Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

H-plugin QLDB Ledger Has Tags #2062

Merged
merged 5 commits into from
Sep 18, 2024
Merged

H-plugin QLDB Ledger Has Tags #2062

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7e9ae8e
H-plugin QLDB Ledger Has Tags
Jul 13, 2024
5ecaafc
update message
Aug 26, 2024
5b753b5
update files
Aug 26, 2024
255a0a4
Update plugins/aws/qldb/ledgerHasTags.js
alphadev4 Aug 26, 2024
2941bf0
Merge branch 'master' into H-plugin/aws-qldb-ledger-has-tags
alphadev4 Sep 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions exports.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -498,6 +498,7 @@ module.exports = {
'ssmSessionDuration' : require(__dirname + '/plugins/aws/ssm/ssmSessionDuration'),

'ledgerEncrypted' : require(__dirname + '/plugins/aws/qldb/ledgerEncrypted'),
'ledgerHasTags' : require(__dirname + '/plugins/aws/qldb/ledgerHasTags'),
'ledgerDeletionProtection' : require(__dirname + '/plugins/aws/qldb/ledgerDeletionProtection'),

'lambdaAdminPrivileges' : require(__dirname + '/plugins/aws/lambda/lambdaAdminPrivileges.js'),
Expand Down
58 changes: 58 additions & 0 deletions plugins/aws/qldb/ledgerHasTags.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
var async = require('async');
var helpers = require('../../../helpers/aws');

module.exports = {
title: 'Ledger Has Tags',
category: 'QLDB',
domain: 'Databases',
severity: 'Low',
description: 'Ensure that AWS QLDB ledgers have tags associated.',
more_info: 'Tags help you to group resources together that are related to or associated with each other. It is a best practice to tag cloud resources to better organize and gain visibility into their usage.',
recommended_action: 'Modify QLDB ledger and add tags.',
link: 'https://docs.aws.amazon.com/qldb/latest/developerguide/tagging.html',
apis: ['QLDB:listLedgers','ResourceGroupsTaggingAPI:getResources','STS:getCallerIdentity'],
realtime_triggers: ['qldb:CreateLedger', 'qldb:DeleteLedger', 'qldb:TagResource', 'qldb:UntagResource'],

run: function(cache, settings, callback) {
var results = [];
var source = {};
var regions = helpers.regions(settings);

var defaultRegion = helpers.defaultRegion(settings);
var awsOrGov = helpers.defaultPartition(settings);
var accountId = helpers.addSource(cache, source, ['sts', 'getCallerIdentity', defaultRegion, 'data']);

async.each(regions.qldb, function(region, rcb){
var listLedgers = helpers.addSource(cache, source,
['qldb', 'listLedgers', region]);

if (!listLedgers) return rcb();

if (listLedgers.err || !listLedgers.data) {
helpers.addResult(results, 3,
'Unable to query QLDB ledgers: ' + helpers.addError(listLedgers), region);
return rcb();
}

if (!listLedgers.data.length) {
helpers.addResult(results, 0, 'No QLDB ledgers found', region);
return rcb();
}

const arnList = [];

for (let ledger of listLedgers.data) {
if (!ledger.Name) continue;

let resource = `arn:${awsOrGov}:qldb:${region}:${accountId}:ledger/${ledger.Name}`;
arnList.push(resource);
}

helpers.checkTags(cache, 'QLDB ledger', arnList, region, results, settings);

rcb();
}, function(){
callback(null, results, source);
});
}
};
110 changes: 110 additions & 0 deletions plugins/aws/qldb/ledgerHasTags.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
var expect = require('chai').expect;
var ledgerHasTags = require('./ledgerHasTags');

const listLedgers = [
{
"Name": "test-ledger",
"State": "ACTIVE",
"CreationDateTime": "2021-11-19T16:29:08.899000+05:00"
}
];

const getResources = [
{
"ResourceARN": "arn:aws:qldb:us-east-1:000111222333:ledger/test-ledger",
"Tags": [],
},
{
"ResourceARN": "arn:aws:qldb:us-east-1:000111222333:ledger/test-ledger",
"Tags": [{key: 'value'}],
}
]

const createCache = (ledgers, rgData, ledgersErr) => {
var name = (ledgers && ledgers.length) ? ledgers[0].Name: null;
return {
qldb: {
listLedgers: {
'us-east-1': {
err: ledgersErr,
data: ledgers
},
},
},
resourcegroupstaggingapi: {
getResources: {
'us-east-1':{
err: null,
data: rgData
}
}
},
sts: {
getCallerIdentity: {
'us-east-1': {
data: '000111222333'
}
}
}
};
};

describe('ledgerHasTags', function () {
describe('run', function () {
it('should PASS if QLDB ledger has tags', function (done) {
const cache = createCache(listLedgers, [getResources[1]]);
ledgerHasTags.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
alphadev4 marked this conversation as resolved.
Show resolved Hide resolved
expect(results[0].region).to.equal('us-east-1');
expect(results[0].message).to.include('QLDB ledger has tags');
done();
});
});

it('should FAIL if QLDb ledger does not have tags', function (done) {
const cache = createCache(listLedgers, [getResources[0]]);
ledgerHasTags.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].region).to.equal('us-east-1');
expect(results[0].message).to.include('QLDB ledger does not have any tags');
done();
});
});

it('should PASS if no QLDB ledgers found', function (done) {
const cache = createCache([]);
ledgerHasTags.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
expect(results[0].region).to.equal('us-east-1');
expect(results[0].message).to.include('No QLDB ledgers found');
done();
});
});

it('should UNKNOWN if unable to list QLDB ledgers', function (done) {
const cache = createCache(null, null, null, { message: "Unable to list QLDB ledgers" });
ledgerHasTags.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(3);
expect(results[0].region).to.equal('us-east-1');
expect(results[0].message).to.include('Unable to query QLDB ledgers');
done();
});
});

it('should give unknown result if unable to query resource group tagging api', function (done) {
const cache = createCache([listLedgers[0]],null);
ledgerHasTags.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(3);
expect(results[0].region).to.equal('us-east-1');
expect(results[0].message).to.include('Unable to query all resources')
done();
});
});

});
})
Loading