From ce87620cbaf92b3b930086bef8c916adcd5879a4 Mon Sep 17 00:00:00 2001 From: Astr1k Date: Fri, 12 Jan 2024 12:39:13 +0000 Subject: [PATCH] new: added policy ecc-aws-597-reserved_redshift_node_recent_purchases --- ...eserved_redshift_node_recent_purchases.yml | 22 +++++++++++++++ .../iam/597-policy.json | 12 ++++++++ .../redshift.DescribeReservedNodes_1.json | 28 +++++++++++++++++++ .../redshift.DescribeReservedNodes_1.json | 28 +++++++++++++++++++ .../red_policy_test.py | 18 ++++++++++++ 5 files changed, 108 insertions(+) create mode 100644 policies/ecc-aws-597-reserved_redshift_node_recent_purchases.yml create mode 100644 terraform/ecc-aws-597-reserved_redshift_node_recent_purchases/iam/597-policy.json create mode 100644 tests/ecc-aws-597-reserved_redshift_node_recent_purchases/placebo-green/redshift.DescribeReservedNodes_1.json create mode 100644 tests/ecc-aws-597-reserved_redshift_node_recent_purchases/placebo-red/redshift.DescribeReservedNodes_1.json create mode 100644 tests/ecc-aws-597-reserved_redshift_node_recent_purchases/red_policy_test.py diff --git a/policies/ecc-aws-597-reserved_redshift_node_recent_purchases.yml b/policies/ecc-aws-597-reserved_redshift_node_recent_purchases.yml new file mode 100644 index 000000000..cc46d69e3 --- /dev/null +++ b/policies/ecc-aws-597-reserved_redshift_node_recent_purchases.yml @@ -0,0 +1,22 @@ +# Copyright (c) 2023 EPAM Systems, Inc. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + + +policies: + - name: ecc-aws-597-reserved_redshift_node_recent_purchases + comment: '010008062000' + description: | + Amazon Redshift reserved instance recent purchases + resource: aws.redshift-reserved + filters: + - type: value + key: State + value: active + - type: value + key: StartTime + value_type: age + op: lte + value: 7 \ No newline at end of file diff --git a/terraform/ecc-aws-597-reserved_redshift_node_recent_purchases/iam/597-policy.json b/terraform/ecc-aws-597-reserved_redshift_node_recent_purchases/iam/597-policy.json new file mode 100644 index 000000000..fb669bac0 --- /dev/null +++ b/terraform/ecc-aws-597-reserved_redshift_node_recent_purchases/iam/597-policy.json @@ -0,0 +1,12 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeReservedNodes" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/placebo-green/redshift.DescribeReservedNodes_1.json b/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/placebo-green/redshift.DescribeReservedNodes_1.json new file mode 100644 index 000000000..db1b48569 --- /dev/null +++ b/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/placebo-green/redshift.DescribeReservedNodes_1.json @@ -0,0 +1,28 @@ +{ + "status_code": 200, + "data": { + "ReservedNodes": [ + { + "ReservedNodeId": "1ba8e2e3-bc01-4d65-b35d-a4a3e931547e", + "ReservedNodeOfferingId": "ceb6a579-cf4c-4343-be8b-d832c45ab51c", + "NodeType": "dc2.xlarge", + "StartTime": "2020-06-07T11:08:39.051Z", + "Duration": 31536000, + "FixedPrice": 1380.0, + "UsagePrice": 0.0, + "CurrencyCode": "USD", + "NodeCount": 1, + "State": "active", + "OfferingType": "All Upfront", + "RecurringCharges": [ + { + "RecurringChargeAmount": 0.0, + "RecurringChargeFrequency": "Hourly" + } + ], + "ReservedNodeOfferingType": "Regular" + } + ], + "ResponseMetadata": {} + } + } \ No newline at end of file diff --git a/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/placebo-red/redshift.DescribeReservedNodes_1.json b/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/placebo-red/redshift.DescribeReservedNodes_1.json new file mode 100644 index 000000000..bceddde38 --- /dev/null +++ b/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/placebo-red/redshift.DescribeReservedNodes_1.json @@ -0,0 +1,28 @@ +{ + "status_code": 200, + "data": { + "ReservedNodes": [ + { + "ReservedNodeId": "1ba8e2e3-bc01-4d65-b35d-a4a3e931547e", + "ReservedNodeOfferingId": "ceb6a579-cf4c-4343-be8b-d832c45ab51c", + "NodeType": "dc2.xlarge", + "StartTime": "2024-01-12T11:08:39.051Z", + "Duration": 31536000, + "FixedPrice": 1380.0, + "UsagePrice": 0.0, + "CurrencyCode": "USD", + "NodeCount": 1, + "State": "active", + "OfferingType": "All Upfront", + "RecurringCharges": [ + { + "RecurringChargeAmount": 0.0, + "RecurringChargeFrequency": "Hourly" + } + ], + "ReservedNodeOfferingType": "Regular" + } + ], + "ResponseMetadata": {} + } + } \ No newline at end of file diff --git a/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/red_policy_test.py b/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/red_policy_test.py new file mode 100644 index 000000000..3d26a8b3d --- /dev/null +++ b/tests/ecc-aws-597-reserved_redshift_node_recent_purchases/red_policy_test.py @@ -0,0 +1,18 @@ +import datetime +from dateutil import tz as tzutil + +class PolicyTest(object): + + def mock_time(self): + return 2024, 1, 12 + + def test_resources(self, base_test, resources): + base_test.assertEqual(len(resources), 1) + base_test.assertEqual(resources[0]['State'], "active") + + start_time_str = resources[0]["StartTime"] + start_time = datetime.datetime.strptime(start_time_str, "%Y-%m-%dT%H:%M:%S.%fZ").replace(tzinfo=datetime.timezone.utc) + + time_now = datetime.datetime.utcnow().replace(tzinfo=datetime.timezone.utc) + delta = start_time - time_now + base_test.assertTrue(delta.days <= 7) \ No newline at end of file