mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-01-25 02:08:11 +00:00
chore: remove debug logging from keyvault service
This commit is contained in:
HugoPBrito
@@ -1,4 +1,3 @@
|
|||||||
import time
|
|
||||||
from concurrent.futures import ThreadPoolExecutor, as_completed
|
from concurrent.futures import ThreadPoolExecutor, as_completed
|
||||||
|
|
||||||
from prowler.lib.logger import logger
|
from prowler.lib.logger import logger
|
||||||
@@ -30,16 +29,6 @@ class AzureService:
|
|||||||
def __threading_call__(self, call, iterator):
|
def __threading_call__(self, call, iterator):
|
||||||
"""Execute a function across multiple items using threading."""
|
"""Execute a function across multiple items using threading."""
|
||||||
items = list(iterator) if not isinstance(iterator, list) else iterator
|
items = list(iterator) if not isinstance(iterator, list) else iterator
|
||||||
item_count = len(items)
|
|
||||||
|
|
||||||
call_name = getattr(call, "__name__", str(call)).strip("_")
|
|
||||||
call_name = " ".join(word.capitalize() for word in call_name.split("_"))
|
|
||||||
|
|
||||||
logger.info(
|
|
||||||
f"Azure - Starting threads for '{call_name}' to process {item_count} items..."
|
|
||||||
)
|
|
||||||
|
|
||||||
start_time = time.perf_counter()
|
|
||||||
|
|
||||||
futures = {self.thread_pool.submit(call, item): item for item in items}
|
futures = {self.thread_pool.submit(call, item): item for item in items}
|
||||||
results = []
|
results = []
|
||||||
@@ -52,11 +41,6 @@ class AzureService:
|
|||||||
except Exception:
|
except Exception:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
elapsed = time.perf_counter() - start_time
|
|
||||||
logger.info(
|
|
||||||
f"Azure - Completed '{call_name}' for {item_count} items in {elapsed:.2f}s"
|
|
||||||
)
|
|
||||||
|
|
||||||
return results
|
return results
|
||||||
|
|
||||||
def __set_clients__(self, identity, session, service, region_config):
|
def __set_clients__(self, identity, session, service, region_config):
|
||||||
|
|||||||
@@ -1,21 +1,15 @@
|
|||||||
import time
|
|
||||||
|
|
||||||
from prowler.lib.check.models import Check, Check_Report_Azure
|
from prowler.lib.check.models import Check, Check_Report_Azure
|
||||||
from prowler.lib.logger import logger
|
|
||||||
from prowler.providers.azure.services.keyvault.keyvault_client import keyvault_client
|
from prowler.providers.azure.services.keyvault.keyvault_client import keyvault_client
|
||||||
|
|
||||||
|
|
||||||
class keyvault_rbac_secret_expiration_set(Check):
|
class keyvault_rbac_secret_expiration_set(Check):
|
||||||
def execute(self) -> Check_Report_Azure:
|
def execute(self) -> Check_Report_Azure:
|
||||||
start_time = time.perf_counter()
|
|
||||||
findings = []
|
findings = []
|
||||||
total_secrets = 0
|
|
||||||
|
|
||||||
for subscription, key_vaults in keyvault_client.key_vaults.items():
|
for subscription, key_vaults in keyvault_client.key_vaults.items():
|
||||||
for keyvault in key_vaults:
|
for keyvault in key_vaults:
|
||||||
if keyvault.properties.enable_rbac_authorization and keyvault.secrets:
|
if keyvault.properties.enable_rbac_authorization and keyvault.secrets:
|
||||||
for secret in keyvault.secrets:
|
for secret in keyvault.secrets:
|
||||||
total_secrets += 1
|
|
||||||
report = Check_Report_Azure(
|
report = Check_Report_Azure(
|
||||||
metadata=self.metadata(), resource=secret
|
metadata=self.metadata(), resource=secret
|
||||||
)
|
)
|
||||||
@@ -28,10 +22,4 @@ class keyvault_rbac_secret_expiration_set(Check):
|
|||||||
report.status_extended = f"Secret '{secret.name}' in KeyVault '{keyvault.name}' has expiration date set."
|
report.status_extended = f"Secret '{secret.name}' in KeyVault '{keyvault.name}' has expiration date set."
|
||||||
findings.append(report)
|
findings.append(report)
|
||||||
|
|
||||||
elapsed = time.perf_counter() - start_time
|
|
||||||
logger.info(
|
|
||||||
f"Check keyvault_rbac_secret_expiration_set: "
|
|
||||||
f"processed {total_secrets} secrets, created {len(findings)} findings in {elapsed:.2f}s"
|
|
||||||
)
|
|
||||||
|
|
||||||
return findings
|
return findings
|
||||||
|
|||||||
@@ -1,5 +1,3 @@
|
|||||||
import threading
|
|
||||||
import time
|
|
||||||
from concurrent.futures import ThreadPoolExecutor
|
from concurrent.futures import ThreadPoolExecutor
|
||||||
from dataclasses import dataclass
|
from dataclasses import dataclass
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
@@ -32,25 +30,16 @@ class KeyVault(AzureService):
|
|||||||
3. Each vault's keys/secrets/monitor fetched in parallel
|
3. Each vault's keys/secrets/monitor fetched in parallel
|
||||||
"""
|
"""
|
||||||
logger.info("KeyVault - Getting key_vaults...")
|
logger.info("KeyVault - Getting key_vaults...")
|
||||||
total_start = time.perf_counter()
|
|
||||||
key_vaults = {}
|
key_vaults = {}
|
||||||
|
|
||||||
for subscription, client in self.clients.items():
|
for subscription, client in self.clients.items():
|
||||||
try:
|
try:
|
||||||
key_vaults[subscription] = []
|
key_vaults[subscription] = []
|
||||||
|
|
||||||
list_start = time.perf_counter()
|
|
||||||
vaults_list = list(client.vaults.list_by_subscription())
|
vaults_list = list(client.vaults.list_by_subscription())
|
||||||
list_elapsed = time.perf_counter() - list_start
|
|
||||||
logger.info(f"KeyVault - list_by_subscription took {list_elapsed:.2f}s")
|
|
||||||
|
|
||||||
if not vaults_list:
|
if not vaults_list:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
logger.info(
|
|
||||||
f"KeyVault - Found {len(vaults_list)} vaults in subscription {subscription}"
|
|
||||||
)
|
|
||||||
|
|
||||||
# Prepare items for parallel processing
|
# Prepare items for parallel processing
|
||||||
items = [
|
items = [
|
||||||
{"subscription": subscription, "keyvault": vault}
|
{"subscription": subscription, "keyvault": vault}
|
||||||
@@ -66,29 +55,19 @@ class KeyVault(AzureService):
|
|||||||
f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||||
)
|
)
|
||||||
|
|
||||||
total_elapsed = time.perf_counter() - total_start
|
|
||||||
logger.info(f"KeyVault - _get_key_vaults TOTAL took {total_elapsed:.2f}s")
|
|
||||||
|
|
||||||
return key_vaults
|
return key_vaults
|
||||||
|
|
||||||
def _process_single_keyvault(self, item: dict) -> Optional["KeyVaultInfo"]:
|
def _process_single_keyvault(self, item: dict) -> Optional["KeyVaultInfo"]:
|
||||||
"""Process a single KeyVault in parallel."""
|
"""Process a single KeyVault in parallel."""
|
||||||
subscription = item["subscription"]
|
subscription = item["subscription"]
|
||||||
keyvault = item["keyvault"]
|
keyvault = item["keyvault"]
|
||||||
thread_id = threading.current_thread().name
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
start_time = time.perf_counter()
|
|
||||||
resource_group = keyvault.id.split("/")[4]
|
resource_group = keyvault.id.split("/")[4]
|
||||||
keyvault_name = keyvault.name
|
keyvault_name = keyvault.name
|
||||||
logger.info(
|
|
||||||
f"KeyVault - [{thread_id}] Processing vault {keyvault_name} START"
|
|
||||||
)
|
|
||||||
|
|
||||||
keyvault_properties = keyvault.properties
|
keyvault_properties = keyvault.properties
|
||||||
|
|
||||||
# Fetch keys, secrets, and monitor in parallel
|
# Fetch keys, secrets, and monitor in parallel
|
||||||
parallel_start = time.perf_counter()
|
|
||||||
with ThreadPoolExecutor(max_workers=3) as executor:
|
with ThreadPoolExecutor(max_workers=3) as executor:
|
||||||
keys_future = executor.submit(
|
keys_future = executor.submit(
|
||||||
self._get_keys, subscription, resource_group, keyvault_name
|
self._get_keys, subscription, resource_group, keyvault_name
|
||||||
@@ -106,14 +85,6 @@ class KeyVault(AzureService):
|
|||||||
keys = keys_future.result()
|
keys = keys_future.result()
|
||||||
secrets = secrets_future.result()
|
secrets = secrets_future.result()
|
||||||
monitor_settings = monitor_future.result()
|
monitor_settings = monitor_future.result()
|
||||||
parallel_elapsed = time.perf_counter() - parallel_start
|
|
||||||
|
|
||||||
total_elapsed = time.perf_counter() - start_time
|
|
||||||
logger.info(
|
|
||||||
f"KeyVault - [{thread_id}] Vault {keyvault_name} DONE: "
|
|
||||||
f"parallel={parallel_elapsed:.2f}s, total={total_elapsed:.2f}s, "
|
|
||||||
f"keys={len(keys)}, secrets={len(secrets)}"
|
|
||||||
)
|
|
||||||
|
|
||||||
return KeyVaultInfo(
|
return KeyVaultInfo(
|
||||||
id=getattr(keyvault, "id", ""),
|
id=getattr(keyvault, "id", ""),
|
||||||
@@ -167,10 +138,6 @@ class KeyVault(AzureService):
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
def _get_keys(self, subscription, resource_group, keyvault_name):
|
def _get_keys(self, subscription, resource_group, keyvault_name):
|
||||||
thread_id = threading.current_thread().name
|
|
||||||
start_time = time.perf_counter()
|
|
||||||
logger.info(f"KeyVault - [{thread_id}] _get_keys({keyvault_name}) START")
|
|
||||||
|
|
||||||
keys = []
|
keys = []
|
||||||
keys_dict = {}
|
keys_dict = {}
|
||||||
|
|
||||||
@@ -228,12 +195,6 @@ class KeyVault(AzureService):
|
|||||||
f"Subscription name: {subscription} -- has no access policy configured for keyvault {keyvault_name}"
|
f"Subscription name: {subscription} -- has no access policy configured for keyvault {keyvault_name}"
|
||||||
)
|
)
|
||||||
|
|
||||||
elapsed = time.perf_counter() - start_time
|
|
||||||
logger.info(
|
|
||||||
f"KeyVault - [{thread_id}] _get_keys({keyvault_name}) DONE: "
|
|
||||||
f"{len(keys)} keys in {elapsed:.2f}s"
|
|
||||||
)
|
|
||||||
|
|
||||||
return keys
|
return keys
|
||||||
|
|
||||||
def _get_single_rotation_policy(self, item: dict) -> tuple:
|
def _get_single_rotation_policy(self, item: dict) -> tuple:
|
||||||
@@ -253,10 +214,6 @@ class KeyVault(AzureService):
|
|||||||
return (prop.name, None)
|
return (prop.name, None)
|
||||||
|
|
||||||
def _get_secrets(self, subscription, resource_group, keyvault_name):
|
def _get_secrets(self, subscription, resource_group, keyvault_name):
|
||||||
thread_id = threading.current_thread().name
|
|
||||||
start_time = time.perf_counter()
|
|
||||||
logger.info(f"KeyVault - [{thread_id}] _get_secrets({keyvault_name}) START")
|
|
||||||
|
|
||||||
secrets = []
|
secrets = []
|
||||||
try:
|
try:
|
||||||
client = self.clients[subscription]
|
client = self.clients[subscription]
|
||||||
@@ -289,19 +246,9 @@ class KeyVault(AzureService):
|
|||||||
f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||||
)
|
)
|
||||||
|
|
||||||
elapsed = time.perf_counter() - start_time
|
|
||||||
logger.info(
|
|
||||||
f"KeyVault - [{thread_id}] _get_secrets({keyvault_name}) DONE: "
|
|
||||||
f"{len(secrets)} secrets in {elapsed:.2f}s"
|
|
||||||
)
|
|
||||||
|
|
||||||
return secrets
|
return secrets
|
||||||
|
|
||||||
def _get_vault_monitor_settings(self, keyvault_name, resource_group, subscription):
|
def _get_vault_monitor_settings(self, keyvault_name, resource_group, subscription):
|
||||||
thread_id = threading.current_thread().name
|
|
||||||
start_time = time.perf_counter()
|
|
||||||
logger.info(f"KeyVault - [{thread_id}] _get_monitor({keyvault_name}) START")
|
|
||||||
|
|
||||||
monitor_diagnostics_settings = []
|
monitor_diagnostics_settings = []
|
||||||
try:
|
try:
|
||||||
monitor_diagnostics_settings = monitor_client.diagnostic_settings_with_uri(
|
monitor_diagnostics_settings = monitor_client.diagnostic_settings_with_uri(
|
||||||
@@ -314,12 +261,6 @@ class KeyVault(AzureService):
|
|||||||
f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
f"Subscription name: {subscription} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||||
)
|
)
|
||||||
|
|
||||||
elapsed = time.perf_counter() - start_time
|
|
||||||
logger.info(
|
|
||||||
f"KeyVault - [{thread_id}] _get_monitor({keyvault_name}) DONE: "
|
|
||||||
f"{len(monitor_diagnostics_settings)} settings in {elapsed:.2f}s"
|
|
||||||
)
|
|
||||||
|
|
||||||
return monitor_diagnostics_settings
|
return monitor_diagnostics_settings
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user