feat(ec2): changed to new config but with less checks

padok-team · Apr 11, 2023 · 652612d · 652612d
1 parent 7578eae
commit 652612d
Show file tree

Hide file tree

Showing 34 changed files with 367 additions and 1,808 deletions.
diff --git a/aws/awschecks/awschecks.go b/aws/awschecks/awschecks.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"reflect"
 
-	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	ec2Types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/padok-team/yatas-aws/logger"
 	"github.com/padok-team/yatas/plugins/commons"
 )
 
@@ -22,6 +22,10 @@ type CheckDefinition struct {
 
 func CheckResources(checkConfig commons.CheckConfig, resources []interface{}, checkDefinitions []CheckDefinition) {
 	for _, checkDefinition := range checkDefinitions {
+		// if !checkConfig.ConfigYatas.CheckExclude(checkDefinition.Title) && checkConfig.ConfigYatas.CheckInclude(checkDefinition.Title) {
+		// 	checkConfig.Wg.Add(1)
+		// 	logger.Logger.Info("Running check: " + checkDefinition.Title)
+		// }
 		check := createCheck(checkDefinition)
 		for _, resource := range resources {
 			result := checkResource(resource, checkDefinition.ConditionFn, checkDefinition.SuccessMessage, checkDefinition.FailureMessage)
@@ -33,6 +37,7 @@ func CheckResources(checkConfig commons.CheckConfig, resources []interface{}, ch
 
 func createCheck(checkDefinition CheckDefinition) commons.Check {
 	var check commons.Check
+	logger.Logger.Info("Creating check: " + checkDefinition.Title)
 	check.InitCheck(checkDefinition.Description, checkDefinition.Description, checkDefinition.Title, checkDefinition.Tags)
 	return check
 }
@@ -61,27 +66,3 @@ func getResourceID(resource interface{}) string {
 		return ""
 	}
 }
-
-func Ec2MonitoringEnabledCondition(resource interface{}) bool {
-	instance, ok := resource.(*types.Instance)
-	if !ok {
-		return false
-	}
-	return instance.Monitoring.State == types.MonitoringStateEnabled
-}
-
-func Ec2PublicIPCondition(resource interface{}) bool {
-	instance, ok := resource.(*types.Instance)
-	if !ok {
-		return false
-	}
-	return instance.PublicIpAddress == nil
-}
-
-func Ec2RunningInVPCCondition(resource interface{}) bool {
-	instance, ok := resource.(*types.Instance)
-	if !ok {
-		return false
-	}
-	return instance.VpcId != nil && *instance.VpcId != ""
-}
diff --git a/aws/ec2/ec2.go b/aws/ec2/ec2.go
@@ -22,23 +22,23 @@ func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan [
 			Title:          "AWS_EC2_001",
 			Description:    "Check if all instances have monitoring enabled",
 			Tags:           []string{"Security", "Good Practice"},
-			ConditionFn:    awschecks.Ec2MonitoringEnabledCondition,
+			ConditionFn:    Ec2MonitoringEnabledCondition,
 			SuccessMessage: "EC2 instance has monitoring enabled",
 			FailureMessage: "EC2 instance has no monitoring enabled",
 		},
 		{
 			Title:          "AWS_EC2_002",
 			Description:    "Check if all instances have a public IP",
 			Tags:           []string{"Security", "Good Practice"},
-			ConditionFn:    awschecks.Ec2PublicIPCondition,
+			ConditionFn:    Ec2PublicIPCondition,
 			SuccessMessage: "EC2 instance has no public IP",
 			FailureMessage: "EC2 instance has a public IP",
 		},
 		{
 			Title:          "AWS_EC2_003",
 			Description:    "Check if instances are running in a Virtual Private Cloud (VPC)",
 			Tags:           []string{"Security", "Good Practice"},
-			ConditionFn:    awschecks.Ec2RunningInVPCCondition,
+			ConditionFn:    Ec2RunningInVPCCondition,
 			SuccessMessage: "EC2 instance is running in a VPC",
 			FailureMessage: "EC2 instance is not running in a VPC",
 		},
@@ -49,11 +49,8 @@ func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan [
 	for _, instance := range instances {
 		resources = append(resources, instance)
 	}
-
 	checkConfig.Wg.Add(3)
 	go awschecks.CheckResources(checkConfig, resources, ec2Checks)
-	go commons.CheckTest(checkConfig.Wg, c, "AWS_EC2_001", CheckIfEC2PublicIP)(checkConfig, instances, "AWS_EC2_001")
-	go commons.CheckTest(checkConfig.Wg, c, "AWS_EC2_002", CheckIfMonitoringEnabled)(checkConfig, instances, "AWS_EC2_002")
 
 	go func() {
 		for t := range checkConfig.Queue {

diff --git a/aws/ec2/ec2Conditions.go b/aws/ec2/ec2Conditions.go
@@ -0,0 +1,31 @@
+package ec2
+
+import (
+	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+)
+
+func Ec2MonitoringEnabledCondition(resource interface{}) bool {
+	instance, ok := resource.(*types.Instance)
+	if !ok {
+		return false
+	}
+	return instance.Monitoring.State == types.MonitoringStateEnabled
+}
+
+func Ec2PublicIPCondition(resource interface{}) bool {
+	instance, ok := resource.(*types.Instance)
+	if !ok {
+		return false
+	}
+	return instance.PublicIpAddress == nil
+}
+
+func Ec2RunningInVPCCondition(resource interface{}) bool {
+	instance, ok := resource.(*types.Instance)
+	if !ok {
+		return false
+	}
+	return instance.VpcId != nil && *instance.VpcId != ""
+}
+
+// Generate unit test functions for each condition
diff --git a/aws/ec2/ec2Conditions_test.go b/aws/ec2/ec2Conditions_test.go
@@ -0,0 +1,95 @@
+package ec2
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+)
+
+// Generate unit tests for EC2
+
+func TestEc2MonitoringEnabledCondition(t *testing.T) {
+	type args struct {
+		resource interface{}
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "TestEc2MonitoringEnabledCondition",
+			args: args{
+				resource: &types.Instance{
+					Monitoring: &types.Monitoring{
+						State: types.MonitoringStateEnabled,
+					},
+				},
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := Ec2MonitoringEnabledCondition(tt.args.resource); got != tt.want {
+				t.Errorf("Ec2MonitoringEnabledCondition() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestEc2PublicIPCondition(t *testing.T) {
+	type args struct {
+		resource interface{}
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "TestEc2PublicIPCondition",
+			args: args{
+				resource: &types.Instance{
+					PublicIpAddress: nil,
+				},
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := Ec2PublicIPCondition(tt.args.resource); got != tt.want {
+				t.Errorf("Ec2PublicIPCondition() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestEc2RunningInVPCCondition(t *testing.T) {
+	type args struct {
+		resource interface{}
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "TestEc2RunningInVPCCondition",
+			args: args{
+				resource: &types.Instance{
+					VpcId: nil,
+				},
+			},
+			want: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := Ec2RunningInVPCCondition(tt.args.resource); got != tt.want {
+				t.Errorf("Ec2RunningInVPCCondition() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/aws/ec2/ec2Monitoring.go b/aws/ec2/ec2Monitoring.go
diff --git a/aws/ec2/ec2Monitoring_test.go b/aws/ec2/ec2Monitoring_test.go
diff --git a/aws/ec2/ec2PublicIp.go b/aws/ec2/ec2PublicIp.go