cfn-guardian 0.1.0 → 0.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.dockerignore +1 -0
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +25 -0
- data/.github/workflows/release-image.yml +33 -0
- data/.rspec +1 -0
- data/Dockerfile +19 -0
- data/Gemfile.lock +39 -21
- data/README.md +9 -378
- data/cfn-guardian.gemspec +7 -5
- data/docs/alarm_templates.md +130 -0
- data/docs/cli.md +182 -0
- data/docs/composite_alarms.md +24 -0
- data/docs/custom_checks/azure_file_check.md +28 -0
- data/docs/custom_checks/domain_expiry.md +10 -0
- data/docs/custom_checks/http.md +59 -0
- data/docs/custom_checks/log_group_metric_filters.md +27 -0
- data/docs/custom_checks/nrpe.md +29 -0
- data/docs/custom_checks/port.md +40 -0
- data/docs/custom_checks/sftp.md +73 -0
- data/docs/custom_checks/sql.md +44 -0
- data/docs/custom_checks/tls.md +25 -0
- data/docs/custom_metrics.md +71 -0
- data/docs/event_subscriptions.md +67 -0
- data/docs/maintenance_mode.md +85 -0
- data/docs/notifiers.md +33 -0
- data/docs/overview.md +22 -0
- data/docs/resources.md +93 -0
- data/docs/variables.md +58 -0
- data/lib/cfnguardian.rb +325 -37
- data/lib/cfnguardian/cloudwatch.rb +132 -0
- data/lib/cfnguardian/codecommit.rb +54 -0
- data/lib/cfnguardian/codepipeline.rb +138 -0
- data/lib/cfnguardian/compile.rb +142 -18
- data/lib/cfnguardian/config/defaults.yaml +103 -0
- data/lib/cfnguardian/deploy.rb +2 -16
- data/lib/cfnguardian/display_formatter.rb +163 -0
- data/lib/cfnguardian/drift.rb +79 -0
- data/lib/cfnguardian/error.rb +4 -0
- data/lib/cfnguardian/log.rb +0 -1
- data/lib/cfnguardian/models/alarm.rb +193 -59
- data/lib/cfnguardian/models/check.rb +128 -33
- data/lib/cfnguardian/models/composite.rb +21 -0
- data/lib/cfnguardian/models/event.rb +201 -49
- data/lib/cfnguardian/models/event_subscription.rb +96 -0
- data/lib/cfnguardian/models/metric_filter.rb +28 -0
- data/lib/cfnguardian/resources/amazonmq_rabbitmq.rb +136 -0
- data/lib/cfnguardian/resources/application_targetgroup.rb +2 -0
- data/lib/cfnguardian/resources/azure_file.rb +20 -0
- data/lib/cfnguardian/resources/base.rb +155 -33
- data/lib/cfnguardian/resources/ec2_instance.rb +11 -0
- data/lib/cfnguardian/resources/ecs_service.rb +2 -2
- data/lib/cfnguardian/resources/http.rb +17 -1
- data/lib/cfnguardian/resources/internal_http.rb +74 -0
- data/lib/cfnguardian/resources/internal_port.rb +33 -0
- data/lib/cfnguardian/resources/internal_sftp.rb +58 -0
- data/lib/cfnguardian/resources/log_group.rb +26 -0
- data/lib/cfnguardian/resources/network_targetgroup.rb +1 -0
- data/lib/cfnguardian/resources/port.rb +25 -0
- data/lib/cfnguardian/resources/rds_cluster.rb +14 -0
- data/lib/cfnguardian/resources/rds_instance.rb +73 -0
- data/lib/cfnguardian/resources/redshift_cluster.rb +2 -2
- data/lib/cfnguardian/resources/sftp.rb +50 -0
- data/lib/cfnguardian/resources/sql.rb +3 -3
- data/lib/cfnguardian/resources/tls.rb +66 -0
- data/lib/cfnguardian/s3.rb +3 -2
- data/lib/cfnguardian/stacks/main.rb +94 -72
- data/lib/cfnguardian/stacks/resources.rb +111 -43
- data/lib/cfnguardian/string.rb +12 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +133 -10
@@ -2,54 +2,91 @@ require 'cfnguardian/string'
|
|
2
2
|
|
3
3
|
module CfnGuardian
|
4
4
|
module Models
|
5
|
-
class
|
5
|
+
class BaseCheck
|
6
6
|
|
7
7
|
attr_reader :type
|
8
|
-
attr_accessor :
|
8
|
+
attr_accessor :group,
|
9
9
|
:name,
|
10
|
+
:package,
|
10
11
|
:handler,
|
11
12
|
:version,
|
12
13
|
:runtime,
|
13
|
-
:environment
|
14
|
+
:environment,
|
15
|
+
:subnets,
|
16
|
+
:vpc,
|
17
|
+
:memory,
|
18
|
+
:timeout
|
14
19
|
|
15
20
|
def initialize(resource)
|
16
21
|
@type = 'Check'
|
17
|
-
@
|
22
|
+
@group = nil
|
18
23
|
@name = nil
|
19
24
|
@package = nil
|
20
25
|
@handler = nil
|
21
26
|
@version = nil
|
22
27
|
@runtime = nil
|
23
28
|
@environment = ''
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
29
|
+
@subnets = nil
|
30
|
+
@vpc = nil
|
31
|
+
@memory = 128
|
32
|
+
@timeout = 120
|
28
33
|
end
|
29
34
|
end
|
30
35
|
|
31
|
-
class HttpCheck <
|
36
|
+
class HttpCheck < BaseCheck
|
32
37
|
def initialize(resource)
|
33
38
|
super(resource)
|
34
|
-
@
|
39
|
+
@group = 'Http'
|
35
40
|
@name = 'HttpCheck'
|
36
|
-
@package = '
|
37
|
-
@handler = 'handler.
|
38
|
-
@version = '
|
41
|
+
@package = 'http-check'
|
42
|
+
@handler = 'handler.http_check'
|
43
|
+
@version = 'f739631de74f1a882163b7e584a8b4710ccbc134'
|
44
|
+
@runtime = 'python3.7'
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
class InternalHttpCheck < HttpCheck
|
49
|
+
def initialize(resource)
|
50
|
+
super(resource)
|
51
|
+
@group = 'InternalHttp'
|
52
|
+
@name = 'InternalHttpCheck'
|
53
|
+
@subnets = resource['Subnets']
|
54
|
+
@vpc = resource['VpcId']
|
55
|
+
@environment = resource['Environment']
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
class PortCheck < BaseCheck
|
60
|
+
def initialize(resource)
|
61
|
+
super(resource)
|
62
|
+
@group = 'Port'
|
63
|
+
@name = 'PortCheck'
|
64
|
+
@package = 'port-check'
|
65
|
+
@handler = 'handler.port_check'
|
66
|
+
@version = '356203b2a720ba0730622f978e677b88f8d0c328'
|
39
67
|
@runtime = 'python3.6'
|
40
68
|
end
|
41
69
|
end
|
42
70
|
|
43
|
-
class
|
44
|
-
|
45
|
-
|
71
|
+
class InternalPortCheck < PortCheck
|
72
|
+
def initialize(resource)
|
73
|
+
super(resource)
|
74
|
+
@group = 'InternalPort'
|
75
|
+
@name = 'InternalPortCheck'
|
76
|
+
@subnets = resource['Subnets']
|
77
|
+
@vpc = resource['VpcId']
|
78
|
+
@environment = resource['Environment']
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
class NrpeCheck < BaseCheck
|
46
83
|
def initialize(resource)
|
47
84
|
super(resource)
|
48
|
-
@
|
85
|
+
@group = 'Nrpe'
|
49
86
|
@name = 'NrpeCheck'
|
50
87
|
@package = 'aws-lambda-nrpe-check'
|
51
88
|
@handler = 'main'
|
52
|
-
@version = '
|
89
|
+
@version = 'aa51a0ad497a6c012a3639da0eb3446e4c0f9540'
|
53
90
|
@runtime = 'go1.x'
|
54
91
|
@subnets = resource['Subnets']
|
55
92
|
@vpc = resource['VpcId']
|
@@ -57,40 +94,49 @@ module CfnGuardian
|
|
57
94
|
end
|
58
95
|
end
|
59
96
|
|
60
|
-
class SslCheck <
|
97
|
+
class SslCheck < BaseCheck
|
61
98
|
def initialize(resource)
|
62
99
|
super(resource)
|
63
|
-
@
|
100
|
+
@group = 'Ssl'
|
64
101
|
@name = 'SslCheck'
|
65
102
|
@package = 'aws-lambda-ssl-check'
|
66
103
|
@handler = 'main'
|
67
|
-
@version = '
|
104
|
+
@version = 'a25fd4006d1f95c06f3c098188543f5eea1986da'
|
68
105
|
@runtime = 'go1.x'
|
69
106
|
end
|
70
107
|
end
|
71
108
|
|
72
|
-
class
|
109
|
+
class InternalSslCheck < SslCheck
|
73
110
|
def initialize(resource)
|
74
111
|
super(resource)
|
75
|
-
@
|
112
|
+
@group = 'InternalSsl'
|
113
|
+
@name = 'InternalSslCheck'
|
114
|
+
@subnets = resource['Subnets']
|
115
|
+
@vpc = resource['VpcId']
|
116
|
+
@environment = resource['Environment']
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
class DomainExpiryCheck < BaseCheck
|
121
|
+
def initialize(resource)
|
122
|
+
super(resource)
|
123
|
+
@group = 'DomainExpiry'
|
76
124
|
@name = 'DomainExpiryCheck'
|
77
125
|
@package = 'aws-lambda-dns-check'
|
78
126
|
@handler = 'main'
|
79
|
-
@version = '
|
127
|
+
@version = '9db96ca32379faddc47e55849b7e296b7b70a48e'
|
80
128
|
@runtime = 'go1.x'
|
81
129
|
end
|
82
130
|
end
|
83
131
|
|
84
|
-
class SqlCheck <
|
85
|
-
attr_accessor :subnets, :vpc
|
86
|
-
|
132
|
+
class SqlCheck < BaseCheck
|
87
133
|
def initialize(resource)
|
88
134
|
super(resource)
|
89
|
-
@
|
135
|
+
@group = 'Sql'
|
90
136
|
@name = 'SqlCheck'
|
91
137
|
@package = 'aws-lambda-sql-check'
|
92
138
|
@handler = 'main'
|
93
|
-
@version = '
|
139
|
+
@version = '83bd6399c0376c98df90dd5f29e49d629c556cee'
|
94
140
|
@runtime = 'go1.x'
|
95
141
|
@subnets = resource['Subnets']
|
96
142
|
@vpc = resource['VpcId']
|
@@ -98,17 +144,66 @@ module CfnGuardian
|
|
98
144
|
end
|
99
145
|
end
|
100
146
|
|
101
|
-
class ContainerInstanceCheck <
|
147
|
+
class ContainerInstanceCheck < BaseCheck
|
102
148
|
def initialize(resource)
|
103
149
|
super(resource)
|
104
|
-
@
|
150
|
+
@group = 'ContainerInstance'
|
105
151
|
@name = 'ContainerInstanceCheck'
|
106
|
-
@package = '
|
152
|
+
@package = 'ecs-containder-instance-check'
|
107
153
|
@handler = 'handler.run_check'
|
108
|
-
@version = '
|
154
|
+
@version = '4f650d5846d6e8d19f0139bccdeeb147f03f0dd6'
|
109
155
|
@runtime = 'python3.6'
|
110
156
|
end
|
111
157
|
end
|
158
|
+
|
159
|
+
class TLSCheck < BaseCheck
|
160
|
+
def initialize(resource)
|
161
|
+
super(resource)
|
162
|
+
@group = 'TLS'
|
163
|
+
@name = 'TLSCheck'
|
164
|
+
@package = 'tls-version-check'
|
165
|
+
@handler = 'handler.run_check'
|
166
|
+
@version = 'de83afdde0d976364af37ad7552a8496c3c94ab5'
|
167
|
+
@runtime = 'python3.7'
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
class SFTPCheck < BaseCheck
|
172
|
+
def initialize(resource)
|
173
|
+
super(resource)
|
174
|
+
@group = 'SFTP'
|
175
|
+
@name = 'SFTPCheck'
|
176
|
+
@package = 'sftp-check'
|
177
|
+
@handler = 'handler.sftp_check'
|
178
|
+
@version = '987e71f2607347e13e3f156535059d6d3ce1ceed'
|
179
|
+
@runtime = 'python3.7'
|
180
|
+
end
|
181
|
+
end
|
182
|
+
|
183
|
+
class InternalSFTPCheck < SFTPCheck
|
184
|
+
def initialize(resource)
|
185
|
+
super(resource)
|
186
|
+
@group = 'InternalSFTP'
|
187
|
+
@name = 'InternalSFTPCheck'
|
188
|
+
@subnets = resource['Subnets']
|
189
|
+
@vpc = resource['VpcId']
|
190
|
+
@environment = resource['Environment']
|
191
|
+
end
|
192
|
+
end
|
193
|
+
|
194
|
+
class AzureFileCheck < BaseCheck
|
195
|
+
def initialize(resource)
|
196
|
+
super(resource)
|
197
|
+
@group = 'AzureFile'
|
198
|
+
@name = 'AzureFileCheck'
|
199
|
+
@package = 'azure-file-check'
|
200
|
+
@handler = 'handler.file_check'
|
201
|
+
@version = 'cc37aa8fe4855570132431611b507274b390f4c1'
|
202
|
+
@runtime = 'python3.7'
|
203
|
+
@memory = 256
|
204
|
+
@timeout = 600
|
205
|
+
end
|
206
|
+
end
|
112
207
|
|
113
208
|
end
|
114
209
|
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module CfnGuardian
|
2
|
+
module Models
|
3
|
+
class Composite
|
4
|
+
|
5
|
+
attr_reader :type
|
6
|
+
attr_accessor :name,
|
7
|
+
:description,
|
8
|
+
:rule,
|
9
|
+
:alarm_action
|
10
|
+
|
11
|
+
def initialize(name,params = {})
|
12
|
+
@type = 'Composite'
|
13
|
+
@name = name
|
14
|
+
@description = params.fetch('Description', '')
|
15
|
+
@rule = params.fetch('Rule', 'FALSE')
|
16
|
+
@alarm_action = params.fetch('Action', nil)
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -2,49 +2,36 @@ require 'cfnguardian/string'
|
|
2
2
|
|
3
3
|
module CfnGuardian
|
4
4
|
module Models
|
5
|
-
class
|
5
|
+
class BaseEvent
|
6
6
|
|
7
7
|
attr_reader :type
|
8
|
-
attr_accessor :
|
8
|
+
attr_accessor :group,
|
9
9
|
:target,
|
10
10
|
:hash,
|
11
11
|
:name,
|
12
12
|
:cron,
|
13
13
|
:enabled,
|
14
|
-
:resource
|
14
|
+
:resource,
|
15
|
+
:environment,
|
16
|
+
:payload,
|
17
|
+
:ssm_parameters
|
15
18
|
|
16
19
|
def initialize(resource)
|
17
20
|
@type = 'Event'
|
18
|
-
@
|
21
|
+
@group = nil
|
19
22
|
@target = nil
|
20
23
|
@hash = Digest::MD5.hexdigest resource['Id']
|
21
24
|
@name = @hash
|
22
25
|
@cron = "* * * * ? *"
|
23
26
|
@enabled = true
|
24
27
|
@resource = resource['Id'].to_resource_name
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
type: @type,
|
30
|
-
class: @class,
|
31
|
-
target: @target,
|
32
|
-
hash: @hash,
|
33
|
-
name: @name,
|
34
|
-
cron: @cron,
|
35
|
-
enabled: @enabled,
|
36
|
-
resource: @resource,
|
37
|
-
payload: event_payload()
|
38
|
-
}
|
39
|
-
end
|
40
|
-
|
41
|
-
def event_payload
|
42
|
-
{}.to_json
|
43
|
-
end
|
44
|
-
|
28
|
+
@environment = ""
|
29
|
+
@payload = {}.to_json
|
30
|
+
@ssm_parameters = []
|
31
|
+
end
|
45
32
|
end
|
46
33
|
|
47
|
-
class HttpEvent <
|
34
|
+
class HttpEvent < BaseEvent
|
48
35
|
|
49
36
|
attr_accessor :endpoint,
|
50
37
|
:method,
|
@@ -56,7 +43,7 @@ module CfnGuardian
|
|
56
43
|
|
57
44
|
def initialize(resource)
|
58
45
|
super(resource)
|
59
|
-
@
|
46
|
+
@group = 'Http'
|
60
47
|
@name = 'HttpEvent'
|
61
48
|
@target = 'HttpCheckFunction'
|
62
49
|
@endpoint = resource['Id']
|
@@ -66,9 +53,10 @@ module CfnGuardian
|
|
66
53
|
@body_regex = resource.fetch('BodyRegex',nil)
|
67
54
|
@headers = resource.fetch('Headers',nil)
|
68
55
|
@payload = resource.fetch('Payload',nil)
|
56
|
+
@compressed = resource.fetch('Compressed',false)
|
69
57
|
end
|
70
58
|
|
71
|
-
def
|
59
|
+
def payload
|
72
60
|
payload = {
|
73
61
|
'ENDPOINT' => @endpoint,
|
74
62
|
'METHOD' => @method,
|
@@ -78,23 +66,66 @@ module CfnGuardian
|
|
78
66
|
payload['BODY_REGEX_MATCH'] = @body_regex unless @body_regex.nil?
|
79
67
|
payload['HEADERS'] = @headers unless @headers.nil?
|
80
68
|
payload['PAYLOAD'] = @payload unless @payload.nil?
|
69
|
+
payload['COMPRESSED'] = '1' if @compressed
|
81
70
|
return payload.to_json
|
82
71
|
end
|
83
72
|
end
|
84
73
|
|
85
|
-
class
|
74
|
+
class InternalHttpEvent < HttpEvent
|
75
|
+
def initialize(resource,environment)
|
76
|
+
super(resource)
|
77
|
+
@group = 'InternalHttp'
|
78
|
+
@name = 'InternalHttpEvent'
|
79
|
+
@target = "InternalHttpCheckFunction#{environment}"
|
80
|
+
@environment = environment
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
class PortEvent < BaseEvent
|
85
|
+
def initialize(resource)
|
86
|
+
super(resource)
|
87
|
+
@group = 'Port'
|
88
|
+
@name = 'PortEvent'
|
89
|
+
@target = 'PortCheckFunction'
|
90
|
+
@hostname = resource['Id']
|
91
|
+
@port = resource['Port']
|
92
|
+
@timeout = resource.fetch('Timeout',120)
|
93
|
+
end
|
94
|
+
|
95
|
+
def payload
|
96
|
+
return {
|
97
|
+
'HOSTNAME' => @hostname,
|
98
|
+
'PORT' => @port,
|
99
|
+
'TIMEOUT' => @timeout,
|
100
|
+
'STATUS_CODE_MATCH' => @status_code
|
101
|
+
}.to_json
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
class InternalPortEvent < PortEvent
|
106
|
+
def initialize(resource,environment)
|
107
|
+
super(resource)
|
108
|
+
@group = 'InternalPort'
|
109
|
+
@name = 'InternalPortEvent'
|
110
|
+
@target = "InternalPortCheckFunction#{environment}"
|
111
|
+
@environment = environment
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
class NrpeEvent < BaseEvent
|
86
116
|
def initialize(resource,environment,command)
|
87
117
|
super(resource)
|
88
|
-
@
|
118
|
+
@group = 'Nrpe'
|
89
119
|
@name = 'NrpeEvent'
|
90
120
|
@target = "NrpeCheckFunction#{environment}"
|
91
121
|
@host = resource['Id']
|
92
122
|
@environment = environment
|
93
123
|
@region = resource.fetch('Region',"${AWS::Region}")
|
124
|
+
@hash = Digest::MD5.hexdigest "#{resource['Id']}#{command}"
|
94
125
|
@command = command
|
95
126
|
end
|
96
127
|
|
97
|
-
def
|
128
|
+
def payload
|
98
129
|
return {
|
99
130
|
'host' => @host,
|
100
131
|
'environment' => @environment,
|
@@ -104,18 +135,18 @@ module CfnGuardian
|
|
104
135
|
end
|
105
136
|
end
|
106
137
|
|
107
|
-
class SslEvent <
|
138
|
+
class SslEvent < BaseEvent
|
108
139
|
def initialize(resource)
|
109
140
|
super(resource)
|
110
|
-
@
|
141
|
+
@group = 'Ssl'
|
111
142
|
@name = 'SslEvent'
|
112
143
|
@target = 'SslCheckFunction'
|
113
|
-
@cron = "0 12 * * ? *"
|
144
|
+
@cron = resource.fetch('Schedule', "0 12 * * ? *")
|
114
145
|
@url = resource['Id']
|
115
146
|
@region = resource.fetch('Region',"${AWS::Region}")
|
116
147
|
end
|
117
148
|
|
118
|
-
def
|
149
|
+
def payload
|
119
150
|
return {
|
120
151
|
'Url' => @url,
|
121
152
|
'Region' => @region
|
@@ -123,32 +154,42 @@ module CfnGuardian
|
|
123
154
|
end
|
124
155
|
end
|
125
156
|
|
126
|
-
class
|
157
|
+
class InternalSslEvent < SslEvent
|
158
|
+
def initialize(resource,environment)
|
159
|
+
super(resource)
|
160
|
+
@group = 'InternalSsl'
|
161
|
+
@name = 'InternalSslEvent'
|
162
|
+
@target = "InternalSslCheckFunction#{environment}"
|
163
|
+
@environment = environment
|
164
|
+
end
|
165
|
+
end
|
166
|
+
|
167
|
+
class DomainExpiryEvent < BaseEvent
|
127
168
|
|
128
169
|
attr_accessor :domain,
|
129
170
|
:region
|
130
171
|
|
131
172
|
def initialize(resource)
|
132
173
|
super(resource)
|
133
|
-
@
|
174
|
+
@group = 'DomainExpiry'
|
134
175
|
@name = 'DomainExpiryEvent'
|
135
176
|
@target = 'DomainExpiryCheckFunction'
|
136
|
-
@cron = "0 12 * * ? *"
|
177
|
+
@cron = resource.fetch('Schedule', "0 12 * * ? *")
|
137
178
|
@domain = resource['Id']
|
138
179
|
@region = resource.fetch('Region',"${AWS::Region}")
|
139
180
|
end
|
140
181
|
|
141
|
-
def
|
142
|
-
{'Domain' => @domain}.to_json
|
182
|
+
def payload
|
183
|
+
return {'Domain' => @domain}.to_json
|
143
184
|
end
|
144
185
|
end
|
145
186
|
|
146
|
-
class SqlEvent <
|
147
|
-
def initialize(resource,query)
|
187
|
+
class SqlEvent < BaseEvent
|
188
|
+
def initialize(resource,query,environment)
|
148
189
|
super(resource)
|
149
|
-
@
|
190
|
+
@group = 'Sql'
|
150
191
|
@name = 'SqlEvent'
|
151
|
-
@target =
|
192
|
+
@target = "SqlCheckFunction#{environment}"
|
152
193
|
@host = resource['Id']
|
153
194
|
@engine = resource['Engine']
|
154
195
|
@port = resource['Port']
|
@@ -157,9 +198,10 @@ module CfnGuardian
|
|
157
198
|
@query = query
|
158
199
|
@region = resource.fetch('Region',"${AWS::Region}")
|
159
200
|
@test_type = '1-row-1-value-zero-is-good'
|
201
|
+
@environment = environment
|
160
202
|
end
|
161
203
|
|
162
|
-
def
|
204
|
+
def payload
|
163
205
|
return {
|
164
206
|
'Host' => @host,
|
165
207
|
'Engine' => @engine,
|
@@ -171,20 +213,130 @@ module CfnGuardian
|
|
171
213
|
'TestType' => @test_type
|
172
214
|
}.to_json
|
173
215
|
end
|
216
|
+
|
217
|
+
def ssm_parameters
|
218
|
+
params = []
|
219
|
+
params << @ssm_username
|
220
|
+
params << @ssm_password
|
221
|
+
return params
|
222
|
+
end
|
174
223
|
end
|
175
224
|
|
176
|
-
class ContainerInstanceEvent <
|
225
|
+
class ContainerInstanceEvent < BaseEvent
|
177
226
|
def initialize(resource)
|
178
227
|
super(resource)
|
179
|
-
@
|
228
|
+
@group = 'ContainerInstance'
|
180
229
|
@name = 'ContainerInstanceEvent'
|
181
230
|
@target = 'ContainerInstanceCheckFunction'
|
182
|
-
@cron = "0/5 * * * ? *"
|
231
|
+
@cron = resource.fetch('Schedule', "0/5 * * * ? *")
|
183
232
|
@cluster = resource['Id']
|
184
233
|
end
|
185
234
|
|
186
|
-
def
|
187
|
-
{'CLUSTER' => @cluster}.to_json
|
235
|
+
def payload
|
236
|
+
return {'CLUSTER' => @cluster}.to_json
|
237
|
+
end
|
238
|
+
end
|
239
|
+
|
240
|
+
class SFTPEvent < BaseEvent
|
241
|
+
def initialize(resource)
|
242
|
+
super(resource)
|
243
|
+
@group = 'SFTP'
|
244
|
+
@name = 'SFTPEvent'
|
245
|
+
@target = 'SFTPCheckFunction'
|
246
|
+
@cron = resource.fetch('Schedule', "0/5 * * * ? *")
|
247
|
+
@host = resource['Id']
|
248
|
+
@user = resource['User']
|
249
|
+
@port = resource.fetch('Port', nil)
|
250
|
+
@server_key = resource.fetch('ServerKey', nil)
|
251
|
+
@password = resource.fetch('Password', nil)
|
252
|
+
@private_key = resource.fetch('PrivateKey', nil)
|
253
|
+
@private_key_pass = resource.fetch('PrivateKeyPass', nil)
|
254
|
+
@file = resource.fetch('File', nil)
|
255
|
+
@file_regex_match = resource.fetch('FileRegexMatch', nil)
|
256
|
+
end
|
257
|
+
|
258
|
+
def payload
|
259
|
+
payload = {
|
260
|
+
'HOSTNAME' => @host,
|
261
|
+
'USERNAME' => @user
|
262
|
+
}
|
263
|
+
payload['PORT'] = @port unless @port.nil?
|
264
|
+
payload['SERVER_KEY'] = @server_key unless @server_key.nil?
|
265
|
+
payload['PASSWORD'] = @password unless @password.nil?
|
266
|
+
payload['PRIVATEKEY'] = @private_key unless @private_key.nil?
|
267
|
+
payload['PRIVATEKEY_PASSWORD'] = @private_key_pass unless @private_key_pass.nil?
|
268
|
+
payload['FILE'] = @file unless @file.nil?
|
269
|
+
payload['FILE_REGEX_MATCH'] = @file_regex_match unless @file_regex_match.nil?
|
270
|
+
return payload.to_json
|
271
|
+
end
|
272
|
+
|
273
|
+
def ssm_parameters
|
274
|
+
params = []
|
275
|
+
params << @password unless @password.nil?
|
276
|
+
params << @private_key unless @private_key.nil?
|
277
|
+
params << @private_key_pass unless @private_key_pass.nil?
|
278
|
+
return params
|
279
|
+
end
|
280
|
+
end
|
281
|
+
|
282
|
+
class InternalSFTPEvent < SFTPEvent
|
283
|
+
def initialize(resource,environment)
|
284
|
+
super(resource)
|
285
|
+
@group = 'InternalSFTP'
|
286
|
+
@name = 'InternalSFTPEvent'
|
287
|
+
@target = "InternalSFTPCheckFunction#{environment}"
|
288
|
+
@environment = environment
|
289
|
+
end
|
290
|
+
end
|
291
|
+
|
292
|
+
class TLSEvent < BaseEvent
|
293
|
+
def initialize(resource)
|
294
|
+
super(resource)
|
295
|
+
@group = 'TLS'
|
296
|
+
@name = 'TLSEvent'
|
297
|
+
@target = 'TLSCheckFunction'
|
298
|
+
@cron = resource.fetch('Schedule', "0/5 * * * ? *")
|
299
|
+
@host = resource['Id']
|
300
|
+
@port = resource.fetch('Port', 443)
|
301
|
+
@check_max = resource.fetch('MaxSupported', nil)
|
302
|
+
@versions = resource.fetch('Versions', ['SSLv2','SSLv3','TLSv1','TLSv1.1','TLSv1.2'])
|
303
|
+
end
|
304
|
+
|
305
|
+
def payload
|
306
|
+
payload = {
|
307
|
+
'HOSTNAME' => @host,
|
308
|
+
'PORT' => @port
|
309
|
+
}
|
310
|
+
payload['CHECK_MAX_SUPPORTED'] = @check_max.nil?
|
311
|
+
payload['PROTOCOLS'] = @versions unless @versions.nil?
|
312
|
+
return payload.to_json
|
313
|
+
end
|
314
|
+
end
|
315
|
+
|
316
|
+
class AzureFileEvent < BaseEvent
|
317
|
+
def initialize(resource)
|
318
|
+
super(resource)
|
319
|
+
@group = 'AzureFile'
|
320
|
+
@name = 'AzureFileEvent'
|
321
|
+
@target = 'AzureFileCheckFunction'
|
322
|
+
@cron = resource.fetch('Schedule', "0/5 * * * ? *")
|
323
|
+
@storage_account = resource['Id']
|
324
|
+
@container = resource['Container']
|
325
|
+
@connection_string = resource['ConnectionString']
|
326
|
+
@search = resource['Search']
|
327
|
+
end
|
328
|
+
|
329
|
+
def payload
|
330
|
+
return {
|
331
|
+
'STORAGE_ACCOUNT' => @storage_account,
|
332
|
+
'CONTAINER' => @container,
|
333
|
+
'CONNECTION_STRING' => @connection_string,
|
334
|
+
'SEARCH' => @search
|
335
|
+
}.to_json
|
336
|
+
end
|
337
|
+
|
338
|
+
def ssm_parameters
|
339
|
+
return [@connection_string]
|
188
340
|
end
|
189
341
|
end
|
190
342
|
|