search

dome9 / cloud-bots

Automation and remediation bots for Dome9's (Continuous) Compliance Engine
BSD 3-Clause "New" or "Revised" License
112 stars 66 forks source link

vpc_turn_on_flow_logs cloudbot parm order incorrect #35

Closed artfulbodger closed 3 years ago

artfulbodger commented 4 years ago

When implementing the vpc_turn_on_flow_logs bot, the Dome9 UI and portal refers to the traffic_type parameter at index 0 and the destination at index 1

image

The python code refers to these parameters in the reverse order

DESTINATION_INDEX = 0 TRAFFIC_TYPE_INDEX = 1

This results in the destination value being used for the 'traffic_type' key and failing the value checks and skipping.

elif key == 'traffic_type': if value.upper() == 'ALL': traffic_type = 'ALL' text_output = text_output + 'The traffic_type to be logged is ALL\n' elif value.upper() == 'ACCEPT': traffic_type = 'ACCEPT' text_output = text_output + 'The traffic_type to be logged is ACCEPT\n' elif value.upper() == 'REJECT': traffic_type = 'REJECT' text_output = text_output + 'The traffic_type to be logged is REJECT\n' else: text_output = text_output + 'Traffic_type not set to ALL, ACCEPT, or REJECT. Those are the only three supported traffic_types. Skipping\n' + usage return text_output

artfulbodger commented 4 years ago

Reversing the parameter values in the Dome9 Remediation configuration resiults in the values being assigned to the correct index's when the bot runs:

"remediationActions": [ "vpc_turn_on_flow_logs logs reject" ]