Add metrics logger to Config

CHANGELOG.md

@@ -1,6 +1,10 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.14.0]
+### Additions
+- `Config` includes a metrics logger and it is called to register when a filter is used
+
 ## [1.13.2]
 ### Fixes
 - Fixes docs formatting with [#235](https://github.com/Skyscanner/cfripper/pull/235)
@@ -17,7 +21,6 @@ All notable changes to this project will be documented in this file.
 ### Fixes
 - Update `GenericWildcardPrincipalRule`, `FullWildcardPrincipalRule`, `GenericResourceWildcardPrincipalRule` and `GenericResourceFullWildcardPrincipalRule` message, since sometimes it was bad-formatted in markdown.
 
-
 ## [1.12.0]
 ### Improvements
 - Refactored the `KMSKeyWildcardPrincipalRule` rule

cfripper/__version__.py

@@ -1,3 +1,3 @@
-VERSION = (1, 13, 2)
+VERSION = (1, 14, 0)
 
 __version__ = ".".join(map(str, VERSION))

cfripper/config/config.py

@@ -135,6 +135,7 @@ def __init__(
         aws_service_accounts=None,
         rules_config=None,
         rules_filters=None,
+        metrics_logger=None,
     ):
         self.project_name = project_name
         self.service_name = service_name
@@ -146,6 +147,7 @@ def __init__(
         self.aws_account_name = aws_account_name
         self.aws_account_id = aws_account_id
         self.aws_user_agent = aws_user_agent
+        self.metrics_logger = metrics_logger
         if aws_service_accounts is None:
             self.aws_service_accounts = {
                 "cloudtrail_account_ids": AWS_CLOUDTRAIL_ACCOUNT_IDS,

cfripper/rules/base_rules.py

@@ -63,6 +63,8 @@ def add_failure_to_result(
                 if rule_filter(**context):
                     risk_value = rule_filter.risk_value or risk_value
                     rule_mode = rule_filter.rule_mode or rule_mode
+                    if self._config.metrics_logger:
+                        self._config.metrics_logger(rule=self.__class__.__name__, filter_reason=rule_filter.reason)
             except Exception:
                 logger.exception(f"Exception raised while evaluating filter for `{rule_filter.reason}`", extra=context)
 

tests/config/test_config.py

@@ -19,6 +19,7 @@ def test_init_with_no_params():
     assert config.rules is None
     assert config.aws_account_id is None
     assert config.aws_principals == []
+    assert config.metrics_logger is None
 
 
 def test_init_with_nonexistent_params():

tests/config/test_filter.py

@@ -1,5 +1,6 @@
 import logging
 from typing import Callable
+from unittest import mock
 
 import pytest
 
@@ -276,6 +277,7 @@ def test_exist_function_and_property_does_not_exist(template_cross_account_role_
 
 
 def test_exist_function_and_property_exists(template_cross_account_role_with_name):
+    mock_metrics_logger = mock.Mock()
     mock_config = Config(
         rules=["CrossAccountTrustRule"],
         aws_account_id="123456789",
@@ -297,13 +299,15 @@ def test_exist_function_and_property_exists(template_cross_account_role_with_nam
                 rules={"CrossAccountTrustRule"},
             ),
         ],
+        metrics_logger=mock_metrics_logger,
     )
 
     rules = [DEFAULT_RULES.get(rule)(mock_config) for rule in mock_config.rules]
     processor = RuleProcessor(*rules)
     result = processor.process_cf_template(template_cross_account_role_with_name, mock_config)
 
     assert result.valid
+    mock_metrics_logger.assert_called()
     assert compare_lists_of_failures(result.failures, [])