New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validated the region passed before instantiating the service class #16463
Validated the region passed before instantiating the service class #16463
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding to the suggested change in the code, why does the module continue with its execution and not exit when an invalid region is passed? Wouldn't be better if the module shows an error and exits to alert the user of the wrong configuration?
I chose this behavior because the module can receive multiple regions for one execution. Then if one valid and one invalid region are passed, the execution can process the valid one. |
wodles/aws/aws_s3.py
Outdated
try: | ||
service_type.check_region(region) | ||
except ValueError: | ||
debug(f"+++ WARNING: The region '{region}' is not a valid one.", 1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The warning message is only displayed when the module is manually executed but not when configured in the ossec.conf
file. We should check this behavior so the users acknowledge the problem as soon as possible and do not need to set the debug level and reset the module.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we discuss, the best solution, for now, is to raise an exception and quit the execution. Until we have #16301.
I will do the changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
9306286
to
d401ddf
Compare
…16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
…16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
…16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
…16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
* Validated the region passed before instantiating the service class (#16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Show explicit messages when there aren't logs to process (#16365) * Improve filter aguments for custom buckets * Improve check for empty bucket in server access * Fix custom bucket markers (#16410) * Fix query paramters for CustomBucket.sql_find_last_key_processed * Show message when there aren't logs to process in custom buckets * Apply improvements to ServerAccessBucket.iter_files_in_bucket * Add missing counter for processed_logs * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Fix method callbacks --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Improve VPCFlow and Config items iteration (#16325) * Implement basic changes * Use methods inherited from AWSBucket * Improve items iteration AWSVPCFlowBucket * Use methods inherited from AWSBucket in AWSVPCFlowBucket * Clean up unused methods and variables * Fix too many blank lines * Handle exception when an inexistent region was provided (#16332) * Handle exception when an inexistent region was provided * Get regions from constant * Use AWSBucket.empty_bucket_message_template in AWSLBBucket class * Add AWS parser validations (#16493) * Fix bucket and service empty messages * Fix bucket and service invalid value messages * Improve regex validation for bucket name * Improve regex validation for prefix and rename function * Improved regex validation for region and avoided repeated ones * Show error and exit for empty log group * Added function to validate aws_log_groups argument * Sorted regions after validation * Use AWSBucket.empty_bucket_message_template native guarduty case --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
* Validated the region passed before instantiating the service class (#16463) * Validated the region passed before instantiating the service class * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Exit with error when receive and invalid region --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Show explicit messages when there aren't logs to process (#16365) * Improve filter aguments for custom buckets * Improve check for empty bucket in server access * Fix custom bucket markers (#16410) * Fix query paramters for CustomBucket.sql_find_last_key_processed * Show message when there aren't logs to process in custom buckets * Apply improvements to ServerAccessBucket.iter_files_in_bucket * Add missing counter for processed_logs * Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Fix method callbacks --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * Improve VPCFlow and Config items iteration (#16325) * Implement basic changes * Use methods inherited from AWSBucket * Improve items iteration AWSVPCFlowBucket * Use methods inherited from AWSBucket in AWSVPCFlowBucket * Clean up unused methods and variables * Fix too many blank lines * Handle exception when an inexistent region was provided (#16332) * Handle exception when an inexistent region was provided * Get regions from constant * Use AWSBucket.empty_bucket_message_template in AWSLBBucket class * Add AWS parser validations (#16493) * Fix bucket and service empty messages * Fix bucket and service invalid value messages * Improve regex validation for bucket name * Improve regex validation for prefix and rename function * Improved regex validation for region and avoided repeated ones * Show error and exit for empty log group * Added function to validate aws_log_groups argument * Sorted regions after validation * Use AWSBucket.empty_bucket_message_template native guarduty case --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
Description
This PR closes #16301. Adds validation for the region passed to the service classes, in order to prevent requesting inexistent endpoints.
Tests