bug: secretsmanager/secrets_configured_with_automatic_rotation_should_rotate_successfully.sql where condition #13772
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
SecretsManager.2 control.
The check 'fail' condition would became 'last_rotated_date before AutomaticallyAfterDays' since last_rotated_date was not updated within AutomaticallyAfterDays. Current sql would be false positive.
Expected Behavior
Patch it works:
diff --git a/plugins/source/aws/policies/queries/secretsmanager/secrets_configured_with_automatic_rotation_should_rotate_successfully.sql b/plugins/source/aws/policies/queries/secretsmanager/secrets_configured_with_automatic_rotation_should_rotate_successfully.sql
index 9477d1c7f..cb4cd20a3 100644
--- a/plugins/source/aws/policies/queries/secretsmanager/secrets_configured_with_automatic_rotation_should_rotate_successfully.sql
+++ b/plugins/source/aws/policies/queries/secretsmanager/secrets_configured_with_automatic_rotation_should_rotate_successfully.sql
@@ -7,7 +7,7 @@ select
account_id,
arn as resource_id,
case when
- (last_rotated_date is null and created_date > now() - INTERVAL '1 day' * (rotation_rules->>'AutomaticallyAfterDays')::integer)
- or (last_rotated_date is not null and last_rotated_date > now() - INTERVAL '1 day' * (rotation_rules->>'AutomaticallyAfterDays')::integer)
+ (last_rotated_date is null and created_date < now() - INTERVAL '1 day' * (rotation_rules->>'AutomaticallyAfterDays')::integer)
+ or (last_rotated_date is not null and last_rotated_date < now() - INTERVAL '1 day' * (rotation_rules->>'AutomaticallyAfterDays')::integer)
then 'fail' else 'pass' end as status
from aws_secretsmanager_secrets
CloudQuery (redacted) config
N/A
Steps To Reproduce
No response
CloudQuery (redacted) logs
N/A
CloudQuery version
main
Additional Context
No response
Pull request (optional)
- I can submit a pull request
Metadata
Metadata
Assignees
Labels
No labels