From baf5232cbc11ebbacc5a1d3ce0dbd565d341ca63 Mon Sep 17 00:00:00 2001
From: Dom Bellizzi <dominick@classdojo.com>
Date: Sat, 29 May 2021 22:26:15 +0000
Subject: [PATCH] Fix finding customer kms keys in cli v2 for checks extra737
 extra736

Key id is in position 6 in aws cli version 2.2.5, but in position 4 in aws cli 1.x
Use --query to select only the data necessary and output in a consistent format
---
 checks/check_extra736 | 2 +-
 checks/check_extra737 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/checks/check_extra736 b/checks/check_extra736
index 0b5993a7..660f34be 100644
--- a/checks/check_extra736
+++ b/checks/check_extra736
@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check736="extra736"
 extra736(){
   textInfo "Looking for KMS keys in all regions...  "
   for regx in $REGIONS; do
-    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --output text |grep -v :alias/aws/ |awk '{ print $4 }')
+    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --query "Aliases[].[AliasName,TargetKeyId]" --output text |grep -v ^alias/aws/ |awk '{ print $2 }')
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
       for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
         CHECK_POLICY=$($AWSCLI kms get-key-policy --key-id $key --policy-name default $PROFILE_OPT --region $regx  --output text|awk '/Principal/{n=NR+1} n>=NR' |grep AWS\"\ :\ \"\\*\"$)
diff --git a/checks/check_extra737 b/checks/check_extra737
index d10a301f..5fda36c5 100644
--- a/checks/check_extra737
+++ b/checks/check_extra737
@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check737="extra737"
 extra737(){
   textInfo "Looking for KMS keys in all regions...  "
   for regx in $REGIONS; do
-    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --output text |grep -v :alias/aws/ |awk '{ print $4 }')
+    LIST_OF_CUSTOMER_KMS_KEYS=$($AWSCLI kms list-aliases $PROFILE_OPT --region $regx --query "Aliases[].[AliasName,TargetKeyId]" --output text |grep -v ^alias/aws/ |awk '{ print $2 }')
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
       for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
         CHECK_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key $PROFILE_OPT --region $regx  --output text)