From e58d8cbc8dc136fe1678675265f6277bfa176926 Mon Sep 17 00:00:00 2001
From: Quinn Stevens <quinn.stevens@finbourne.com>
Date: Fri, 24 Jul 2020 12:44:57 +0100
Subject: [PATCH 1/2] Don't fail check extra737 for keys scheduled for deletion

---
 checks/check_extra737 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/checks/check_extra737 b/checks/check_extra737
index 3e1b6bf2..24ccca3c 100644
--- a/checks/check_extra737
+++ b/checks/check_extra737
@@ -24,7 +24,10 @@ extra737(){
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
       for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
         CHECK_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key $PROFILE_OPT --region $regx  --output text)
-        if [[ $CHECK_ROTATION == "False" ]]; then
+        CHECK_STATUS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx | jq -r '.KeyMetadata.KeyState')
+        if [[ $CHECK_STATUS == "PendingDeletion" ]]; then
+          textInfo "$regx: KMS key $key is pending deletion and cannot be rotated" "$regx"
+        elif [[ $CHECK_ROTATION == "False" ]]; then
           textFail "$regx: KMS key $key has rotation disabled!" "$regx"
         else
           textPass "$regx: KMS key $key has rotation enabled" "$regx"

From 93c89530ff7f52233ca430ca59d25378a91fde1a Mon Sep 17 00:00:00 2001
From: Quinn Stevens <quinn.stevens@finbourne.com>
Date: Fri, 31 Jul 2020 20:30:20 +0100
Subject: [PATCH 2/2] Explicitly set output --json for aws call

---
 checks/check_extra737 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check_extra737 b/checks/check_extra737
index 24ccca3c..17040276 100644
--- a/checks/check_extra737
+++ b/checks/check_extra737
@@ -24,7 +24,7 @@ extra737(){
     if [[ $LIST_OF_CUSTOMER_KMS_KEYS ]];then
       for key in $LIST_OF_CUSTOMER_KMS_KEYS; do
         CHECK_ROTATION=$($AWSCLI kms get-key-rotation-status --key-id $key $PROFILE_OPT --region $regx  --output text)
-        CHECK_STATUS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx | jq -r '.KeyMetadata.KeyState')
+        CHECK_STATUS=$($AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --output json | jq -r '.KeyMetadata.KeyState')
         if [[ $CHECK_STATUS == "PendingDeletion" ]]; then
           textInfo "$regx: KMS key $key is pending deletion and cannot be rotated" "$regx"
         elif [[ $CHECK_ROTATION == "False" ]]; then