Merge branch 'main' into feat/add_aws_checks

padok-team · Apr 9, 2023 · c85b5e0 · c85b5e0
2 parents 7334bed + 6299dae
commit c85b5e0
Show file tree

Hide file tree

Showing 52 changed files with 596 additions and 383 deletions.
diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml
@@ -17,7 +17,7 @@ jobs:
           fetch-depth: 2
       - uses: actions/setup-go@v3
         with:
-          go-version: '1.19'
+          go-version: '1.20'
       - name: Run coverage
         run: go test ./... -race -coverprofile=coverage.txt -covermode=atomic
       - name: Build

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -21,22 +21,17 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      -
-        name: Fetch all tags
-        run: git fetch --force --tags
       -
         name: Set up Go
         uses: actions/setup-go@v3
-        with:
-          go-version: 1.19
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v3
+        uses: goreleaser/goreleaser-action@v4
         with:
           # either 'goreleaser' (default) or 'goreleaser-pro'
           distribution: goreleaser
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}

diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
 bin/
 package-lock.json
 node_modules/*
+
+.yatas.yml
+results.yaml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,56 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [1.7.0](https://github.com/padok-team/yatas-aws/compare/v1.6.0...v1.7.0) (2023-04-09)
+
+
+### Features
+
+* **deps:** update ([4af13e1](https://github.com/padok-team/yatas-aws/commit/4af13e1611719b9492e599b83e41ba63acbdb0f6))
+* **go:** updated to 1.20 ([03895f1](https://github.com/padok-team/yatas-aws/commit/03895f16b6e8d70a086b6a504f1b4b00ed3a86bd))
+* **logger:** update new logger ([45ff0ac](https://github.com/padok-team/yatas-aws/commit/45ff0ac10666e940b42ff4234d2656a7e02e3045))
+* **new-yatas:** update imports and function calls from YATAS ([926aebc](https://github.com/padok-team/yatas-aws/commit/926aebccf86e17caba64c5d9ac08b731c5a1a26d))
+* **panic:** to logger ([1381d16](https://github.com/padok-team/yatas-aws/commit/1381d16331bde6fcb42f0b2a7d0708598ca3b659))
+* **update:** dependcies ([5cecc6e](https://github.com/padok-team/yatas-aws/commit/5cecc6eb061a3d523942f03dcc029a607b4a721f))
+
+## [1.6.0](https://github.com/padok-team/yatas-aws/compare/v1.5.5...v1.6.0) (2023-03-27)
+
+
+### Features
+
+* **s3:** S3_002: better output and error handling + add tests ([4fcedd4](https://github.com/padok-team/yatas-aws/commit/4fcedd425518d5506f7f19c8613a74c25e24c23b))
+* **s3:** S3_002: check bucket has no replication to other region ([a086eaf](https://github.com/padok-team/yatas-aws/commit/a086eaf1d8eda900680684ee951c77e50bae4c18))
+* **s3:** S3_002: remove old version of check ([fae1929](https://github.com/padok-team/yatas-aws/commit/fae1929ec7896faa4230c15d14faf164bbf9d1b9))
+* **s3:** S3_002: update README ([7ee66e0](https://github.com/padok-team/yatas-aws/commit/7ee66e04db050cdd6bb3731bc76efef5414f7c46))
+
+### [1.5.5](https://github.com/padok-team/yatas-aws/compare/v1.5.4...v1.5.5) (2023-03-24)
+
+
+### Bug Fixes
+
+* **s3:** nil pointer gets3 ([1fa9b06](https://github.com/padok-team/yatas-aws/commit/1fa9b069d3ecca1b41a39ff3d26930b242071015))
+
+### [1.5.4](https://github.com/padok-team/yatas-aws/compare/v1.5.3...v1.5.4) (2023-03-14)
+
+
+### Bug Fixes
+
+* **rds:** fixed when no rights to list rds ([3ed2787](https://github.com/padok-team/yatas-aws/commit/3ed2787835902d63fb0f3ee933e567e21dbfead5))
+
+### [1.5.3](https://github.com/padok-team/yatas-aws/compare/v1.5.2...v1.5.3) (2023-02-24)
+
+
+### Bug Fixes
+
+* **getters:** use getter result only after error handling ([c79e53c](https://github.com/padok-team/yatas-aws/commit/c79e53c83e71131d81ffcbe4fb5e52949a6c7957))
+
+### [1.5.2](https://github.com/padok-team/yatas-aws/compare/v1.5.1...v1.5.2) (2023-02-23)
+
+
+### Bug Fixes
+
+* **getters:** made all getters fault tolerant by returning empty struct instead of only printing ([7c4336b](https://github.com/padok-team/yatas-aws/commit/7c4336b037d902b81c03c9420af8c4efb505785a))
+
 ### [1.5.1](https://github.com/padok-team/yatas-aws/compare/v1.5.0...v1.5.1) (2023-02-06)
 
 ## [1.5.0](https://github.com/padok-team/yatas-aws/compare/v1.4.0...v1.5.0) (2023-02-06)

diff --git a/Makefile b/Makefile
@@ -7,7 +7,7 @@ build:
 	go build -o bin/yatas-aws
 
 update:
-	go get -u 
+	go get -u
 	go mod tidy
 
 install: build
@@ -16,4 +16,4 @@ install: build
 
 release: test
 	npm run release
-	git push --follow-tags origin main 
+	git push --follow-tags origin main
diff --git a/README.md b/README.md
@@ -125,7 +125,7 @@ plugins:
 You can get the error logs by adding the following to your env variables:
 
 ```bash
-export YATAS_LOG_LEVEL=debug
+export YATAS_LOG=debug
 ```
 The available log levels are: `debug`, `info`, `warn`, `error`, `fatal`, `panic` and `off` by default
 
@@ -216,7 +216,7 @@ The available log levels are: `debug`, `info`, `warn`, `error`, `fatal`, `panic`
 
 ### S3 Bucket
 - AWS_S3_001 S3 are encrypted
-- AWS_S3_002 S3 buckets are not global but in one zone
+- AWS_S3_002 S3 buckets are not replicated to another region
 - AWS_S3_003 S3 buckets are versioned
 - AWS_S3_004 S3 buckets have a retention policy
 - AWS_S3_005 S3 bucket have public access block enabled

diff --git a/aws/acm/acm.go b/aws/acm/acm.go
@@ -10,7 +10,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := acm.NewFromConfig(s)
 	certificates := GetCertificates(svc)

diff --git a/aws/acm/getter.go b/aws/acm/getter.go
@@ -2,10 +2,10 @@ package acm
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/service/acm"
 	"github.com/aws/aws-sdk-go-v2/service/acm/types"
+	"github.com/padok-team/yatas-aws/logger"
 )
 
 type ACMGetObjectAPI interface {
@@ -17,7 +17,9 @@ func GetCertificates(svc ACMGetObjectAPI) []types.CertificateDetail {
 	input := &acm.ListCertificatesInput{}
 	result, err := svc.ListCertificates(context.TODO(), input)
 	if err != nil {
-		fmt.Println(err)
+		logger.Logger.Error(err.Error())
+		// Return an empty list of certificates
+		return []types.CertificateDetail{}
 	}
 	var certificatesArn []*string
 	var certificates []types.CertificateDetail
@@ -31,7 +33,8 @@ func GetCertificates(svc ACMGetObjectAPI) []types.CertificateDetail {
 		input.NextToken = result.NextToken
 		result, err = svc.ListCertificates(context.TODO(), input)
 		if err != nil {
-			fmt.Println(err)
+			logger.Logger.Error(err.Error())
+			return []types.CertificateDetail{}
 		}
 		for _, r := range result.CertificateSummaryList {
 			certificatesArn = append(certificatesArn, r.CertificateArn)
@@ -44,7 +47,8 @@ func GetCertificates(svc ACMGetObjectAPI) []types.CertificateDetail {
 		}
 		result, err := svc.DescribeCertificate(context.TODO(), input)
 		if err != nil {
-			fmt.Println(err)
+			logger.Logger.Error(err.Error())
+			return []types.CertificateDetail{}
 		}
 		certificates = append(certificates, *result.Certificate)
 	}

diff --git a/aws/apigateway/apigateway.go b/aws/apigateway/apigateway.go
@@ -10,7 +10,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := apigateway.NewFromConfig(s)
 	apis := GetApiGateways(svc)

diff --git a/aws/apigateway/getter.go b/aws/apigateway/getter.go
@@ -17,10 +17,10 @@ func GetApiGateways(svc APIGatewayGetObjectAPI) []types.RestApi {
 	input := &apigateway.GetRestApisInput{}
 	var apis []types.RestApi
 	result, err := svc.GetRestApis(context.TODO(), input)
-	apis = append(apis, result.Items...)
 	if err != nil {
 		return nil
 	}
+	apis = append(apis, result.Items...)
 	for {
 		if result.Position == nil {
 			break
@@ -42,10 +42,10 @@ func GetAllResourcesApiGateway(svc APIGatewayGetObjectAPI, apiId string) []types
 	}
 	var resources []types.Resource
 	result, err := svc.GetResources(context.TODO(), input)
-	resources = append(resources, result.Items...)
 	if err != nil {
 		return nil
 	}
+	resources = append(resources, result.Items...)
 
 	for {
 		if result.Position == nil {

diff --git a/aws/autoscaling/autoscaling.go b/aws/autoscaling/autoscaling.go
@@ -10,7 +10,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := autoscaling.NewFromConfig(s)
 	groups := GetAutoscalingGroups(svc)

diff --git a/aws/autoscaling/getter.go b/aws/autoscaling/getter.go
@@ -15,10 +15,10 @@ func GetAutoscalingGroups(svc AutoscalingGroupApi) []types.AutoScalingGroup {
 	input := &autoscaling.DescribeAutoScalingGroupsInput{}
 	var groups []types.AutoScalingGroup
 	result, err := svc.DescribeAutoScalingGroups(context.TODO(), input)
-	groups = append(groups, result.AutoScalingGroups...)
 	if err != nil {
 		return nil
 	}
+	groups = append(groups, result.AutoScalingGroups...)
 	for {
 		if result.NextToken == nil {
 			break

diff --git a/aws/cloudfront/cloudfront.go b/aws/cloudfront/cloudfront.go
@@ -11,7 +11,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	svc := cloudfront.NewFromConfig(s)
 	d := GetAllCloudfront(svc)

diff --git a/aws/cloudfront/getter.go b/aws/cloudfront/getter.go
@@ -2,10 +2,10 @@ package cloudfront
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/service/cloudfront"
 	"github.com/aws/aws-sdk-go-v2/service/cloudfront/types"
+	"github.com/padok-team/yatas-aws/logger"
 )
 
 type SummaryToConfig struct {
@@ -22,7 +22,9 @@ func GetAllCloudfront(svc CloudfrontGetObjectApi) []types.DistributionSummary {
 	input := &cloudfront.ListDistributionsInput{}
 	result, err := svc.ListDistributions(context.TODO(), input)
 	if err != nil {
-		fmt.Println(err)
+		logger.Logger.Error(err.Error())
+		// Return an empty list of certificates
+		return []types.DistributionSummary{}
 	}
 	return result.DistributionList.Items
 }
@@ -35,7 +37,9 @@ func GetAllDistributionConfig(svc CloudfrontGetObjectApi, ds []types.Distributio
 		}
 		result, err := svc.GetDistributionConfig(context.TODO(), input)
 		if err != nil {
-			fmt.Println(err)
+			logger.Logger.Error(err.Error())
+			// Return an empty list of certificates
+			return []SummaryToConfig{}
 		}
 		d = append(d, SummaryToConfig{summary: cc, config: *result.DistributionConfig})
 	}

diff --git a/aws/cloudtrail/cloudtrail.go b/aws/cloudtrail/cloudtrail.go
@@ -9,7 +9,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	cloudtrails := GetCloudtrails(s)
 

diff --git a/aws/cloudtrail/getter.go b/aws/cloudtrail/getter.go
@@ -2,11 +2,11 @@ package cloudtrail
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
 	"github.com/aws/aws-sdk-go-v2/service/cloudtrail/types"
+	"github.com/padok-team/yatas-aws/logger"
 )
 
 func GetCloudtrails(s aws.Config) []types.Trail {
@@ -16,7 +16,9 @@ func GetCloudtrails(s aws.Config) []types.Trail {
 	}
 	result, err := svc.DescribeTrails(context.TODO(), input)
 	if err != nil {
-		fmt.Println(err)
+		logger.Logger.Error(err.Error())
+		// Return an empty list
+		return []types.Trail{}
 	}
 	return result.TrailList
 }
diff --git a/aws/cognito/cognito.go b/aws/cognito/cognito.go
@@ -9,7 +9,7 @@ import (
 
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	cognitoPools := GetCognitoPools(s)
 	cognitoPoolsDetailed := GetDetailedCognitoPool(s, cognitoPools)

diff --git a/aws/cognito/getter.go b/aws/cognito/getter.go
@@ -9,6 +9,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/cognitoidentity/types"
 	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
 	ciptypes "github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
+	"github.com/padok-team/yatas-aws/logger"
 )
 
 func GetCognitoPools(s aws.Config) []types.IdentityPoolShortDescription {
@@ -18,7 +19,9 @@ func GetCognitoPools(s aws.Config) []types.IdentityPoolShortDescription {
 	}
 	result, err := svc.ListIdentityPools(context.TODO(), cognitoInput)
 	if err != nil {
-		fmt.Println(err)
+		logger.Logger.Error(err.Error())
+		// Return an empty list of certificates
+		return []types.IdentityPoolShortDescription{}
 	}
 	fmt.Println("Hello")
 	return result.IdentityPools
@@ -33,7 +36,9 @@ func GetDetailedCognitoPool(s aws.Config, pools []types.IdentityPoolShortDescrip
 		}
 		result, err := svc.DescribeIdentityPool(context.TODO(), cognitoInput)
 		if err != nil {
-			fmt.Println(err)
+			logger.Logger.Error(err.Error())
+			// Return an empty list of certificates
+			return []cognitoidentity.DescribeIdentityPoolOutput{}
 		}
 		detailedPools = append(detailedPools, *result)
 	}

diff --git a/aws/dynamodb/dynamodb.go b/aws/dynamodb/dynamodb.go
@@ -10,7 +10,7 @@ import (
 func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
 
 	var checkConfig commons.CheckConfig
-	checkConfig.Init(s, c)
+	checkConfig.Init(c)
 	var checks []commons.Check
 	dynamodbs := GetDynamodbs(s)
 	gt := GetTables(s, dynamodbs)