From 8c6606ad9592c34769a7a55973c2c54dc7af6af0 Mon Sep 17 00:00:00 2001
From: Pepe Fagoaga <pepe@verica.io>
Date: Tue, 4 Apr 2023 09:30:36 +0200
Subject: [PATCH] fix(dax): Call list_tags using the cluster ARN (#2167)

---
 .../aws/services/dynamodb/dynamodb_service.py | 24 +++++++++++++------
 .../dynamodb/dynamodb_service_test.py         | 12 ++++++----
 2 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/prowler/providers/aws/services/dynamodb/dynamodb_service.py b/prowler/providers/aws/services/dynamodb/dynamodb_service.py
index b52674f3..e89fdc0f 100644
--- a/prowler/providers/aws/services/dynamodb/dynamodb_service.py
+++ b/prowler/providers/aws/services/dynamodb/dynamodb_service.py
@@ -1,6 +1,7 @@
 import threading
 from typing import Optional
 
+from botocore.client import ClientError
 from pydantic import BaseModel
 
 from prowler.lib.logger import logger
@@ -168,15 +169,24 @@ class DAX:
 
     def __list_tags_for_resource__(self):
         logger.info("DAX - List Tags...")
-        try:
-            for cluster in self.clusters:
+        for cluster in self.clusters:
+            try:
                 regional_client = self.regional_clients[cluster.region]
-                response = regional_client.list_tags(ResourceName=cluster.name)["Tags"]
+                # In the DAX service to call list_tags we need to pass the cluster ARN as the resource name
+                response = regional_client.list_tags(ResourceName=cluster.arn)["Tags"]
                 cluster.tags = response
-        except Exception as error:
-            logger.error(
-                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
-            )
+
+            except ClientError as error:
+                if error.response["Error"]["Code"] != "InvalidARNFault":
+                    logger.warning(
+                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                    )
+                    continue
+
+            except Exception as error:
+                logger.error(
+                    f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+                )
 
 
 class Table(BaseModel):
diff --git a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py
index 9af6c27a..45db3802 100644
--- a/tests/providers/aws/services/dynamodb/dynamodb_service_test.py
+++ b/tests/providers/aws/services/dynamodb/dynamodb_service_test.py
@@ -136,7 +136,7 @@ class Test_DynamoDB_Service:
             {"Key": "test", "Value": "test"},
         ]
 
-    # Test DynamoDB Describe Table
+    # Test DynamoDB Describe Continuous Backups
     @mock_dynamodb
     def test__describe_continuous_backups__(self):
         # Generate DynamoDB Client
@@ -167,7 +167,7 @@ class Test_DynamoDB_Service:
         assert dynamo.tables[0].pitr
         assert dynamo.tables[0].region == AWS_REGION
 
-    # Test DAX List Tables
+    # Test DAX Describe Clusters
     @mock_dax
     def test__describe_clusters__(self):
         # Generate DAX Client
@@ -198,13 +198,17 @@ class Test_DynamoDB_Service:
         audit_info = self.set_mocked_audit_info()
         dax = DAX(audit_info)
         assert len(dax.clusters) == 2
+
         assert dax.clusters[0].name == "daxcluster1"
-        assert dax.clusters[1].name == "daxcluster2"
         assert dax.clusters[0].region == AWS_REGION
-        assert dax.clusters[1].region == AWS_REGION
+        assert dax.clusters[0].encryption
         assert dax.clusters[0].tags == [
             {"Key": "test", "Value": "test"},
         ]
+
+        assert dax.clusters[1].name == "daxcluster2"
+        assert dax.clusters[1].region == AWS_REGION
+        assert dax.clusters[1].encryption
         assert dax.clusters[1].tags == [
             {"Key": "test", "Value": "test"},
         ]