diff --git a/resources/fetchers/iam_fetcher.go b/resources/fetchers/iam_fetcher.go index e851314584..a2bd952b6c 100644 --- a/resources/fetchers/iam_fetcher.go +++ b/resources/fetchers/iam_fetcher.go @@ -108,6 +108,7 @@ func (r IAMResource) GetMetadata() (fetching.ResourceMetadata, error) { Type: fetching.CloudIdentity, SubType: r.GetResourceType(), Name: r.GetResourceName(), + Region: r.GetRegion(), }, nil } func (r IAMResource) GetElasticCommonData() any { return nil } diff --git a/resources/fetchers/kms_fetcher.go b/resources/fetchers/kms_fetcher.go index d54cf216a2..986c82000f 100644 --- a/resources/fetchers/kms_fetcher.go +++ b/resources/fetchers/kms_fetcher.go @@ -74,6 +74,7 @@ func (r KmsResource) GetMetadata() (fetching.ResourceMetadata, error) { Type: fetching.KeyManagement, SubType: r.key.GetResourceType(), Name: r.key.GetResourceName(), + Region: r.key.GetRegion(), }, nil } diff --git a/resources/fetchers/logging_fetcher.go b/resources/fetchers/logging_fetcher.go index 5f8c6c77b0..770355b9db 100644 --- a/resources/fetchers/logging_fetcher.go +++ b/resources/fetchers/logging_fetcher.go @@ -89,6 +89,7 @@ func (r LoggingResource) GetMetadata() (fetching.ResourceMetadata, error) { Type: fetching.CloudAudit, SubType: r.GetResourceType(), Name: r.GetResourceName(), + Region: r.GetRegion(), }, nil } func (r LoggingResource) GetElasticCommonData() any { return nil } diff --git a/resources/fetchers/monitoring_fetcher.go b/resources/fetchers/monitoring_fetcher.go index 1d73674fc5..5721cd9469 100644 --- a/resources/fetchers/monitoring_fetcher.go +++ b/resources/fetchers/monitoring_fetcher.go @@ -94,6 +94,7 @@ func (r MonitoringResource) GetMetadata() (fetching.ResourceMetadata, error) { Type: fetching.MonitoringIdentity, SubType: fetching.MultiTrailsType, Name: id, + Region: awslib.GlobalRegion, }, nil } func (r MonitoringResource) GetElasticCommonData() any { return nil } @@ -108,6 +109,7 @@ func (s SecurityHubResource) GetMetadata() (fetching.ResourceMetadata, error) { Name: s.GetResourceName(), Type: fetching.MonitoringIdentity, SubType: fetching.SecurityHubType, + Region: s.GetRegion(), }, nil } diff --git a/resources/fetchers/monitoring_fetcher_test.go b/resources/fetchers/monitoring_fetcher_test.go index 1984611593..3794d1adc3 100644 --- a/resources/fetchers/monitoring_fetcher_test.go +++ b/resources/fetchers/monitoring_fetcher_test.go @@ -160,6 +160,7 @@ func TestMonitoringResource_GetMetadata(t *testing.T) { Name: "cloudtrail-aws-account-id", Type: fetching.MonitoringIdentity, SubType: fetching.MultiTrailsType, + Region: awslib.GlobalRegion, }, }, { @@ -178,6 +179,7 @@ func TestMonitoringResource_GetMetadata(t *testing.T) { Name: "cloudtrail-aws-account-id", Type: fetching.MonitoringIdentity, SubType: fetching.MultiTrailsType, + Region: awslib.GlobalRegion, }, }, } @@ -227,6 +229,7 @@ func TestSecurityHubResource_GetMetadata(t *testing.T) { Name: "securityhub-us-east-1-" + accountId, Type: fetching.MonitoringIdentity, SubType: fetching.SecurityHubType, + Region: "us-east-1", }, }, { @@ -243,6 +246,7 @@ func TestSecurityHubResource_GetMetadata(t *testing.T) { Name: "securityhub-us-east-2-" + accountId, Type: fetching.MonitoringIdentity, SubType: fetching.SecurityHubType, + Region: "us-east-2", }, }, } diff --git a/resources/fetchers/network_fetcher.go b/resources/fetchers/network_fetcher.go index 1b9e3054d9..77c1ee7440 100644 --- a/resources/fetchers/network_fetcher.go +++ b/resources/fetchers/network_fetcher.go @@ -77,6 +77,7 @@ func (r NetworkResource) GetMetadata() (fetching.ResourceMetadata, error) { Type: fetching.EC2Identity, SubType: r.GetResourceType(), Name: r.GetResourceName(), + Region: r.GetRegion(), }, nil } diff --git a/resources/fetchers/rds_fetcher.go b/resources/fetchers/rds_fetcher.go index d1653cf547..20fbcb65b9 100644 --- a/resources/fetchers/rds_fetcher.go +++ b/resources/fetchers/rds_fetcher.go @@ -72,6 +72,7 @@ func (r RdsResource) GetMetadata() (fetching.ResourceMetadata, error) { Type: fetching.CloudDatabase, SubType: r.dbInstance.GetResourceType(), Name: r.dbInstance.GetResourceName(), + Region: r.dbInstance.GetRegion(), }, nil } diff --git a/resources/fetchers/s3_fetcher.go b/resources/fetchers/s3_fetcher.go index 7479455b4a..36827745f7 100644 --- a/resources/fetchers/s3_fetcher.go +++ b/resources/fetchers/s3_fetcher.go @@ -72,6 +72,7 @@ func (r S3Resource) GetMetadata() (fetching.ResourceMetadata, error) { Type: fetching.CloudStorage, SubType: r.bucket.GetResourceType(), Name: r.bucket.GetResourceName(), + Region: r.bucket.GetRegion(), }, nil } diff --git a/resources/providers/aws_cis/logging/provider.go b/resources/providers/aws_cis/logging/provider.go index f973ef5770..81ff5fc61a 100644 --- a/resources/providers/aws_cis/logging/provider.go +++ b/resources/providers/aws_cis/logging/provider.go @@ -94,3 +94,10 @@ func (e EnrichedTrail) GetResourceName() string { func (e EnrichedTrail) GetResourceType() string { return fetching.TrailType } + +func (e EnrichedTrail) GetRegion() string { + if e.Trail.HomeRegion == nil { + return "" + } + return *e.Trail.HomeRegion +} diff --git a/resources/providers/awslib/aws.go b/resources/providers/awslib/aws.go index f69c349d8a..19170997f9 100644 --- a/resources/providers/awslib/aws.go +++ b/resources/providers/awslib/aws.go @@ -23,7 +23,10 @@ import ( awssdk "github.com/aws/aws-sdk-go-v2/aws" ) -const DefaultRegion = "us-east-1" +const ( + DefaultRegion = "us-east-1" + GlobalRegion = "global" +) var ErrClientNotFound = errors.New("aws client not found") @@ -35,6 +38,7 @@ type AwsResource interface { GetResourceArn() string GetResourceName() string GetResourceType() string + GetRegion() string } func GetClient[T any](region *string, list map[string]T) (T, error) { diff --git a/resources/providers/awslib/configservice/configservice.go b/resources/providers/awslib/configservice/configservice.go index dc76f07aa0..37cf77d1a9 100644 --- a/resources/providers/awslib/configservice/configservice.go +++ b/resources/providers/awslib/configservice/configservice.go @@ -80,3 +80,7 @@ func (c Config) GetResourceName() string { func (c Config) GetResourceType() string { return fetching.ConfigServiceResourceType } + +func (c Config) GetRegion() string { + return c.region +} diff --git a/resources/providers/awslib/ec2/ebs_encryption.go b/resources/providers/awslib/ec2/ebs_encryption.go index bf879692a0..45bd02129c 100644 --- a/resources/providers/awslib/ec2/ebs_encryption.go +++ b/resources/providers/awslib/ec2/ebs_encryption.go @@ -40,3 +40,7 @@ func (e EBSEncryption) GetResourceName() string { func (e EBSEncryption) GetResourceType() string { return fetching.EBSType } + +func (e EBSEncryption) GetRegion() string { + return e.region +} diff --git a/resources/providers/awslib/ec2/nacl.go b/resources/providers/awslib/ec2/nacl.go index 36c7e95da5..b59af02b79 100644 --- a/resources/providers/awslib/ec2/nacl.go +++ b/resources/providers/awslib/ec2/nacl.go @@ -48,3 +48,7 @@ func (r NACLInfo) GetResourceName() string { func (r NACLInfo) GetResourceType() string { return fetching.NetworkNACLType } + +func (r NACLInfo) GetRegion() string { + return r.region +} diff --git a/resources/providers/awslib/ec2/security_group.go b/resources/providers/awslib/ec2/security_group.go index e5e899810d..7428878ba9 100644 --- a/resources/providers/awslib/ec2/security_group.go +++ b/resources/providers/awslib/ec2/security_group.go @@ -47,3 +47,7 @@ func (s SecurityGroup) GetResourceName() string { func (s SecurityGroup) GetResourceType() string { return fetching.SecurityGroupType } + +func (s SecurityGroup) GetRegion() string { + return s.region +} diff --git a/resources/providers/awslib/ec2/vpc.go b/resources/providers/awslib/ec2/vpc.go index d8c286c1e8..641aaf9aed 100644 --- a/resources/providers/awslib/ec2/vpc.go +++ b/resources/providers/awslib/ec2/vpc.go @@ -48,3 +48,7 @@ func (v VpcInfo) GetResourceName() string { func (v VpcInfo) GetResourceType() string { return fetching.VpcType } + +func (v VpcInfo) GetRegion() string { + return v.region +} diff --git a/resources/providers/awslib/iam/password_policy.go b/resources/providers/awslib/iam/password_policy.go index 6fb8618061..81be5caf39 100644 --- a/resources/providers/awslib/iam/password_policy.go +++ b/resources/providers/awslib/iam/password_policy.go @@ -70,3 +70,7 @@ func (p PasswordPolicy) GetResourceName() string { func (p PasswordPolicy) GetResourceType() string { return fetching.PwdPolicyType } + +func (p PasswordPolicy) GetRegion() string { + return awslib.GlobalRegion +} diff --git a/resources/providers/awslib/iam/policy.go b/resources/providers/awslib/iam/policy.go index 7ecaf30b0f..2dca723c36 100644 --- a/resources/providers/awslib/iam/policy.go +++ b/resources/providers/awslib/iam/policy.go @@ -136,6 +136,10 @@ func (p Policy) GetResourceType() string { return fetching.PolicyType } +func (p Policy) GetRegion() string { + return awslib.GlobalRegion +} + func stringOrEmpty(s *string) string { if s == nil { return "" diff --git a/resources/providers/awslib/iam/user.go b/resources/providers/awslib/iam/user.go index cac75ba23f..2f8108ce59 100644 --- a/resources/providers/awslib/iam/user.go +++ b/resources/providers/awslib/iam/user.go @@ -125,6 +125,10 @@ func (u User) GetResourceType() string { return fetching.IAMUserType } +func (u User) GetRegion() string { + return awslib.GlobalRegion +} + func (p Provider) listUsers(ctx context.Context) ([]types.User, error) { p.log.Debug("IAMProvider.getUsers") var nativeUsers []types.User diff --git a/resources/providers/awslib/kms/kms.go b/resources/providers/awslib/kms/kms.go index fa502fe4e0..a9e79d49d4 100644 --- a/resources/providers/awslib/kms/kms.go +++ b/resources/providers/awslib/kms/kms.go @@ -30,6 +30,7 @@ import ( type KmsInfo struct { KeyMetadata types.KeyMetadata `json:"key_metadata"` KeyRotationEnabled bool `json:"key_rotation_enabled"` + region string } type KMS interface { diff --git a/resources/providers/awslib/kms/provider.go b/resources/providers/awslib/kms/provider.go index 687ddf7273..2b9c223f4b 100644 --- a/resources/providers/awslib/kms/provider.go +++ b/resources/providers/awslib/kms/provider.go @@ -81,6 +81,7 @@ func (p *Provider) DescribeSymmetricKeys(ctx context.Context) ([]awslib.AwsResou result = append(result, KmsInfo{ KeyMetadata: *keyInfo.KeyMetadata, KeyRotationEnabled: rotationStatus.KeyRotationEnabled, + region: region, }) } return result, nil @@ -107,3 +108,7 @@ func (k KmsInfo) GetResourceName() string { func (k KmsInfo) GetResourceType() string { return fetching.KmsType } + +func (k KmsInfo) GetRegion() string { + return k.region +} diff --git a/resources/providers/awslib/kms/provider_test.go b/resources/providers/awslib/kms/provider_test.go index c26cddde9b..6e4b78c9a1 100644 --- a/resources/providers/awslib/kms/provider_test.go +++ b/resources/providers/awslib/kms/provider_test.go @@ -26,7 +26,6 @@ import ( kmsClient "github.com/aws/aws-sdk-go-v2/service/kms" "github.com/aws/aws-sdk-go-v2/service/kms/types" "github.com/elastic/cloudbeat/resources/providers/awslib" - "github.com/elastic/cloudbeat/resources/utils/testhelper" "github.com/elastic/elastic-agent-libs/logp" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/suite" @@ -58,7 +57,7 @@ func (s *ProviderTestSuite) TearDownTest() {} var keyId1 = "21c0ba99-3a6c-4f72-8ef8-8118d4804710" var keyId2 = "21c0ba99-3a6c-4f72-8ef8-8118d4804711" -func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { +func (s *ProviderTestSuite) TestProvider_DescribeSymmetricKeys() { var tests = []struct { name string regions []string @@ -142,8 +141,8 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { }, }, expected: []awslib.AwsResource{ - KmsInfo{KeyMetadata: types.KeyMetadata{KeyId: &keyId1, KeySpec: types.KeySpecSymmetricDefault}, KeyRotationEnabled: true}, - KmsInfo{KeyMetadata: types.KeyMetadata{KeyId: &keyId2, KeySpec: types.KeySpecSymmetricDefault}, KeyRotationEnabled: true}, + KmsInfo{KeyMetadata: types.KeyMetadata{KeyId: &keyId1, KeySpec: types.KeySpecSymmetricDefault}, KeyRotationEnabled: true, region: "us-east-1"}, + KmsInfo{KeyMetadata: types.KeyMetadata{KeyId: &keyId2, KeySpec: types.KeySpecSymmetricDefault}, KeyRotationEnabled: true, region: "us-east-2"}, }, expectError: false, regions: []string{"us-east-1", "us-east-2"}, @@ -151,16 +150,18 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { } for _, test := range tests { - kmsClientMock := &MockClient{} - for funcName, returnVals := range test.kmsClientMockReturnVals { - for _, vals := range returnVals { - kmsClientMock.On(funcName, vals[0]...).Return(vals[1]...).Once() + mockClients := make(map[string]Client, len(test.regions)) + for i, region := range test.regions { + kmsClientMock := &MockClient{} + for funcName, returnVals := range test.kmsClientMockReturnVals { + kmsClientMock.On(funcName, returnVals[i][0]...).Return(returnVals[i][1]...) } + mockClients[region] = kmsClientMock } kmsProvider := Provider{ log: s.log, - clients: testhelper.CreateMockClients[Client](kmsClientMock, test.regions), + clients: mockClients, } ctx := context.Background() diff --git a/resources/providers/awslib/mock_aws_resource.go b/resources/providers/awslib/mock_aws_resource.go index 2a741bd312..9e3a925ec3 100644 --- a/resources/providers/awslib/mock_aws_resource.go +++ b/resources/providers/awslib/mock_aws_resource.go @@ -34,6 +34,47 @@ func (_m *MockAwsResource) EXPECT() *MockAwsResource_Expecter { return &MockAwsResource_Expecter{mock: &_m.Mock} } +// GetRegion provides a mock function with given fields: +func (_m *MockAwsResource) GetRegion() string { + ret := _m.Called() + + var r0 string + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + return r0 +} + +// MockAwsResource_GetRegion_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetRegion' +type MockAwsResource_GetRegion_Call struct { + *mock.Call +} + +// GetRegion is a helper method to define mock.On call +func (_e *MockAwsResource_Expecter) GetRegion() *MockAwsResource_GetRegion_Call { + return &MockAwsResource_GetRegion_Call{Call: _e.mock.On("GetRegion")} +} + +func (_c *MockAwsResource_GetRegion_Call) Run(run func()) *MockAwsResource_GetRegion_Call { + _c.Call.Run(func(args mock.Arguments) { + run() + }) + return _c +} + +func (_c *MockAwsResource_GetRegion_Call) Return(_a0 string) *MockAwsResource_GetRegion_Call { + _c.Call.Return(_a0) + return _c +} + +func (_c *MockAwsResource_GetRegion_Call) RunAndReturn(run func() string) *MockAwsResource_GetRegion_Call { + _c.Call.Return(run) + return _c +} + // GetResourceArn provides a mock function with given fields: func (_m *MockAwsResource) GetResourceArn() string { ret := _m.Called() diff --git a/resources/providers/awslib/multi_region_test.go b/resources/providers/awslib/multi_region_test.go index 16f4e416f0..c32757ac4a 100644 --- a/resources/providers/awslib/multi_region_test.go +++ b/resources/providers/awslib/multi_region_test.go @@ -168,6 +168,8 @@ func (t testAwsResource) GetResourceName() string { return "" } func (t testAwsResource) GetResourceType() string { return "" } +func (t testAwsResource) GetRegion() string { return "" } + func (d dummyTester) DummyFunc() ([]AwsResource, error) { awsRes := []AwsResource{testAwsResource{resRegion: d.region}} switch d.region { diff --git a/resources/providers/awslib/rds/provider.go b/resources/providers/awslib/rds/provider.go index acb9a614cc..b59eaf7700 100644 --- a/resources/providers/awslib/rds/provider.go +++ b/resources/providers/awslib/rds/provider.go @@ -63,6 +63,7 @@ func (p Provider) DescribeDBInstances(ctx context.Context) ([]awslib.AwsResource AutoMinorVersionUpgrade: dbInstance.AutoMinorVersionUpgrade, PubliclyAccessible: dbInstance.PubliclyAccessible, Subnets: subnets, + region: region, }) } @@ -105,3 +106,7 @@ func (d DBInstance) GetResourceName() string { func (d DBInstance) GetResourceType() string { return fetching.RdsType } + +func (d DBInstance) GetRegion() string { + return d.region +} diff --git a/resources/providers/awslib/rds/provider_test.go b/resources/providers/awslib/rds/provider_test.go index 11da713e91..82c1c945a0 100644 --- a/resources/providers/awslib/rds/provider_test.go +++ b/resources/providers/awslib/rds/provider_test.go @@ -98,8 +98,27 @@ func (s *ProviderTestSuite) TestProvider_DescribeDBInstances() { {ec2types.RouteTable{RouteTableId: &identifier, Routes: []ec2types.Route{{DestinationCidrBlock: &destinationCidrBlock, GatewayId: &gatewayId}}}, nil}, }, expected: []awslib.AwsResource{ - DBInstance{Identifier: identifier, Arn: arn, StorageEncrypted: false, AutoMinorVersionUpgrade: false, PubliclyAccessible: false, Subnets: []Subnet(nil)}, - DBInstance{Identifier: identifier2, Arn: arn2, StorageEncrypted: true, AutoMinorVersionUpgrade: true, PubliclyAccessible: true, Subnets: []Subnet{{ID: identifier, RouteTable: nil}, {ID: identifier2, RouteTable: &RouteTable{ID: identifier, Routes: []Route{{DestinationCidrBlock: &destinationCidrBlock, GatewayId: &gatewayId}}}}}}, + DBInstance{ + Identifier: identifier, + Arn: arn, + StorageEncrypted: false, + AutoMinorVersionUpgrade: false, + PubliclyAccessible: false, + Subnets: []Subnet(nil), + region: awslib.DefaultRegion, + }, + DBInstance{ + Identifier: identifier2, + Arn: arn2, + StorageEncrypted: true, + AutoMinorVersionUpgrade: true, + PubliclyAccessible: true, Subnets: []Subnet{ + {ID: identifier, RouteTable: nil}, + {ID: identifier2, RouteTable: &RouteTable{ + ID: identifier, + Routes: []Route{{DestinationCidrBlock: &destinationCidrBlock, GatewayId: &gatewayId}}, + }}}, + region: awslib.DefaultRegion}, }, }, } diff --git a/resources/providers/awslib/rds/rds.go b/resources/providers/awslib/rds/rds.go index 8151eb317a..de2b93b6af 100644 --- a/resources/providers/awslib/rds/rds.go +++ b/resources/providers/awslib/rds/rds.go @@ -19,10 +19,9 @@ package rds import ( "context" - "github.com/elastic/cloudbeat/resources/providers/awslib/ec2" - "github.com/aws/aws-sdk-go-v2/service/rds" "github.com/elastic/cloudbeat/resources/providers/awslib" + "github.com/elastic/cloudbeat/resources/providers/awslib/ec2" "github.com/elastic/elastic-agent-libs/logp" ) @@ -33,6 +32,7 @@ type DBInstance struct { AutoMinorVersionUpgrade bool `json:"auto_minor_version_upgrade"` PubliclyAccessible bool `json:"publicly_accessible"` Subnets []Subnet `json:"subnets"` + region string } type Subnet struct { diff --git a/resources/providers/awslib/s3/provider.go b/resources/providers/awslib/s3/provider.go index 75689319e9..68dd898c84 100644 --- a/resources/providers/awslib/s3/provider.go +++ b/resources/providers/awslib/s3/provider.go @@ -107,6 +107,7 @@ func (p Provider) DescribeBuckets(ctx context.Context) ([]awslib.AwsResource, er BucketVersioning: bucketVersioning, PublicAccessBlockConfiguration: publicAccessBlockConfiguration, AccountPublicAccessBlockConfiguration: accountPublicAccessBlockConfig, + region: region, }) } } @@ -303,3 +304,7 @@ func (b BucketDescription) GetResourceName() string { func (b BucketDescription) GetResourceType() string { return fetching.S3Type } + +func (b BucketDescription) GetRegion() string { + return b.region +} diff --git a/resources/providers/awslib/s3/provider_test.go b/resources/providers/awslib/s3/provider_test.go index 66bb223d7b..6775cdd012 100644 --- a/resources/providers/awslib/s3/provider_test.go +++ b/resources/providers/awslib/s3/provider_test.go @@ -127,6 +127,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { BucketVersioning: nil, PublicAccessBlockConfiguration: nil, AccountPublicAccessBlockConfiguration: nil, + region: awslib.DefaultRegion, }}, expectError: false, regions: []string{awslib.DefaultRegion}, @@ -145,6 +146,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { BucketVersioning: nil, PublicAccessBlockConfiguration: nil, AccountPublicAccessBlockConfiguration: nil, + region: string(region), }}, expectError: false, regions: []string{awslib.DefaultRegion}, @@ -173,6 +175,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { BucketVersioning: nil, PublicAccessBlockConfiguration: nil, AccountPublicAccessBlockConfiguration: nil, + region: string(region), }}, expectError: false, regions: []string{awslib.DefaultRegion, string(region)}, @@ -195,6 +198,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { BucketVersioning: nil, PublicAccessBlockConfiguration: nil, AccountPublicAccessBlockConfiguration: nil, + region: string(region), }}, expectError: false, regions: []string{awslib.DefaultRegion, string(region)}, @@ -217,6 +221,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { BucketVersioning: &BucketVersioning{true, true}, PublicAccessBlockConfiguration: nil, AccountPublicAccessBlockConfiguration: nil, + region: string(region), }}, expectError: false, regions: []string{awslib.DefaultRegion, string(region)}, @@ -251,6 +256,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { RestrictPublicBuckets: false, }, AccountPublicAccessBlockConfiguration: nil, + region: string(region), }}, expectError: false, regions: []string{awslib.DefaultRegion, string(region)}, @@ -285,6 +291,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { IgnorePublicAcls: false, RestrictPublicBuckets: false, }, + region: string(region), }}, expectError: false, regions: []string{awslib.DefaultRegion, string(region)}, @@ -366,6 +373,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { IgnorePublicAcls: false, RestrictPublicBuckets: false, }, + region: string(region), }, BucketDescription{ Name: secondBucketName, @@ -384,6 +392,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { IgnorePublicAcls: false, RestrictPublicBuckets: false, }, + region: awslib.DefaultRegion, }, }, expectError: false, @@ -466,6 +475,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { IgnorePublicAcls: false, RestrictPublicBuckets: false, }, + region: awslib.DefaultRegion, }, BucketDescription{ Name: secondBucketName, @@ -484,6 +494,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { IgnorePublicAcls: false, RestrictPublicBuckets: false, }, + region: awslib.DefaultRegion, }, }, expectError: false, @@ -508,6 +519,7 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() { log: s.log, clients: testhelper.CreateMockClients[Client](s3ClientMock, test.regions), controlClient: controlClient, + accountId: "asd", } ctx := context.Background() diff --git a/resources/providers/awslib/s3/s3.go b/resources/providers/awslib/s3/s3.go index 3b77e2342f..b753a42fd7 100644 --- a/resources/providers/awslib/s3/s3.go +++ b/resources/providers/awslib/s3/s3.go @@ -34,6 +34,7 @@ type BucketDescription struct { BucketVersioning *BucketVersioning `json:"bucket_versioning,omitempty"` PublicAccessBlockConfiguration *types.PublicAccessBlockConfiguration `json:"public_access_block_configuration"` AccountPublicAccessBlockConfiguration *s3ContorlTypes.PublicAccessBlockConfiguration `json:"account_public_access_block_configuration"` + region string } // TODO: This can be better typed, but this is a complex object. See this library for example: https://github.com/liamg/iamgo/ diff --git a/resources/providers/awslib/securityhub/securityhub.go b/resources/providers/awslib/securityhub/securityhub.go index a6c0f72875..0bb3c493a0 100644 --- a/resources/providers/awslib/securityhub/securityhub.go +++ b/resources/providers/awslib/securityhub/securityhub.go @@ -20,7 +20,6 @@ package securityhub import ( "context" "fmt" - "github.com/aws/aws-sdk-go-v2/service/securityhub" "github.com/elastic/cloudbeat/resources/fetching" ) @@ -52,3 +51,7 @@ func (s SecurityHub) GetResourceName() string { func (s SecurityHub) GetResourceType() string { return fetching.SecurityHubType } + +func (s SecurityHub) GetRegion() string { + return s.Region +}