cfn-guardian 0.1.0 → 0.3.3

data/lib/cfnguardian/stacks/resources.rb

@@ -1,74 +1,113 @@
 require 'cfndsl'
+require 'digest/md5'
+require 'cfnguardian/cloudwatch'
 
 module CfnGuardian
   module Stacks
     class Resources
       include CfnDsl::CloudFormation
       
-      def build_template(resources)
+      attr_reader :template
+      
+      def initialize(parameters)
         @template = CloudFormation("Guardian nested stack")
-        
-        %w(Critical Warning Task Informational).each do |name|
+        parameters.each do |name|
           parameter = @template.Parameter(name)
           parameter.Type 'String'
-          parameter.Description "SNS topic ARN for #{name} notifications"
         end
-        
+      end
+      
+      def build_template(resources)
         resources.each do |resource|
-          case resource[:type]
+          case resource.type
           when 'Alarm'
             add_alarm(resource)
           when 'Event'
             add_event(resource)
+          when 'Composite'
+            add_composite_alarm(resource)
+          when 'MetricFilter'
+            add_metric_filter(resource)
           else
-            puts "Warn: #{resource[:type]} is a unsuported resource type"
+            puts "Warn: #{resource.type} is a unsuported resource type"
           end
         end
-        
-        return @template
       end
-      
-      def add_alarm(resource)
+
+      def add_alarm(alarm)
+        actions = [Ref(alarm.alarm_action)]
+        actions.concat alarm.maintenance_groups.map {|mg| Ref(mg)} if alarm.maintenance_groups.any?
+
         @template.declare do
-          CloudWatch_Alarm("#{resource[:resource_name]}#{resource[:class]}#{resource[:name]}#{resource[:type]}"[0..255]) do
+          CloudWatch_Alarm("#{alarm.resource_hash}#{alarm.group}#{alarm.name.gsub(/[^0-9a-zA-Z]/i, '')}#{alarm.type}"[0..255]) do
             ActionsEnabled true
-            AlarmDescription "Guardian alarm #{resource[:class]} #{resource[:resource]} #{resource[:name]}"
-            AlarmName "#{resource[:class]}-#{resource[:resource]}-#{resource[:name]}"
-            ComparisonOperator resource[:comparison_operator]
-            Dimensions resource[:dimensions].map {|k,v| {Name: k, Value: v}}
-            EvaluationPeriods resource[:evaluation_periods]
-            Statistic resource[:statistic]
-            Period resource[:period]
-            Threshold resource[:threshold]
-            MetricName resource[:metric_name]
-            Namespace resource[:namespace]
-            AlarmActions [Ref(resource[:alarm_action])]
-            OKActions [Ref(resource[:alarm_action])]
-            TreatMissingData resource[:treat_missing_data] unless resource[:treat_missing_data].nil?
-            DatapointsToAlarm resource[:datapoints_to_alarm] unless resource[:datapoints_to_alarm].nil?
-            ExtendedStatistic resource[:extended_statistic] unless resource[:extended_statistic].nil?
-            EvaluateLowSampleCountPercentile resource[:evaluate_low_sample_count_percentile] unless resource[:evaluate_low_sample_count_percentile].nil?
-            Unit resource[:unit] unless resource[:unit].nil?
+            AlarmDescription "Guardian alarm #{alarm.name} for the resource #{alarm.resource_id} in alarm group #{alarm.group}"
+            AlarmName CfnGuardian::CloudWatch.get_alarm_name(alarm)
+            ComparisonOperator alarm.comparison_operator
+            Dimensions alarm.dimensions.map {|k,v| {Name: k, Value: v}} unless alarm.dimensions.nil?
+            EvaluationPeriods alarm.evaluation_periods
+            Statistic alarm.statistic
+            Period alarm.period
+            Threshold alarm.threshold
+            MetricName alarm.metric_name
+            Namespace alarm.namespace
+            AlarmActions actions
+            OKActions actions
+            TreatMissingData alarm.treat_missing_data unless alarm.treat_missing_data.nil?
+            DatapointsToAlarm alarm.datapoints_to_alarm unless alarm.datapoints_to_alarm.nil?
+            ExtendedStatistic alarm.extended_statistic unless alarm.extended_statistic.nil?
+            EvaluateLowSampleCountPercentile alarm.evaluate_low_sample_count_percentile unless alarm.evaluate_low_sample_count_percentile.nil?
+            Unit alarm.unit unless alarm.unit.nil?
           end
         end
       end
       
-      def add_event(resource)
-        @template.declare do
-          Parameter(resource[:target]) do
-            Type 'String'
-            Description "Lamba funtion Arn for #{resource[:class]} #{resource[:type]}"
-          end
-          
-          Events_Rule("#{resource[:class]}#{resource[:type]}#{resource[:hash]}"[0..255]) do
+      def add_event(event)
+        @template.declare do          
+          Events_Rule("#{event.group}#{event.type}#{event.hash}"[0..255]) do
             State 'ENABLED'
-            Description "Guardian scheduled #{resource[:class]} #{resource[:type]}"
-            ScheduleExpression "cron(#{resource[:cron]})"
+            Description "Guardian scheduled #{event.group} #{event.type}"
+            ScheduleExpression "cron(#{event.cron})"
             Targets([
               { 
-                Arn: Ref(resource[:target]),
-                Id: resource[:hash],
-                Input: FnSub(resource[:payload])
+                Arn: Ref(event.target),
+                Id: event.hash,
+                Input: FnSub(event.payload)
+              }
+            ])
+          end
+        end
+      end
+      
+      def add_composite_alarm(alarm)
+        @template.declare do
+          CloudWatch_CompositeAlarm(alarm.name.gsub(/[^0-9a-zA-Z]/i, '')) do
+            
+            AlarmDescription alarm.description
+            AlarmName "guardian-#{alarm.name}"
+            AlarmRule alarm.rule
+            
+            unless alarm.alarm_action.nil?
+              ActionsEnabled true
+              AlarmActions [Ref(alarm.alarm_action)]
+              # InsufficientDataActions [Ref(alarm.alarm_action)]
+              # OKActions [Ref(alarm.alarm_action)]
+            end
+            
+          end
+        end
+      end
+      
+      def add_metric_filter(filter)
+        @template.declare do
+          Logs_MetricFilter("#{filter.name.gsub(/[^0-9a-zA-Z]/i, '')}#{filter.type}") do
+            LogGroupName filter.log_group
+            FilterPattern filter.pattern
+            MetricTransformations([
+              {
+                MetricValue: filter.metric_value,
+                MetricName: filter.metric_name,
+                MetricNamespace: filter.metric_namespace
               }
             ])
           end

data/lib/cfnguardian/string.rb

@@ -1,4 +1,6 @@
 class String
+  include Term::ANSIColor
+  
   def to_underscore
     self.gsub(/::/, '/').
     gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
@@ -16,4 +18,14 @@ class String
     map(&:capitalize).join.
     gsub(/[^0-9A-Za-z]/, '')
   end
+  
+  def to_heading
+    self.split('_').collect(&:capitalize).join(' ')
+  end
+  
+  def word_wrap(with=100)
+    self.scan(/\S.{0,#{with}}\S(?=\s|$)|\S+/).
+    map {|line| line + "\n"}.
+    join('')
+  end
 end

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.1.0"
+  VERSION = "0.3.3"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.3
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-01-20 00:00:00.000000000 Z
+date: 2020-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -65,7 +65,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2'
 - !ruby/object:Gem::Dependency
-  name: aws-sdk-s3
+  name: term-ansicolor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -84,13 +84,33 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-cloudformation
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '1.31'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
@@ -100,7 +120,67 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '1.31'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-cloudwatch
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.28'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.28'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-codecommit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.28'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.28'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-codepipeline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.28'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.28'
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
@@ -140,7 +220,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".dockerignore"
 - ".gitignore"
+- Dockerfile
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -149,12 +231,20 @@ files:
 - cfn-guardian.gemspec
 - exe/cfn-guardian
 - lib/cfnguardian.rb
+- lib/cfnguardian/cloudwatch.rb
+- lib/cfnguardian/codecommit.rb
+- lib/cfnguardian/codepipeline.rb
 - lib/cfnguardian/compile.rb
+- lib/cfnguardian/config/defaults.yaml
 - lib/cfnguardian/deploy.rb
+- lib/cfnguardian/display_formatter.rb
+- lib/cfnguardian/drift.rb
 - lib/cfnguardian/log.rb
 - lib/cfnguardian/models/alarm.rb
 - lib/cfnguardian/models/check.rb
+- lib/cfnguardian/models/composite.rb
 - lib/cfnguardian/models/event.rb
+- lib/cfnguardian/models/metric_filter.rb
 - lib/cfnguardian/resources/amazonmq_broker.rb
 - lib/cfnguardian/resources/apigateway.rb
 - lib/cfnguardian/resources/application_targetgroup.rb
@@ -170,14 +260,21 @@ files:
 - lib/cfnguardian/resources/elastic_loadbalancer.rb
 - lib/cfnguardian/resources/elasticache_replication_group.rb
 - lib/cfnguardian/resources/http.rb
+- lib/cfnguardian/resources/internal_http.rb
+- lib/cfnguardian/resources/internal_port.rb
+- lib/cfnguardian/resources/internal_sftp.rb
 - lib/cfnguardian/resources/lambda.rb
+- lib/cfnguardian/resources/log_group.rb
 - lib/cfnguardian/resources/network_targetgroup.rb
 - lib/cfnguardian/resources/nrpe.rb
+- lib/cfnguardian/resources/port.rb
 - lib/cfnguardian/resources/rds_cluster_instance.rb
 - lib/cfnguardian/resources/rds_instance.rb
 - lib/cfnguardian/resources/redshift_cluster.rb
+- lib/cfnguardian/resources/sftp.rb
 - lib/cfnguardian/resources/sql.rb
 - lib/cfnguardian/resources/sqs_queue.rb
+- lib/cfnguardian/resources/tls.rb
 - lib/cfnguardian/s3.rb
 - lib/cfnguardian/stacks/main.rb
 - lib/cfnguardian/stacks/resources.rb