[CLS-26122] feature: New Filter for including event subscriptions int…

…o rds resources.
Sentinel-One · Oct 25, 2023 · aa53e18 · aa53e18
1 parent a8be931
commit aa53e18
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 3 deletions.
diff --git a/c7n/resources/rds.py b/c7n/resources/rds.py
@@ -2159,3 +2159,58 @@ def process(self, resources, event=None):
             r['PubliclyAccessible'] = publicly_accessible
             results.append(r)
         return results
+
+
+@RDS.filter_registry.register('include-event-subscriptions')
+class FetchEventSubscriptionsFilter(Filter):
+    schema = type_schema('has-event-subscriptions', )
+    permissions = ('rds:DescribeEventSubscriptions',)
+
+    def process(self, resources, event=None):
+        client = local_session(self.manager.session_factory).client('rds')
+        enabled_db_parameter_group_all = False
+        enabled_db_security_group_all = False
+        enabled_db_instance_all = False
+        enabled_db_cluster_all = False
+        event_subscriptions = client.describe_event_subscriptions()['EventSubscriptionsList']
+        event_subscriptions_with_source_ids = []
+        if len(event_subscriptions) > 0:
+            for event_subscription in event_subscriptions:
+                if 'SourceIdsList' not in event_subscription:
+                    if event_subscription['SourceType'] == 'db-parameter-group' and event_subscription['Enabled']:
+                        enabled_db_parameter_group_all = True
+                    if event_subscription['SourceType'] == 'db-security-group' and event_subscription['Enabled']:
+                        enabled_db_security_group_all = True
+                    if event_subscription['SourceType'] == 'db-instance' and event_subscription['Enabled']:
+                        enabled_db_instance_all = True
+                    if event_subscription['SourceType'] == 'db-cluster' and event_subscription['Enabled']:
+                        enabled_db_cluster_all = True
+                else:
+                    event_subscriptions_with_source_ids.append(event_subscription)
+        results = []
+        for r in resources:
+            r['EventSubscriptions'] = {}
+            r['EventSubscriptions']['EnabledDBParameterGroup'] = enabled_db_parameter_group_all
+            r['EventSubscriptions']['EnabledDBSecurityGroup'] = enabled_db_security_group_all
+            r['EventSubscriptions']['EnabledDBInstance'] = enabled_db_instance_all
+            r['EventSubscriptions']['EnabledDBCluster'] = enabled_db_cluster_all
+            if len(event_subscriptions_with_source_ids) > 0:
+                for event_subscription in event_subscriptions_with_source_ids:
+                    source_ids = event_subscription['SourceIdsList']
+                    for source_id in source_ids:
+                        if r['DBInstanceIdentifier'] == source_id:
+                            if event_subscription['SourceType'] == 'db-parameter-group' and \
+                                    event_subscription['Enabled']:
+                                r['EventSubscriptions']['EnabledDBParameterGroup'] = True
+                            if event_subscription['SourceType'] == 'db-security-group' and \
+                                    event_subscription['Enabled']:
+                                r['EventSubscriptions']['EnabledDBSecurityGroup'] = True
+                            if event_subscription['SourceType'] == 'db-instance' and \
+                                    event_subscription['Enabled']:
+                                r['EventSubscriptions']['EnabledDBInstance'] = True
+                            if event_subscription['SourceType'] == 'db-cluster' and \
+                                    event_subscription['Enabled']:
+                                r['EventSubscriptions']['EnabledDBCluster'] = True
+                            break;
+            results.append(r)
+        return results
diff --git a/jenkins-jobs/build-pipeline.groovy b/jenkins-jobs/build-pipeline.groovy
@@ -10,7 +10,7 @@ import groovy.transform.Field
 @Field isRelease = false
 @Field isPRBuild = false
 
-@Field artVersion = "0.9.26.4.37"
+@Field artVersion = "0.9.26.4.38"
 
 
 timeout(activity: true, time: 10) {

diff --git a/jenkins-jobs/release-pipeline.groovy b/jenkins-jobs/release-pipeline.groovy
@@ -10,7 +10,7 @@ import groovy.transform.Field
 @Field isRelease = false
 @Field isPRBuild = false
 
-@Field artVersion = "0.9.26.4.37"
+@Field artVersion = "0.9.26.4.38"
 
 timeout(activity: true, time: 10) {
     timestamps {

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "s1-c7n"
-version = "0.9.26.4.37"
+version = "0.9.26.4.38"
 description = "Cloud Custodian - Policy Rules Engine"
 authors = ["Cloud Custodian Project"]
 readme = "README.md"