mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
fix(gcp): enforce correct severity levels in CloudSQL PostgreSQL log_min_messages (#5571)
This commit is contained in:
+20
-9
@@ -4,7 +4,16 @@ from prowler.providers.gcp.services.cloudsql.cloudsql_client import cloudsql_cli
|
||||
|
||||
class cloudsql_instance_postgres_log_min_messages_flag(Check):
|
||||
def execute(self) -> Check_Report_GCP:
|
||||
desired_log_min_messages = "error"
|
||||
failing_log_levels = [
|
||||
"DEBUG5",
|
||||
"DEBUG4",
|
||||
"DEBUG3",
|
||||
"DEBUG2",
|
||||
"DEBUG1",
|
||||
"INFO",
|
||||
"NOTICE",
|
||||
]
|
||||
|
||||
findings = []
|
||||
for instance in cloudsql_client.instances:
|
||||
if "POSTGRES" in instance.version:
|
||||
@@ -14,15 +23,17 @@ class cloudsql_instance_postgres_log_min_messages_flag(Check):
|
||||
report.resource_name = instance.name
|
||||
report.location = instance.region
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_min_messages' flag set minimum to '{desired_log_min_messages}'."
|
||||
report.status_extended = f"PostgreSQL Instance {instance.name} does not have 'log_min_messages' flag set."
|
||||
|
||||
for flag in instance.flags:
|
||||
if (
|
||||
flag.get("name", "") == "log_min_messages"
|
||||
and flag.get("value", "warning") == desired_log_min_messages
|
||||
):
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_messages' flag set minimum to '{desired_log_min_messages}'."
|
||||
break
|
||||
if flag.get("name", "") == "log_min_messages":
|
||||
current_level = flag.get("value", "").upper()
|
||||
if current_level in failing_log_levels:
|
||||
report.status = "FAIL"
|
||||
report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_messages' flag set to '{current_level}', which is below the recommended minimum of 'ERROR'."
|
||||
else:
|
||||
report.status = "PASS"
|
||||
report.status_extended = f"PostgreSQL Instance {instance.name} has 'log_min_messages' flag set to an acceptable severity level: '{current_level}'."
|
||||
findings.append(report)
|
||||
|
||||
return findings
|
||||
|
||||
+4
-4
@@ -104,7 +104,7 @@ class Test_cloudsql_instance_postgres_log_min_messages_flag:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== "PostgreSQL Instance instance1 does not have 'log_min_messages' flag set minimum to 'error'."
|
||||
== "PostgreSQL Instance instance1 does not have 'log_min_messages' flag set."
|
||||
)
|
||||
assert result[0].resource_id == "instance1"
|
||||
assert result[0].resource_name == "instance1"
|
||||
@@ -139,7 +139,7 @@ class Test_cloudsql_instance_postgres_log_min_messages_flag:
|
||||
ssl_mode="ENCRYPTED_ONLY",
|
||||
automated_backups=True,
|
||||
authorized_networks=[],
|
||||
flags=[{"name": "log_min_messages", "value": "debug"}],
|
||||
flags=[{"name": "log_min_messages", "value": "debug1"}],
|
||||
project_id=GCP_PROJECT_ID,
|
||||
)
|
||||
]
|
||||
@@ -150,7 +150,7 @@ class Test_cloudsql_instance_postgres_log_min_messages_flag:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== "PostgreSQL Instance instance1 does not have 'log_min_messages' flag set minimum to 'error'."
|
||||
== "PostgreSQL Instance instance1 has 'log_min_messages' flag set to 'DEBUG1', which is below the recommended minimum of 'ERROR'."
|
||||
)
|
||||
assert result[0].resource_id == "instance1"
|
||||
assert result[0].resource_name == "instance1"
|
||||
@@ -196,7 +196,7 @@ class Test_cloudsql_instance_postgres_log_min_messages_flag:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== "PostgreSQL Instance instance1 has 'log_min_messages' flag set minimum to 'error'."
|
||||
== "PostgreSQL Instance instance1 has 'log_min_messages' flag set to an acceptable severity level: 'ERROR'."
|
||||
)
|
||||
assert result[0].resource_id == "instance1"
|
||||
assert result[0].resource_name == "instance1"
|
||||
|
||||
Reference in New Issue
Block a user