Review comments incorporated

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/ACMCertificateExpiryRule.java

@@ -60,8 +60,6 @@ public class ACMCertificateExpiryRule extends BaseRule{
 	 * 
 	 * ruleKey : check-for-acm-certificate-expiry <br><br>
 	 *
-	 * threadsafe : if true , rule will be executed on multiple threads <br><br>
-	 *
 	 * targetExpireDuration : specify the expiry duration in numbers <br><br>
 	 * 
 	 * severity : Enter the value of severity <br><br>

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/AccessLogForAppLB.java

@@ -48,14 +48,12 @@ public class AccessLogForAppLB extends BaseRule {
 	 * 
 	 *ruleKey : check-for-access-log-for-application-elb <br><br>
 	 *
-	 *esAppElbWithInstanceUrl : Enter the application elb with instance api <br><br>
-	 *
-	 *threadsafe : if true , rule will be executed on multiple threads <br><br>
-	 *
 	 *severity : Enter the value of severity <br><br>
 	 * 
 	 *ruleCategory : Enter the value of category <br><br>
 	 *
+	 *accessLogBucketName : Name of the access log bucket name <br><br>
+	 *
 	 * @param resourceAttributes this is a resource in context which needs to be scanned this is provided by execution engine
 	 *
 	 */

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/AccessLogForClassicLB.java

@@ -48,14 +48,11 @@ public class AccessLogForClassicLB extends BaseRule {
 	 * 
 	 *ruleKey : check-for-access-log-for-classic-elb <br><br>
 	 *
-	 *esAppElbWithInstanceUrl : Enter the application elb with instance api <br><br>
-	 *
-	 *threadsafe : if true , rule will be executed on multiple threads <br><br>
-	 *
 	 *severity : Enter the value of severity <br><br>
 	 * 
 	 *ruleCategory : Enter the value of category <br><br>
 	 *
+	 *accessLogBucketName : Name of the access log bucket name <br><br>
 	 * @param resourceAttributes this is a resource in context which needs to be scanned this is provided by execution engine
 	 *
 	 */
@@ -79,7 +76,7 @@ public RuleResult execute(final Map<String, String> ruleParam,Map<String, String
 				} else {
 					description += "is not available in S3 bucket";
 					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE,
-							PacmanUtils.createELBAnnotation("Application", ruleParam, description, severity, category));
+							PacmanUtils.createELBAnnotation("Classic", ruleParam, description, severity, category));
 				}
 			} else {
 				return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/AccessLogForCloudFront.java

@@ -22,14 +22,17 @@
  **/
 package com.tmobile.cloud.awsrules.federated;
 
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.tmobile.cloud.awsrules.utils.PacmanUtils;
 import com.tmobile.cloud.constants.PacmanRuleConstants;
 import com.tmobile.pacman.commons.PacmanSdkConstants;
+import com.tmobile.pacman.commons.rule.Annotation;
 import com.tmobile.pacman.commons.rule.BaseRule;
 import com.tmobile.pacman.commons.rule.PacmanRule;
 import com.tmobile.pacman.commons.rule.RuleResult;
@@ -48,13 +51,11 @@ public class AccessLogForCloudFront extends BaseRule {
 	 * 
 	 *ruleKey : check-for-access-log-for-cloudfront <br><br>
 	 *
-	 *esAppElbWithInstanceUrl : Enter the application elb with instance api <br><br>
-	 *
-	 *threadsafe : if true , rule will be executed on multiple threads <br><br>
-	 *
 	 *severity : Enter the value of severity <br><br>
 	 * 
-	 *ruleCategory : Enter the value of category <br><br>
+	 *ruleCategory : Enter the value of category <br><br> 
+	 *
+	 *accessLogBucketName : ARN of the access log bucket name <br><br>
 	 *
 	 * @param resourceAttributes this is a resource in context which needs to be scanned this is provided by execution engine
 	 *
@@ -68,17 +69,26 @@ public RuleResult execute(final Map<String, String> ruleParam,Map<String, String
 		String severity = ruleParam.get(PacmanRuleConstants.SEVERITY);
 		String category = ruleParam.get(PacmanRuleConstants.CATEGORY);
 		String loggingTags = resourceAttributes.get("tags.logging");
-		String description = "Access log for Cloud front";
+		Annotation annotation = null;
+		List<LinkedHashMap<String,Object>>issueList = new ArrayList<>();
+		LinkedHashMap<String,Object>issue = new LinkedHashMap<>();
 		if (resourceAttributes != null) {
 			if (loggingTags == null || loggingTags.equalsIgnoreCase("true")) {
 				if (accessLogBucketName != null && accessLogBucketName.equalsIgnoreCase(ruleParamBucketKey)
 						&& accessLogEnabled.equalsIgnoreCase("true")) {
 					logger.info("Access log for Cloud front is available in bucket " + accessLogBucketName);
 					return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
 				} else {
-					description += "is not available in S3 bucket";
-					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE,
-							PacmanUtils.createELBAnnotation("Application", ruleParam, description, severity, category));
+					annotation = Annotation.buildAnnotation(ruleParam,Annotation.Type.ISSUE);
+					annotation.put(PacmanSdkConstants.DESCRIPTION,"Access log is not enabled!!");
+					annotation.put(PacmanRuleConstants.SEVERITY, severity);
+					annotation.put(PacmanRuleConstants.SUBTYPE, Annotation.Type.RECOMMENDATION.toString());
+					annotation.put(PacmanRuleConstants.CATEGORY, category);
+
+					issue.put(PacmanRuleConstants.VIOLATION_REASON, "Access log is not enabled and not attached to any bucket ");
+					issueList.add(issue);
+					annotation.put("issueDetails",issueList.toString());
+					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE,PacmanRuleConstants.FAILURE_MESSAGE,annotation);
 				}
 			} else {
 				return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/CheckCloudTrailMultiRegionEnabled.java

@@ -24,7 +24,6 @@
 
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -55,7 +54,7 @@ public class CheckCloudTrailMultiRegionEnabled extends BaseRule {
      *            ************* Following are the Rule Parameters********* <br>
      * <br>
      *
-     *            ruleKey : check-for-aws-cloudtrail-config <br>
+     *            ruleKey : check-cloudtrail-multiRegion-enabled <br>
      * <br>
      *
      *            severity : Enter the value of severity <br>
@@ -64,7 +63,7 @@ public class CheckCloudTrailMultiRegionEnabled extends BaseRule {
      *            ruleCategory : Enter the value of category <br>
      * <br>
      *
-     *            roleIdentifyingString : Configure it as role/pac_ro <br>
+     *            inputCloudTrailName : TSI_Base_MasterAccountTrail  <br>
      * <br>
      *
      * @param resourceAttributes
@@ -79,13 +78,11 @@ public RuleResult execute(Map<String, String> ruleParam,
         logger.debug("========CheckAWSCloudTrailConfig started=========");
         Annotation annotation = null;
         String cloudTrailInput = ruleParam.get("inputCloudTrailName");
-        String roleIdentifyingString = ruleParam
-                .get(PacmanSdkConstants.Role_IDENTIFYING_STRING);
         String severity = ruleParam.get(PacmanRuleConstants.SEVERITY);
         String category = ruleParam.get(PacmanRuleConstants.CATEGORY);
         MDC.put("executionId", ruleParam.get("executionId"));
         MDC.put("ruleId", ruleParam.get(PacmanSdkConstants.RULE_ID));
-        if (!PacmanUtils.doesAllHaveValue(severity, category,roleIdentifyingString)) {
+        if (!PacmanUtils.doesAllHaveValue(severity, category)) {
             logger.info(PacmanRuleConstants.MISSING_CONFIGURATION);
             throw new InvalidInputException(PacmanRuleConstants.MISSING_CONFIGURATION);
         }
@@ -94,13 +91,14 @@ public RuleResult execute(Map<String, String> ruleParam,
         if(resourceAttributes != null){
         	if(!cloudtrail.contains(cloudTrailInput)){
         		annotation = Annotation.buildAnnotation(ruleParam,Annotation.Type.ISSUE);
+        		annotation.put(PacmanSdkConstants.DESCRIPTION,"Cloudtrail multiregion is not enabled!!");
 				annotation.put(PacmanRuleConstants.SEVERITY, severity);
 				annotation.put(PacmanRuleConstants.CATEGORY, category);
 	    		return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE,annotation);
         	}
         }
 
-        logger.debug("========CheckMFAforPowerUserGroup ended=========");
+        logger.debug("========CheckAWSCloudTrailConfig ended=========");
 		return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
     }
 

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/CheckPowerUserGroupIsMFAEnabled.java

@@ -82,21 +82,21 @@ public RuleResult execute(final Map<String, String> ruleParam, Map<String, Strin
 			logger.info(PacmanRuleConstants.MISSING_CONFIGURATION);
 			throw new InvalidInputException(PacmanRuleConstants.MISSING_CONFIGURATION);
 		}
-		String description = "Iam user does not have PowerUser group";
         sourcesverified.add("HTTP Get-From Public IP");
         accessLevels.put("HTTP Get-From Public IP", PacmanRuleConstants.PUBLIC);
 		if(resourceAttributes.get("groups")!= null || resourceAttributes.get("policies")!= null){
 
 			List<String> policyNameList = Arrays.asList(resourceAttributes.get("policies").split(":;"));
 			if(resourceAttributes.get("groupname").equalsIgnoreCase(powerUserGroupName) && !policyNameList.contains(powerUserPolicyInput)){
 				annotation = Annotation.buildAnnotation(ruleParam,Annotation.Type.ISSUE);
+				annotation.put(PacmanSdkConstants.DESCRIPTION,"Power User Group Is MFA Not Enabled!!");
 				annotation.put(PacmanRuleConstants.SEVERITY, severity);
 				annotation.put(PacmanRuleConstants.CATEGORY, category);
 				return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE,annotation);
 			}
 		}
 
-		logger.debug("========CheckMFAforPowerUserGroup ended=========");
+		logger.debug("========CheckPowerUserGroupIsMFAEnabled ended=========");
 		return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
 
 	}

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/IAMCertificateExpiryRule.java

@@ -61,8 +61,6 @@ public class IAMCertificateExpiryRule extends BaseRule{
 	 * 
 	 * ruleKey : check-for-iam-certificate-expiry <br><br>
 	 *
-	 * threadsafe : if true , rule will be executed on multiple threads <br><br>
-	 *
 	 * targetExpireDuration : specify the expiry duration in numbers <br><br>
 	 * 
 	 * severity : Enter the value of severity <br><br>

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/IAMUserAccessKeyFed.java

@@ -61,7 +61,9 @@ public class IAMUserAccessKeyFed extends BaseRule {
 	 * 
 	 * ruleCategory : Enter the value of category <br><br>
 	 * 
-	 * roleIdentifyingString : Configure it as role/pac_ro <br><br>
+	 * accessKeyInactivityDuration : No. of days of last used access key <br><br>
+	 * 
+	 * accessKeyAge : No. of days from create date of access key <br><br>
 	 * 
 	 * @param resourceAttributes this is a resource in context which needs to be scanned this is provided by execution engine
 	 *

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/RootUserMFACheck.java

@@ -20,10 +20,7 @@
  **/
 package com.tmobile.cloud.awsrules.federated;
 
-import java.util.ArrayList;
 import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 
 import org.slf4j.Logger;
@@ -32,7 +29,6 @@
 import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient;
 import com.amazonaws.services.identitymanagement.model.GetAccountSummaryRequest;
 import com.amazonaws.services.identitymanagement.model.GetAccountSummaryResult;
-import com.tmobile.cloud.awsrules.utils.PacmanUtils;
 import com.tmobile.cloud.constants.PacmanRuleConstants;
 import com.tmobile.pacman.commons.AWSService;
 import com.tmobile.pacman.commons.PacmanSdkConstants;

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/S3DPCEncryFederatedRule.java

@@ -62,7 +62,7 @@ public class S3DPCEncryFederatedRule extends BaseRule {
 	 * 
 	 *            ruleCategory : Enter the value of category <br><br>
 	 *            
-	 *            roleIdentifyingString : Configure it as role/pac_ro <br><br>
+	 *            checkId : value of check id <br><br>
 	 *            
 	 *            esServiceURL : Enter the Es url <br><br>
 	 * 

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/SNSInfoForSubscribedEmails.java

@@ -22,14 +22,17 @@
  **/
 package com.tmobile.cloud.awsrules.federated;
 
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.tmobile.cloud.awsrules.utils.PacmanUtils;
 import com.tmobile.cloud.constants.PacmanRuleConstants;
 import com.tmobile.pacman.commons.PacmanSdkConstants;
+import com.tmobile.pacman.commons.rule.Annotation;
 import com.tmobile.pacman.commons.rule.BaseRule;
 import com.tmobile.pacman.commons.rule.PacmanRule;
 import com.tmobile.pacman.commons.rule.RuleResult;
@@ -63,15 +66,24 @@ public RuleResult execute(final Map<String, String> ruleParam,Map<String, String
 		String endPoint = ruleParam.get("endPoint");
 		String severity = ruleParam.get(PacmanRuleConstants.SEVERITY);
 		String category = ruleParam.get(PacmanRuleConstants.CATEGORY);
-		String description = "Subscription is not enabled for ";
+		Annotation annotation = null;
+		List<LinkedHashMap<String,Object>>issueList = new ArrayList<>();
+		LinkedHashMap<String,Object>issue = new LinkedHashMap<>();
 		if (resourceAttributes != null) {
 				if (topicARN != null && topicARN.contains("TSI_Base_Security_Incident") &&  subscriptionEndPoint != null && subscriptionEndPoint.contains(endPoint)) {
 					logger.info("Subscription is enabled for " + endPoint);
 					return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
 				} else {
-					description += endPoint;
-					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE,
-							PacmanUtils.createELBAnnotation("Application", ruleParam, description, severity, category));
+					annotation = Annotation.buildAnnotation(ruleParam,Annotation.Type.ISSUE);
+					annotation.put(PacmanSdkConstants.DESCRIPTION,"SNS is not subscribed into TSI_Based_Security_Incident topic!!");
+					annotation.put(PacmanRuleConstants.SEVERITY, severity);
+					annotation.put(PacmanRuleConstants.SUBTYPE, Annotation.Type.RECOMMENDATION.toString());
+					annotation.put(PacmanRuleConstants.CATEGORY, category);
+
+					issue.put(PacmanRuleConstants.VIOLATION_REASON, "SNS is not subscribed into TSI_Based_Security_Incident topic ");
+					issueList.add(issue);
+					annotation.put("issueDetails",issueList.toString());
+					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE,PacmanRuleConstants.FAILURE_MESSAGE,annotation);
 				}
 		}
 		return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS,PacmanRuleConstants.SUCCESS_MESSAGE);