Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Change validation condition for check_logs_are_enabled rule #42

Merged
merged 2 commits into from
Sep 11, 2023

Conversation

ninedongsu
Copy link
Contributor

Issue #, if available:

Description of changes:
This PR is for fixing validation logic for security/check_logs_are_enabled rule.
The Validation condition in the rule always return True even if the audit log was disabled.

>>> cluster_metadata["cluster"]["logging"]["clusterLogging"]
[{'types': ['api', 'authenticator', 'controllerManager', 'scheduler'], 'enabled': True}, {'types': ['audit'], 'enabled': False}]
>>> cluster_metadata["cluster"]["logging"]["clusterLogging"][0]["enabled"]
True

Now changed validation logic correctly.

>>> cluster_metadata["cluster"]["logging"]["clusterLogging"]
[{'types': ['api', 'authenticator', 'controllerManager', 'scheduler'], 'enabled': True}, {'types': ['audit'], 'enabled': False}]
>>> logs = filter(lambda x: x.get('enabled') and 'audit' in x.get('types'), cluster_metadata["cluster"]["logging"]["clusterLogging"])                                                                                                                                                                                     
>>> list(logs)
[]

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@dorukozturk dorukozturk merged commit 5deb00a into aws-samples:main Sep 11, 2023
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants