ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-01-25 02:08:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(rds): checks returns AwsAccount as resource affected

Browse Source
This commit is contained in:
Andoni A.
2025-04-11 15:16:21 +02:00
parent 9914bc2017
commit 6ee254f187
8 changed files with 48 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
prowler/providers/aws/services/rds/rds_cluster_critical_event_subscription/rds_cluster_critical_event_subscription.py
View File

@@ -10,8 +10,6 @@ class rds_cluster_critical_event_subscription(Check):
report = Check_Report_AWS(metadata=self.metadata(), resource=db_event)
report.status = "FAIL"
report.status_extended = "RDS cluster event categories of maintenance and failure are not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
if db_event.source_type == "db-cluster" and db_event.enabled:
report = Check_Report_AWS(
metadata=self.metadata(), resource=db_event
@@ -33,6 +31,9 @@ class rds_cluster_critical_event_subscription(Check):
report.status = "FAIL"
report.status_extended = "RDS cluster event category of maintenance is not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
findings.append(report)
return findings

6
prowler/providers/aws/services/rds/rds_instance_critical_event_subscription/rds_instance_critical_event_subscription.py
View File

@@ -10,8 +10,6 @@ class rds_instance_critical_event_subscription(Check):
report = Check_Report_AWS(metadata=self.metadata(), resource=db_event)
report.status = "FAIL"
report.status_extended = "RDS instance event categories of maintenance, configuration change, and failure are not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
report.region = db_event.region
report.resource_tags = db_event.tags
if db_event.source_type == "db-instance" and db_event.enabled:
@@ -57,6 +55,10 @@ class rds_instance_critical_event_subscription(Check):
else:
report.status = "FAIL"
report.status_extended = "RDS instance event categories of maintenance, configuration change, and failure are not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
findings.append(report)
return findings

6
prowler/providers/aws/services/rds/rds_instance_event_subscription_parameter_groups/rds_instance_event_subscription_parameter_groups.py
View File

@@ -22,8 +22,6 @@ class rds_instance_event_subscription_parameter_groups(Check):
report = Check_Report_AWS(metadata=self.metadata(), resource={})
report.status = "FAIL"
report.status_extended = "RDS parameter group event categories of configuration change is not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
report.region = db_event.region
if db_event.source_type == "db-parameter-group":
report = Check_Report_AWS(
@@ -43,5 +41,9 @@ class rds_instance_event_subscription_parameter_groups(Check):
else:
report.status = "FAIL"
report.status_extended = "RDS parameter group event category of configuration change is not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
findings.append(report)
return findings

5
prowler/providers/aws/services/rds/rds_instance_event_subscription_security_groups/rds_instance_event_subscription_security_groups.py
View File

@@ -10,8 +10,6 @@ class rds_instance_event_subscription_security_groups(Check):
report = Check_Report_AWS(metadata=self.metadata(), resource=db_event)
report.status = "FAIL"
report.status_extended = "RDS security group event categories of configuration change and failure are not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
report.resource_tags = []
if db_event.source_type == "db-security-group" and db_event.enabled:
report = Check_Report_AWS(
@@ -34,6 +32,9 @@ class rds_instance_event_subscription_security_groups(Check):
report.status = "FAIL"
report.status_extended = "RDS security group event category of configuration change is not subscribed."
report.resource_id = rds_client.audited_account
report.resource_arn = rds_client._get_rds_arn_template(db_event.region)
findings.append(report)
return findings

21
tests/providers/aws/services/rds/rds_cluster_critical_event_subscription/rds_cluster_critical_event_subscription_test.py
View File

@@ -88,12 +88,9 @@ class Test_rds_cluster_critical_event_subscription:
assert len(result) == 1
assert result[0].status == "PASS"
assert result[0].status_extended == "RDS cluster events are subscribed."
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
@mock_aws
@@ -141,12 +138,9 @@ class Test_rds_cluster_critical_event_subscription:
result[0].status_extended
== "RDS cluster event category of maintenance is not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
@mock_aws
@@ -191,10 +185,7 @@ class Test_rds_cluster_critical_event_subscription:
result[0].status_extended
== "RDS cluster event category of failure is not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == []

56
tests/providers/aws/services/rds/rds_instance_critical_event_subscription/rds_instance_critical_event_subscription_test.py
View File

@@ -125,12 +125,9 @@ class Test_rds_instance_critical_event_subscription:
assert (
result[0].status_extended == "RDS instance events are subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
@mock_aws
@@ -186,12 +183,9 @@ class Test_rds_instance_critical_event_subscription:
result[0].status_extended
== "RDS instance event categories of maintenance and configuration change are not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
@mock_aws
@@ -244,12 +238,9 @@ class Test_rds_instance_critical_event_subscription:
result[0].status_extended
== "RDS instance event categories of configuration change and failure are not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == []
@mock_aws
@@ -302,12 +293,9 @@ class Test_rds_instance_critical_event_subscription:
result[0].status_extended
== "RDS instance event categories of maintenance and failure are not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == []
@mock_aws
@@ -360,12 +348,9 @@ class Test_rds_instance_critical_event_subscription:
result[0].status_extended
== "RDS instance event category of failure is not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == []
@mock_aws
@@ -418,12 +403,9 @@ class Test_rds_instance_critical_event_subscription:
result[0].status_extended
== "RDS instance event category of maintenance is not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == []
@mock_aws
@@ -476,12 +458,9 @@ class Test_rds_instance_critical_event_subscription:
result[0].status_extended
== "RDS instance event category of configuration change is not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == []
@mock_aws
@@ -525,10 +504,7 @@ class Test_rds_instance_critical_event_subscription:
result[0].status_extended
== "RDS instance event categories of maintenance, configuration change, and failure are not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == []

14
tests/providers/aws/services/rds/rds_instance_event_subscription_parameter_groups/rds_instance_event_subscription_parameter_groups_test.py
View File

@@ -126,12 +126,9 @@ class Test_rds_instance__no_event_subscriptions:
result[0].status_extended
== "RDS parameter group events are subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
@mock_aws
@@ -184,12 +181,9 @@ class Test_rds_instance__no_event_subscriptions:
result[0].status_extended
== "RDS parameter group events are subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == []
@mock_aws

28
tests/providers/aws/services/rds/rds_instance_event_subscription_security_groups/rds_instance_event_subscription_security_groups_test.py
View File

@@ -125,12 +125,9 @@ class Test_rds_instance_no_event_subscriptions:
result[0].status_extended
== "RDS security group events are subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
@mock_aws
@@ -186,12 +183,9 @@ class Test_rds_instance_no_event_subscriptions:
result[0].status_extended
== "RDS security group event category of configuration change is not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
@mock_aws
@@ -247,12 +241,9 @@ class Test_rds_instance_no_event_subscriptions:
result[0].status_extended
== "RDS security group event category of failure is not subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]
@mock_aws
@@ -414,10 +405,7 @@ class Test_rds_instance_no_event_subscriptions:
result[0].status_extended
== "RDS security group events are subscribed."
)
assert result[0].resource_id == "TestSub"
assert result[0].region == AWS_REGION_US_EAST_1
assert (
result[0].resource_arn
== f"arn:aws:rds:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:es:TestSub"
)
assert result[0].resource_id == AWS_ACCOUNT_NUMBER
assert result[0].resource_arn == RDS_ACCOUNT_ARN
assert result[0].resource_tags == [{"Key": "test", "Value": "testing"}]