Add feature: EKS bp check
This commit is contained in:
Juwon
skyuecx0630
parent
c68e1f2290
commit
d377addf7b
@ -2,28 +2,67 @@ from models import RuleCheckResult
|
|||||||
import boto3
|
import boto3
|
||||||
|
|
||||||
|
|
||||||
# client = boto3.client("")
|
client = boto3.client("eks")
|
||||||
|
|
||||||
|
|
||||||
def eks_cluster_logging_enabled():
|
def eks_cluster_logging_enabled():
|
||||||
|
clusters = client.list_clusters()["clusters"]
|
||||||
|
compliant_resource = []
|
||||||
|
non_compliant_resources = []
|
||||||
|
|
||||||
|
for cluster in clusters:
|
||||||
|
response = client.describe_cluster(name=cluster)["cluster"]
|
||||||
|
if (
|
||||||
|
len(response["logging"]["clusterLogging"][0]["types"]) == 5
|
||||||
|
and response["logging"]["clusterLogging"][0]["enabled"] == True
|
||||||
|
):
|
||||||
|
compliant_resource.append(response["arn"])
|
||||||
|
else:
|
||||||
|
non_compliant_resources.append(response["arn"])
|
||||||
|
|
||||||
return RuleCheckResult(
|
return RuleCheckResult(
|
||||||
passed=False, compliant_resources=[], non_compliant_resources=[]
|
passed=not non_compliant_resources,
|
||||||
|
compliant_resources=compliant_resource,
|
||||||
|
non_compliant_resources=non_compliant_resources,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def eks_cluster_secrets_encrypted():
|
def eks_cluster_secrets_encrypted():
|
||||||
|
clusters = client.list_clusters()["clusters"]
|
||||||
|
compliant_resource = []
|
||||||
|
non_compliant_resources = []
|
||||||
|
|
||||||
|
for cluster in clusters:
|
||||||
|
response = client.describe_cluster(name=cluster)["cluster"]
|
||||||
|
if (
|
||||||
|
"encryptionConfig" in response
|
||||||
|
and "secrets" in response["encryptionConfig"][0]["resources"]
|
||||||
|
):
|
||||||
|
compliant_resource.append(response["arn"])
|
||||||
|
else:
|
||||||
|
non_compliant_resources.append(response["arn"])
|
||||||
|
|
||||||
return RuleCheckResult(
|
return RuleCheckResult(
|
||||||
passed=False, compliant_resources=[], non_compliant_resources=[]
|
passed=not non_compliant_resources,
|
||||||
|
compliant_resources=compliant_resource,
|
||||||
|
non_compliant_resources=non_compliant_resources,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def eks_endpoint_no_public_access():
|
def eks_endpoint_no_public_access():
|
||||||
return RuleCheckResult(
|
clusters = client.list_clusters()["clusters"]
|
||||||
passed=False, compliant_resources=[], non_compliant_resources=[]
|
compliant_resource = []
|
||||||
)
|
non_compliant_resources = []
|
||||||
|
|
||||||
|
for cluster in clusters:
|
||||||
|
response = client.describe_cluster(name=cluster)["cluster"]
|
||||||
|
if response["resourcesVpcConfig"]["endpointPublicAccess"] == False:
|
||||||
|
compliant_resource.append(response["arn"])
|
||||||
|
else:
|
||||||
|
non_compliant_resources.append(response["arn"])
|
||||||
|
|
||||||
def eks_secrets_encrypted():
|
|
||||||
return RuleCheckResult(
|
return RuleCheckResult(
|
||||||
passed=False, compliant_resources=[], non_compliant_resources=[]
|
passed=not non_compliant_resources,
|
||||||
|
compliant_resources=compliant_resource,
|
||||||
|
non_compliant_resources=non_compliant_resources,
|
||||||
)
|
)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user