Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cloudtrail): fix path and extract more fields from the s3 notification event #412

Closed
wants to merge 3 commits into from
Closed

fix(cloudtrail): fix path and extract more fields from the s3 notification event #412

wants to merge 3 commits into from

Conversation

matteopasa
Copy link
Contributor

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area plugins

/area registry

/area build

/area documentation

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

@poiana poiana added the size/M label Feb 12, 2024
@github-actions GitHub Actions
Copy link

Rules files suggestions

aws_cloudtrail_rules.yaml

Comparing b75a19bca10e0e6c7c35e0f2065246c00f99076a with latest tag cloudtrail-0.11.0

No changes detected

@matteopasa matteopasa force-pushed the pasa/cloudtrail/s3-notification-info branch from ea96ca8 to fc1abb7 Compare February 12, 2024 13:32
@matteopasa matteopasa changed the title fix(cloudtrail): extract more fields from the s3 notification event fix(cloudtrail): fix path and extract more fields from the s3 notification event Feb 12, 2024
@github-actions GitHub Actions
Copy link

Rules files suggestions

aws_cloudtrail_rules.yaml

Comparing 56abf61546515bad376b1ef58cf36e11ef8596fb with latest tag cloudtrail-0.11.0

No changes detected

@matteopasa
bump version to 0.12
e3689d7 
Signed-off-by: matteopasa <[email protected]>
@github-actions GitHub Actions
Copy link

Rules files suggestions

aws_cloudtrail_rules.yaml

Comparing 3f71f2ec3abb3f804f30c154f5903336dc203a12 with latest tag cloudtrail-0.11.0

No changes detected

@Issif
Copy link
Member

Issif commented Feb 12, 2024

/lgtm

@poiana poiana added the lgtm label Feb 12, 2024
@poiana
Copy link
Contributor

poiana commented Feb 12, 2024

LGTM label has been added.

Git tree hash: fd47aa5f42ff895b94247febf825fd2672d5915d

@poiana
Copy link
Contributor

poiana commented Feb 12, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Issif, matteopasa
Once this PR has been reviewed and has the lgtm label, please assign mstemm for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Issif
Issif reviewed Feb 12, 2024
View reviewed changes
plugins/cloudtrail/pkg/cloudtrail/extract.go
Comment on lines +217 to +219
if val == nil {
val = jdata.GetStringBytes("request-id")
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This situation should never happen, eventID is a mandatory field. Moreover, it seems the path is requestID:
image

Copy link
Contributor Author

@matteopasa matteopasa Feb 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the thing is that the s3 notification event that we are receiving is this one: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ev-events.html
The part inside the "detail" field
I've tried to map some of the fields to the ct fields but I can remove them

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The plugin is from collecting the audit logs from cloudtrail, we should never receive a direct S3 event. Maybe I'm wrong or there's something I don't get.

Copy link
Contributor Author

@matteopasa matteopasa Feb 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to extract fields also from s3 notification events, that is the reason of the change
The fields we are interested in are the s3 ones, so I can remove the ct ones if they can cause issues

@matteopasa matteopasa closed this Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Issif Issif Issif left review comments

@jasondellaluce jasondellaluce Awaiting requested review from jasondellaluce

@leogr leogr Awaiting requested review from leogr

Assignees

@Issif Issif

Labels
dco-signoff: yes lgtm size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@matteopasa @Issif @poiana