Skip to content

Commit

Permalink
To support new delimiters for stepFunction execution_arn
Browse files Browse the repository at this point in the history
  • Loading branch information
nine5two7 committed Oct 30, 2023
1 parent 9addbbe commit 28c6b14
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 7 deletions.
21 changes: 14 additions & 7 deletions aws/logs_monitoring/parsing.py
Original file line number Diff line number Diff line change
Expand Up @@ -536,13 +536,11 @@ def awslogs_handler(event, context, metadata):
):
state_machine_arn = ""
try:
message = json.loads(logs["logEvents"][0]["message"])
if message.get("execution_arn") is not None:
execution_arn = message["execution_arn"]
arn_tokens = execution_arn.split(":")
arn_tokens[5] = "stateMachine"
metadata[DD_HOST] = ":".join(arn_tokens[:-1])
state_machine_arn = ":".join(arn_tokens[:7])
state_machine_arn = get_state_machine_arn(
json.loads(logs["logEvents"][0]["message"])
)
if state_machine_arn: # not empty
metadata[DD_HOST] = state_machine_arn
except Exception as e:
logger.debug(
"Unable to set stepfunction host or get state_machine_arn: %s" % e
Expand Down Expand Up @@ -856,3 +854,12 @@ def normalize_events(events, metadata):
)

return normalized


def get_state_machine_arn(message):
if message.get("execution_arn") is not None:
execution_arn = message["execution_arn"]
arn_tokens = re.split(r"[:/\\]", execution_arn)
arn_tokens[5] = "stateMachine"
return ":".join(arn_tokens[:7])
return ""
31 changes: 31 additions & 0 deletions aws/logs_monitoring/tests/test_parsing.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
separate_security_hub_findings,
parse_aws_waf_logs,
get_service_from_tags,
get_state_machine_arn,
)
from settings import (
DD_CUSTOM_TAGS,
Expand Down Expand Up @@ -966,5 +967,35 @@ def test_get_service_from_tags_default_to_source(self):
self.assertEqual(get_service_from_tags(metadata), "ecs")


class TestParsingStepFunctionLogs(unittest.TestCase):
def test_get_state_machine_arn(self):
invalid_sf_log_message = {"no_execution_arn": "xxxx/yyy"}
self.assertEqual(get_state_machine_arn(invalid_sf_log_message), "")

normal_sf_log_message = {
"execution_arn": "arn:aws:states:sa-east-1:425362996713:express:my-Various-States:7f653fda-c79a-430b-91e2-3f97eb87cabb:862e5d40-a457-4ca2-a3c1-78485bd94d3f"
}
self.assertEqual(
get_state_machine_arn(normal_sf_log_message),
"arn:aws:states:sa-east-1:425362996713:stateMachine:my-Various-States",
)

forward_slash_sf_log_message = {
"execution_arn": "arn:aws:states:sa-east-1:425362996713:express:my-Various-States/7f653fda-c79a-430b-91e2-3f97eb87cabb:862e5d40-a457-4ca2-a3c1-78485bd94d3f"
}
self.assertEqual(
get_state_machine_arn(forward_slash_sf_log_message),
"arn:aws:states:sa-east-1:425362996713:stateMachine:my-Various-States",
)

back_slash_sf_log_message = {
"execution_arn": "arn:aws:states:sa-east-1:425362996713:express:my-Various-States\\7f653fda-c79a-430b-91e2-3f97eb87cabb:862e5d40-a457-4ca2-a3c1-78485bd94d3f"
}
self.assertEqual(
get_state_machine_arn(back_slash_sf_log_message),
"arn:aws:states:sa-east-1:425362996713:stateMachine:my-Various-States",
)


if __name__ == "__main__":
unittest.main()

0 comments on commit 28c6b14

Please sign in to comment.