fix(cloudwatch): handle None metric alarms (#7207)

Co-authored-by: Sergio Garcia <[email protected]>

Author: prowler-bot

prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_alarm_state_configured/cloudwatch_alarm_actions_alarm_state_configured.py

@@ -7,12 +7,15 @@
 class cloudwatch_alarm_actions_alarm_state_configured(Check):
     def execute(self):
         findings = []
-        for metric_alarm in cloudwatch_client.metric_alarms:
-            report = Check_Report_AWS(metadata=self.metadata(), resource=metric_alarm)
-            report.status = "PASS"
-            report.status_extended = f"CloudWatch metric alarm {metric_alarm.name} has actions configured for the ALARM state."
-            if not metric_alarm.alarm_actions:
-                report.status = "FAIL"
-                report.status_extended = f"CloudWatch metric alarm {metric_alarm.name} does not have actions configured for the ALARM state."
-            findings.append(report)
+        if cloudwatch_client.metric_alarms is not None:
+            for metric_alarm in cloudwatch_client.metric_alarms:
+                report = Check_Report_AWS(
+                    metadata=self.metadata(), resource=metric_alarm
+                )
+                report.status = "PASS"
+                report.status_extended = f"CloudWatch metric alarm {metric_alarm.name} has actions configured for the ALARM state."
+                if not metric_alarm.alarm_actions:
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch metric alarm {metric_alarm.name} does not have actions configured for the ALARM state."
+                findings.append(report)
         return findings

prowler/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_enabled/cloudwatch_alarm_actions_enabled.py

@@ -7,14 +7,17 @@
 class cloudwatch_alarm_actions_enabled(Check):
     def execute(self):
         findings = []
-        for metric_alarm in cloudwatch_client.metric_alarms:
-            report = Check_Report_AWS(metadata=self.metadata(), resource=metric_alarm)
-            report.status = "PASS"
-            report.status_extended = (
-                f"CloudWatch metric alarm {metric_alarm.name} has actions enabled."
-            )
-            if not metric_alarm.actions_enabled:
-                report.status = "FAIL"
-                report.status_extended = f"CloudWatch metric alarm {metric_alarm.name} does not have actions enabled."
-            findings.append(report)
+        if cloudwatch_client.metric_alarms is not None:
+            for metric_alarm in cloudwatch_client.metric_alarms:
+                report = Check_Report_AWS(
+                    metadata=self.metadata(), resource=metric_alarm
+                )
+                report.status = "PASS"
+                report.status_extended = (
+                    f"CloudWatch metric alarm {metric_alarm.name} has actions enabled."
+                )
+                if not metric_alarm.actions_enabled:
+                    report.status = "FAIL"
+                    report.status_extended = f"CloudWatch metric alarm {metric_alarm.name} does not have actions enabled."
+                findings.append(report)
         return findings

tests/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_alarm_state_configured/cloudwatch_alarm_actions_alarm_state_configured_test.py

@@ -18,18 +18,52 @@ def test_no_cloudwatch_alarms(self):
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
 
-        with mock.patch(
-            "prowler.providers.common.provider.Provider.get_global_provider",
-            return_value=aws_provider,
-        ), mock.patch(
-            "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_client",
-            new=CloudWatch(aws_provider),
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_client",
+                new=CloudWatch(aws_provider),
+            ),
         ):
+            from prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured import (
+                cloudwatch_alarm_actions_alarm_state_configured,
+            )
+
+            check = cloudwatch_alarm_actions_alarm_state_configured()
+            result = check.execute()
+
+            assert len(result) == 0
+
+    @mock_aws
+    def test_none_cloudwatch_alarms(self):
+        cloudwatch_client = client("cloudwatch", region_name=AWS_REGION_US_EAST_1)
+        cloudwatch_client.metric_alarms = []
+
+        from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
+            CloudWatch,
+        )
 
+        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
+
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_client",
+                new=CloudWatch(aws_provider),
+            ) as cloudwatch_client_mock,
+        ):
             from prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured import (
                 cloudwatch_alarm_actions_alarm_state_configured,
             )
 
+            cloudwatch_client_mock.metric_alarms = None
+
             check = cloudwatch_alarm_actions_alarm_state_configured()
             result = check.execute()
 
@@ -53,14 +87,16 @@ def test_cloudwatch_alarms_actions_configured(self):
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
 
-        with mock.patch(
-            "prowler.providers.common.provider.Provider.get_global_provider",
-            return_value=aws_provider,
-        ), mock.patch(
-            "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_client",
-            new=CloudWatch(aws_provider),
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_client",
+                new=CloudWatch(aws_provider),
+            ),
         ):
-
             from prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured import (
                 cloudwatch_alarm_actions_alarm_state_configured,
             )
@@ -100,14 +136,16 @@ def test_cloudwatch_alarms_actions_not_configured(self):
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
 
-        with mock.patch(
-            "prowler.providers.common.provider.Provider.get_global_provider",
-            return_value=aws_provider,
-        ), mock.patch(
-            "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_client",
-            new=CloudWatch(aws_provider),
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_client",
+                new=CloudWatch(aws_provider),
+            ),
         ):
-
             from prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_alarm_state_configured.cloudwatch_alarm_actions_alarm_state_configured import (
                 cloudwatch_alarm_actions_alarm_state_configured,
             )

tests/providers/aws/services/cloudwatch/cloudwatch_alarm_actions_enabled/cloudwatch_alarm_actions_enabled_test.py

@@ -18,18 +18,51 @@ def test_no_cloudwatch_alarms(self):
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
 
-        with mock.patch(
-            "prowler.providers.common.provider.Provider.get_global_provider",
-            return_value=aws_provider,
-        ), mock.patch(
-            "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled.cloudwatch_client",
-            new=CloudWatch(aws_provider),
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled.cloudwatch_client",
+                new=CloudWatch(aws_provider),
+            ),
         ):
+            from prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled import (
+                cloudwatch_alarm_actions_enabled,
+            )
+
+            check = cloudwatch_alarm_actions_enabled()
+            result = check.execute()
+
+            assert len(result) == 0
+
+    def test_none_cloudwatch_alarms(self):
+        cloudwatch_client = client("cloudwatch", region_name=AWS_REGION_US_EAST_1)
+        cloudwatch_client.metric_alarms = []
 
+        from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
+            CloudWatch,
+        )
+
+        aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
+
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled.cloudwatch_client",
+                new=CloudWatch(aws_provider),
+            ) as cloudwatch_client_mock,
+        ):
             from prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled import (
                 cloudwatch_alarm_actions_enabled,
             )
 
+            cloudwatch_client_mock.metric_alarms = None
+
             check = cloudwatch_alarm_actions_enabled()
             result = check.execute()
 
@@ -53,14 +86,16 @@ def test_cloudwatch_alarms_actions_enabled(self):
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
 
-        with mock.patch(
-            "prowler.providers.common.provider.Provider.get_global_provider",
-            return_value=aws_provider,
-        ), mock.patch(
-            "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled.cloudwatch_client",
-            new=CloudWatch(aws_provider),
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled.cloudwatch_client",
+                new=CloudWatch(aws_provider),
+            ),
         ):
-
             from prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled import (
                 cloudwatch_alarm_actions_enabled,
             )
@@ -100,14 +135,16 @@ def test_cloudwatch_alarms_actions_disabled(self):
 
         aws_provider = set_mocked_aws_provider([AWS_REGION_US_EAST_1])
 
-        with mock.patch(
-            "prowler.providers.common.provider.Provider.get_global_provider",
-            return_value=aws_provider,
-        ), mock.patch(
-            "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled.cloudwatch_client",
-            new=CloudWatch(aws_provider),
+        with (
+            mock.patch(
+                "prowler.providers.common.provider.Provider.get_global_provider",
+                return_value=aws_provider,
+            ),
+            mock.patch(
+                "prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled.cloudwatch_client",
+                new=CloudWatch(aws_provider),
+            ),
         ):
-
             from prowler.providers.aws.services.cloudwatch.cloudwatch_alarm_actions_enabled.cloudwatch_alarm_actions_enabled import (
                 cloudwatch_alarm_actions_enabled,
             )