Skip to content

Commit

Permalink
Merge branch 'master' into H-plugin/synapse-workspace-diagnostic-logging
Browse files Browse the repository at this point in the history
  • Loading branch information
alphadev4 authored Sep 18, 2024
2 parents bd578d3 + 77e8136 commit 171c21f
Show file tree
Hide file tree
Showing 39 changed files with 1,578 additions and 167 deletions.
6 changes: 3 additions & 3 deletions collectors/aws/ecs/listContainerInstances.js
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@ module.exports = function(AWSConfig, collection, retries, callback) {
helpers.makeCustomCollectorCall(ecs, 'listContainerInstances', params, retries, null, null, null, function(err, data) {
if (err) {
collection.ecs.listContainerInstances[AWSConfig.region][cluster].err = err;
} else if (data && data.containerInstanceArns) {
collection.ecs.listContainerInstances[AWSConfig.region][cluster].data = data.containerInstanceArns;
}

collection.ecs.listContainerInstances[AWSConfig.region][cluster].data = data.containerInstanceArns;

cb();
});
}, function(){
callback();
});
};
};
5 changes: 2 additions & 3 deletions collectors/aws/ecs/listServices.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,11 @@ module.exports = function(AWSConfig, collection, retries, callback) {
if (err) {
collection.ecs.listServices[AWSConfig.region][cluster].err = err;
}

collection.ecs.listServices[AWSConfig.region][cluster].data = data.serviceArns;
if (data && data.serviceArns) collection.ecs.listServices[AWSConfig.region][cluster].data = data.serviceArns;

cb();
});
}, function(){
callback();
});
};
};
40 changes: 40 additions & 0 deletions collectors/aws/iam/getRole.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
var AWS = require('aws-sdk');
var async = require('async');
var helpers = require(__dirname + '/../../../helpers/aws');

module.exports = function(AWSConfig, collection, retries, callback) {
var iam = new AWS.IAM(AWSConfig);

if (!collection.iam ||
!collection.iam.listRoles ||
!collection.iam.listRoles[AWSConfig.region] ||
!collection.iam.listRoles[AWSConfig.region].data) return callback();

async.eachLimit(collection.iam.listRoles[AWSConfig.region].data, 10, function(role, cb){
if (!role.Arn ||
!collection.iam.listRoles ||
!collection.iam.listRoles[AWSConfig.region] ||
!collection.iam.listRoles[AWSConfig.region].data) {

return cb();
}

collection.iam.getRole[AWSConfig.region][role.RoleName] = {};

helpers.makeCustomCollectorCall(iam, 'getRole', {RoleName: role.RoleName}, retries, null, null, null, function(err, data) {
if (err) {
collection.iam.getRole[AWSConfig.region][role.RoleName].err = err;
}
if (data) {
delete data['ResponseMetadata'];

data.Role.AssumeRolePolicyDocument = helpers.normalizePolicyDocument(data.Role.AssumeRolePolicyDocument);
collection.iam.getRole[AWSConfig.region][role.RoleName].data = data;
}

cb();
});
}, function(){
callback();
});
};
36 changes: 22 additions & 14 deletions exports.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ module.exports = {
'restrictExternalTraffic' : require(__dirname + '/plugins/aws/appmesh/restrictExternalTraffic.js'),
'appmeshTLSRequired' : require(__dirname + '/plugins/aws/appmesh/appmeshTLSRequired.js'),
'appmeshVGHealthChecks' : require(__dirname + '/plugins/aws/appmesh/appmeshVGHealthChecks.js'),


'asgMultiAz' : require(__dirname + '/plugins/aws/autoscaling/asgMultiAz.js'),
'asgActiveNotifications' : require(__dirname + '/plugins/aws/autoscaling/asgActiveNotifications.js'),
Expand Down Expand Up @@ -242,6 +242,7 @@ module.exports = {
'ebsVolumeHasTags' : require(__dirname + '/plugins/aws/ec2/ebsVolumeHasTags.js'),
'openAllPortsProtocolsEgress' : require(__dirname + '/plugins/aws/ec2/openAllPortsProtocolsEgress.js'),
'defaultSecurityGroupInUse' : require(__dirname + '/plugins/aws/ec2/defaultSecurityGroupInUse.js'),
'ec2NetworkExposure' : require(__dirname + '/plugins/aws/ec2/ec2NetworkExposure.js'),

'efsCmkEncrypted' : require(__dirname + '/plugins/aws/efs/efsCmkEncrypted.js'),
'efsEncryptionEnabled' : require(__dirname + '/plugins/aws/efs/efsEncryptionEnabled.js'),
Expand Down Expand Up @@ -323,7 +324,7 @@ module.exports = {
'opensearchPublicEndpoint' : require(__dirname + '/plugins/aws/opensearch/opensearchPublicEndpoint.js'),
'opensearchRequireIAMAuth' : require(__dirname + '/plugins/aws/opensearch/opensearchRequireIAMAuth.js'),
'opensearchTlsVersion' : require(__dirname + '/plugins/aws/opensearch/opensearchTlsVersion.js'),
'opensearchUpgradeAvailable' : require(__dirname + '/plugins/aws/opensearch/opensearchUpgradeAvailable.js'),
'opensearchUpgradeAvailable' : require(__dirname + '/plugins/aws/opensearch/opensearchUpgradeAvailable.js'),
'opensearchVersion' : require(__dirname + '/plugins/aws/opensearch/opensearchVersion.js'),
'opensearchZoneAwarenessEnabled': require(__dirname + '/plugins/aws/opensearch/opensearchZoneAwarenessEnabled.js'),

Expand Down Expand Up @@ -497,6 +498,8 @@ module.exports = {
'ssmSessionDuration' : require(__dirname + '/plugins/aws/ssm/ssmSessionDuration'),

'ledgerEncrypted' : require(__dirname + '/plugins/aws/qldb/ledgerEncrypted'),
'ledgerHasTags' : require(__dirname + '/plugins/aws/qldb/ledgerHasTags'),
'ledgerDeletionProtection' : require(__dirname + '/plugins/aws/qldb/ledgerDeletionProtection'),

'lambdaAdminPrivileges' : require(__dirname + '/plugins/aws/lambda/lambdaAdminPrivileges.js'),
'envVarsClientSideEncryption' : require(__dirname + '/plugins/aws/lambda/envVarsClientSideEncryption.js'),
Expand Down Expand Up @@ -715,7 +718,7 @@ module.exports = {
'storageAccountHasTags' : require(__dirname + '/plugins/azure/storageaccounts/storageAccountHasTags.js'),
'storageAccountPrivateEndpoint' : require(__dirname + '/plugins/azure/storageaccounts/storageAccountPrivateEndpoint.js'),
'infrastructureEncryption' : require(__dirname + '/plugins/azure/storageaccounts/infrastructureEncryption.js'),
'queueServiceLoggingEnabled' : require(__dirname + '/plugins/azure/storageaccounts/queueServiceLoggingEnabled.js'),
'queueServiceLoggingEnabled' : require(__dirname + '/plugins/azure/storageaccounts/queueServiceLoggingEnabled.js'),
'tableServiceLoggingEnabled' : require(__dirname + '/plugins/azure/storageaccounts/tableServiceLoggingEnabled.js'),
'blobServiceLoggingEnabled' : require(__dirname + '/plugins/azure/storageaccounts/blobServiceLoggingEnabled.js'),

Expand All @@ -725,8 +728,8 @@ module.exports = {

'fileServiceAllAccessAcl' : require(__dirname + '/plugins/azure/fileservice/fileServiceAllAccessAcl.js'),
'tableServiceAllAccessAcl' : require(__dirname + '/plugins/azure/tableservice/tableServiceAllAccessAcl.js'),
'queueServiceAllAccessAcl' : require(__dirname + '/plugins/azure/queueservice/queueServiceAllAccessAcl.js'),
'queueServiceAllAccessAcl' : require(__dirname + '/plugins/azure/queueservice/queueServiceAllAccessAcl.js'),

'externalNetworkAccess' : require(__dirname + '/plugins/azure/containerapps/externalNetworkAccess.js'),
'containerAppManagedIdentity' : require(__dirname + '/plugins/azure/containerapps/containerAppManagedIdentity.js'),
'containerAppAuthEnabled' : require(__dirname + '/plugins/azure/containerapps/containerAppAuthEnabled.js'),
Expand Down Expand Up @@ -805,6 +808,7 @@ module.exports = {
'vmDiskCMKRotation' : require(__dirname + '/plugins/azure/virtualmachines/vmDiskCMKRotation.js'),
'vmDiskPublicAccess' : require(__dirname + '/plugins/azure/virtualmachines/vmDiskPublicAccess.js'),
'computeGalleryRbacSharing' : require(__dirname + '/plugins/azure/virtualmachines/computeGalleryRbacSharing.js'),
'vmNetworkExposure' : require(__dirname + '/plugins/azure/virtualmachines/vmNetworkExposure.js'),

'bastionHostExists' : require(__dirname + '/plugins/azure/bastion/bastionHostExists.js'),
'bastionHostDiagnosticLogs' : require(__dirname + '/plugins/azure/bastion/bastionHostDiagnosticLogs.js'),
Expand All @@ -815,7 +819,7 @@ module.exports = {
'monitorLogsEnabled' : require(__dirname + '/plugins/azure/monitor/monitorLogsEnabled.js'),
'diagnosticsCapturedCategories' : require(__dirname + '/plugins/azure/monitor/diagnosticsCapturedCategories.js'),
'diagnosticsSettingsEnabled' : require(__dirname + '/plugins/azure/monitor/diagnosticsSettingsEnabled.js'),
'resourceAppropriateSKU' : require(__dirname + '/plugins/azure/monitor/monitorResourceSku.js'),
'resourceAppropriateSKU' : require(__dirname + '/plugins/azure/monitor/monitorResourceSku.js'),

'securityPolicyAlertsEnabled' : require(__dirname + '/plugins/azure/logalerts/securityPolicyAlertsEnabled.js'),
'nsgLoggingEnabled' : require(__dirname + '/plugins/azure/logalerts/nsgLoggingEnabled.js'),
Expand Down Expand Up @@ -966,7 +970,7 @@ module.exports = {
'sqlServerRecurringScans' : require(__dirname + '/plugins/azure/sqlserver/sqlServerRecurringScans.js'),
'sqlServerSendScanReports' : require(__dirname + '/plugins/azure/sqlserver/sqlServerSendScanReports.js'),
'sqlServerHasTags' : require(__dirname + '/plugins/azure/sqlserver/sqlServerHasTags.js'),
'restrictOutboundNetworking' : require(__dirname + '/plugins/azure/sqlserver/restrictOutboundNetworking.js'),
'restrictOutboundNetworking' : require(__dirname + '/plugins/azure/sqlserver/restrictOutboundNetworking.js'),
'auditOperationsEnabled' : require(__dirname + '/plugins/azure/sqlserver/auditOperationsEnabled.js'),
'serverConnectionPolicy' : require(__dirname + '/plugins/azure/sqlserver/serverConnectionPolicy.js'),
'auditStorageAuthType' : require(__dirname + '/plugins/azure/sqlserver/auditStorageAuthType.js'),
Expand Down Expand Up @@ -1048,7 +1052,7 @@ module.exports = {
'dbLedgerEnabled' : require(__dirname + '/plugins/azure/sqldatabases/dbLedgerEnabled.js'),
'dbEnableSecureEnclaves' : require(__dirname + '/plugins/azure/sqldatabases/dbEnableSecureEnclaves.js'),
'dbDataDiscoveryClassification' : require(__dirname + '/plugins/azure/sqldatabases/dbDataDiscoveryClassification.js'),

'lbHttpsOnly' : require(__dirname + '/plugins/azure/loadbalancer/lbHttpsOnly.js'),
'lbNoInstances' : require(__dirname + '/plugins/azure/loadbalancer/lbNoInstances.js'),
'lbHasTags' : require(__dirname + '/plugins/azure/loadbalancer/lbHasTags.js'),
Expand Down Expand Up @@ -1080,7 +1084,7 @@ module.exports = {
'cosmosdbHasTags' : require(__dirname + '/plugins/azure/cosmosdb/cosmosdbHasTags.js'),
'cosmosdbManagedIdentity' : require(__dirname + '/plugins/azure/cosmosdb/cosmosdbManagedIdentity.js'),
'cosmosdbLocalAuth' : require(__dirname + '/plugins/azure/cosmosdb/cosmosdbLocalAuth.js'),

'checkAdvisorRecommendations' : require(__dirname + '/plugins/azure/advisor/checkAdvisorRecommendations.js'),

'enableDefenderForStorage' : require(__dirname + '/plugins/azure/defender/enableDefenderForStorage.js'),
Expand All @@ -1102,7 +1106,7 @@ module.exports = {
'applicationGatewayHasTags' : require(__dirname + '/plugins/azure/applicationGateway/applicationGatewayHasTags.js'),
'agSecurityLoggingEnabled' : require(__dirname + '/plugins/azure/applicationGateway/agSecurityLoggingEnabled.js'),
'agSslPolicy' : require(__dirname + '/plugins/azure/applicationGateway/agSslPolicy'),
'agPreventionModeEnabled' : require(__dirname + '/plugins/azure/applicationGateway/agPreventionModeEnabled.js'),
'agPreventionModeEnabled' : require(__dirname + '/plugins/azure/applicationGateway/agPreventionModeEnabled.js'),
'agRequestBodyInspection' : require(__dirname + '/plugins/azure/applicationGateway/agRequestBodyInspection'),
'agRequestBodySize' : require(__dirname + '/plugins/azure/applicationGateway/agRequestBodySize.js'),
'agHttpsListenerOnly' : require(__dirname + '/plugins/azure/applicationGateway/agHttpsListenerOnly.js'),
Expand Down Expand Up @@ -1152,7 +1156,7 @@ module.exports = {
'namespaceLoggingEnabled' : require(__dirname + '/plugins/azure/servicebus/namespaceLoggingEnabled.js'),
'namespacePublicAccess' : require(__dirname + '/plugins/azure/servicebus/namespacePublicAccess.js'),
'namespaceInfraEncryption' : require(__dirname + '/plugins/azure/servicebus/namespaceInfraEncryption.js'),

'amsStorageAccountIdentity' : require(__dirname + '/plugins/azure/mediaServices/amsStorageAccountIdentity.js'),
'amsDiagnosticLogsEnabled' : require(__dirname + '/plugins/azure/mediaServices/amsDiagnosticLogsEnabled.js'),
'amsPublicAccessDisabled' : require(__dirname + '/plugins/azure/mediaServices/amsPublicAccessDisabled.js'),
Expand All @@ -1177,7 +1181,7 @@ module.exports = {
'healthMonitoringExtensionHttps': require(__dirname + '/plugins/azure/virtualmachinescaleset/healthMonitoringExtensionHttps.js'),
'vmssBootDiagnosticsEnabled' : require(__dirname + '/plugins/azure/virtualmachinescaleset/vmssBootDiagnosticsEnabled'),
'vmssWindowsAntiMalwareExt' : require(__dirname + '/plugins/azure/virtualmachinescaleset/vmssWindowsAntiMalwareExt'),

'appConfigManagedIdentity' : require(__dirname + '/plugins/azure/appConfigurations/appConfigManagedIdentity.js'),
'appConfigurationDiagnosticLogs': require(__dirname + '/plugins/azure/appConfigurations/appConfigurationDiagnosticLogs.js'),
'appConfigurationPublicAccess' : require(__dirname + '/plugins/azure/appConfigurations/appConfigurationPublicAccess.js'),
Expand All @@ -1187,7 +1191,7 @@ module.exports = {

'automationAcctDiagnosticLogs' : require(__dirname + '/plugins/azure/automationAccounts/automationAcctDiagnosticLogs.js'),
'automationAcctManagedIdentity' : require(__dirname + '/plugins/azure/automationAccounts/automationAcctManagedIdentity.js'),
'automationAcctApprovedCerts' : require(__dirname + '/plugins/azure/automationAccounts/automationAcctApprovedCerts.js'),
'automationAcctApprovedCerts' : require(__dirname + '/plugins/azure/automationAccounts/automationAcctApprovedCerts.js'),
'automationAcctEncryptedVars' : require(__dirname + '/plugins/azure/automationAccounts/automationAcctEncryptedVars.js'),
'automationAcctPublicAccess' : require(__dirname + '/plugins/azure/automationAccounts/automationAcctPublicAccess.js'),
'automationAcctExpiredWebhooks' : require(__dirname + '/plugins/azure/automationAccounts/automationAcctExpiredWebhooks.js'),
Expand All @@ -1200,6 +1204,7 @@ module.exports = {
'batchAccountsAADEnabled' : require(__dirname + '/plugins/azure/batchAccounts/batchAccountsAADEnabled.js'),
'batchAccountsHasTags' : require(__dirname + '/plugins/azure/batchAccounts/batchAccountsHasTags.js'),
'batchAccountsPublicAccess' : require(__dirname + '/plugins/azure/batchAccounts/batchAccountsPublicAccess.js'),
'batchAccountsManagedIdentity' : require(__dirname + '/plugins/azure/batchAccounts/batchAccountsManagedIdentity.js'),

'accountCMKEncrypted' : require(__dirname + '/plugins/azure/openai/accountCMKEncrypted.js'),
'accountManagedIdentity' : require(__dirname + '/plugins/azure/openai/accountManagedIdentity.js'),
Expand All @@ -1213,11 +1218,13 @@ module.exports = {
'workspaceManagedServicesCmk' : require(__dirname + '/plugins/azure/databricks/workspaceManagedServicesCmk.js'),
'workspaceManagedDiskCmk' : require(__dirname + '/plugins/azure/databricks/workspaceManagedDiskCmk.js'),
'workspaceHasTags' : require(__dirname + '/plugins/azure/databricks/workspaceHasTags.js'),

'workspaceManagedIdentity' : require(__dirname + '/plugins/azure/synapse/workspaceManagedIdentity.js'),
'synapseWorkspaceAdAuthEnabled' : require(__dirname + '/plugins/azure/synapse/synapseWorkspaceAdAuthEnabled.js'),
'synapseWorkspacPrivateEndpoint': require(__dirname + '/plugins/azure/synapse/synapseWorkspacPrivateEndpoint.js'),
'workspaceDiagnosticLogsEnabled': require(__dirname + '/plugins/azure/synapse/workspaceDiagnosticLogsEnabled.js'),
'workspaceDoubleEncryption' : require(__dirname + '/plugins/azure/synapse/workspaceDoubleEncryption.js'),


'apiInstanceManagedIdentity' : require(__dirname + '/plugins/azure/apiManagement/apiInstanceManagedIdentity.js'),
'apiInstanceHasTags' : require(__dirname + '/plugins/azure/apiManagement/apiInstanceHasTags.js'),
Expand Down Expand Up @@ -1437,6 +1444,7 @@ module.exports = {
'confidentialComputingEnabled' : require(__dirname + '/plugins/google/compute/confidentialComputingEnabled.js'),
'imagesCMKEncrypted' : require(__dirname + '/plugins/google/compute/imagesCMKEncrypted.js'),
'snapshotEncryption' : require(__dirname + '/plugins/google/compute/snapshotEncryption.js'),
'instanceNetworkExposure' : require(__dirname + '/plugins/google/compute/instanceNetworkExposure.js'),

'keyRotation' : require(__dirname + '/plugins/google/cryptographickeys/keyRotation.js'),
'keyProtectionLevel' : require(__dirname + '/plugins/google/cryptographickeys/keyProtectionLevel.js'),
Expand Down
Loading

0 comments on commit 171c21f

Please sign in to comment.