feat(sns): sns topics no http subscriptions #4095
Conversation
github-actions
bot
added
the
provider/aws
| if subscription.SubscriptionArn == "PendingConfirmation": | ||
| continue |
There was a problem hiding this comment.
You are already checking this in the service, right?
There was a problem hiding this comment.
I've moved the PendingConfirmation logic to the check. I believe that all subscriptions, including those that are pending, should be included in the object. It should be up to the check to decide if it wants to do something with those types of subscriptions.
| SubscriptionArn: str | ||
| Owner: str | ||
| Protocol: str | ||
| Endpoint: str | ||
| TopicArn: str |
There was a problem hiding this comment.
| SubscriptionArn: str | |
| Owner: str | |
| Protocol: str | |
| Endpoint: str | |
| TopicArn: str | |
| arn: str | |
| owner: str | |
| protocol: str | |
| endpoint: str |
There was a problem hiding this comment.
Please, use the pattern that we have for the rest of the classes and you don't need the TopicArn since it is already attached to a Topic class.
There was a problem hiding this comment.
Good suggestion. Fixed!
| @@ -74,6 +75,39 @@ def __list_tags_for_resource__(self): | |||
| f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" | |||
| ) | |||
|
|
|||
| def __get_subscriptions__(self): | |||
There was a problem hiding this comment.
| def __get_subscriptions__(self): | |
| def __list_subscriptions_by_topic__(self): |
| @@ -74,6 +75,39 @@ def __list_tags_for_resource__(self): | |||
| f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}" | |||
| ) | |||
|
|
|||
| def __get_subscriptions__(self): | |||
| logger.info("SNS - Getting subscriptions...") | |||
There was a problem hiding this comment.
| logger.info("SNS - Getting subscriptions...") | |
| logger.info("SNS - Listing subscriptions by topic...") |
| report.resource_id = topic.name | ||
| report.resource_arn = topic.arn | ||
| report.resource_tags = topic.tags |
There was a problem hiding this comment.
What is the resource checked within the check? If it is the subscription, we need to modify the check name to something like sns_subscriptions_not_using_http_endpoints or similar and set the subscription as resource_id and resource_arn.
There was a problem hiding this comment.
I put the subscription.arn as resource_id and resource_arn
| report.resource_tags = topic.tags | ||
| report.status = "PASS" | ||
| report.status_extended = ( | ||
| f"Subscription {subscription.SubscriptionArn} is HTTPS." |
There was a problem hiding this comment.
| f"Subscription {subscription.SubscriptionArn} is HTTPS." | |
| f"Subscription {subscription.SubscriptionArn} is using an HTTPS endpoint." |
| if subscription.Protocol == "http": | ||
| report.status = "FAIL" | ||
| report.status_extended = ( | ||
| f"Subscription {subscription.SubscriptionArn} is HTTP." |
There was a problem hiding this comment.
| f"Subscription {subscription.SubscriptionArn} is HTTP." | |
| f"Subscription {subscription.SubscriptionArn} is using an HTTP endpoint." |
|
Forgot to say that we need to update service's test with the new function. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4095 +/- ##
==========================================
- Coverage 86.39% 86.31% -0.09%
==========================================
Files 794 795 +1
Lines 24874 24917 +43
==========================================
+ Hits 21491 21508 +17
- Misses 3383 3409 +26 ☔ View full report in Codecov by Sentry. |
I created a new test for the service. |
|
@sergargar @jfagoagas I have reviewed all your comments. Can you check it again? |
Context
Create a new check for the SNS service in the provider AWS
Description
This change ensures that AWS SNS topics are not subscribed to HTTP endpoints
Add a new type of Object for SNS, the Subscription.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.