Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws - rds-param-group - add db-parameter filter #9570

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

aws - rds-param-group - add db-parameter filter #9570

wants to merge 15 commits into from
+637 −1

Conversation

jasgrover
Copy link
Contributor

Rds and rdscluster resource currently does not support an action to modify the parameter group attached to a db instance or cluster. Our compliance operations require a policy that checks if a db instance or cluster parameter group has TLS encryption enabled and set to correct version. we would need a filter for db - parameters.
Sample policy

policies:
  -  name: rds-update-tls-version
     resource: rds-param-group
     filters:
       - type: db-parameter
         key: require_secure_transport
         op: ne
         value: 1

@jasgrover jasgrover requested a review from kapilt as a code owner June 17, 2024 18:14
@jasgrover
Copy link
Contributor Author

@thisisshi submitted a new PR based on discussion in #9505

@jasgrover
Copy link
Contributor Author

@kapilt @ajkerrigan @thisisshi could i have a review for this PR

ajkerrigan
ajkerrigan approved these changes Jun 25, 2024
View reviewed changes
Copy link
Member

@ajkerrigan ajkerrigan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me - seems like a useful enhancement that avoids having to tackle these sorts of checks from the instance level 👍 . Thanks!

kapilt
kapilt reviewed Jun 25, 2024
View reviewed changes
c7n/resources/rdsparamgroup.py

@staticmethod
def recast(val, datatype):
""" Re-cast the value based upon an AWS supplied datatype
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer not to see this duplicated between rds and rds cluster modules, ie. its a static method in the original so you can omit this and just import rds module and use the ParameterFilter.recast method at call sites instead of copy/pasting here.

kapilt
kapilt reviewed Jun 25, 2024
View reviewed changes
tests/test_rdsparamgroup.py
self.assertEqual(len(resources), 1)


class ParameterFilterTestCase(BaseTest):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these test cases also go away without the duplicate code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kapilt kapilt kapilt left review comments

@ajkerrigan ajkerrigan ajkerrigan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jasgrover @kapilt @ajkerrigan