Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(rds): Handle DBParameterGroupNotFound #4148

Merged
merged 2 commits into from
May 31, 2024
Merged

fix(rds): Handle DBParameterGroupNotFound #4148

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3e836dc
fix(rds): Handle DBParameterGroupNotFound
jfagoagas May 31, 2024
d700f54
add try catch
MrCloudSec May 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
140 changes: 92 additions & 48 deletions prowler/providers/aws/services/rds/rds_service.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,57 +198,101 @@
"describe_db_clusters"
)
for page in describe_db_clusters_paginator.paginate():
for cluster in page["DBClusters"]:
db_cluster_arn = f"arn:{self.audited_partition}:rds:{regional_client.region}:{self.audited_account}:cluster:{cluster['DBClusterIdentifier']}"
if not self.audit_resources or (
is_resource_filtered(db_cluster_arn, self.audit_resources)
):
if cluster["Engine"] != "docdb":
describe_db_parameters_paginator = (
regional_client.get_paginator("describe_db_parameters")
)
db_cluster = DBCluster(
id=cluster["DBClusterIdentifier"],
arn=db_cluster_arn,
endpoint=cluster.get("Endpoint"),
engine=cluster["Engine"],
status=cluster["Status"],
public=cluster.get("PubliclyAccessible", False),
encrypted=cluster["StorageEncrypted"],
auto_minor_version_upgrade=cluster.get(
"AutoMinorVersionUpgrade", False
),
backup_retention_period=cluster.get(
"BackupRetentionPeriod"
),
cloudwatch_logs=cluster.get(
"EnabledCloudwatchLogsExports"
),
deletion_protection=cluster["DeletionProtection"],
parameter_group=cluster["DBClusterParameterGroup"],
multi_az=cluster["MultiAZ"],
region=regional_client.region,
tags=cluster.get("TagList", []),
)
for page in describe_db_parameters_paginator.paginate(
DBParameterGroupName=cluster["DBClusterParameterGroup"]
try:
for cluster in page["DBClusters"]:
try:
db_cluster_arn = f"arn:{self.audited_partition}:rds:{regional_client.region}:{self.audited_account}:cluster:{cluster['DBClusterIdentifier']}"
if not self.audit_resources or (
is_resource_filtered(
db_cluster_arn, self.audit_resources
)
):
for parameter in page["Parameters"]:
if parameter["ParameterName"] == "rds.force_ssl":
db_cluster.force_ssl = parameter[
"ParameterValue"
]
if (
parameter["ParameterName"]
== "require_secure_transport"
):
db_cluster.require_secure_transport = parameter[
"ParameterValue"
]
if cluster["Engine"] != "docdb":
db_cluster = DBCluster(
id=cluster["DBClusterIdentifier"],
arn=db_cluster_arn,
endpoint=cluster.get("Endpoint"),
engine=cluster["Engine"],
status=cluster["Status"],
public=cluster.get("PubliclyAccessible", False),
encrypted=cluster["StorageEncrypted"],
auto_minor_version_upgrade=cluster.get(
"AutoMinorVersionUpgrade", False
),
backup_retention_period=cluster.get(
"BackupRetentionPeriod"
),
cloudwatch_logs=cluster.get(
"EnabledCloudwatchLogsExports"
),
deletion_protection=cluster[
"DeletionProtection"
],
parameter_group=cluster[
"DBClusterParameterGroup"
],
multi_az=cluster["MultiAZ"],
region=regional_client.region,
tags=cluster.get("TagList", []),
)
# We must use a unique value as the dict key to have unique keys
self.db_clusters[db_cluster_arn] = db_cluster

# We must use a unique value as the dict key to have unique keys
self.db_clusters[db_cluster_arn] = db_cluster
# Get DB Cluster Parameters
describe_db_parameters_paginator = (
regional_client.get_paginator(
"describe_db_parameters"
)
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would put another try before this for loop (which is the one that is failing), so even if the cluster does not have parameter group name, its class can be created.

try:
for (
page
) in describe_db_parameters_paginator.paginate(
DBParameterGroupName=cluster[
"DBClusterParameterGroup"
]
):
try:
for parameter in page["Parameters"]:
if (
parameter["ParameterName"]
== "rds.force_ssl"
):
db_cluster.force_ssl = (
parameter["ParameterValue"]
)
if (
parameter["ParameterName"]
== "require_secure_transport"
):
db_cluster.require_secure_transport = parameter[
"ParameterValue"
]

except Exception as error:
logger.error(

Check warning on line 273 in prowler/providers/aws/services/rds/rds_service.py

View check run for this annotation

Codecov / codecov/patch

prowler/providers/aws/services/rds/rds_service.py#L272-L273 

Added lines #L272 - L273 were not covered by tests
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
except ClientError as error:
if (
error.response["Error"]["Code"]
== "DBParameterGroupNotFound"
):
logger.warning(
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
except Exception as error:
logger.error(

Check warning on line 285 in prowler/providers/aws/services/rds/rds_service.py

View check run for this annotation

Codecov / codecov/patch

prowler/providers/aws/services/rds/rds_service.py#L284-L285 

Added lines #L284 - L285 were not covered by tests
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
except Exception as error:
logger.error(

Check warning on line 289 in prowler/providers/aws/services/rds/rds_service.py

View check run for this annotation

Codecov / codecov/patch

prowler/providers/aws/services/rds/rds_service.py#L288-L289 

Added lines #L288 - L289 were not covered by tests
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
except Exception as error:
logger.error(

Check warning on line 293 in prowler/providers/aws/services/rds/rds_service.py

View check run for this annotation

Codecov / codecov/patch

prowler/providers/aws/services/rds/rds_service.py#L292-L293 

Added lines #L292 - L293 were not covered by tests
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
)
except Exception as error:
logger.error(
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
Expand Down