in solution/solution-compliance-audit-for-data-plane/source/function/ecs-patch-baseline/index.js [200:270]
async function getEvaluationResult(configurationItem, client, context) {
const { resourceId } = configurationItem;
const { logger } = context;
// 获取实例补丁状态
const patchStates = await client.request(
'ListInstancePatchStates',
{
InstanceIds: JSON.stringify([resourceId]),
},
requestOption
);
const patchState = _.get(patchStates, 'InstancePatchStates.0', null);
if (patchState == null) {
logger.error(`The patch info of instance ${resourceId} is empty.`);
return;
}
let complianceType = '';
let annotation = {};
const {
MissingCount = 0,
FailedCount = 0,
InstalledPendingRebootCount = 0,
InstalledRejectedCount = 0,
} = patchState;
if (MissingCount == 0 && FailedCount == 0 && InstalledPendingRebootCount == 0 && InstalledRejectedCount == 0) {
complianceType = COMPLIANCE_TYPE_COMPLIANT;
} else {
complianceType = COMPLIANCE_TYPE_NON_COMPLIANT;
// 获取详细补丁信息
const configuration = {
missingCount: MissingCount,
failedCount: FailedCount,
installedPendingRebootCount: InstalledPendingRebootCount,
installedRejectedCount: InstalledRejectedCount,
missingPatches: [],
failedPatches: [],
installedPendingRebootPatches: [],
installedRejectedPatches: [],
};
const patches = await listInstancePatches(resourceId, client);
for (const patch of patches) {
switch (patch.Status) {
case 'Missing':
configuration.missingPatches.push(patch);
break;
case 'InstalledPendingReboot':
configuration.installedPendingRebootPatches.push(patch);
break;
case 'Failed':
configuration.failedPatches.push(patch);
break;
case 'InstalledRejected':
configuration.installedRejectedPatches.push(patch);
break;
}
}
annotation = {
reason: `Not Installed: ${MissingCount}; Pending Restart: ${InstalledPendingRebootCount}; Install failed: ${FailedCount}; Installed Rejected Patch: ${InstalledRejectedCount};`,
configuration: JSON.stringify(configuration),
};
}
return {
complianceType,
annotation,
};
}