cfn-guardian 0.11.9 → 0.11.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/push.yml +5 -5
  3. data/.github/workflows/release-image.yml +2 -2
  4. data/Dockerfile +1 -1
  5. data/cfn-guardian.gemspec +1 -1
  6. data/lib/cfnguardian/compile.rb +2 -0
  7. data/lib/cfnguardian/models/alarm.rb +28 -0
  8. data/lib/cfnguardian/resources/application_targetgroup.rb +0 -1
  9. data/lib/cfnguardian/resources/kafka_cluster.rb +74 -0
  10. data/lib/cfnguardian/resources/kafka_topic.rb +20 -0
  11. data/lib/cfnguardian/resources/nrpe.rb +1 -1
  12. data/lib/cfnguardian/tagger.rb +1 -1
  13. data/lib/cfnguardian/version.rb +1 -1
  14. metadata +8 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '08e0685c0ea64e36ebb8cb45e49f79a3704f695f8b3ab1c2ae9872b054e4b84c'
4
- data.tar.gz: 9c74e4a2a5d9da6dbbcf307bf3a385ab21bf55bbe94a4e0ffd749094bf2aea63
3
+ metadata.gz: 1d45d4575c7023a67061939e1d14b62c089824906da0c8f9a5ff7e91cb14a2b4
4
+ data.tar.gz: ce8d4d1cb8542ec9c61723da1ce99db119982fce02329415eadb25e439dadb3d
5
5
  SHA512:
6
- metadata.gz: 9f8708f2c67c0bdfb2551893958cc652e1f2891aee42b78c77b06b9a8b26ccbda1c902642f06791ba186244dab03a6872fe17c30c53894d3993fad3ce2abdf8b
7
- data.tar.gz: a60fa2d97650b8bcda4117ec3f75c8213e43d4eb703b3216e0a221aef6b059fae20160a1b8d8bb19e3878ba526c1765e443ba0c37ff247c3925e592f4abe1b51
6
+ metadata.gz: 3972ebc39d657e401cce3d033e99a0fef4030acb11b4a7ffc45b040041e9b629d9965210b39476e456f7e6de94dd6222858c92d9c38e16074cdf53df3de4b2ac
7
+ data.tar.gz: a7763f0ee6301f50ceae0a84328a4502040801524d13b1b609c53d615a50721c9228e266407d72d7b4bd159f3b599772d9989dbf8cbca7cc6860effd8540889f
data/.github/workflows/push.yml CHANGED
@@ -18,17 +18,17 @@ jobs:
18
18
  uses: rlespinasse/github-slug-action@v3.x
19
19
 
20
20
  - name: Set up Docker Buildx
21
- uses: docker/setup-buildx-action@v1
21
+ uses: docker/setup-buildx-action@v3
22
22
 
23
23
  - name: Login to GitHub Container Repository
24
- uses: docker/login-action@v1
24
+ uses: docker/login-action@v3
25
25
  with:
26
26
  registry: ghcr.io
27
- username: ${{ github.repository_owner }}
28
- password: ${{ secrets.GHCR_PUSH_TOKEN }}
27
+ username: ${{ github.actor }}
28
+ password: ${{ secrets.GITHUB_TOKEN }}
29
29
 
30
30
  - name: Build and push Container Image to GitHub Container Repository
31
- uses: docker/build-push-action@v2
31
+ uses: docker/build-push-action@v6
32
32
  with:
33
33
  context: .
34
34
  file: ./Dockerfile
data/.github/workflows/release-image.yml CHANGED
@@ -20,8 +20,8 @@ jobs:
20
20
  uses: docker/login-action@v1
21
21
  with:
22
22
  registry: ghcr.io
23
- username: ${{ github.repository_owner }}
24
- password: ${{ secrets.GHCR_PUSH_TOKEN }}
23
+ username: ${{ github.actor }}
24
+ password: ${{ secrets.GITHUB_TOKEN }}
25
25
 
26
26
  - name: Build and push Container Image to GitHub Container Repository
27
27
  uses: docker/build-push-action@v2
data/Dockerfile CHANGED
@@ -8,7 +8,7 @@ COPY . /src
8
8
 
9
9
  WORKDIR /src
10
10
 
11
- RUN apk add --no-cache git \
11
+ RUN apk add --no-cache git build-base \
12
12
  && gem build cfn-guardian.gemspec \
13
13
  && gem install cfn-guardian-${GUARDIAN_VERSION}.gem \
14
14
  && rm -rf /src
data/cfn-guardian.gemspec CHANGED
@@ -38,7 +38,7 @@ Gem::Specification.new do |spec|
38
38
  spec.add_dependency 'aws-sdk-codecommit', '~> 1.53', '<2'
39
39
  spec.add_dependency 'aws-sdk-codepipeline', '~> 1.55', '<2'
40
40
 
41
- spec.add_runtime_dependency('rexml', '>= 0')
41
+ spec.add_runtime_dependency('rexml', '3.3.0')
42
42
 
43
43
  spec.add_development_dependency "bundler", "~> 2.0"
44
44
  spec.add_development_dependency "rake", "~> 13.0"
data/lib/cfnguardian/compile.rb CHANGED
@@ -30,6 +30,8 @@ require 'cfnguardian/resources/internal_http'
30
30
  require 'cfnguardian/resources/port'
31
31
  require 'cfnguardian/resources/internal_port'
32
32
  require 'cfnguardian/resources/nrpe'
33
+ require 'cfnguardian/resources/kafka_cluster'
34
+ require 'cfnguardian/resources/kafka_topic'
33
35
  require 'cfnguardian/resources/lambda'
34
36
  require 'cfnguardian/resources/network_targetgroup'
35
37
  require 'cfnguardian/resources/rds_cluster'
data/lib/cfnguardian/models/alarm.rb CHANGED
@@ -394,6 +394,34 @@ module CfnGuardian
394
394
  end
395
395
  end
396
396
 
397
+ class KafkaClusterAlarm < BaseAlarm
398
+ def initialize(resource,broker)
399
+ super(resource)
400
+ @group = 'KafkaCluster'
401
+ @namespace = 'AWS/Kafka'
402
+ @dimensions = { 'Cluster Name': resource['Id'], 'Broker ID': broker }
403
+ @statistic = 'Average'
404
+ @evaluation_periods = 1
405
+ @datapoints_to_alarm = 1
406
+ @period = 300
407
+ @treat_missing_data = 'breaching'
408
+ end
409
+ end
410
+
411
+ class KafkaTopicAlarm < BaseAlarm
412
+ def initialize(resource,broker)
413
+ super(resource)
414
+ @group = 'KafkaTopic'
415
+ @namespace = 'AWS/Kafka'
416
+ @dimensions = { 'Cluster Name': resource['ClusterName'], 'Broker ID': broker, Topic: resource['Id'] }
417
+ @statistic = 'Average'
418
+ @evaluation_periods = 1
419
+ @datapoints_to_alarm = 1
420
+ @period = 300
421
+ @treat_missing_data = 'breaching'
422
+ end
423
+ end
424
+
397
425
  class LambdaAlarm < BaseAlarm
398
426
  def initialize(resource)
399
427
  super(resource)
data/lib/cfnguardian/resources/application_targetgroup.rb CHANGED
@@ -9,7 +9,6 @@ module CfnGuardian::Resource
9
9
  alarm.statistic = 'Minimum'
10
10
  alarm.threshold = 2
11
11
  alarm.evaluation_periods = 1
12
- alarm.comparison_operator = 'LessThanThreshold'
13
12
  @alarms.push(alarm)
14
13
 
15
14
  alarm = CfnGuardian::Models::ApplicationTargetGroupAlarm.new(@resource)
data/lib/cfnguardian/resources/kafka_cluster.rb ADDED
@@ -0,0 +1,74 @@
1
+ module CfnGuardian::Resource
2
+ class KafkaCluster < Base
3
+
4
+ def initialize(resource, override_group = nil)
5
+ super(resource, override_group)
6
+ @brokers_list = resource['Brokers']
7
+ end
8
+
9
+ def default_alarms
10
+ @brokers_list.each do |broker|
11
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
12
+ alarm.name = "Broker#{broker}-CPUUserCritical"
13
+ alarm.metric_name = 'CpuUser'
14
+ alarm.threshold = 80
15
+ @alarms.push(alarm)
16
+
17
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
18
+ alarm.name = "Broker#{broker}-CPUUserWarning"
19
+ alarm.metric_name = 'CpuUser'
20
+ alarm.threshold = 50
21
+ alarm.alarm_action = 'Warning'
22
+ @alarms.push(alarm)
23
+
24
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
25
+ alarm.name = "Broker#{broker}-KafkaDataLogsDiskUsedCritical"
26
+ alarm.metric_name = 'KafkaDataLogsDiskUsed'
27
+ alarm.threshold = 85
28
+ @alarms.push(alarm)
29
+
30
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
31
+ alarm.name = "Broker#{broker}-KafkaDataLogsDiskUsedWarning"
32
+ alarm.metric_name = 'KafkaDataLogsDiskUsed'
33
+ alarm.threshold = 70
34
+ alarm.alarm_action = 'Warning'
35
+ @alarms.push(alarm)
36
+
37
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
38
+ alarm.name = "Broker#{broker}-BurstBalance"
39
+ alarm.metric_name = 'BurstBalance'
40
+ alarm.threshold = 1
41
+ alarm.comparison_operator = 'LessThanThreshold'
42
+ @alarms.push(alarm)
43
+
44
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
45
+ alarm.name = "Broker#{broker}-MemoryFreeCritical"
46
+ alarm.metric_name = 'MemoryFree'
47
+ alarm.threshold = 10
48
+ alarm.comparison_operator = 'LessThanThreshold'
49
+ @alarms.push(alarm)
50
+
51
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
52
+ alarm.name = "Broker#{broker}-MemoryFreeWarning"
53
+ alarm.metric_name = 'MemoryFree'
54
+ alarm.threshold = 50
55
+ alarm.alarm_action = 'Warning'
56
+ alarm.comparison_operator = 'LessThanThreshold'
57
+ @alarms.push(alarm)
58
+
59
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
60
+ alarm.name = "Broker#{broker}-NetworkRxErrorsCritical"
61
+ alarm.metric_name = 'NetworkRxErrors'
62
+ alarm.threshold = 10
63
+ @alarms.push(alarm)
64
+
65
+ alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
66
+ alarm.name = "Broker#{broker}-NetworkRxErrorsWarning"
67
+ alarm.metric_name = 'NetworkRxErrors'
68
+ alarm.threshold = 5
69
+ alarm.alarm_action = 'Warning'
70
+ @alarms.push(alarm)
71
+ end
72
+ end
73
+ end
74
+ end
data/lib/cfnguardian/resources/kafka_topic.rb ADDED
@@ -0,0 +1,20 @@
1
+ module CfnGuardian::Resource
2
+ class KafkaTopic < Base
3
+
4
+ def initialize(resource, override_group = nil)
5
+ super(resource, override_group)
6
+ @brokers_list = resource['Brokers']
7
+ end
8
+
9
+ def default_alarms
10
+ @brokers_list.each do |broker|
11
+ alarm = CfnGuardian::Models::KafkaTopicAlarm.new(@resource,broker)
12
+ alarm.name = "Broker#{broker}-MessagesInPerSec"
13
+ alarm.metric_name = 'MessagesInPerSec'
14
+ alarm.threshold = 5
15
+ alarm.comparison_operator = 'LessThanThreshold'
16
+ @alarms.push(alarm)
17
+ end
18
+ end
19
+ end
20
+ end
data/lib/cfnguardian/resources/nrpe.rb CHANGED
@@ -5,7 +5,7 @@ module CfnGuardian::Resource
5
5
  class Nrpe < Base
6
6
 
7
7
  def initialize(resource, override_group = nil)
8
- super(resource)
8
+ super(resource, override_group)
9
9
  @resource_list = resource['Hosts']
10
10
  @environment = resource['Environment']
11
11
  end
data/lib/cfnguardian/tagger.rb CHANGED
@@ -63,7 +63,7 @@ module CfnGuardian
63
63
  end
64
64
 
65
65
  def get_tags_to_delete(current_tags, new_tags)
66
- return current_tags.select {|tag| !new_tags.has_key?(tag.key)}.map {|tag| tag.key}
66
+ return current_tags.select {|tag| !new_tags.has_key?(tag.key) && !tag.key.start_with?('aws:') }.map { |tag| tag.key }
67
67
  end
68
68
 
69
69
  def tags_changed?(current_tags, new_tags)
data/lib/cfnguardian/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module CfnGuardian
2
- VERSION = "0.11.9"
2
+ VERSION = "0.11.11"
3
3
  CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-guardian
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.9
4
+ version: 0.11.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Guslington
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-01-05 00:00:00.000000000 Z
11
+ date: 2024-07-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -228,16 +228,16 @@ dependencies:
228
228
  name: rexml
229
229
  requirement: !ruby/object:Gem::Requirement
230
230
  requirements:
231
- - - ">="
231
+ - - '='
232
232
  - !ruby/object:Gem::Version
233
- version: '0'
233
+ version: 3.3.0
234
234
  type: :runtime
235
235
  prerelease: false
236
236
  version_requirements: !ruby/object:Gem::Requirement
237
237
  requirements:
238
- - - ">="
238
+ - - '='
239
239
  - !ruby/object:Gem::Version
240
- version: '0'
240
+ version: 3.3.0
241
241
  - !ruby/object:Gem::Dependency
242
242
  name: bundler
243
243
  requirement: !ruby/object:Gem::Requirement
@@ -357,6 +357,8 @@ files:
357
357
  - lib/cfnguardian/resources/internal_port.rb
358
358
  - lib/cfnguardian/resources/internal_sftp.rb
359
359
  - lib/cfnguardian/resources/jenkins.rb
360
+ - lib/cfnguardian/resources/kafka_cluster.rb
361
+ - lib/cfnguardian/resources/kafka_topic.rb
360
362
  - lib/cfnguardian/resources/lambda.rb
361
363
  - lib/cfnguardian/resources/log_group.rb
362
364
  - lib/cfnguardian/resources/network_targetgroup.rb