cfn-guardian 0.1.0 → 0.3.3

data/lib/cfnguardian/models/composite.rb

@@ -0,0 +1,21 @@
+module CfnGuardian
+  module Models
+    class Composite
+      
+      attr_reader :type
+      attr_accessor :name,
+        :description,
+        :rule,
+        :alarm_action
+        
+      def initialize(name,params = {})
+        @type = 'Composite'
+        @name = name
+        @description = params.fetch('Description', '')
+        @rule = params.fetch('Rule', 'FALSE')
+        @alarm_action = params.fetch('Action', nil)
+      end
+              
+    end
+  end
+end

data/lib/cfnguardian/models/event.rb

@@ -5,43 +5,30 @@ module CfnGuardian
     class Event
       
       attr_reader :type
-      attr_accessor :class,
+      attr_accessor :group,
         :target,
         :hash,
         :name,
         :cron,
         :enabled,
-        :resource
+        :resource,
+        :environment,
+        :payload,
+        :ssm_parameters
       
       def initialize(resource)
         @type = 'Event'
-        @class = nil
+        @group = nil
         @target = nil
         @hash = Digest::MD5.hexdigest resource['Id']
         @name = @hash
         @cron = "* * * * ? *"
         @enabled = true
         @resource = resource['Id'].to_resource_name
-      end
-      
-      def to_h
-        return {
-          type: @type,
-          class: @class,
-          target: @target,
-          hash: @hash,
-          name: @name,
-          cron: @cron,
-          enabled: @enabled,
-          resource: @resource,
-          payload: event_payload()
-        }
-      end
-      
-      def event_payload
-        {}.to_json
-      end
-      
+        @environment = ""
+        @payload = {}.to_json
+        @ssm_parameters = []
+      end      
     end
     
     class HttpEvent < Event
@@ -56,7 +43,7 @@ module CfnGuardian
       
       def initialize(resource)
         super(resource)
-        @class = 'Http'
+        @group = 'Http'
         @name = 'HttpEvent'
         @target = 'HttpCheckFunction'
         @endpoint = resource['Id']
@@ -66,9 +53,10 @@ module CfnGuardian
         @body_regex = resource.fetch('BodyRegex',nil)
         @headers = resource.fetch('Headers',nil)
         @payload = resource.fetch('Payload',nil)
+        @compressed = resource.fetch('Compressed',false)
       end
       
-      def event_payload
+      def payload
         payload = {
           'ENDPOINT' => @endpoint,
           'METHOD' => @method,
@@ -78,14 +66,56 @@ module CfnGuardian
         payload['BODY_REGEX_MATCH'] = @body_regex unless @body_regex.nil?
         payload['HEADERS'] = @headers unless @headers.nil?
         payload['PAYLOAD'] = @payload unless @payload.nil?
+        payload['COMPRESSED'] = '1' if @compressed
         return payload.to_json
       end
     end
     
-    class NrpeEvent < Event
+    class InternalHttpEvent < HttpEvent      
+      def initialize(resource,environment)
+        super(resource)
+        @group = 'InternalHttp'
+        @name = 'InternalHttpEvent'
+        @target = "InternalHttpCheckFunction#{environment}"
+        @environment = environment
+      end
+    end
+    
+    class PortEvent < Event      
+      def initialize(resource)
+        super(resource)
+        @group = 'Port'
+        @name = 'PortEvent'
+        @target = 'PortCheckFunction'
+        @hostname = resource['Id']
+        @port = resource['Port']
+        @timeout = resource.fetch('Timeout',120)
+      end
+      
+      def payload
+        return {
+          'HOSTNAME' => @hostname,
+          'PORT' => @port,
+          'TIMEOUT' => @timeout,
+          'STATUS_CODE_MATCH' => @status_code
+        }.to_json
+      end
+    end
+    
+    class InternalPortEvent < PortEvent    
+      def initialize(resource,environment)
+        super(resource)
+        @group = 'InternalPort'
+        @name = 'InternalPortEvent'
+        @target = "InternalPortCheckFunction#{environment}"
+        @environment = environment
+      end
+    end
+    
+    class NrpeEvent < Event      
       def initialize(resource,environment,command)
         super(resource)
-        @class = 'Nrpe'
+        @group = 'Nrpe'
         @name = 'NrpeEvent'
         @target = "NrpeCheckFunction#{environment}"
         @host = resource['Id']
@@ -94,7 +124,7 @@ module CfnGuardian
         @command = command
       end
       
-      def event_payload
+      def payload
         return {
           'host' => @host,
           'environment' => @environment,
@@ -107,7 +137,7 @@ module CfnGuardian
     class SslEvent < Event
       def initialize(resource)
         super(resource)
-        @class = 'Ssl'
+        @group = 'Ssl'
         @name = 'SslEvent'
         @target = 'SslCheckFunction'
         @cron = "0 12 * * ? *" 
@@ -115,7 +145,7 @@ module CfnGuardian
         @region = resource.fetch('Region',"${AWS::Region}")
       end
       
-      def event_payload
+      def payload
         return {
           'Url' => @url,
           'Region' => @region
@@ -123,6 +153,16 @@ module CfnGuardian
       end
     end
     
+    class InternalSslEvent < SslEvent    
+      def initialize(resource,environment)
+        super(resource)
+        @group = 'InternalSsl'
+        @name = 'InternalSslEvent'
+        @target = "InternalSslCheckFunction#{environment}"
+        @environment = environment
+      end
+    end
+    
     class DomainExpiryEvent < Event
       
       attr_accessor :domain,
@@ -130,7 +170,7 @@ module CfnGuardian
       
       def initialize(resource)
         super(resource)
-        @class = 'DomainExpiry'
+        @group = 'DomainExpiry'
         @name = 'DomainExpiryEvent'
         @target = 'DomainExpiryCheckFunction'
         @cron = "0 12 * * ? *" 
@@ -138,17 +178,17 @@ module CfnGuardian
         @region = resource.fetch('Region',"${AWS::Region}")
       end
       
-      def event_payload
-        {'Domain' => @domain}.to_json
+      def payload
+        return {'Domain' => @domain}.to_json
       end
     end
     
     class SqlEvent < Event
-      def initialize(resource,query)
+      def initialize(resource,query,environment)
         super(resource)
-        @class = 'Sql'
+        @group = 'Sql'
         @name = 'SqlEvent'
-        @target = 'SqlCheckFunction'
+        @target = "SqlCheckFunction#{environment}"
         @host = resource['Id']
         @engine = resource['Engine']
         @port = resource['Port']
@@ -157,9 +197,10 @@ module CfnGuardian
         @query = query
         @region = resource.fetch('Region',"${AWS::Region}")
         @test_type = '1-row-1-value-zero-is-good'
+        @environment = environment
       end
       
-      def event_payload
+      def payload
         return {
           'Host' => @host,
           'Engine' => @engine,
@@ -171,20 +212,103 @@ module CfnGuardian
           'TestType' => @test_type
         }.to_json
       end
+      
+      def ssm_parameters
+        params = []
+        params << @ssm_username
+        params << @ssm_password
+        return params
+      end
     end
     
     class ContainerInstanceEvent < Event
       def initialize(resource)
         super(resource)
-        @class = 'ContainerInstance'
+        @group = 'ContainerInstance'
         @name = 'ContainerInstanceEvent'
         @target = 'ContainerInstanceCheckFunction'
         @cron = "0/5 * * * ? *"
         @cluster = resource['Id']
       end
       
-      def event_payload
-        {'CLUSTER' => @cluster}.to_json
+      def payload
+        return {'CLUSTER' => @cluster}.to_json
+      end
+    end
+    
+    class SFTPEvent < Event
+      def initialize(resource)
+        super(resource)
+        @group = 'SFTP'
+        @name = 'SFTPEvent'
+        @target = 'SFTPCheckFunction'
+        @cron = "0/5 * * * ? *"
+        @host = resource['Id']
+        @user = resource['User']
+        @port = resource.fetch('Port', nil)
+        @server_key = resource.fetch('ServerKey', nil)
+        @password = resource.fetch('Password', nil)
+        @private_key = resource.fetch('PrivateKey', nil)
+        @private_key_pass = resource.fetch('PrivateKeyPass', nil)
+        @file = resource.fetch('File', nil)
+        @file_regex_match = resource.fetch('FileRegexMatch', nil)
+      end
+      
+      def payload
+        payload = {
+          'HOSTNAME' => @host,
+          'USERNAME' => @user
+        }
+        payload['PORT'] = @port unless @port.nil?
+        payload['SERVER_KEY'] = @server_key unless @server_key.nil?
+        payload['PASSWORD'] = @password unless @password.nil?
+        payload['PRIVATEKEY'] = @private_key unless @private_key.nil?
+        payload['PRIVATEKEY_PASSWORD'] = @private_key_pass unless @private_key_pass.nil?
+        payload['FILE'] = @file unless @file.nil?
+        payload['FILE_REGEX_MATCH'] = @file_regex_match unless @file_regex_match.nil?
+        return payload.to_json
+      end
+      
+      def ssm_parameters
+        params = []
+        params << @password unless @password.nil?
+        params << @private_key unless @private_key.nil?
+        params << @private_key_pass unless @private_key_pass.nil?
+        return params
+      end
+    end
+    
+    class InternalSFTPEvent < SFTPEvent    
+      def initialize(resource,environment)
+        super(resource)
+        @group = 'InternalSFTP'
+        @name = 'InternalSFTPEvent'
+        @target = "InternalSFTPCheckFunction#{environment}"
+        @environment = environment
+      end
+    end
+    
+    class TLSEvent < Event
+      def initialize(resource)
+        super(resource)
+        @group = 'TLS'
+        @name = 'TLSEvent'
+        @target = 'TLSCheckFunction'
+        @cron = "0/5 * * * ? *"
+        @host = resource['Id']
+        @port = resource.fetch('Port', 443)
+        @check_max = resource.fetch('MaxSupported', nil)
+        @versions =  resource.fetch('Versions', ['SSLv2','SSLv3','TLSv1','TLSv1.1','TLSv1.2'])
+      end
+      
+      def payload
+        payload = {
+          'HOSTNAME' => @host,
+          'PORT' => @port
+        }
+        payload['CHECK_MAX_SUPPORTED'] = @check_max.nil?
+        payload['PROTOCOLS'] = @versions unless @versions.nil?
+        return payload.to_json
       end
     end
 

data/lib/cfnguardian/models/metric_filter.rb

@@ -0,0 +1,28 @@
+require 'cfnguardian/string'
+require 'digest/md5'
+
+module CfnGuardian
+  module Models
+    class MetricFilter
+      
+      attr_reader :type,
+        :metric_namespace,
+        :name
+      attr_accessor :log_group,
+        :pattern,
+        :metric_value,
+        :metric_name
+      
+      def initialize(log_group,filter)
+        @type = 'MetricFilter'
+        @name = Digest::MD5.hexdigest(log_group + filter['MetricName'])
+        @log_group = log_group
+        @pattern = filter['Pattern']
+        @metric_value = filter.fetch('MetricValue', '1').to_s
+        @metric_name = filter['MetricName']
+        @metric_namespace = "MetricFilters"
+      end
+      
+    end
+  end
+end

data/lib/cfnguardian/resources/application_targetgroup.rb

@@ -5,9 +5,11 @@ module CfnGuardian::Resource
       alarm = CfnGuardian::Models::ApplicationTargetGroupAlarm.new(@resource)
       alarm.name = 'HealthyHosts'
       alarm.metric_name = 'HealthyHostCount'
+      alarm.comparison_operator = 'LessThanThreshold'
       alarm.statistic = 'Minimum'
       alarm.threshold = 2
       alarm.evaluation_periods = 1
+      alarm.comparison_operator = 'LessThanThreshold'
       @alarms.push(alarm)
       
       alarm = CfnGuardian::Models::ApplicationTargetGroupAlarm.new(@resource)

data/lib/cfnguardian/resources/base.rb

@@ -1,24 +1,29 @@
 require 'cfnguardian/string'
+require 'cfnguardian/cloudwatch'
 require 'cfnguardian/models/alarm'
 require 'cfnguardian/models/event'
 require 'cfnguardian/models/check'
+require 'cfnguardian/models/metric_filter'
 
 module CfnGuardian::Resource
   class Base
     include Logging
     
-    def initialize(resource)
+    def initialize(resource, override_group = nil)
       @resource = resource
+      @override_group = override_group
       @alarms = []
       @events = []
       @checks = []
+      @metric_filters = []
     end
     
+    # Overidden by inheritted classes to define default alarms
     def default_alarms()
       return @alarms
     end
     
-    def get_alarms(overides={})
+    def get_alarms(overides={},resource={})
       # generate default alarms
       default_alarms()
       
@@ -31,18 +36,20 @@ module CfnGuardian::Resource
           
           if !alarm.nil?
             alarm.enabled = false 
-            logger.debug "Disabling alarm '#{name}' for resource #{alarm.resource}"
+            logger.debug "Disabling alarm '#{name}' for resource #{alarm.resource_id}"
             next
           end
         end
         
+        # continue if the override is in the incorrect format
         unless properties.is_a?(Hash)
           if name != 'Inherit'
-            logger.warn "Incorrect format for alarm '#{name}'. Should be of type 'Hash', instead got type '#{properties.class}'"
+            logger.warn "Incorrect format for alarm '#{name}'. Should be of type 'Hash', instead got type '#{properties.group}'"
           end
           next
         end
         
+        # Create a new alarm inheriting the defaults of an existing alarm
         if properties.has_key?('Inherit')
           alarm = find_alarm(properties['Inherit'])
           if !alarm.nil?
@@ -59,37 +66,52 @@ module CfnGuardian::Resource
         alarm = find_alarm(name)
         
         if alarm.nil?
-          alarm = Kernel.const_get("CfnGuardian::Models::#{self.class.to_s.split('::').last}Alarm").new(properties)
-        end
-        
-        if alarm.name.nil?
+          # if alarm doesn't exist create a new one
+          alarm = Kernel.const_get("CfnGuardian::Models::#{self.class.to_s.split('::').last}Alarm").new(resource)
+          properties.each {|attr,value| update_alarm(alarm,attr,value)}
           alarm.name = name
+          @alarms.push(alarm)
+        else
+          # if there is an existing alarm update the properties
+          properties.each {|attr,value| update_alarm(alarm,attr,value)}
         end
-        
-        properties.each {|attr,value| update_alarm(alarm,attr,value)}
-        @alarms.push(alarm)
-        
       end
       
-      return @alarms.select{|a| a.enabled}.map {|a| a.to_h}
+      unless @override_group.nil?
+        @alarms.each {|a| a.group = @override_group}
+      end
+      
+      return @alarms.select{|a| a.enabled}
     end
     
+    # Overidden by inheritted classes to define default events
     def default_events()
       return @events
     end
     
     def get_events()
       default_events()
-      return @events.select{|e| e.enabled}.map {|e| e.to_h}
+      return @events.select{|e| e.enabled}
     end
     
+    # Overidden by inheritted classes to define default checks
     def default_checks()
       return @checks
     end
     
     def get_checks()
       default_checks()
-      return @checks.map {|c| c.to_h}
+      return @checks
+    end
+    
+    # Overidden by inheritted classes to define default checks
+    def default_metric_filters()
+      return @metric_filters
+    end
+    
+    def get_metric_filters()
+      default_metric_filters()
+      return @metric_filters
     end
     
     def get_cost()
@@ -107,7 +129,7 @@ module CfnGuardian::Resource
         alarm.send("#{attr.to_underscore}=",value)
       rescue NoMethodError => e
         if !e.message.match?(/inherit/)
-          logger.warn "Unknown key '#{attr}' for #{alarm.resource} alarm #{alarm.name}"
+          logger.warn "Unknown key '#{attr}' for #{alarm.resource_id} alarm #{alarm.name}"
         end
       end
     end