cfn-guardian 0.7.0 → 0.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +2 -1
- data/Dockerfile +1 -1
- data/docs/custom_checks/http.md +2 -0
- data/docs/custom_checks/log_group_metric_filters.md +12 -2
- data/lib/cfnguardian/compile.rb +1 -0
- data/lib/cfnguardian/models/alarm.rb +9 -0
- data/lib/cfnguardian/models/check.rb +2 -2
- data/lib/cfnguardian/models/event.rb +2 -0
- data/lib/cfnguardian/resources/base.rb +3 -0
- data/lib/cfnguardian/resources/jenkins.rb +17 -0
- data/lib/cfnguardian/resources/lambda.rb +2 -0
- data/lib/cfnguardian/resources/vpn_connection.rb +12 -1
- data/lib/cfnguardian/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9be00cc559d6026f589c3dd0d4e4630970ffdc1d7c2b4ef48bc421d10eadfdbf
|
|
4
|
+
data.tar.gz: 34af6199d7b9f2d4679662e3b86d7f8725a33c665078c242b042dff085c5de77
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b66f752245492e955afa83190604ff27dec8885395e64265564b6556d101f80d1e6303ee0c5cdb1e0bf21138bb2cfb7bca797a0963558c0d838582af60bd85e2
|
|
7
|
+
data.tar.gz: 15b3a4197c804fceef53c6c491906f2f0c5148ea976d17fffbcc7f2a6b0ce338fdea9e5f06ce951d9abdcd56c3803f6ad784d671d508b2d69d428577e66df6af
|
data/.gitignore
CHANGED
data/Dockerfile
CHANGED
data/docs/custom_checks/http.md
CHANGED
|
@@ -32,6 +32,8 @@ Resources:
|
|
|
32
32
|
Method: post
|
|
33
33
|
# specify headers using "key=value key=value"
|
|
34
34
|
Headers: content-type=application/json
|
|
35
|
+
# specify a useragent that contains spaces
|
|
36
|
+
UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Base2/Lambda
|
|
35
37
|
# pass in custom payload for the request
|
|
36
38
|
Payload: '{"name": "john"}'
|
|
37
39
|
```
|
|
@@ -15,10 +15,20 @@ Resources:
|
|
|
15
15
|
# Name of the cloud watch metric
|
|
16
16
|
- MetricName: MyFunctionErrors
|
|
17
17
|
# search pattern, see aws docs for syntax
|
|
18
|
-
Pattern: error
|
|
18
|
+
Pattern: 'error'
|
|
19
19
|
# metric to push to cloudwatch. Optional as it defaults to 1
|
|
20
20
|
MetricValue: 1
|
|
21
|
-
|
|
21
|
+
- Id: /prod/custom/app
|
|
22
|
+
# List of metric filters
|
|
23
|
+
MetricFilters:
|
|
24
|
+
# Name of the cloud watch metric
|
|
25
|
+
- MetricName: MyAppErrors
|
|
26
|
+
# search pattern, see aws docs for syntax
|
|
27
|
+
# note; any non-alphanumeric characters have to be wrapped in double quotes WITHIN single quotes
|
|
28
|
+
Pattern: '"Connection to ssl://mail.google.com:465 Timed Out"'
|
|
29
|
+
# metric to push to cloudwatch. Optional as it defaults to 1
|
|
30
|
+
MetricValue: 1
|
|
31
|
+
|
|
22
32
|
Templates:
|
|
23
33
|
LogGroup:
|
|
24
34
|
# use the MetricName name to override the alarm defaults
|
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -44,6 +44,7 @@ require 'cfnguardian/resources/step_functions'
|
|
|
44
44
|
require 'cfnguardian/resources/vpn_tunnel'
|
|
45
45
|
require 'cfnguardian/resources/vpn_connection'
|
|
46
46
|
require 'cfnguardian/resources/elastic_search'
|
|
47
|
+
require 'cfnguardian/resources/jenkins'
|
|
47
48
|
require 'cfnguardian/version'
|
|
48
49
|
require 'cfnguardian/error'
|
|
49
50
|
|
|
@@ -485,6 +485,15 @@ module CfnGuardian
|
|
|
485
485
|
end
|
|
486
486
|
end
|
|
487
487
|
|
|
488
|
+
class JenkinsAlarm < BaseAlarm
|
|
489
|
+
def initialize(resource)
|
|
490
|
+
super(resource)
|
|
491
|
+
@group = 'Jenkins'
|
|
492
|
+
@namespace = 'Ciinabox/Jenkins'
|
|
493
|
+
@dimensions = { Jenkins: resource['Id'], Monitoring: 'JenkMon' }
|
|
494
|
+
end
|
|
495
|
+
end
|
|
496
|
+
|
|
488
497
|
class VPNTunnelAlarm < BaseAlarm
|
|
489
498
|
def initialize(resource)
|
|
490
499
|
super(resource)
|
|
@@ -40,7 +40,7 @@ module CfnGuardian
|
|
|
40
40
|
@name = 'HttpCheck'
|
|
41
41
|
@package = 'http-check'
|
|
42
42
|
@handler = 'handler.http_check'
|
|
43
|
-
@version = '
|
|
43
|
+
@version = '0e945240f9d93242f807e86d1a9b3383a1764b96'
|
|
44
44
|
@runtime = 'python3.7'
|
|
45
45
|
end
|
|
46
46
|
end
|
|
@@ -217,4 +217,4 @@ module CfnGuardian
|
|
|
217
217
|
end
|
|
218
218
|
|
|
219
219
|
end
|
|
220
|
-
end
|
|
220
|
+
end
|
|
@@ -52,6 +52,7 @@ module CfnGuardian
|
|
|
52
52
|
@status_code = resource.fetch('StatusCode',200)
|
|
53
53
|
@body_regex = resource.fetch('BodyRegex',nil)
|
|
54
54
|
@headers = resource.fetch('Headers',nil)
|
|
55
|
+
@user_agent = resource.fetch('UserAgent',nil)
|
|
55
56
|
@payload = resource.fetch('Payload',nil)
|
|
56
57
|
@compressed = resource.fetch('Compressed',false)
|
|
57
58
|
end
|
|
@@ -65,6 +66,7 @@ module CfnGuardian
|
|
|
65
66
|
}
|
|
66
67
|
payload['BODY_REGEX_MATCH'] = @body_regex unless @body_regex.nil?
|
|
67
68
|
payload['HEADERS'] = @headers unless @headers.nil?
|
|
69
|
+
payload['USER_AGENT'] = @user_agent unless @user_agent.nil?
|
|
68
70
|
payload['PAYLOAD'] = @payload unless @payload.nil?
|
|
69
71
|
payload['COMPRESSED'] = '1' if @compressed
|
|
70
72
|
return payload.to_json
|
|
@@ -26,6 +26,9 @@ module CfnGuardian::Resource
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
def get_alarms(group,overides={})
|
|
29
|
+
# deep copying the overrides to preserse it's reference before doing any changes to it
|
|
30
|
+
overides = Marshal.load(Marshal.dump(overides))
|
|
31
|
+
|
|
29
32
|
# generate default alarms
|
|
30
33
|
default_alarms()
|
|
31
34
|
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module CfnGuardian::Resource
|
|
2
|
+
class Jenkins < Base
|
|
3
|
+
|
|
4
|
+
def default_alarms
|
|
5
|
+
alarm = CfnGuardian::Models::JenkinsAlarm.new(@resource)
|
|
6
|
+
alarm.name = 'NoSuccess'
|
|
7
|
+
alarm.metric_name = 'Success'
|
|
8
|
+
alarm.statistic = 'Maximum'
|
|
9
|
+
alarm.treat_missing_data = 'breaching'
|
|
10
|
+
alarm.alarm_action = 'Warning'
|
|
11
|
+
alarm.period = 3600
|
|
12
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
|
13
|
+
alarm.threshold = 1
|
|
14
|
+
@alarms.push(alarm)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -24,6 +24,7 @@ module CfnGuardian::Resource
|
|
|
24
24
|
alarm.name = 'IteratorAge'
|
|
25
25
|
alarm.metric_name = 'IteratorAge'
|
|
26
26
|
alarm.threshold = 600000
|
|
27
|
+
alarm.treat_missing_data = 'notBreaching'
|
|
27
28
|
@alarms.push(alarm)
|
|
28
29
|
|
|
29
30
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
|
@@ -31,6 +32,7 @@ module CfnGuardian::Resource
|
|
|
31
32
|
alarm.metric_name = 'Duration'
|
|
32
33
|
alarm.statistic = 'Average'
|
|
33
34
|
alarm.threshold = 30
|
|
35
|
+
alarm.treat_missing_data = 'notBreaching'
|
|
34
36
|
@alarms.push(alarm)
|
|
35
37
|
end
|
|
36
38
|
|
|
@@ -3,7 +3,18 @@ module CfnGuardian::Resource
|
|
|
3
3
|
|
|
4
4
|
def default_alarms
|
|
5
5
|
alarm = CfnGuardian::Models::VPNConnectionAlarm.new(@resource)
|
|
6
|
-
alarm.name = '
|
|
6
|
+
alarm.name = 'VPNConnectionStateNonRedundant'
|
|
7
|
+
alarm.metric_name = 'TunnelState'
|
|
8
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
|
9
|
+
alarm.statistic = 'Average'
|
|
10
|
+
alarm.threshold = 1.0
|
|
11
|
+
alarm.evaluation_periods = 3
|
|
12
|
+
alarm.treat_missing_data = 'breaching'
|
|
13
|
+
alarm.datapoints_to_alarm = 3
|
|
14
|
+
@alarms.push(alarm)
|
|
15
|
+
|
|
16
|
+
alarm = CfnGuardian::Models::VPNConnectionAlarm.new(@resource)
|
|
17
|
+
alarm.name = 'VPNConnectionStateAllDown'
|
|
7
18
|
alarm.metric_name = 'TunnelState'
|
|
8
19
|
alarm.comparison_operator = 'LessThanThreshold'
|
|
9
20
|
alarm.statistic = 'Average'
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -295,6 +295,7 @@ files:
|
|
|
295
295
|
- lib/cfnguardian/resources/internal_http.rb
|
|
296
296
|
- lib/cfnguardian/resources/internal_port.rb
|
|
297
297
|
- lib/cfnguardian/resources/internal_sftp.rb
|
|
298
|
+
- lib/cfnguardian/resources/jenkins.rb
|
|
298
299
|
- lib/cfnguardian/resources/lambda.rb
|
|
299
300
|
- lib/cfnguardian/resources/log_group.rb
|
|
300
301
|
- lib/cfnguardian/resources/network_targetgroup.rb
|