cfn-guardian 0.7.1 → 0.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -1
  3. data/Dockerfile +1 -1
  4. data/docs/custom_checks/http.md +2 -0
  5. data/docs/custom_checks/log_group_metric_filters.md +12 -2
  6. data/lib/cfnguardian/compile.rb +1 -0
  7. data/lib/cfnguardian/models/alarm.rb +9 -0
  8. data/lib/cfnguardian/models/check.rb +1 -1
  9. data/lib/cfnguardian/models/event.rb +2 -0
  10. data/lib/cfnguardian/resources/amazonmq_broker.rb +1 -1
  11. data/lib/cfnguardian/resources/apigateway.rb +1 -0
  12. data/lib/cfnguardian/resources/base.rb +3 -0
  13. data/lib/cfnguardian/resources/jenkins.rb +17 -0
  14. data/lib/cfnguardian/resources/lambda.rb +5 -0
  15. data/lib/cfnguardian/version.rb +1 -1
  16. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 72248fcb349fb266e18552dd36dcff37b4757574fb91583092dad34037c8be5f
4
- data.tar.gz: f3db4dfb6d7d91e4e39a6832b832d6b2dc75537b0de0a31aaa2ad0837389a4bd
3
+ metadata.gz: 6d76bc093ba8dfbbc3cd69f13a46de04ed09c66e858a429841345e372b5cd989
4
+ data.tar.gz: ef0871d219f893b3f048fa6e6aed1985321ca731e3aa7579e4b345593719bc4f
5
5
  SHA512:
6
- metadata.gz: d8bc7d02245dde79df68affc7bc910b7c9657172b0473bb48e71e03e39cd83d6869e649ec362cc7592c31900bf5338f809001f2efac177c2c0b3a33fe326f333
7
- data.tar.gz: 6b7789eca2cbfeefe60d997de944d004bc481d27db7b8c49bfb016ed0924bff971503d34288caf56d787cc4145426988734b146ec9cdcd7addc8eebf5049fe29
6
+ metadata.gz: a6c49d85573e1032d893a1142a8b578be35cdf795dbc42e82159309bd8e98d8894cf8260eb6c0762ffdc3e23b538317347db5696ada71cdf7bab03375a5843cb
7
+ data.tar.gz: 959866a604e7cd3c668ba2e99ac28ca1f74ae5ac6fe65fd452840e9d3b4d2a9d248f93a5591319bcc04e92cd210c3341eaa0e9c2d5ff9be8f63f342468212d51
data/.gitignore CHANGED
@@ -9,4 +9,5 @@
9
9
 
10
10
  cfn-guardian-*.gem
11
11
 
12
- out/
12
+ out/
13
+ alarms.yaml
data/Dockerfile CHANGED
@@ -1,6 +1,6 @@
1
1
  FROM ruby:2.7-alpine
2
2
 
3
- ARG GUARDIAN_VERSION="0.6.9"
3
+ ARG GUARDIAN_VERSION="0.7.1"
4
4
 
5
5
  COPY . /src
6
6
 
data/docs/custom_checks/http.md CHANGED
@@ -32,6 +32,8 @@ Resources:
32
32
  Method: post
33
33
  # specify headers using "key=value key=value"
34
34
  Headers: content-type=application/json
35
+ # specify a useragent that contains spaces
36
+ UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Base2/Lambda
35
37
  # pass in custom payload for the request
36
38
  Payload: '{"name": "john"}'
37
39
  ```
data/docs/custom_checks/log_group_metric_filters.md CHANGED
@@ -15,10 +15,20 @@ Resources:
15
15
  # Name of the cloud watch metric
16
16
  - MetricName: MyFunctionErrors
17
17
  # search pattern, see aws docs for syntax
18
- Pattern: error
18
+ Pattern: 'error'
19
19
  # metric to push to cloudwatch. Optional as it defaults to 1
20
20
  MetricValue: 1
21
-
21
+ - Id: /prod/custom/app
22
+ # List of metric filters
23
+ MetricFilters:
24
+ # Name of the cloud watch metric
25
+ - MetricName: MyAppErrors
26
+ # search pattern, see aws docs for syntax
27
+ # note; any non-alphanumeric characters have to be wrapped in double quotes WITHIN single quotes
28
+ Pattern: '"Connection to ssl://mail.google.com:465 Timed Out"'
29
+ # metric to push to cloudwatch. Optional as it defaults to 1
30
+ MetricValue: 1
31
+
22
32
  Templates:
23
33
  LogGroup:
24
34
  # use the MetricName name to override the alarm defaults
data/lib/cfnguardian/compile.rb CHANGED
@@ -44,6 +44,7 @@ require 'cfnguardian/resources/step_functions'
44
44
  require 'cfnguardian/resources/vpn_tunnel'
45
45
  require 'cfnguardian/resources/vpn_connection'
46
46
  require 'cfnguardian/resources/elastic_search'
47
+ require 'cfnguardian/resources/jenkins'
47
48
  require 'cfnguardian/version'
48
49
  require 'cfnguardian/error'
49
50
 
data/lib/cfnguardian/models/alarm.rb CHANGED
@@ -485,6 +485,15 @@ module CfnGuardian
485
485
  end
486
486
  end
487
487
 
488
+ class JenkinsAlarm < BaseAlarm
489
+ def initialize(resource)
490
+ super(resource)
491
+ @group = 'Jenkins'
492
+ @namespace = 'Ciinabox/Jenkins'
493
+ @dimensions = { Jenkins: resource['Id'], Monitoring: 'JenkMon' }
494
+ end
495
+ end
496
+
488
497
  class VPNTunnelAlarm < BaseAlarm
489
498
  def initialize(resource)
490
499
  super(resource)
data/lib/cfnguardian/models/check.rb CHANGED
@@ -40,7 +40,7 @@ module CfnGuardian
40
40
  @name = 'HttpCheck'
41
41
  @package = 'http-check'
42
42
  @handler = 'handler.http_check'
43
- @version = 'dba2670c753d0d3386937fbcc1fc89499a4a0fa7'
43
+ @version = '0e945240f9d93242f807e86d1a9b3383a1764b96'
44
44
  @runtime = 'python3.7'
45
45
  end
46
46
  end
data/lib/cfnguardian/models/event.rb CHANGED
@@ -52,6 +52,7 @@ module CfnGuardian
52
52
  @status_code = resource.fetch('StatusCode',200)
53
53
  @body_regex = resource.fetch('BodyRegex',nil)
54
54
  @headers = resource.fetch('Headers',nil)
55
+ @user_agent = resource.fetch('UserAgent',nil)
55
56
  @payload = resource.fetch('Payload',nil)
56
57
  @compressed = resource.fetch('Compressed',false)
57
58
  end
@@ -65,6 +66,7 @@ module CfnGuardian
65
66
  }
66
67
  payload['BODY_REGEX_MATCH'] = @body_regex unless @body_regex.nil?
67
68
  payload['HEADERS'] = @headers unless @headers.nil?
69
+ payload['USER_AGENT'] = @user_agent unless @user_agent.nil?
68
70
  payload['PAYLOAD'] = @payload unless @payload.nil?
69
71
  payload['COMPRESSED'] = '1' if @compressed
70
72
  return payload.to_json
data/lib/cfnguardian/resources/amazonmq_broker.rb CHANGED
@@ -13,7 +13,7 @@ module CfnGuardian::Resource
13
13
  @alarms.push(alarm)
14
14
 
15
15
  alarm = CfnGuardian::Models::AmazonMQBrokerAlarm.new(@resource)
16
- alarm.name = 'CpuCreditBalanceCritical'
16
+ alarm.name = 'CpuCreditBalanceWarning'
17
17
  alarm.metric_name = 'CpuCreditBalance'
18
18
  alarm.comparison_operator = 'LessThanThreshold'
19
19
  alarm.statistic = 'Minimum'
data/lib/cfnguardian/resources/apigateway.rb CHANGED
@@ -26,6 +26,7 @@ module CfnGuardian::Resource
26
26
  alarm.statistic = 'Average'
27
27
  alarm.threshold = 1000
28
28
  alarm.evaluation_periods = 2
29
+ alarm.treat_missing_data = 'notBreaching'
29
30
  @alarms.push(alarm)
30
31
  end
31
32
 
data/lib/cfnguardian/resources/base.rb CHANGED
@@ -26,6 +26,9 @@ module CfnGuardian::Resource
26
26
  end
27
27
 
28
28
  def get_alarms(group,overides={})
29
+ # deep copying the overrides to preserse it's reference before doing any changes to it
30
+ overides = Marshal.load(Marshal.dump(overides))
31
+
29
32
  # generate default alarms
30
33
  default_alarms()
31
34
 
data/lib/cfnguardian/resources/jenkins.rb ADDED
@@ -0,0 +1,17 @@
1
+ module CfnGuardian::Resource
2
+ class Jenkins < Base
3
+
4
+ def default_alarms
5
+ alarm = CfnGuardian::Models::JenkinsAlarm.new(@resource)
6
+ alarm.name = 'NoSuccess'
7
+ alarm.metric_name = 'Success'
8
+ alarm.statistic = 'Maximum'
9
+ alarm.treat_missing_data = 'breaching'
10
+ alarm.alarm_action = 'Warning'
11
+ alarm.period = 3600
12
+ alarm.comparison_operator = 'LessThanThreshold'
13
+ alarm.threshold = 1
14
+ @alarms.push(alarm)
15
+ end
16
+ end
17
+ end
data/lib/cfnguardian/resources/lambda.rb CHANGED
@@ -6,24 +6,28 @@ module CfnGuardian::Resource
6
6
  alarm.name = 'LambdaErrors'
7
7
  alarm.metric_name = 'Errors'
8
8
  alarm.threshold = 0.5
9
+ alarm.treat_missing_data = 'notBreaching'
9
10
  @alarms.push(alarm)
10
11
 
11
12
  alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
12
13
  alarm.name = 'Throttles'
13
14
  alarm.metric_name = 'Throttles'
14
15
  alarm.threshold = 0.5
16
+ alarm.treat_missing_data = 'notBreaching'
15
17
  @alarms.push(alarm)
16
18
 
17
19
  alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
18
20
  alarm.name = 'DeadLetterErrors'
19
21
  alarm.metric_name = 'DeadLetterErrors'
20
22
  alarm.threshold = 0.5
23
+ alarm.treat_missing_data = 'notBreaching'
21
24
  @alarms.push(alarm)
22
25
 
23
26
  alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
24
27
  alarm.name = 'IteratorAge'
25
28
  alarm.metric_name = 'IteratorAge'
26
29
  alarm.threshold = 600000
30
+ alarm.treat_missing_data = 'notBreaching'
27
31
  @alarms.push(alarm)
28
32
 
29
33
  alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
@@ -31,6 +35,7 @@ module CfnGuardian::Resource
31
35
  alarm.metric_name = 'Duration'
32
36
  alarm.statistic = 'Average'
33
37
  alarm.threshold = 30
38
+ alarm.treat_missing_data = 'notBreaching'
34
39
  @alarms.push(alarm)
35
40
  end
36
41
 
data/lib/cfnguardian/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module CfnGuardian
2
- VERSION = "0.7.1"
2
+ VERSION = "0.7.5"
3
3
  CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-guardian
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.1
4
+ version: 0.7.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Guslington
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-09-07 00:00:00.000000000 Z
11
+ date: 2021-11-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -295,6 +295,7 @@ files:
295
295
  - lib/cfnguardian/resources/internal_http.rb
296
296
  - lib/cfnguardian/resources/internal_port.rb
297
297
  - lib/cfnguardian/resources/internal_sftp.rb
298
+ - lib/cfnguardian/resources/jenkins.rb
298
299
  - lib/cfnguardian/resources/lambda.rb
299
300
  - lib/cfnguardian/resources/log_group.rb
300
301
  - lib/cfnguardian/resources/network_targetgroup.rb