cfn-guardian 0.7.0 → 0.7.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd1284d70e2862cb14e2aa9f3c97e582ef6776bc54d80f47af8d8bfb561a9386
-  data.tar.gz: 6df131dc0d56bb00041f808617dbd856501d6a131d42ab1311a53d8fb3a3e02d
+  metadata.gz: 9be00cc559d6026f589c3dd0d4e4630970ffdc1d7c2b4ef48bc421d10eadfdbf
+  data.tar.gz: 34af6199d7b9f2d4679662e3b86d7f8725a33c665078c242b042dff085c5de77
 SHA512:
-  metadata.gz: 3f63a7f508b3b2b235138840ddcf9fbdf4512b646711cc7422da94727bde967e49f7da23e7dff94f10134d15c39e661a8da6e356b1fe60c514897f4bfd7176dc
-  data.tar.gz: 9ff94d8f5eeec75778f4b13da7fccd853fd85ff3669966de381c3147a94769b2dc916644069b764d05f560ad9e0f61024c6d776bd60e355cd6a2dbe89d579e04
+  metadata.gz: b66f752245492e955afa83190604ff27dec8885395e64265564b6556d101f80d1e6303ee0c5cdb1e0bf21138bb2cfb7bca797a0963558c0d838582af60bd85e2
+  data.tar.gz: 15b3a4197c804fceef53c6c491906f2f0c5148ea976d17fffbcc7f2a6b0ce338fdea9e5f06ce951d9abdcd56c3803f6ad784d671d508b2d69d428577e66df6af

data/.gitignore

@@ -9,4 +9,5 @@
 
 cfn-guardian-*.gem
 
-out/
+out/
+alarms.yaml

data/Dockerfile

@@ -1,6 +1,6 @@
 FROM ruby:2.7-alpine
 
-ARG GUARDIAN_VERSION="0.6.9"
+ARG GUARDIAN_VERSION="0.7.1"
 
 COPY . /src
 

data/docs/custom_checks/http.md

@@ -32,6 +32,8 @@ Resources:
     Method: post
     # specify headers using "key=value key=value"
     Headers: content-type=application/json
+    # specify a useragent that contains spaces
+    UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Base2/Lambda
     # pass in custom payload for the request
     Payload: '{"name": "john"}'
 ```

data/docs/custom_checks/log_group_metric_filters.md

@@ -15,10 +15,20 @@ Resources:
     # Name of the cloud watch metric
     - MetricName: MyFunctionErrors
       # search pattern, see aws docs for syntax
-      Pattern: error
+      Pattern: 'error'
       # metric to push to cloudwatch. Optional as it defaults to 1
       MetricValue: 1
-      
+  - Id: /prod/custom/app
+    # List of metric filters
+    MetricFilters:
+    # Name of the cloud watch metric
+    - MetricName: MyAppErrors
+      # search pattern, see aws docs for syntax
+      # note; any non-alphanumeric characters have to be wrapped in double quotes WITHIN single quotes
+      Pattern: '"Connection to ssl://mail.google.com:465 Timed Out"'
+      # metric to push to cloudwatch. Optional as it defaults to 1
+      MetricValue: 1      
+
 Templates:
   LogGroup:
     # use the MetricName name to override the alarm defaults

data/lib/cfnguardian/compile.rb

@@ -44,6 +44,7 @@ require 'cfnguardian/resources/step_functions'
 require 'cfnguardian/resources/vpn_tunnel'
 require 'cfnguardian/resources/vpn_connection'
 require 'cfnguardian/resources/elastic_search'
+require 'cfnguardian/resources/jenkins'
 require 'cfnguardian/version'
 require 'cfnguardian/error'
 

data/lib/cfnguardian/models/alarm.rb

@@ -485,6 +485,15 @@ module CfnGuardian
       end
     end
 
+    class JenkinsAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'Jenkins'
+        @namespace = 'Ciinabox/Jenkins'
+        @dimensions = { Jenkins: resource['Id'], Monitoring: 'JenkMon' }
+      end
+    end
+
     class VPNTunnelAlarm < BaseAlarm
       def initialize(resource)
         super(resource)

data/lib/cfnguardian/models/check.rb

@@ -40,7 +40,7 @@ module CfnGuardian
         @name = 'HttpCheck'
         @package = 'http-check'
         @handler = 'handler.http_check'
-        @version = 'f739631de74f1a882163b7e584a8b4710ccbc134'
+        @version = '0e945240f9d93242f807e86d1a9b3383a1764b96'
         @runtime = 'python3.7'
       end
     end
@@ -217,4 +217,4 @@ module CfnGuardian
     end
 
   end
-end
+end

data/lib/cfnguardian/models/event.rb

@@ -52,6 +52,7 @@ module CfnGuardian
         @status_code = resource.fetch('StatusCode',200)
         @body_regex = resource.fetch('BodyRegex',nil)
         @headers = resource.fetch('Headers',nil)
+        @user_agent = resource.fetch('UserAgent',nil)
         @payload = resource.fetch('Payload',nil)
         @compressed = resource.fetch('Compressed',false)
       end
@@ -65,6 +66,7 @@ module CfnGuardian
         }
         payload['BODY_REGEX_MATCH'] = @body_regex unless @body_regex.nil?
         payload['HEADERS'] = @headers unless @headers.nil?
+        payload['USER_AGENT'] = @user_agent unless @user_agent.nil?
         payload['PAYLOAD'] = @payload unless @payload.nil?
         payload['COMPRESSED'] = '1' if @compressed
         return payload.to_json

data/lib/cfnguardian/resources/base.rb

@@ -26,6 +26,9 @@ module CfnGuardian::Resource
     end
     
     def get_alarms(group,overides={})
+      # deep copying the overrides to preserse it's reference before doing any changes to it
+      overides = Marshal.load(Marshal.dump(overides))
+
       # generate default alarms
       default_alarms()
 

data/lib/cfnguardian/resources/jenkins.rb

@@ -0,0 +1,17 @@
+module CfnGuardian::Resource
+    class Jenkins < Base
+
+        def default_alarms
+            alarm = CfnGuardian::Models::JenkinsAlarm.new(@resource)
+            alarm.name = 'NoSuccess'
+            alarm.metric_name = 'Success'
+            alarm.statistic = 'Maximum'
+            alarm.treat_missing_data = 'breaching'
+            alarm.alarm_action = 'Warning'
+            alarm.period = 3600
+            alarm.comparison_operator = 'LessThanThreshold'
+            alarm.threshold = 1
+            @alarms.push(alarm)
+        end
+    end
+end

data/lib/cfnguardian/resources/lambda.rb

@@ -24,6 +24,7 @@ module CfnGuardian::Resource
       alarm.name = 'IteratorAge'
       alarm.metric_name = 'IteratorAge'
       alarm.threshold = 600000
+      alarm.treat_missing_data = 'notBreaching'
       @alarms.push(alarm)
       
       alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
@@ -31,6 +32,7 @@ module CfnGuardian::Resource
       alarm.metric_name = 'Duration'
       alarm.statistic = 'Average'
       alarm.threshold = 30
+      alarm.treat_missing_data = 'notBreaching'
       @alarms.push(alarm)
     end
     

data/lib/cfnguardian/resources/vpn_connection.rb

@@ -3,7 +3,18 @@ module CfnGuardian::Resource
       
       def default_alarms    
         alarm = CfnGuardian::Models::VPNConnectionAlarm.new(@resource)
-        alarm.name = 'VPNConnectionState'
+        alarm.name = 'VPNConnectionStateNonRedundant'
+        alarm.metric_name = 'TunnelState'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Average'
+        alarm.threshold = 1.0
+        alarm.evaluation_periods = 3
+        alarm.treat_missing_data = 'breaching'
+        alarm.datapoints_to_alarm = 3
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::VPNConnectionAlarm.new(@resource)
+        alarm.name = 'VPNConnectionStateAllDown'
         alarm.metric_name = 'TunnelState'
         alarm.comparison_operator = 'LessThanThreshold'
         alarm.statistic = 'Average'

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.7.0"
+  VERSION = "0.7.4"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.4
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-08-09 00:00:00.000000000 Z
+date: 2021-11-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -295,6 +295,7 @@ files:
 - lib/cfnguardian/resources/internal_http.rb
 - lib/cfnguardian/resources/internal_port.rb
 - lib/cfnguardian/resources/internal_sftp.rb
+- lib/cfnguardian/resources/jenkins.rb
 - lib/cfnguardian/resources/lambda.rb
 - lib/cfnguardian/resources/log_group.rb
 - lib/cfnguardian/resources/network_targetgroup.rb