fix(apig): fixed issue with logs for APIG

padok-team · Sep 6, 2022 · 481b0b2 · 481b0b2
1 parent 77b0146
commit 481b0b2
Show file tree

Hide file tree

Showing 8 changed files with 80 additions and 67 deletions.
diff --git a/plugins/aws/apigateway/apiStagesCloudwatchLogs.go b/plugins/aws/apigateway/apiStagesCloudwatchLogs.go
@@ -8,19 +8,21 @@ import (
 	"github.com/stangirard/yatas/internal/yatas"
 )
 
-func CheckIfStagesCloudwatchLogsExist(checkConfig yatas.CheckConfig, stages []types.Stage, testName string) {
+func CheckIfStagesCloudwatchLogsExist(checkConfig yatas.CheckConfig, stages map[string][]types.Stage, testName string) {
 	logger.Info(fmt.Sprint("Running ", testName))
 	var check yatas.Check
 	check.InitCheck("ApiGateways logs are sent to Cloudwatch", "Check if all cloudwatch logs are enabled for all stages", testName)
-	for _, stage := range stages {
-		if stage.AccessLogSettings != nil && stage.AccessLogSettings.DestinationArn != nil {
-			Message := "Cloudwatch logs are enabled on stage" + *stage.StageName
-			result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName}
-			check.AddResult(result)
-		} else {
-			Message := "Cloudwatch logs are not enabled on " + *stage.StageName
-			result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName}
-			check.AddResult(result)
+	for apigateway, id := range stages {
+		for _, stage := range id {
+			if stage.AccessLogSettings != nil && stage.AccessLogSettings.DestinationArn != nil {
+				Message := "Cloudwatch logs are enabled on stage" + *stage.StageName + " of ApiGateway " + apigateway
+				result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName}
+				check.AddResult(result)
+			} else {
+				Message := "Cloudwatch logs are not enabled on " + *stage.StageName + " of ApiGateway " + apigateway
+				result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName}
+				check.AddResult(result)
+			}
 		}
 	}
 	checkConfig.Queue <- check

diff --git a/plugins/aws/apigateway/apiStagesCloudwatchLogs_test.go b/plugins/aws/apigateway/apiStagesCloudwatchLogs_test.go
@@ -12,7 +12,7 @@ import (
 func TestCheckIfStagesCloudwatchLogsExist(t *testing.T) {
 	type args struct {
 		checkConfig yatas.CheckConfig
-		stages      []types.Stage
+		stages      map[string][]types.Stage
 		testName    string
 	}
 	tests := []struct {
@@ -26,12 +26,14 @@ func TestCheckIfStagesCloudwatchLogsExist(t *testing.T) {
 					Wg:    &sync.WaitGroup{},
 					Queue: make(chan yatas.Check, 1),
 				},
-				stages: []types.Stage{
-					{
-						AccessLogSettings: &types.AccessLogSettings{
-							DestinationArn: aws.String("arn:aws:logs:us-east-1:123456789012:log-group:apigateway-access-logs:log-stream:test-api-stages-cloudwatch-logs"),
+				stages: map[string][]types.Stage{
+					"test-api": {
+						{
+							AccessLogSettings: &types.AccessLogSettings{
+								DestinationArn: aws.String("arn:aws:logs:us-east-1:123456789012:log-group:apigateway-access-logs:log-stream:test-api-stages-cloudwatch-logs"),
+							},
+							StageName: aws.String("test-stage"),
 						},
-						StageName: aws.String("test-stage"),
 					},
 				},
 				testName: "test-name",
@@ -61,7 +63,7 @@ func TestCheckIfStagesCloudwatchLogsExist(t *testing.T) {
 func TestCheckIfStagesCloudwatchLogsExistFail(t *testing.T) {
 	type args struct {
 		checkConfig yatas.CheckConfig
-		stages      []types.Stage
+		stages      map[string][]types.Stage
 		testName    string
 	}
 	tests := []struct {
@@ -75,9 +77,11 @@ func TestCheckIfStagesCloudwatchLogsExistFail(t *testing.T) {
 					Wg:    &sync.WaitGroup{},
 					Queue: make(chan yatas.Check, 1),
 				},
-				stages: []types.Stage{
-					{
-						StageName: aws.String("test-stage"),
+				stages: map[string][]types.Stage{
+					"test-api": {
+						{
+							StageName: aws.String("test-stage"),
+						},
 					},
 				},
 				testName: "test-name",

diff --git a/plugins/aws/apigateway/apiStagesProtectedAcl.go b/plugins/aws/apigateway/apiStagesProtectedAcl.go
@@ -8,19 +8,21 @@ import (
 	"github.com/stangirard/yatas/internal/yatas"
 )
 
-func CheckIfStagesProtectedByAcl(checkConfig yatas.CheckConfig, stages []types.Stage, testName string) {
+func CheckIfStagesProtectedByAcl(checkConfig yatas.CheckConfig, stages map[string][]types.Stage, testName string) {
 	logger.Info(fmt.Sprint("Running ", testName))
 	var check yatas.Check
 	check.InitCheck("ApiGateways are protected by an ACL", "Check if all stages are protected by ACL", testName)
-	for _, stage := range stages {
-		if stage.WebAclArn != nil && *stage.WebAclArn != "" {
-			Message := "Stage " + *stage.StageName + " is protected by ACL"
-			result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName}
-			check.AddResult(result)
-		} else {
-			Message := "Stage " + *stage.StageName + " is not protected by ACL"
-			result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName}
-			check.AddResult(result)
+	for apigateway, id := range stages {
+		for _, stage := range id {
+			if stage.WebAclArn != nil && *stage.WebAclArn != "" {
+				Message := "Stage " + *stage.StageName + " is protected by ACL" + " of ApiGateway " + apigateway
+				result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName}
+				check.AddResult(result)
+			} else {
+				Message := "Stage " + *stage.StageName + " is not protected by ACL" + " of ApiGateway " + apigateway
+				result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName}
+				check.AddResult(result)
+			}
 		}
 	}
 	checkConfig.Queue <- check

diff --git a/plugins/aws/apigateway/apiStagesProtectedAcl_test.go b/plugins/aws/apigateway/apiStagesProtectedAcl_test.go
@@ -12,7 +12,7 @@ import (
 func TestCheckIfStagesProtectedByAcl(t *testing.T) {
 	type args struct {
 		checkConfig yatas.CheckConfig
-		stages      []types.Stage
+		stages      map[string][]types.Stage
 		testName    string
 	}
 	tests := []struct {
@@ -26,14 +26,11 @@ func TestCheckIfStagesProtectedByAcl(t *testing.T) {
 					Wg:    &sync.WaitGroup{},
 					Queue: make(chan yatas.Check, 1),
 				},
-				stages: []types.Stage{
-					{
-						AccessLogSettings: &types.AccessLogSettings{
-							DestinationArn: aws.String("arn:aws:logs:us-east-1:123456789012:log-group:apigateway-access-logs:log-stream:test-api-stages-cloudwatch-logs"),
-						},
+				stages: map[string][]types.Stage{
+					"test-api": {{
 						StageName: aws.String("test-stage"),
 						WebAclArn: aws.String("arn:aws:execute-api:us-east-1:123456789012:test-api/test-stage/GET/test-path"),
-					},
+					}},
 				},
 				testName: "test-name",
 			},
@@ -62,7 +59,7 @@ func TestCheckIfStagesProtectedByAcl(t *testing.T) {
 func TestCheckIfStagesProtectedByAclFail(t *testing.T) {
 	type args struct {
 		checkConfig yatas.CheckConfig
-		stages      []types.Stage
+		stages      map[string][]types.Stage
 		testName    string
 	}
 	tests := []struct {
@@ -76,13 +73,14 @@ func TestCheckIfStagesProtectedByAclFail(t *testing.T) {
 					Wg:    &sync.WaitGroup{},
 					Queue: make(chan yatas.Check, 1),
 				},
-				stages: []types.Stage{
-					{
+				stages: map[string][]types.Stage{
+					"test-api": {{
 						AccessLogSettings: &types.AccessLogSettings{
 							DestinationArn: aws.String("arn:aws:logs:us-east-1:123456789012:log-group:apigateway-access-logs:log-stream:test-api-stages-cloudwatch-logs"),
 						},
 						StageName: aws.String("test-stage"),
 					},
+					},
 				},
 				testName: "test-name",
 			},

diff --git a/plugins/aws/apigateway/apigatewayTracing.go b/plugins/aws/apigateway/apigatewayTracing.go
@@ -8,19 +8,21 @@ import (
 	"github.com/stangirard/yatas/internal/yatas"
 )
 
-func CheckIfTracingEnabled(checkConfig yatas.CheckConfig, stages []types.Stage, testName string) {
+func CheckIfTracingEnabled(checkConfig yatas.CheckConfig, stages map[string][]types.Stage, testName string) {
 	logger.Info(fmt.Sprint("Running ", testName))
 	var check yatas.Check
 	check.InitCheck("ApiGateways have tracing enabled", "Check if all stages are enabled for tracing", testName)
-	for _, stage := range stages {
-		if stage.TracingEnabled {
-			Message := "Tracing is enabled on stage" + *stage.StageName
-			result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName}
-			check.AddResult(result)
-		} else {
-			Message := "Tracing is not enabled on " + *stage.StageName
-			result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName}
-			check.AddResult(result)
+	for apigateway, id := range stages {
+		for _, stage := range id {
+			if stage.TracingEnabled {
+				Message := "Tracing is enabled on stage" + *stage.StageName + " of ApiGateway " + apigateway
+				result := yatas.Result{Status: "OK", Message: Message, ResourceID: *stage.StageName}
+				check.AddResult(result)
+			} else {
+				Message := "Tracing is not enabled on " + *stage.StageName + " of ApiGateway " + apigateway
+				result := yatas.Result{Status: "FAIL", Message: Message, ResourceID: *stage.StageName}
+				check.AddResult(result)
+			}
 		}
 	}
 	checkConfig.Queue <- check

diff --git a/plugins/aws/apigateway/apigatewayTracing_test.go b/plugins/aws/apigateway/apigatewayTracing_test.go
@@ -12,7 +12,7 @@ import (
 func TestCheckIfTracingEnabled(t *testing.T) {
 	type args struct {
 		checkConfig yatas.CheckConfig
-		stages      []types.Stage
+		stages      map[string][]types.Stage
 		testName    string
 	}
 	tests := []struct {
@@ -23,10 +23,12 @@ func TestCheckIfTracingEnabled(t *testing.T) {
 			name: "Check if all stages are tracing enabled",
 			args: args{
 				checkConfig: yatas.CheckConfig{Queue: make(chan yatas.Check, 1), Wg: &sync.WaitGroup{}},
-				stages: []types.Stage{
-					{
-						TracingEnabled: true,
-						StageName:      aws.String("test"),
+				stages: map[string][]types.Stage{
+					"test-api": {
+						{
+							TracingEnabled: true,
+							StageName:      aws.String("test"),
+						},
 					},
 				},
 				testName: "CheckIfTracingEnabled",

diff --git a/plugins/aws/apigateway/getter.go b/plugins/aws/apigateway/getter.go
@@ -61,8 +61,8 @@ func GetAllResourcesApiGateway(svc APIGatewayGetObjectAPI, apiId string) []types
 	return resources
 }
 
-func GetAllStagesApiGateway(svc APIGatewayGetObjectAPI, apis []types.RestApi) []types.Stage {
-	var stages []types.Stage
+func GetAllStagesApiGateway(svc APIGatewayGetObjectAPI, apis []types.RestApi) map[string][]types.Stage {
+	stages := make(map[string][]types.Stage)
 	for _, api := range apis {
 		input := &apigateway.GetStagesInput{
 			RestApiId: api.Id,
@@ -71,7 +71,7 @@ func GetAllStagesApiGateway(svc APIGatewayGetObjectAPI, apis []types.RestApi) []
 		if err != nil {
 			return nil
 		}
-		stages = append(stages, result.Item...)
+		stages[*api.Id] = result.Item
 
 	}
 	return stages

diff --git a/plugins/aws/apigateway/getter_test.go b/plugins/aws/apigateway/getter_test.go
@@ -137,7 +137,7 @@ func TestGetAllStagesApiGateway(t *testing.T) {
 	tests := []struct {
 		name string
 		args args
-		want []types.Stage
+		want map[string][]types.Stage
 	}{
 		{
 			name: "Empty list of API Gateway stages",
@@ -149,15 +149,18 @@ func TestGetAllStagesApiGateway(t *testing.T) {
 					},
 				},
 			},
-			want: []types.Stage{
-				{
-					DeploymentId: aws.String("deploymentId"),
-					AccessLogSettings: &types.AccessLogSettings{
-						DestinationArn: aws.String("destinationArn"),
-						Format:         aws.String("format"),
+			want: map[string][]types.Stage{
+				"test": {
+
+					{
+						DeploymentId: aws.String("deploymentId"),
+						AccessLogSettings: &types.AccessLogSettings{
+							DestinationArn: aws.String("destinationArn"),
+							Format:         aws.String("format"),
+						},
+						TracingEnabled: true,
+						WebAclArn:      aws.String("webAclArn"),
 					},
-					TracingEnabled: true,
-					WebAclArn:      aws.String("webAclArn"),
 				},
 			},
 		},