Skip to content

fix(queries): support all valid CloudWatch Logs retention periods #7450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 29, 2025
Merged

fix(queries): support all valid CloudWatch Logs retention periods #7450

merged 2 commits into from
Apr 29, 2025

Conversation

jamesbascle
Copy link
Contributor

Pulled from latest documentation @ https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group

Closes #

Reason for Proposed Changes

  • Some valid CloudWatch Logs retention periods are not supported and trigger false positives

Proposed Changes

  • Adds the full list of valid CloudWatch Logs retention periods

I submit this contribution under the Apache-2.0 license.

@jamesbascle jamesbascle requested a review from a team as a code owner April 25, 2025 19:49
@github-actions github-actions bot added community Community contribution terraform Terraform query aws PR related with AWS Cloud labels Apr 25, 2025
@jamesbascle
Copy link
Contributor Author

Sorry, I do not understand what the
Capture

check is asking me to do. Happy to fix with guidance.

@jamesbascle jamesbascle changed the title Support all valid CloudWatch Logs retention periods fix(queries): Support all valid CloudWatch Logs retention periods Apr 25, 2025
@github-actions github-actions bot added the query New query feature label Apr 25, 2025
@cx-rui-araujo
Copy link
Contributor

cx-rui-araujo commented Apr 26, 2025
edited
Loading

Hi @jamesbascle, how are you?

Thanks for your contribution 🙌

About the "title-check" GitHub action: it was failing because the first letter after the double points (:) must be lowercase.

We also have this query for two other platforms besides Crossplane:

Would you like to update them too, or would you prefer that I handle it?

@cx-rui-araujo cx-rui-araujo changed the title fix(queries): Support all valid CloudWatch Logs retention periods fix(queries): support all valid CloudWatch Logs retention periods Apr 26, 2025
@jamesbascle
Copy link
Contributor Author

jamesbascle commented Apr 26, 2025 via email

@jamesbascle
Copy link
Contributor Author

@cx-rui-araujo The unit test runner failed on this...I don't really know what i'm looking at here, but it doesn't seem related to the change I made. Any advice?

@cx-rui-araujo
Copy link
Contributor

Hi @jamesbascle,
I reran the test, and it passed. It's a flaky one that we plan to fix in the near future.

We usually add specific tests for queries, but in this case, I checked and we don't cover all valid values individually (for example, /test/negative.yaml).
I believe it's because the validValues list is quite large, and so we focus more on testing a few examples instead of every single value to avoid too much redundancy.
Anyway, I'll double-check with the team if we're good to merge without adding them.
I'll let you know as soon as I can. Thanks!

cx-artur-ribeiro
cx-artur-ribeiro approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@cx-artur-ribeiro cx-artur-ribeiro left a comment
edited by cx-julio-silva
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
As @cx-rui-araujo explained, I don't see a reason why we should be testing the full list of values, but we could improve the unit tests with better use cases... Either way, we can do that in the future; doesn't need to be added in this PR.

Thanks for your contribution!

cx-rui-araujo
cx-rui-araujo approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@cx-rui-araujo cx-rui-araujo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

I'm merging this PR.
These changes will be included in the next KICS release (v2.1.8).
We just released a version last week, so the next one will probably be mid to late next month (May).

@jamesbascle, Thanks for your contribution!

@cx-rui-araujo cx-rui-araujo merged commit f32f9c8 into Checkmarx:master Apr 29, 2025
26 checks passed
@BrewTestBot BrewTestBot mentioned this pull request May 20, 2025
Merged
JonasCordsen pushed a commit to JonasCordsen/kics that referenced this pull request Jun 11, 2025
@jamesbascle
fix(queries): support all valid CloudWatch Logs retention periods (Ch…
9f6c162 
…eckmarx#7450)

* Support all valid CloudWatch Logs retention periods

Pulled from latest documentation @ https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group

* fix AWS CWL retention period valid values for terraform and ansible

---------

Co-authored-by: jb <git@noxowa.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cx-rui-araujo cx-rui-araujo cx-rui-araujo approved these changes

@cx-artur-ribeiro cx-artur-ribeiro cx-artur-ribeiro approved these changes

Assignees

@jamesbascle jamesbascle

Labels
aws PR related with AWS Cloud community Community contribution query New query feature terraform Terraform query
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jamesbascle @cx-rui-araujo @cx-artur-ribeiro