mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-11 07:15:15 +00:00
67b5de205b
Co-authored-by: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Co-authored-by: sergargar <sergio@verica.io>
109 lines
4.0 KiB
Python
109 lines
4.0 KiB
Python
import threading
|
|
|
|
from pydantic import BaseModel
|
|
|
|
from lib.logger import logger
|
|
from providers.aws.aws_provider import generate_regional_clients
|
|
|
|
|
|
################################ EKS
|
|
class EKS:
|
|
def __init__(self, audit_info):
|
|
self.service = "eks"
|
|
self.session = audit_info.audit_session
|
|
self.regional_clients = generate_regional_clients(self.service, audit_info)
|
|
self.clusters = []
|
|
self.__threading_call__(self.__list_clusters__)
|
|
self.__describe_cluster__(self.regional_clients)
|
|
|
|
def __get_session__(self):
|
|
return self.session
|
|
|
|
def __threading_call__(self, call):
|
|
threads = []
|
|
for regional_client in self.regional_clients.values():
|
|
threads.append(threading.Thread(target=call, args=(regional_client,)))
|
|
for t in threads:
|
|
t.start()
|
|
for t in threads:
|
|
t.join()
|
|
|
|
def __list_clusters__(self, regional_client):
|
|
logger.info("EKS listing clusters...")
|
|
try:
|
|
list_clusters_paginator = regional_client.get_paginator("list_clusters")
|
|
for page in list_clusters_paginator.paginate():
|
|
for cluster in page["clusters"]:
|
|
self.clusters.append(
|
|
EKSCluster(
|
|
name=cluster,
|
|
region=regional_client.region,
|
|
)
|
|
)
|
|
|
|
except Exception as error:
|
|
logger.error(
|
|
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
)
|
|
|
|
def __describe_cluster__(self, regional_clients):
|
|
logger.info("EKS listing clusters...")
|
|
try:
|
|
for cluster in self.clusters:
|
|
regional_client = regional_clients[cluster.region]
|
|
describe_cluster = regional_client.describe_cluster(name=cluster.name)
|
|
cluster.arn = describe_cluster["cluster"]["arn"]
|
|
if "logging" in describe_cluster["cluster"]:
|
|
cluster.logging = EKSClusterLoggingEntity(
|
|
types=describe_cluster["cluster"]["logging"]["clusterLogging"][
|
|
0
|
|
]["types"],
|
|
enabled=describe_cluster["cluster"]["logging"][
|
|
"clusterLogging"
|
|
][0]["enabled"],
|
|
)
|
|
if (
|
|
"endpointPublicAccess"
|
|
in describe_cluster["cluster"]["resourcesVpcConfig"]
|
|
):
|
|
cluster.endpoint_public_access = describe_cluster["cluster"][
|
|
"resourcesVpcConfig"
|
|
]["endpointPublicAccess"]
|
|
if (
|
|
"endpointPrivateAccess"
|
|
in describe_cluster["cluster"]["resourcesVpcConfig"]
|
|
):
|
|
cluster.endpoint_private_access = describe_cluster["cluster"][
|
|
"resourcesVpcConfig"
|
|
]["endpointPrivateAccess"]
|
|
if (
|
|
"publicAccessCidrs"
|
|
in describe_cluster["cluster"]["resourcesVpcConfig"]
|
|
):
|
|
cluster.public_access_cidrs = describe_cluster["cluster"][
|
|
"resourcesVpcConfig"
|
|
]["publicAccessCidrs"]
|
|
if "encryptionConfig" in describe_cluster["cluster"]:
|
|
cluster.encryptionConfig = True
|
|
|
|
except Exception as error:
|
|
logger.error(
|
|
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
)
|
|
|
|
|
|
class EKSClusterLoggingEntity(BaseModel):
|
|
types: list[str] = None
|
|
enabled: bool = None
|
|
|
|
|
|
class EKSCluster(BaseModel):
|
|
name: str
|
|
arn: str = None
|
|
region: str
|
|
logging: EKSClusterLoggingEntity = None
|
|
endpoint_public_access: bool = None
|
|
endpoint_private_access: bool = None
|
|
public_access_cidrs: list[str] = None
|
|
encryptionConfig: bool = None
|