pmh_only/bp-check
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix if condition & Reduce API calls

Browse Source
This commit is contained in:
skyuecx0630 2024-08-10 17:51:28 +09:00
parent 270e02cd76
commit df4b264145
1 changed files with 14 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
services/ecs.py
View File

@ -76,7 +76,7 @@ def ecs_containers_readonly_access():
containers = task_definition["containerDefinitions"] containers = task_definition["containerDefinitions"]
for container in containers: for container in containers:
if container.get("readonlyRootFilesystem") == False: if not container.get("readonlyRootFilesystem"):
non_compliant_resources.append(task_definition["taskDefinitionArn"]) non_compliant_resources.append(task_definition["taskDefinitionArn"])
break break
else: else:
@ -92,20 +92,16 @@ def ecs_containers_readonly_access():
def ecs_container_insights_enabled(): def ecs_container_insights_enabled():
compliant_resources = [] compliant_resources = []
non_compliant_resources = [] non_compliant_resources = []
cluster_arns = client.list_clusters()["clusterArns"]
for cluster_arn in cluster_arns: clusters = client.describe_clusters(include=["SETTINGS"])["clusters"]
clusters = client.describe_clusters(clusters=[cluster_arn], include=["SETTINGS"])["clusters"]
for cluster in clusters: for cluster in clusters:
settings = cluster["settings"] container_insights_setting = [setting for setting in cluster["settings"] if setting["name"] == "containerInsights"]
for setting in settings: if container_insights_setting and container_insights_setting[0]["value"] == "enabled":
if setting["name"] == "containerInsights" and setting["value"] == "enabled": compliant_resources.append(cluster["clusterArn"])
compliant_resources.append(cluster_arn) else:
break non_compliant_resources.append(cluster["clusterArn"])
else:
non_compliant_resources.append(cluster_arn)
return RuleCheckResult( return RuleCheckResult(
passed=not non_compliant_resources, passed=not non_compliant_resources,
@ -120,18 +116,14 @@ def ecs_fargate_latest_platform_version():
cluster_arns = client.list_clusters()["clusterArns"] cluster_arns = client.list_clusters()["clusterArns"]
for cluster_arn in cluster_arns: for cluster_arn in cluster_arns:
services = client.list_services(cluster=cluster_arn, launchType="FARGATE")["serviceArns"] service_arns = client.list_services(cluster=cluster_arn, launchType="FARGATE")["serviceArns"]
services = client.describe_services(cluster=cluster_arn, services=service_arns)["services"]
for service in services: for service in services:
service = client.describe_services(cluster=cluster_arn, services=[service])["services"][0] if service["platformVersion"] == "LATEST":
if service["launchType"] == "FARGATE":
if service["platformVersion"] == "LATEST":
compliant_resources.append(service["serviceArn"])
else:
non_compliant_resources.append(service["serviceArn"])
else:
compliant_resources.append(service["serviceArn"]) compliant_resources.append(service["serviceArn"])
else:
non_compliant_resources.append(service["serviceArn"])
return RuleCheckResult( return RuleCheckResult(
passed=not non_compliant_resources, passed=not non_compliant_resources,