added autoscaling adapter #1153
Conversation
|
|
| # provider: aws | ||
| # service: autoscaling | ||
| # severity: LOW | ||
| # short_code: enable-public-access |
There was a problem hiding this comment.
the short code needs to be updated here
There was a problem hiding this comment.
short_code updated
|
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days. |
github-actions
bot
added
the
stale
|
@giorod3 review the latest changes in the PR |
github-actions
bot
removed
the
stale
internal/rules/policies/cloud/policies/aws/autoscaling/asg_multiaz.rego
Outdated
Show resolved
Hide resolved
internal/rules/policies/cloud/policies/aws/autoscaling/asg_multiaz.rego
Outdated
Show resolved
Hide resolved
internal/rules/policies/cloud/policies/aws/autoscaling/elb_health_check_active.rego
Outdated
Show resolved
Hide resolved
internal/rules/policies/cloud/policies/aws/autoscaling/elb_health_check_active.rego
Outdated
Show resolved
Hide resolved
internal/rules/policies/cloud/policies/aws/autoscaling/empty_asg.rego
Outdated
Show resolved
Hide resolved
internal/rules/policies/cloud/policies/aws/autoscaling/empty_asg.rego
Outdated
Show resolved
Hide resolved
|
review required @CLAassistant @giorod3 |
|
@realwebdev looks like your PR cannot be merged as there are conflicts with the master branch. Can you resolve them? |
I have update this branch with master. I don't see conlict anymore. @simar7 |
| @@ -0,0 +1,13 @@ | |||
|
|
|||
| Ensures all autoscaling groups contain at least 1 instance.. | |||
There was a problem hiding this comment.
| Ensures all autoscaling groups contain at least 1 instance.. | |
| Ensures all autoscaling groups contain at least 1 instance. |
There was a problem hiding this comment.
You'll probably need to fix this in the rule itself and not in the generated markdown.
| @@ -0,0 +1,13 @@ | |||
|
|
|||
| Ensures all Auto Scaling groups have ELB health check active.. | |||
There was a problem hiding this comment.
| Ensures all Auto Scaling groups have ELB health check active.. | |
| Ensures all Auto Scaling groups have ELB health check active. |
There was a problem hiding this comment.
You'll probably need to fix this in the rule itself and not in the generated markdown.
| } | ||
|
|
||
| var AVZone []types.StringValue | ||
| for _, AV := range autoscalingapi.AvailabilityZones { |
There was a problem hiding this comment.
variable names are usually lowercase in Go.
| for _, AV := range autoscalingapi.AvailabilityZones { | |
| for _, av := range autoscalingapi.AvailabilityZones { |
| } | ||
|
|
||
| var InsList []autoscaling.InstanceList | ||
| for _, IL := range autoscalingapi.Instances { |
| } | ||
|
|
||
| func (a *adapter) getLaunchConfigurations() ([]autoscaling.LaunchConfigurations, error) { | ||
| a.Tracker().SetServiceLabel(" Launch Configurations...") |
There was a problem hiding this comment.
| a.Tracker().SetServiceLabel(" Launch Configurations...") | |
| a.Tracker().SetServiceLabel("Launch Configurations...") |
There was a problem hiding this comment.
How do you track this mistake this small? I can use it before pushing code. resolved
| } | ||
|
|
||
| func (a *adapter) getNotificationConfigurations() ([]autoscaling.NotificationConfigurations, error) { | ||
| a.Tracker().SetServiceLabel(" Notificaiton Configurations...") |
There was a problem hiding this comment.
| a.Tracker().SetServiceLabel(" Notificaiton Configurations...") | |
| a.Tracker().SetServiceLabel("Notificaiton Configurations...") |
| Metadata: r.Metadata(), | ||
| Name: r.GetStringProperty("AutoScalingGroupName"), | ||
| AvaiabilityZone: getAvailabilityZone(r), | ||
| Instances: nil, |
| return avaiabilityZone | ||
| } | ||
|
|
||
| for _, AZ := range AvaiabilityZoneList.AsList() { |
There was a problem hiding this comment.
also corrected spellings
|
|
||
| func getAvailabilityZone(r *parser.Resource) (avaiabilityZone []types.StringValue) { | ||
|
|
||
| AvaiabilityZoneList := r.GetProperty("AvailabilityZones") |
There was a problem hiding this comment.
| AvaiabilityZoneList := r.GetProperty("AvailabilityZones") | |
| AvailabilityZoneList := r.GetProperty("AvailabilityZones") |
There was a problem hiding this comment.
solved spellings mistake
| if Tag.IsNil() || Tag.IsNotNil() { | ||
| return tags | ||
| } |
There was a problem hiding this comment.
Did you mean to say
| if Tag.IsNil() || Tag.IsNotNil() { | |
| return tags | |
| } | |
| if Tag.IsNil() || Tag.IsNotListl() { | |
| return tags | |
| } |
Otherwise, wouldn't this be always true?
| return tags | ||
| } | ||
|
|
||
| for _, TG := range Tag.AsList() { |
| Metadata: resource.GetMetadata(), | ||
| Name: nameVal, | ||
| AvaiabilityZone: AZones, | ||
| Instances: nil, |
There was a problem hiding this comment.
ditto as well for instances being nil
There was a problem hiding this comment.
I used to place nil where I was unables to find values. Here in instances adapter need instances id and and metadata. but there were no instances id in the documentation. but I change that function with unresolveable strings and metadata? is this the way?
There was a problem hiding this comment.
Can you share a link to the documentation?
There was a problem hiding this comment.
Yes, Here is the link(https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) and for aws cli (https://docs.aws.amazon.com/cli/latest/reference/autoscaling/describe-auto-scaling-groups.html) you can search for Instances -> (list)
| userDataAttr := resource.GetAttribute("user_data") | ||
| userDataVal := userDataAttr.AsStringValueOrDefault("", resource) | ||
|
|
||
| iamInstanceProfileAttr := resource.GetAttribute(("iam_instance_profile")) |
There was a problem hiding this comment.
redundant parenthesis?
| iamInstanceProfileAttr := resource.GetAttribute(("iam_instance_profile")) | |
| iamInstanceProfileAttr := resource.GetAttribute("iam_instance_profile") |
There was a problem hiding this comment.
done
I see you tried to resolve some issues @realwebdev but did you forget to push your changes? I don't see any new commits.
Yes I haven't pushed the code. will test it then push the changes
| availability_zones = "us-east-1a" | ||
|
|
||
|
|
||
| } |
| @@ -0,0 +1,25 @@ | |||
| # METADATA | |||
| # title: "ASG Multiple AZ" | |||
| # description: "Ensures that ASGs are created to be cross-AZ for high availability." | |||
There was a problem hiding this comment.
| # description: "Ensures that ASGs are created to be cross-AZ for high availability." | |
| # description: "Ensures that ASGs are created to be cross-AZ for high availability" |
|
|
||
| deny[res] { | ||
| group := input.aws.autoscaling.autoscalinggroupslist[_] | ||
| count(group.avaiabilityzone) <= 1 |
There was a problem hiding this comment.
this field has a typo, should be fixed everywhere
| count(group.avaiabilityzone) <= 1 | |
| count(group.availabilityzone) <= 1 |
There was a problem hiding this comment.
yes, there were spelling mistakes. I have corrected. you have mentioned here.
| @@ -0,0 +1,26 @@ | |||
| # METADATA | |||
| # title: "ELB Health Check Active" | |||
| # description: "Ensures all Auto Scaling groups have ELB health check active.." | |||
There was a problem hiding this comment.
| # description: "Ensures all Auto Scaling groups have ELB health check active.." | |
| # description: "Ensures all Auto Scaling groups have ELB health check active" |
| @@ -0,0 +1,25 @@ | |||
| # METADATA | |||
| # title: "Empty AutoScaling Group" | |||
| # description: "Ensures all autoscaling groups contain at least 1 instance.." | |||
There was a problem hiding this comment.
| # description: "Ensures all autoscaling groups contain at least 1 instance.." | |
| # description: "Ensures all autoscaling groups contain at least 1 instance" |
|
I see you tried to resolve some issues @realwebdev but did you forget to push your changes? I don't see any new commits. |
…sg.rego Co-authored-by: Gio Rodriguez <[email protected]>
…sg.rego Co-authored-by: Gio Rodriguez <[email protected]>
…tiaz.rego Co-authored-by: Gio Rodriguez <[email protected]>
…tiaz.rego Co-authored-by: Gio Rodriguez <[email protected]>
…lth_check_active.rego Co-authored-by: Gio Rodriguez <[email protected]>
…lth_check_active.rego Co-authored-by: Gio Rodriguez <[email protected]>
simar7
force-pushed
the
aws/autoscaling_policies
branch
from
816568c to
7cc92cc
Compare
Signed-off-by: Simar <[email protected]>
simar7
force-pushed
the
aws/autoscaling_policies
branch
from
c01528e to
b123055
Compare
Signed-off-by: Simar <[email protected]>
|
This PR adds a new service, which requires an update of cloud schema. As the bundle that gets created with this PR now includes a brand new service, older versions of Trivy cannot parse these newer policies (this is expected). The way to proceed here will be to update the bundle version of defsec policies. This will enable newer Trivy versions to consume this new bundle but at the same time, older versions of Trivy will still be able to use the older bundles (without newer services). |
* Revert "added autoscaling adapter (#1153)" This reverts commit 124ecc6. * Revert "add: multiple adapters added(kendra, kinesis, kinesisvideo, proton, q… (#1227)" This reverts commit 1a1ff87. * Revert "added in adapters of codebuild (#1184)" This reverts commit ff5de60. * Revert "add: lambda adapter (#1166)" This reverts commit 32da643. * Revert "added in adapters of mq and msk (#1218)" This reverts commit 1169455.
No description provided.