From 49423dee4a12ba20372507edce66fdddb33f74ee Mon Sep 17 00:00:00 2001
From: Ramon Diez <ramondle@amazon.com>
Date: Wed, 18 Nov 2020 12:42:01 +0100
Subject: [PATCH] fixing check_extra7116 and check_extra7117

---
 checks/check_extra7116 | 13 +++++++++----
 checks/check_extra7117 | 13 +++++++++----
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/checks/check_extra7116 b/checks/check_extra7116
index 2165b91a..de077e4a 100644
--- a/checks/check_extra7116
+++ b/checks/check_extra7116
@@ -20,11 +20,16 @@ CHECK_ALTERNATE_check7116="extra7116"
 
 extra7116(){
   for regx in $REGIONS; do
-    METADATA_ENCRYPTED=$($AWSCLI glue get-data-catalog-encryption-settings $PROFILE_OPT --region $regx --output text --query "DataCatalogEncryptionSettings.EncryptionAtRest.CatalogEncryptionMode")
-    if [[ "$METADATA_ENCRYPTED" == "DISABLED" ]]; then
-      textFail "$regx: Glue data catalog settings have metadata encryption disabled" "$regx"
+    TABLE_LIST=$($AWSCLI glue search-tables --max-results 1 $PROFILE_OPT --region $regx  --output text --query 'TableList[*]' )
+    if [[ ! -z $TABLE_LIST ]]; then
+      METADATA_ENCRYPTED=$($AWSCLI glue get-data-catalog-encryption-settings $PROFILE_OPT --region $regx --output text --query "DataCatalogEncryptionSettings.EncryptionAtRest.CatalogEncryptionMode")
+      if [[ "$METADATA_ENCRYPTED" == "DISABLED" ]]; then
+        textFail "$regx: Glue data catalog settings have metadata encryption disabled" "$regx"
+      else
+        textPass "$regx: Glue data catalog settings have metadata encryption enabled" "$regx"
+      fi
     else
-      textPass "$regx: Glue data catalog settings have metadata encryption enabled" "$regx"
+      textInfo "$regx: Glue data catalog settings metadata encryption does not apply" "$regx"
     fi
   done
 }
diff --git a/checks/check_extra7117 b/checks/check_extra7117
index 7c11c76d..808687c5 100644
--- a/checks/check_extra7117
+++ b/checks/check_extra7117
@@ -20,11 +20,16 @@ CHECK_ALTERNATE_check7117="extra7117"
 
 extra7117(){
   for regx in $REGIONS; do
-    METADATA_ENCRYPTED=$($AWSCLI glue get-data-catalog-encryption-settings $PROFILE_OPT --region $regx --output text --query "DataCatalogEncryptionSettings.ConnectionPasswordEncryption.ReturnConnectionPasswordEncrypted")
-    if [[ "$METADATA_ENCRYPTED" == "False" ]]; then
-      textFail "$regx: Glue data catalog connection password is not encrypted" "$regx"
+    CONNECTION_LIST=$($AWSCLI glue get-connections $PROFILE_OPT --region $regx  --output text --query 'ConnectionList[*]')
+    if [[ ! -z $CONNECTION_LIST ]]; then
+      METADATA_ENCRYPTED=$($AWSCLI glue get-data-catalog-encryption-settings $PROFILE_OPT --region $regx --output text --query "DataCatalogEncryptionSettings.ConnectionPasswordEncryption.ReturnConnectionPasswordEncrypted")
+      if [[ "$METADATA_ENCRYPTED" == "False" ]]; then
+        textFail "$regx: Glue data catalog connection password is not encrypted" "$regx"
+      else
+        textPass "$regx: Glue data catalog connection password is encrypted" "$regx"
+      fi
     else
-      textPass "$regx: Glue data catalog connection password is encrypted" "$regx"
+      textInfo "$regx: Glue data catalog connection password encryption does not apply" "$regx"
     fi
   done
 }