Add feature : CodeSeries bp check

2024-08-12 11:20:13 +09:00 · 2024-08-12 11:20:13 +09:00 · 4e80bbddef
commit 4e80bbddef
parent 647bf14a74
1 changed files with 56 additions and 5 deletions
--- a/services/codeseries.py
+++ b/services/codeseries.py
@ -1,23 +1,74 @@
-from models import RuleCheckResult
 import boto3


-# client = boto3.client("")
+build_client = boto3.client("codebuild")
+
+deploy_client = boto3.client("codedeploy")


 def codebuild_project_environment_privileged_check():
+    compliant_resources = []
+    non_compliant_resources = []
+    projects = build_client.list_projects()["projects"]
+
+    for project in projects:
+        project = build_client.batch_get_projects(names=[project])["projects"][0]
+
+        if project["environment"]["privilegedMode"] != True:
+            compliant_resources.append(project["arn"])
+        else:
+            non_compliant_resources.append(project["arn"])
+
    return RuleCheckResult(
-        passed=False, compliant_resources=[], non_compliant_resources=[]
+        passed=not non_compliant_resources,
+        compliant_resources=compliant_resources,
+        non_compliant_resources=non_compliant_resources,
    )


 def codebuild_project_logging_enabled():
+    compliant_resources = []
+    non_compliant_resources = []
+    projects = build_client.list_projects()["projects"]
+
+    for project in projects:
+        project = build_client.batch_get_projects(names=[project])["projects"][0]
+        logs_config = project["logsConfig"]
+
+        if logs_config["cloudWatchLogs"]["status"] == "ENABLED" or logs_config["s3Logs"]["status"] == "ENABLED":
+            compliant_resources.append(project["arn"])
+        else:
+            non_compliant_resources.append(project["arn"])
+
    return RuleCheckResult(
-        passed=False, compliant_resources=[], non_compliant_resources=[]
+        passed=not non_compliant_resources,
+        compliant_resources=compliant_resources,
+        non_compliant_resources=non_compliant_resources,
    )


 def codedeploy_auto_rollback_monitor_enabled():
+    compliant_resources = []
+    non_compliant_resources = []
+    applications = deploy_client.list_applications()["applications"]
+
+    for application in applications:
+        deployment_groups = deploy_client.list_deployment_groups(applicationName=application)["deploymentGroups"]
+        for deployment_group in deployment_groups:
+            deployment_group = deploy_client.get_deployment_group(
+                applicationName=application, deploymentGroupName=deployment_group
+            )["deploymentGroupInfo"]
+
+            if (
+                deployment_group["alarmConfiguration"]["enabled"] == True
+                and deployment_group["autoRollbackConfiguration"]["enabled"] == True
+            ):
+                compliant_resources.append(deployment_group["deploymentGroupId"])
+            else:
+                non_compliant_resources.append(deployment_group["deploymentGroupId"])
+
    return RuleCheckResult(
-        passed=False, compliant_resources=[], non_compliant_resources=[]
+        passed=not non_compliant_resources,
+        compliant_resources=compliant_resources,
+        non_compliant_resources=non_compliant_resources,
    )