2024-07-04T08:53:52Z ERR failed JSON schema validation for spec error="jsonschema: '/table_options/aws_inspector2_findings' does not validate with https://github.com/cloudquery/cloudquery/plugins/source/aws/client/spec/spec#/$ref/properties/table_options/oneOf/0/$ref/properties/aws_inspector2_findings/oneOf/0/$ref/additionalProperties: additionalProperties 'list_findings' not allowed" invocation-id=xxxxxxxxxx module=aws-src
As you can see, there are multiple comparisons because the AWS API is a bit limited in terms of what you can do (it doesn’t have a gt option).
That said, I couldn’t reproduce your error, so I would also recommend upgrading to the latest AWS plugin version (v27.5.0) and CLI version (5.24.0) to make sure you have all the relevant fixes.
You’ll see that the strategy you used for filtering (i.e. using criterion and gt) doesn’t really exist.
This configuration is a similar attempt to what you tried to achieve, but using valid configuration according to the docs.
Note that there’s also a VendorSeverity property that is filtered in the same way as the Severity property. I’m not 100% sure which one is the correct one you’re looking for.
Hey @mariano, I’m unable to get data using the above code. I’ve made sure that the table is clear before running. Later, I’ve run the YAML file, and I see there is no data recorded in this table (aws_inspector2_findings). I don’t see a record also being added for this run in the cq_state_aws table. Can anyone help me on this?
Hi @funny-whale, we’ll be happy to help. Can you share the config that you used for the last run? Are there findings of level 8 or higher that you can see in the AWS console?
@funny-whale If it’s a quick experiment (since there are no returned rows), could you try changing severity to vendor_severity? It could be that this is the field that is being set for those vulnerabilities. This would show up in the console where you see them.
Hi @ben, the code you have sent is working fine if I specify only one filter (like if I want both HIGH and CRITICAL findings it’s not working). If I try to filter only HIGH findings, the code is working fine.
Can you let me know how I can apply an OR operator here?
Hey @ben, I’m using the below source.yml file. Now, I’m trying to sync only critical findings, and I can see that not all findings are being synced, even for one filter.
I’m getting that there are only 4 critical findings, but I can see that there are 122 findings in the console. It is just taking the below (last given findings):
@funny-whale Thanks, we will take a look. Can you comment out the backend_options config section for this test and re-run a sync? Stale data will not be deleted when incremental syncing is being used, and also every sync will only fetch data since the last timestamp stored in the state table, so that might be why you’re only seeing a subset of the rows.
If you could rerun and let us know the results, that would be really useful. It sounds like there might also be a problem with the primary key uniqueness on our side; we’ll have to look into that.
Is this the only incremental table you are using? If it is, can you try truncating the contents of the cq_state_aws table and rerun the syncs?
Also, for tables that are using incremental sync, CloudQuery will not delete any of the old data because incremental syncs only grab the data that has been added since the last sync was completed.
Yeah, we want to sync only the inspector2_findings table. But I’ve got to know that aws_inspector2_findings is a special case and it will refresh the DB when there is a change in table_options.
Incremental syncs use a hash of the table_options to determine if there was a previous sync. So if you change the table_options, it will sync all of the data the first time, and only in subsequent syncs will it query for just those records that have been added.
When I’m trying to add table_options and incremental_sync for the inspector2_findings table, I’m adding certain filters in table_options like getting only HIGH severity findings, but I’m getting all the findings irrespective of the filter.
I think your YAML might be incorrectly indented, and that’s why it’s being ignored 