-
Notifications
You must be signed in to change notification settings - Fork 668
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2062 from AkhtarAmir/H-plugin/aws-qldb-ledger-has…
…-tags H-plugin QLDB Ledger Has Tags
- Loading branch information
Showing
3 changed files
with
169 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
var async = require('async'); | ||
var helpers = require('../../../helpers/aws'); | ||
|
||
module.exports = { | ||
title: 'Ledger Has Tags', | ||
category: 'QLDB', | ||
domain: 'Databases', | ||
severity: 'Low', | ||
description: 'Ensure that AWS QLDB ledgers have tags associated.', | ||
more_info: 'Tags help you to group resources together that are related to or associated with each other. It is a best practice to tag cloud resources to better organize and gain visibility into their usage.', | ||
recommended_action: 'Modify QLDB ledger and add tags.', | ||
link: 'https://docs.aws.amazon.com/qldb/latest/developerguide/tagging.html', | ||
apis: ['QLDB:listLedgers','ResourceGroupsTaggingAPI:getResources','STS:getCallerIdentity'], | ||
realtime_triggers: ['qldb:CreateLedger', 'qldb:DeleteLedger', 'qldb:TagResource', 'qldb:UntagResource'], | ||
|
||
run: function(cache, settings, callback) { | ||
var results = []; | ||
var source = {}; | ||
var regions = helpers.regions(settings); | ||
|
||
var defaultRegion = helpers.defaultRegion(settings); | ||
var awsOrGov = helpers.defaultPartition(settings); | ||
var accountId = helpers.addSource(cache, source, ['sts', 'getCallerIdentity', defaultRegion, 'data']); | ||
|
||
async.each(regions.qldb, function(region, rcb){ | ||
var listLedgers = helpers.addSource(cache, source, | ||
['qldb', 'listLedgers', region]); | ||
|
||
if (!listLedgers) return rcb(); | ||
|
||
if (listLedgers.err || !listLedgers.data) { | ||
helpers.addResult(results, 3, | ||
'Unable to query QLDB ledgers: ' + helpers.addError(listLedgers), region); | ||
return rcb(); | ||
} | ||
|
||
if (!listLedgers.data.length) { | ||
helpers.addResult(results, 0, 'No QLDB ledgers found', region); | ||
return rcb(); | ||
} | ||
|
||
const arnList = []; | ||
|
||
for (let ledger of listLedgers.data) { | ||
if (!ledger.Name) continue; | ||
|
||
let resource = `arn:${awsOrGov}:qldb:${region}:${accountId}:ledger/${ledger.Name}`; | ||
arnList.push(resource); | ||
} | ||
|
||
helpers.checkTags(cache, 'QLDB ledger', arnList, region, results, settings); | ||
|
||
rcb(); | ||
}, function(){ | ||
callback(null, results, source); | ||
}); | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
var expect = require('chai').expect; | ||
var ledgerHasTags = require('./ledgerHasTags'); | ||
|
||
const listLedgers = [ | ||
{ | ||
"Name": "test-ledger", | ||
"State": "ACTIVE", | ||
"CreationDateTime": "2021-11-19T16:29:08.899000+05:00" | ||
} | ||
]; | ||
|
||
const getResources = [ | ||
{ | ||
"ResourceARN": "arn:aws:qldb:us-east-1:000111222333:ledger/test-ledger", | ||
"Tags": [], | ||
}, | ||
{ | ||
"ResourceARN": "arn:aws:qldb:us-east-1:000111222333:ledger/test-ledger", | ||
"Tags": [{key: 'value'}], | ||
} | ||
] | ||
|
||
const createCache = (ledgers, rgData, ledgersErr) => { | ||
var name = (ledgers && ledgers.length) ? ledgers[0].Name: null; | ||
return { | ||
qldb: { | ||
listLedgers: { | ||
'us-east-1': { | ||
err: ledgersErr, | ||
data: ledgers | ||
}, | ||
}, | ||
}, | ||
resourcegroupstaggingapi: { | ||
getResources: { | ||
'us-east-1':{ | ||
err: null, | ||
data: rgData | ||
} | ||
} | ||
}, | ||
sts: { | ||
getCallerIdentity: { | ||
'us-east-1': { | ||
data: '000111222333' | ||
} | ||
} | ||
} | ||
}; | ||
}; | ||
|
||
describe('ledgerHasTags', function () { | ||
describe('run', function () { | ||
it('should PASS if QLDB ledger has tags', function (done) { | ||
const cache = createCache(listLedgers, [getResources[1]]); | ||
ledgerHasTags.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(0); | ||
expect(results[0].region).to.equal('us-east-1'); | ||
expect(results[0].message).to.include('QLDB ledger has tags'); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should FAIL if QLDb ledger does not have tags', function (done) { | ||
const cache = createCache(listLedgers, [getResources[0]]); | ||
ledgerHasTags.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(2); | ||
expect(results[0].region).to.equal('us-east-1'); | ||
expect(results[0].message).to.include('QLDB ledger does not have any tags'); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should PASS if no QLDB ledgers found', function (done) { | ||
const cache = createCache([]); | ||
ledgerHasTags.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(0); | ||
expect(results[0].region).to.equal('us-east-1'); | ||
expect(results[0].message).to.include('No QLDB ledgers found'); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should UNKNOWN if unable to list QLDB ledgers', function (done) { | ||
const cache = createCache(null, null, null, { message: "Unable to list QLDB ledgers" }); | ||
ledgerHasTags.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(3); | ||
expect(results[0].region).to.equal('us-east-1'); | ||
expect(results[0].message).to.include('Unable to query QLDB ledgers'); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should give unknown result if unable to query resource group tagging api', function (done) { | ||
const cache = createCache([listLedgers[0]],null); | ||
ledgerHasTags.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(3); | ||
expect(results[0].region).to.equal('us-east-1'); | ||
expect(results[0].message).to.include('Unable to query all resources') | ||
done(); | ||
}); | ||
}); | ||
|
||
}); | ||
}) |