chore(release): update v3 with latest changes (#4504)

Co-authored-by: Pepe Fagoaga <[email protected]>
prowler-cloud · Jul 22, 2024 · aa9fde6 · aa9fde6
1 parent c910514
commit aa9fde6
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 7 deletions.
diff --git a/prowler/providers/aws/aws_regions_by_service.json b/prowler/providers/aws/aws_regions_by_service.json
@@ -3894,6 +3894,7 @@
           "ap-southeast-3",
           "ca-central-1",
           "eu-central-1",
+          "eu-central-2",
           "eu-north-1",
           "eu-south-1",
           "eu-south-2",
@@ -7201,6 +7202,7 @@
           "ap-southeast-3",
           "ap-southeast-4",
           "ca-central-1",
+          "ca-west-1",
           "eu-central-1",
           "eu-central-2",
           "eu-north-1",

diff --git a/...oviders/aws/services/ssm/ssm_managed_compliant_patching/ssm_managed_compliant_patching.py b/...oviders/aws/services/ssm/ssm_managed_compliant_patching/ssm_managed_compliant_patching.py
@@ -10,7 +10,7 @@ def execute(self):
             report = Check_Report_AWS(self.metadata())
             report.region = resource.region
             report.resource_id = resource.id
-
+            report.resource_arn = resource.arn
             if resource.status == ResourceStatus.COMPLIANT:
                 report.status = "PASS"
                 report.status_extended = (

diff --git a/prowler/providers/aws/services/ssm/ssm_service.py b/prowler/providers/aws/services/ssm/ssm_service.py
@@ -116,13 +116,18 @@ def __list_resource_compliance_summaries__(self, regional_client):
             for page in list_resource_compliance_summaries_paginator.paginate():
                 for item in page["ResourceComplianceSummaryItems"]:
                     resource_id = item["ResourceId"]
-                    resource_status = item["Status"]
+                    resource_arn = f"arn:{self.audited_partition}:ec2:{regional_client.region}:{self.audited_account}:instance/{resource_id}"
+                    if not self.audit_resources or (
+                        is_resource_filtered(resource_arn, self.audit_resources)
+                    ):
+                        resource_status = item["Status"]
 
-                    self.compliance_resources[resource_id] = ComplianceResource(
-                        id=resource_id,
-                        status=resource_status,
-                        region=regional_client.region,
-                    )
+                        self.compliance_resources[resource_id] = ComplianceResource(
+                            id=resource_id,
+                            arn=resource_arn,
+                            status=resource_status,
+                            region=regional_client.region,
+                        )
 
         except Exception as error:
             logger.error(
@@ -166,6 +171,7 @@ class ResourceStatus(Enum):
 
 class ComplianceResource(BaseModel):
     id: str
+    arn: str
     region: str
     status: ResourceStatus
 

diff --git a/...rs/aws/services/ssm/ssm_managed_compliant_patching/ssm_managed_compliant_patching_test.py b/...rs/aws/services/ssm/ssm_managed_compliant_patching/ssm_managed_compliant_patching_test.py
@@ -35,6 +35,7 @@ def test_compliance_resources_compliant(self):
         ssm_client.compliance_resources = {
             instance_id: ComplianceResource(
                 id="i-1234567890abcdef0",
+                arn=f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:instance/{instance_id}",
                 region=AWS_REGION_US_EAST_1,
                 status=ResourceStatus.COMPLIANT,
             )
@@ -55,6 +56,10 @@ def test_compliance_resources_compliant(self):
             assert len(result) == 1
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_id == instance_id
+            assert (
+                result[0].resource_arn
+                == f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:instance/{instance_id}"
+            )
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
@@ -68,6 +73,7 @@ def test_compliance_resources_non_compliant(self):
         ssm_client.compliance_resources = {
             instance_id: ComplianceResource(
                 id="i-1234567890abcdef0",
+                arn=f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:instance/{instance_id}",
                 region=AWS_REGION_US_EAST_1,
                 status=ResourceStatus.NON_COMPLIANT,
             )
@@ -88,6 +94,10 @@ def test_compliance_resources_non_compliant(self):
             assert len(result) == 1
             assert result[0].region == AWS_REGION_US_EAST_1
             assert result[0].resource_id == instance_id
+            assert (
+                result[0].resource_arn
+                == f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:instance/{instance_id}"
+            )
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended

diff --git a/tests/providers/aws/services/ssm/ssm_service_test.py b/tests/providers/aws/services/ssm/ssm_service_test.py
@@ -196,5 +196,9 @@ def test__list_resource_compliance_summaries__(self):
         assert ssm.compliance_resources
         assert ssm.compliance_resources[instance_id]
         assert ssm.compliance_resources[instance_id].id == instance_id
+        assert (
+            ssm.compliance_resources[instance_id].arn
+            == f"arn:aws:ec2:{AWS_REGION_US_EAST_1}:{AWS_ACCOUNT_NUMBER}:instance/{instance_id}"
+        )
         assert ssm.compliance_resources[instance_id].region == AWS_REGION_US_EAST_1
         assert ssm.compliance_resources[instance_id].status == ResourceStatus.COMPLIANT