Skip to content

Commit

Permalink
Merge pull request #2079 from AkhtarAmir/setEncryptionDefault-awskms
Browse files Browse the repository at this point in the history
updated the default encryption level to awskms for aws encryption plu…
  • Loading branch information
alphadev4 authored Sep 18, 2024
2 parents 6a27334 + e92a6ff commit 90cff06
Show file tree
Hide file tree
Showing 72 changed files with 82 additions and 82 deletions.
2 changes: 1 addition & 1 deletion plugins/aws/apprunner/serviceEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: ' App Runner service desired Encryption level',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['apprunner:CreateService','apprunner:DeleteService'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/auditmanager/auditmanagerDataEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'Audit Manager Data Encryption Level',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk',
default: 'awskms',
}
},
realtime_triggers: ['auditmanager:registerAccount','auditmanager:UpdateSettings','auditmanager:DeregisterAccount'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/auditmanager/auditmanagerDataEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ describe('auditmanagerDataEncrypted', function () {

it('should FAIL if Audit Manager data is not encrypted with desired encryption level', function (done) {
const cache = createCache(getSettings, listKeys, describeKey[1]);
auditmanagerDataEncrypted.run(cache, {}, (err, results) => {
auditmanagerDataEncrypted.run(cache, {auditmanager_data_encryption_level: 'awscmk'}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].region).to.equal('us-east-1');
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/backup/backupVaultEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module.exports = {
name: 'CodeArtifact Domain Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk',
default: 'awskms',
}
},
realtime_triggers: ['backup:CreateBackupVault','backup:DeleteBackupVault'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/cloudwatchlogs/logGroupsEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ module.exports = {
name: 'CloudWatch Log Groups Target Ecryption Level',
description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
},
cloudwatchlog_whitelist: {
name: 'Lambda Functions Whitelisted',
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/codeartifact/codeartifactDomainEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'CodeArtifact Domain Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk',
default: 'awskms',
}
},
realtime_triggers: ['codeartifact:CreateDomain', 'codeartifact:DeleteDomain'],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ describe('codeartifactDomainEncrypted', function () {

it('should FAIL if CodeArtifact domain is not encrypted with desired encyption level', function (done) {
const cache = createCache(listDomains, listKeys, describeKey[1]);
codeartifactDomainEncrypted.run(cache, {}, (err, results) => {
codeartifactDomainEncrypted.run(cache, {codeartifact_domain_encryption_level:'awscmk'}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].region).to.equal('us-east-1');
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/codebuild/projectArtifactsEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'Project Artifacts Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk',
default: 'awskms',
}
},
realtime_triggers: ['codebuild:CreateProject', 'codebuild:UpdateProject','codebuild:DeleteProject'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/codebuild/projectArtifactsEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ describe('projectArtifactsEncrypted', function () {

it('should FAIL if CodeBuild project artifact is not encrypted with desired encryption level', function (done) {
const cache = createCache(listProjects, listKeys, batchGetProjects[1], describeKey[1]);
projectArtifactsEncrypted.run(cache, { projects_artifact_desired_encryption_level: 'awscmk' }, (err, results) => {
projectArtifactsEncrypted.run(cache, { project_artifacts_desired_encryption_level: 'awscmk' }, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].region).to.equal('us-east-1');
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/codepipeline/pipelineArtifactsEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ module.exports = {
name: 'Pipeline Artifacts Desired Encrypted Level',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['codepipeline:CreatePipeline','codepipeline:DeletePipeline'],
Expand Down
4 changes: 2 additions & 2 deletions plugins/aws/codepipeline/pipelineArtifactsEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ describe('pipelineArtifactsEncrypted', function () {
describe('run', function () {
it('should PASS if Pipeline Artifacts is encrypted with desired encryption level', function (done) {
const cache = createCache([listPipelines[0]], listKeys, listAliases, getPipeline[0], describeKey[0]);
pipelineArtifactsEncrypted.run(cache, { pipeline_artifacts_encryption : 'awscmk' }, (err, results) => {
pipelineArtifactsEncrypted.run(cache, { pipeline_artifacts_desired_encryption_level : 'awscmk' }, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
expect(results[0].region).to.equal('us-east-1');
Expand All @@ -145,7 +145,7 @@ describe('pipelineArtifactsEncrypted', function () {

it('should FAIL if Pipeline Artifacts not encrypted with desired encryption level', function (done) {
const cache = createCache([listPipelines[0]], listKeys, listAliases, getPipeline[0], describeKey[1]);
pipelineArtifactsEncrypted.run(cache, { pipeline_artifacts_encryption : 'awscmk' }, (err, results) => {
pipelineArtifactsEncrypted.run(cache, { pipeline_artifacts_desired_encryption_level : 'awscmk' }, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].region).to.equal('us-east-1');
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/customerProfilesDomainEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module.exports = {
name: 'Connect Customer Profiles Encrypted',
description: 'In order (lowest to highest) awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['customerprofiles:CreateDomain', 'customerprofiles:UpdateDomain', 'customerprofile:DeleteDomain'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceAttachmentsEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'Connect Attachments Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig', 'connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceAttachmentsEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ describe('instanceAttachmentsEncrypted', function () {
describe('run', function () {
it('should FAIL if Connect instance is not using desired encryption level', function (done) {
const cache = createCache(listInstances, instanceAttachmentStorageConfigs[0], listKeys, describeKey[1]);
instanceAttachmentsEncrypted.run(cache, {}, (err, results) => {
instanceAttachmentsEncrypted.run(cache, {connect_attachments_encryption_level : 'awscmk'}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
done();
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceCallRecordingEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'Connect Call Resording Encryption Level',
description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig','connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceCallRecordingEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ describe('instanceCallRecordingEncrypted', function () {
describe('run', function () {
it('should FAIL if Connect instance is not using desired encryption level', function (done) {
const cache = createCache(listInstances, listInstanceCallRecordingStorageConfigs[0], listKeys, describeKey[1]);
instanceCallRecordingEncrypted.run(cache, {}, (err, results) => {
instanceCallRecordingEncrypted.run(cache, {connect_call_recording_encryption_level: 'awscmk'}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
done();
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceMediaStreamsEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'Connect Media Streams Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig','connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceMediaStreamsEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ describe('instanceMediaStreamsEncrypted', function () {
describe('run', function () {
it('should FAIL if Connect instance is not using desired encryption level', function (done) {
const cache = createCache(listInstances, listInstanceMediaStreamStorageConfigs[0], listKeys, describeKey[1]);
instanceMediaStreamsEncrypted.run(cache, {}, (err, results) => {
instanceMediaStreamsEncrypted.run(cache, {connect_media_streams_encryption_level: 'awscmk'}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
done();
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceReportsEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'Connect Exported Reports Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig','connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceReportsEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ describe('instanceReportsEncrypted', function () {
describe('run', function () {
it('should FAIL if Connect instance is not using desired encryption level', function (done) {
const cache = createCache(listInstances, listInstanceExportedReportStorageConfigs[0], listKeys, describeKey[1]);
instanceReportsEncrypted.run(cache, {}, (err, results) => {
instanceReportsEncrypted.run(cache, {connect_exported_reports_encryption_level : 'awscmk'}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
done();
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceTranscriptsEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'Connect Chat Transcripts Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['connect:CreateInstance', 'connect:AssociateInstanceStorageConfig', 'connect:UpdateInstanceStorageConfig','connect:DeleteInstance', 'connect:DisassociateInstanceStorageConfig'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/connect/instanceTranscriptsEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ describe('instanceTranscriptsEncrypted', function () {
describe('run', function () {
it('should FAIL if Connect instance is not using desired encryption level', function (done) {
const cache = createCache(listInstances, listInstanceChatTranscriptStorageConfigs[0], listKeys, describeKey[1]);
instanceTranscriptsEncrypted.run(cache, {}, (err, results) => {
instanceTranscriptsEncrypted.run(cache, {connect_chat_transcripts_encryption_level: 'awscmk'}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
done();
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/documentDB/docdbClusterEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'DocumentDB Cluster Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk',
default: 'awskms',
}
},
realtime_triggers: ['docdb:CreateDBCluster','docdb:CreateDBInstance','docdb:DeleteDBCluster'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/ec2/ebsEncryptionEnabled.js
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ module.exports = {
name: 'EBS Minimum Encryption Level at rest',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk',
default: 'awskms',
},

},
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/ecr/ecrRepositoryEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'ECR Repository Encryption',
description: 'In order (lowest to highest) sse=AES-256; awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(sse|awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['ecr:CreateRepository', 'ecr:DeleteRepository'],
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/elasticache/redisClusterEncryptionAtRest.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'ElastiCache Cluster Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS-managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk',
default: 'awskms',
}
},
realtime_triggers: ['elasticache:CreateCacheCluster', 'elasticache:DeleteCacheCluster', 'elasticache:CreateReplicationGroup'],
Expand Down
4 changes: 2 additions & 2 deletions plugins/aws/elasticache/redisClusterEncryptionAtRest.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ describe('redisClusterEncryptionAtRest', function () {
describe('run', function () {
it('should PASS if Redis Cluster at-rest is encrypted with desired encryption level', function (done) {
const cache = createCache(describeCacheClusters[0], listKeys, describeReplicationGroups[0], describeKey[0]);
redisClusterEncryptionAtRest.run(cache, { ec_atrest_desired_encryption_level: 'awscmk' }, (err, results) => {
redisClusterEncryptionAtRest.run(cache, { ec_cluster_target_encryption_level: 'awscmk' }, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
expect(results[0].region).to.equal('us-east-1');
Expand All @@ -229,7 +229,7 @@ describe('redisClusterEncryptionAtRest', function () {

it('should FAIL if Redis Cluster at-rest is not encrypted with desired encryption level', function (done) {
const cache = createCache([describeCacheClusters[1]],listKeys, describeReplicationGroups[1], describeKey[1]);
redisClusterEncryptionAtRest.run(cache, { ec_atrest_desired_encryption_level: 'awscmk' }, (err, results) => {
redisClusterEncryptionAtRest.run(cache, { ec_cluster_target_encryption_level: 'awscmk' }, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].region).to.equal('us-east-1');
Expand Down
2 changes: 1 addition & 1 deletion plugins/aws/firehose/deliveryStreamEncrypted.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = {
name: 'Firehose Delivery Stream Target Encryption Level',
description: 'In order (lowest to highest) awskms=AWS managed KMS; awscmk=Customer managed KMS; externalcmk=Customer managed externally sourced KMS; cloudhsm=Customer managed CloudHSM sourced KMS',
regex: '^(awskms|awscmk|externalcmk|cloudhsm)$',
default: 'awscmk'
default: 'awskms'
}
},
realtime_triggers: ['firehose:CreateDeliveryStreams','firehose:UpdateDestination', 'firehose:DeleteliveryStreams'],
Expand Down
4 changes: 2 additions & 2 deletions plugins/aws/firehose/deliveryStreamEncrypted.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -308,15 +308,15 @@ describe('deliveryStreamEncrypted', function () {
deliveryStreamEncrypted.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
expect(results[0].message).to.include('Firehose delivery stream destination bucket is encrypted with awscmk');
expect(results[0].message).to.include('Firehose delivery stream is encrypted with awskms');
expect(results[0].region).to.equal('us-east-1');
done();
});
});

it('should FAIL if Firehose Delivery Stream not encrypted with desired encryption level', function (done) {
const cache = createCache([listDeliveryStreams[0]], listKeys, describeDeliveryStream[1], describeKey[1]);
deliveryStreamEncrypted.run(cache, {}, (err, results) => {
deliveryStreamEncrypted.run(cache, {delivery_stream_desired_encryption_level: 'awscmk'}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].message).to.include('Firehose delivery stream destination bucket is encrypted with awskms');
Expand Down
Loading

0 comments on commit 90cff06

Please sign in to comment.