
new file mode 100644
index 000000000..8928a4d17
--- /dev/null
+++ b/integration/s3_alert_channel_env_vars.go
@@ -0,0 +1,20 @@
+package integration
+
+import (
+	"encoding/json"
+	"os"
+)
+
+type s3CredentialsFile struct {
+	RoleArn    string `json:"role_arn"`
+	ExternalID string `json:"external_id"`
+}
+
+func s3LoadBucketArn() string {
+	return os.Getenv("S3_BUCKET_ARN")
+}
+
+func s3LoadCredentials(envVar string) (s s3CredentialsFile, err error) {
+	err = json.Unmarshal([]byte(os.Getenv(envVar)), &s)
+	return
+}

From bede6d2b6bf1d8666d64ae1a04a219091633ac9e Mon Sep 17 00:00:00 2001
From: vatasha <21329981+vatasha@users.noreply.github.com>
Date: Tue, 9 Nov 2021 11:32:47 -0800
Subject: [PATCH 2/3] refactor: address pr feedback

Co-authored-by: Salim Afiune <afiune@lacework.net>
---
 integration/resource_lacework_alert_channel_aws_s3_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/integration/resource_lacework_alert_channel_aws_s3_test.go b/integration/resource_lacework_alert_channel_aws_s3_test.go
index 9e77ff55c..c200b7df6 100644
--- a/integration/resource_lacework_alert_channel_aws_s3_test.go
+++ b/integration/resource_lacework_alert_channel_aws_s3_test.go
@@ -29,7 +29,7 @@ func TestAlertChannelAwsS3Create(t *testing.T) {
 		defer terraform.Destroy(t, terraformOptions)
 
 		// Create new AwsS3 Alert Channel
-		create := terraform.InitAndApply(t, terraformOptions)
+		create := terraform.InitAndApplyAndIdempotent(t, terraformOptions)
 		assert.Equal(t, "AwsS3 Alert Channel Example", GetIntegrationName(create))
 
 		// Update AwsS3 Alert Channel
@@ -43,7 +43,7 @@ func TestAlertChannelAwsS3Create(t *testing.T) {
 			"TF_VAR_bucket_arn": s3BucketArn,
 		}
 
-		update := terraform.Apply(t, terraformOptions)
+		update := terraform.ApplyAndIdempotent(t, terraformOptions)
 		assert.Equal(t, "AwsS3 Alert Channel Updated", GetIntegrationName(update))
 	}
 }

From 0f9f7937512a5db3d299402c053e499620153d98 Mon Sep 17 00:00:00 2001
From: Salim Afiune <afiune@lacework.net>
Date: Tue, 9 Nov 2021 17:51:14 -0600
Subject: [PATCH 3/3] test: fix idempotent issue with S3 alert channel

Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
---
 examples/resource_lacework_alert_channel_aws_s3/main.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/examples/resource_lacework_alert_channel_aws_s3/main.tf b/examples/resource_lacework_alert_channel_aws_s3/main.tf
index c3d62ffe1..5dde91dac 100644
--- a/examples/resource_lacework_alert_channel_aws_s3/main.tf
+++ b/examples/resource_lacework_alert_channel_aws_s3/main.tf
@@ -25,7 +25,6 @@ variable "external_id" {
 
 variable "role_arn" {
   type      = string
-  sensitive = true
 }
 
 resource "lacework_alert_channel_aws_s3" "example" {