cfn-guardian 0.11.10 → 0.11.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7bd6e97a40ddb635e1b77930c9c86aa955f31dc2dc31025706a51c14aa71ac88
-  data.tar.gz: 1b04f751759f877ea32cf8470249712af0054e94cb208f314884287534b5fa56
+  metadata.gz: 21cb58528975cc592785f0ca44fe361afd0b9594d7323525f818a97811a3ba4b
+  data.tar.gz: 2e2696e21720d357e96fc5ec5c188c0cc843c274a097759409eb93b555853be4
 SHA512:
-  metadata.gz: d293b763c17981ec283bab6ddd3262a7c5c5fef4df50af6f934f6a408c29a8f75cf1615ea64080dc743154afe6e25a5595cd744bf3415f6200a0b72e02143498
-  data.tar.gz: e296b1a03e226c0fbef8699573f5e4a1c3c5268538200d6307e9a76bdbb377ed711c20b302bdbc4a8a72df44b3d7c4d92953cdb56c0e7c3a7502edf4bca0814e
+  metadata.gz: 797f9f5716587ad2882ec691169b7e360e5c2adfae5854c3877be5e164450a942b82afeb1bdf4a68859b21d87ea10ddb7c147138f575325e12c15b72cbed9c53
+  data.tar.gz: 42427429d68e4382bf3e541c6cef4d2740394079698582fa7304efff9a71ba5deb39f3e221c7046f1b194d97e9c96a13e07184d215b4cf889b9fc0d8c464cc5a

data/.github/workflows/push.yml

@@ -18,17 +18,17 @@ jobs:
       uses: rlespinasse/github-slug-action@v3.x  
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to  GitHub Container Repository
-      uses: docker/login-action@v1
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PUSH_TOKEN }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build and push Container Image to GitHub Container Repository
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v6
       with:
         context: .
         file: ./Dockerfile

data/.github/workflows/release-image.yml

@@ -20,8 +20,8 @@ jobs:
       uses: docker/login-action@v1
       with:
         registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PUSH_TOKEN }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build and push Container Image to GitHub Container Repository
       uses: docker/build-push-action@v2

data/Dockerfile

@@ -8,7 +8,7 @@ COPY . /src
 
 WORKDIR /src
 
-RUN apk add --no-cache git \
+RUN apk add --no-cache git build-base \
     && gem build cfn-guardian.gemspec \
     && gem install cfn-guardian-${GUARDIAN_VERSION}.gem \
     && rm -rf /src

data/cfn-guardian.gemspec

@@ -38,7 +38,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'aws-sdk-codecommit', '~> 1.53', '<2'
   spec.add_dependency 'aws-sdk-codepipeline', '~> 1.55', '<2'
   
-  spec.add_runtime_dependency('rexml', '>= 0')
+  spec.add_runtime_dependency('rexml', '3.3.0')
   
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 13.0"

data/docs/alarm_templates.md

@@ -29,6 +29,7 @@ cfn-guardian show-alarms --defaults --group ApplicationTargetGroup --alarm Targe
 | ActionsEnabled          | true                             |
 | AlarmAction             | Critical                         |
 | TreatMissingData        | notBreaching                     |
+| OkActionDisabled        | false                            |
 +-------------------------+----------------------------------+
 ```
 
@@ -113,6 +114,19 @@ Templates:
     CPUUtilizationHigh: false
 ```
 
+## Disabling The OK Action On An Alarm
+
+You can disable the OK action on an alarm by setting the OkActionDisabled flag to `true`. You might want to do this if you just want to receive alarm notifications rather than treat it as stateful.
+
+```yaml
+Templates:
+  # define the resource group
+  Ec2Instance:
+    # define the Alarm and set the OkActionDisabled value to true
+    CPUUtilizationHigh:
+    OkActionDisabled: true
+```
+
 ## M Out Of N Metric Data Points
 
 This can be good to alert on groups of spikes with in a certain time frame without getting alerts for individual spikes.

data/lib/cfnguardian/compile.rb

@@ -30,6 +30,8 @@ require 'cfnguardian/resources/internal_http'
 require 'cfnguardian/resources/port'
 require 'cfnguardian/resources/internal_port'
 require 'cfnguardian/resources/nrpe'
+require 'cfnguardian/resources/kafka_cluster'
+require 'cfnguardian/resources/kafka_topic'
 require 'cfnguardian/resources/lambda'
 require 'cfnguardian/resources/network_targetgroup'
 require 'cfnguardian/resources/rds_cluster'

data/lib/cfnguardian/display_formatter.rb

@@ -32,6 +32,7 @@ module CfnGuardian
           ['EvaluateLowSampleCountPercentile', alarm.evaluate_low_sample_count_percentile],
           ['Unit', alarm.unit],
           ['AlarmAction', alarm.alarm_action],
+          ['OkActionDisabled', alarm.ok_action_disabled],
           ['TreatMissingData', alarm.treat_missing_data]
         ]
         
@@ -72,7 +73,8 @@ module CfnGuardian
           ['EvaluateLowSampleCountPercentile', alarm.evaluate_low_sample_count_percentile, metric_alarm.evaluate_low_sample_count_percentile],
           ['Unit', alarm.unit, metric_alarm.unit],
           ['TreatMissingData', alarm.treat_missing_data, metric_alarm.treat_missing_data],
-          ['AlarmAction', alarm.alarm_action, alarm.alarm_action]
+          ['AlarmAction', alarm.alarm_action, alarm.alarm_action],
+          ['OkActionDisabled', alarm.ok_action_disabled]
         ]
         
         rows.select! {|row| !row[1].nil?}.each {|row| colour_compare_row(row)}

data/lib/cfnguardian/models/alarm.rb

@@ -19,6 +19,7 @@ module CfnGuardian
         :comparison_operator,
         :statistic,
         :actions_enabled,
+        :ok_action_disabled,
         :enabled,
         :resource_id,
         :resource_name,
@@ -45,6 +46,7 @@ module CfnGuardian
         @comparison_operator = 'GreaterThanThreshold'
         @statistic = 'Maximum'
         @actions_enabled = true
+        @ok_action_disabled = false
         @datapoints_to_alarm = nil
         @extended_statistic = nil
         @evaluate_low_sample_count_percentile = nil
@@ -394,6 +396,34 @@ module CfnGuardian
       end
     end
 
+    class KafkaClusterAlarm < BaseAlarm
+      def initialize(resource,broker)
+        super(resource)
+        @group = 'KafkaCluster'
+        @namespace = 'AWS/Kafka'
+        @dimensions = { 'Cluster Name': resource['Id'], 'Broker ID': broker }
+        @statistic = 'Average'
+        @evaluation_periods = 1
+        @datapoints_to_alarm = 1
+        @period = 300
+        @treat_missing_data = 'breaching'
+      end
+    end
+
+    class KafkaTopicAlarm < BaseAlarm
+      def initialize(resource,broker)
+        super(resource)
+        @group = 'KafkaTopic'
+        @namespace = 'AWS/Kafka'
+        @dimensions = { 'Cluster Name': resource['ClusterName'], 'Broker ID': broker, Topic: resource['Id'] }
+        @statistic = 'Average'
+        @evaluation_periods = 1
+        @datapoints_to_alarm = 1
+        @period = 300
+        @treat_missing_data = 'breaching'
+      end
+    end
+
     class LambdaAlarm < BaseAlarm
       def initialize(resource)
         super(resource)

data/lib/cfnguardian/resources/application_targetgroup.rb

@@ -9,7 +9,6 @@ module CfnGuardian::Resource
       alarm.statistic = 'Minimum'
       alarm.threshold = 2
       alarm.evaluation_periods = 1
-      alarm.comparison_operator = 'LessThanThreshold'
       @alarms.push(alarm)
       
       alarm = CfnGuardian::Models::ApplicationTargetGroupAlarm.new(@resource)

data/lib/cfnguardian/resources/kafka_cluster.rb

@@ -0,0 +1,74 @@
+module CfnGuardian::Resource
+  class KafkaCluster < Base
+
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
+      @brokers_list = resource['Brokers']
+    end
+
+    def default_alarms
+      @brokers_list.each do |broker|
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-CPUUserCritical"
+        alarm.metric_name = 'CpuUser'
+        alarm.threshold = 80
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-CPUUserWarning"
+        alarm.metric_name = 'CpuUser'
+        alarm.threshold = 50
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-KafkaDataLogsDiskUsedCritical"
+        alarm.metric_name = 'KafkaDataLogsDiskUsed'
+        alarm.threshold = 85
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-KafkaDataLogsDiskUsedWarning"
+        alarm.metric_name = 'KafkaDataLogsDiskUsed'
+        alarm.threshold = 70
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-BurstBalance"
+        alarm.metric_name = 'BurstBalance'
+        alarm.threshold = 1
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-MemoryFreeCritical"
+        alarm.metric_name = 'MemoryFree'
+        alarm.threshold = 10
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-MemoryFreeWarning"
+        alarm.metric_name = 'MemoryFree'
+        alarm.threshold = 50
+        alarm.alarm_action = 'Warning'
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-NetworkRxErrorsCritical"
+        alarm.metric_name = 'NetworkRxErrors'
+        alarm.threshold = 10
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-NetworkRxErrorsWarning"
+        alarm.metric_name = 'NetworkRxErrors'
+        alarm.threshold = 5
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)
+      end
+    end
+  end
+end

data/lib/cfnguardian/resources/kafka_topic.rb

@@ -0,0 +1,20 @@
+module CfnGuardian::Resource
+  class KafkaTopic < Base
+
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
+      @brokers_list = resource['Brokers']
+    end
+
+    def default_alarms
+      @brokers_list.each do |broker|  
+        alarm = CfnGuardian::Models::KafkaTopicAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-MessagesInPerSec"
+        alarm.metric_name = 'MessagesInPerSec'
+        alarm.threshold = 5
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+      end
+    end
+  end
+end

data/lib/cfnguardian/stacks/resources.rb

@@ -48,7 +48,7 @@ module CfnGuardian
             MetricName alarm.metric_name
             Namespace alarm.namespace
             AlarmActions actions
-            OKActions actions
+            OKActions actions unless alarm.ok_action_disabled
             TreatMissingData alarm.treat_missing_data unless alarm.treat_missing_data.nil?
             DatapointsToAlarm alarm.datapoints_to_alarm unless alarm.datapoints_to_alarm.nil?
             ExtendedStatistic alarm.extended_statistic unless alarm.extended_statistic.nil?

data/lib/cfnguardian/tagger.rb

@@ -63,7 +63,7 @@ module CfnGuardian
     end
 
     def get_tags_to_delete(current_tags, new_tags)
-      return current_tags.select {|tag| !new_tags.has_key?(tag.key)}.map {|tag| tag.key}
+      return current_tags.select {|tag| !new_tags.has_key?(tag.key) && !tag.key.start_with?('aws:') }.map { |tag| tag.key }
     end
 
     def tags_changed?(current_tags, new_tags)

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.11.10"
+  VERSION = "0.11.12"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.11.10
+  version: 0.11.12
 platform: ruby
 authors:
 - Guslington
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-23 00:00:00.000000000 Z
+date: 2025-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -228,16 +228,16 @@ dependencies:
   name: rexml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.3.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -357,6 +357,8 @@ files:
 - lib/cfnguardian/resources/internal_port.rb
 - lib/cfnguardian/resources/internal_sftp.rb
 - lib/cfnguardian/resources/jenkins.rb
+- lib/cfnguardian/resources/kafka_cluster.rb
+- lib/cfnguardian/resources/kafka_topic.rb
 - lib/cfnguardian/resources/lambda.rb
 - lib/cfnguardian/resources/log_group.rb
 - lib/cfnguardian/resources/network_targetgroup.rb
@@ -388,7 +390,7 @@ metadata:
   homepage_uri: https://github.com/base2Services/cfn-guardian
   source_code_uri: https://github.com/base2Services/cfn-guardian
   changelog_uri: https://github.com/base2Services/cfn-guardian
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -404,7 +406,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Manages AWS cloudwatch alarms with default templates using cloudformation
 test_files: []