Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(aws): Add new kafka service #4001

Merged
merged 12 commits into from
May 16, 2024
Merged

feat(aws): Add new kafka service #4001

merged 12 commits into from
May 16, 2024

Conversation

puchy22
Copy link
Contributor

@puchy22 puchy22 commented May 14, 2024

Context

Add new Kafka service with one basic check.

Description

It adds new service code, basic check code to ensure using the latest version of Kafka and their respective unit tests.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the provider/aws Issues/PRs related with the AWS provider label May 14, 2024
@sergargar sergargar linked an issue May 15, 2024 that may be closed by this pull request
support for aws msk #3049
Closed
@puchy22 puchy22 marked this pull request as ready for review May 15, 2024 08:58
@puchy22 puchy22 requested review from a team as code owners May 15, 2024 08:58
sergargar
sergargar reviewed May 15, 2024
View reviewed changes
...rvices/kafka/kafka_cluster_use_latest_version/kafka_cluster_use_latest_version.metadata.json Outdated
"Code": {
"CLI": "aws kafka update-cluster-configuration --cluster-arn <arn_cluster> --current-version <current_version> --target-version <latest_version>",
"NativeIaC": "",
"Other": "",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"Other": "",
"Other": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/MSK/enable-apache-kafka-latest-security-features.html",

sergargar
sergargar reviewed May 15, 2024
View reviewed changes
...rvices/kafka/kafka_cluster_use_latest_version/kafka_cluster_use_latest_version.metadata.json Outdated
},
"Recommendation": {
"Text": "Change the database to private mode.",
"Url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/MSK/enable-apache-kafka-latest-security-features.html"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"Url": "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/MSK/enable-apache-kafka-latest-security-features.html"
"Url": "https://docs.aws.amazon.com/msk/latest/developerguide/version-support.html#version-upgrades"

sergargar
sergargar reviewed May 15, 2024
View reviewed changes
prowler/providers/aws/services/kafka/kafka_service.py Outdated

for page in cluster_paginator.paginate():
for cluster in page["ClusterInfoList"]:
self.clusters[cluster.get("ClusterArn", "")] = Cluster(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use the resource filter:

                    if not self.audit_resources or (
                        is_resource_filtered(arn, self.audit_resources)
                    ):

sergargar
sergargar reviewed May 15, 2024
View reviewed changes
...ders/aws/services/kafka/kafka_cluster_use_latest_version/kafka_cluster_use_latest_version.py Outdated
Comment on lines 20 to 22
if cluster.kafka_version != getattr(
kafka_client.kafka_versions[-1], "version", ""
):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getattr is not needed here ;)

@puchy22 puchy22 changed the title feat(aws): Add new managed kafka managed service feat(aws): Add new kafka managed service May 15, 2024
@puchy22 puchy22 changed the title feat(aws): Add new kafka managed service feat(aws): Add new kafka service May 15, 2024
@codecov Codecov
Copy link

codecov bot commented May 15, 2024
edited

Codecov Report

Attention: Patch coverage is 94.28571% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 86.52%. Comparing base (45ccd7e) to head (9dee295).
Report is 13 commits behind head on master.

Files Patch % Lines
...wler/providers/aws/services/kafka/kafka_service.py 91.83% 4 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #4001   +/-   ##
=======================================
  Coverage   86.51%   86.52%           
=======================================
  Files         768      771    +3     
  Lines       23899    23971   +72     
=======================================
+ Hits        20677    20741   +64     
- Misses       3222     3230    +8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sergargar sergargar self-requested a review May 16, 2024 07:17
sergargar
sergargar reviewed May 16, 2024
View reviewed changes
...rvices/kafka/kafka_cluster_use_latest_version/kafka_cluster_use_latest_version.metadata.json Outdated
"Terraform": ""
},
"Recommendation": {
"Text": "Change the database to private mode.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, verify this.

sergargar
sergargar requested changes May 16, 2024
View reviewed changes
Copy link
Member

@sergargar sergargar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, review my comments!

puchy22 and others added 5 commits May 16, 2024 09:21
@puchy22 @sergargar
Update prowler/providers/aws/services/kafka/kafka_service.py
e481ede 
Use arn variable

Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
@puchy22 @sergargar
Update prowler/providers/aws/services/kafka/kafka_service.py
d90c917 
Use arn variable

Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
@puchy22
feat(kafka): Add new attributes to service related to security of clu…
8770813 
…ster
@puchy22
Merge branch 'PRWLR-2756-OSS-Amazon-Managed-Streaming-for-Apache-Kafk…
6c8bf8e 
…a-MSK-Checks' of github.com:puchy22/prowler into PRWLR-2756-OSS-Amazon-Managed-Streaming-for-Apache-Kafka-MSK-Checks
@puchy22
chore(kafka): Fix metadata recommendation to adjust to the check
178cda9
sergargar
sergargar reviewed May 16, 2024
View reviewed changes
...rvices/kafka/kafka_cluster_use_latest_version/kafka_cluster_use_latest_version.metadata.json Outdated
@@ -0,0 +1,32 @@
{
"Provider": "aws",
"CheckID": "kafka_cluster_use_latest_version",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"CheckID": "kafka_cluster_use_latest_version",
"CheckID": "kafka_cluster_uses_latest_version",

sergargar
sergargar approved these changes May 16, 2024
View reviewed changes
Copy link
Member

@sergargar sergargar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job!!

@sergargar sergargar merged commit 4aedba7 into prowler-cloud:master May 16, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sergargar sergargar sergargar approved these changes

Assignees
No one assigned
Labels
provider/aws Issues/PRs related with the AWS provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

support for aws msk
2 participants
@puchy22 @sergargar