Agentless GCP CSPM Sanity (#2749)

elastic · Nov 20, 2024 · e1aca3f · e1aca3f
1 parent faf0be4
commit e1aca3f
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 11 deletions.
diff --git a/.github/workflows/test-environment.yml b/.github/workflows/test-environment.yml
@@ -134,7 +134,7 @@ jobs:
       TF_VAR_ess_region: ${{ inputs.ess-region }}
       DEPLOYMENT_NAME: ${{ inputs.deployment_name }}
       TF_VAR_serverless_mode: ${{ inputs.serverless_mode }}
-      TEST_AGENTLESS: ${{ inputs.serverless_mode }}
+      TEST_AGENTLESS: false # Change to true when creating an Agentless policy
       S3_BASE_BUCKET: "s3://tf-state-bucket-test-infra"
       S3_BUCKET_URL: "https://s3.console.aws.amazon.com/s3/buckets/tf-state-bucket-test-infra"
       DOCKER_IMAGE_OVERRIDE: ${{ inputs.docker-image-override }}

diff --git a/tests/commonlib/agents_map.py b/tests/commonlib/agents_map.py
@@ -25,6 +25,7 @@ def __init__(self):
         }
         if agent.agentless:
             self.expected_map[CIS_AWS_COMPONENT] += 1
+            self.expected_map[CIS_GCP_COMPONENT] += 1
             self.expected_map[CIS_AZURE_COMPONENT] += 1
 
 

diff --git a/tests/integration/tests/test_sanity_checks.py b/tests/integration/tests/test_sanity_checks.py
@@ -13,6 +13,7 @@
 from commonlib.agents_map import (
     CIS_AWS_COMPONENT,
     CIS_AZURE_COMPONENT,
+    CIS_GCP_COMPONENT,
     AgentComponentMapping,
     AgentExpectedMapping,
 )
@@ -217,7 +218,12 @@ def test_cnvm_findings(cnvm_client, match_type):
 
 @pytest.mark.sanity
 @pytest.mark.parametrize("match_type", tests_data["cis_gcp"])
-def test_cspm_gcp_findings(cspm_client, match_type):
+def test_cspm_gcp_findings(
+    cspm_client,
+    match_type,
+    agents_actual_components: AgentComponentMapping,
+    agents_expected_components: AgentExpectedMapping,
+):
     """
     Test case to check for GCP findings in CSPM.
 
@@ -231,15 +237,18 @@ def test_cspm_gcp_findings(cspm_client, match_type):
     Raises:
         AssertionError: If the resource type is missing.
     """
-    query_list = build_query_list(
-        benchmark_id="cis_gcp",
-        match_type=match_type,
-        version=AGENT_VERSION,
-    )
-    query, sort = cspm_client.build_es_must_match_query(must_query_list=query_list, time_range="now-24h")
+    gcp_agents = wait_components_list(agents_actual_components, agents_expected_components, CIS_GCP_COMPONENT)
+    for agent in gcp_agents:
+        query_list = build_query_list(
+            benchmark_id="cis_gcp",
+            match_type=match_type,
+            version=AGENT_VERSION,
+            agent=agent,
+        )
+        query, sort = cspm_client.build_es_must_match_query(must_query_list=query_list, time_range="now-24h")
 
-    results = get_findings(cspm_client, GCP_CONFIG_TIMEOUT, query, sort, match_type)
-    assert len(results) > 0, f"The resource type '{match_type}' is missing"
+        results = get_findings(cspm_client, GCP_CONFIG_TIMEOUT, query, sort, match_type)
+        assert len(results) > 0, f"The resource type '{match_type}' is missing for agent {agent}"
 
 
 @pytest.mark.sanity

diff --git a/tests/integrations_setup/install_agentless_integrations.py b/tests/integrations_setup/install_agentless_integrations.py
@@ -71,7 +71,6 @@ def generate_gcp_integration_data():
         "posture": "cspm",
         "deployment": "gcp",
         "vars": {
-            "setup_access": "manual",
             "gcp.account_type": "single-account",
             "gcp.credentials.type": "credentials-json",
             "gcp.credentials.json": credentials_json,
@@ -83,6 +82,7 @@ def generate_gcp_integration_data():
     integrations = [
         generate_aws_integration_data(),
         generate_azure_integration_data(),
+        generate_gcp_integration_data(),
     ]
     cspm_template = generate_policy_template(cfg=cnfg.elk_config, stream_prefix="cloud_security_posture")
     for integration_data in integrations: