cfn-guardian 0.7.1 → 0.7.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -1
  3. data/Dockerfile +1 -1
  4. data/docs/custom_checks/http.md +2 -0
  5. data/docs/custom_checks/log_group_metric_filters.md +12 -2
  6. data/lib/cfnguardian/compile.rb +1 -0
  7. data/lib/cfnguardian/models/alarm.rb +9 -0
  8. data/lib/cfnguardian/models/check.rb +1 -1
  9. data/lib/cfnguardian/models/event.rb +2 -0
  10. data/lib/cfnguardian/resources/amazonmq_broker.rb +1 -1
  11. data/lib/cfnguardian/resources/apigateway.rb +1 -0
  12. data/lib/cfnguardian/resources/base.rb +3 -0
  13. data/lib/cfnguardian/resources/jenkins.rb +17 -0
  14. data/lib/cfnguardian/resources/lambda.rb +5 -0
  15. data/lib/cfnguardian/version.rb +1 -1
  16. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 72248fcb349fb266e18552dd36dcff37b4757574fb91583092dad34037c8be5f
4
- data.tar.gz: f3db4dfb6d7d91e4e39a6832b832d6b2dc75537b0de0a31aaa2ad0837389a4bd
3
+ metadata.gz: 6d76bc093ba8dfbbc3cd69f13a46de04ed09c66e858a429841345e372b5cd989
4
+ data.tar.gz: ef0871d219f893b3f048fa6e6aed1985321ca731e3aa7579e4b345593719bc4f
5
5
  SHA512:
6
- metadata.gz: d8bc7d02245dde79df68affc7bc910b7c9657172b0473bb48e71e03e39cd83d6869e649ec362cc7592c31900bf5338f809001f2efac177c2c0b3a33fe326f333
7
- data.tar.gz: 6b7789eca2cbfeefe60d997de944d004bc481d27db7b8c49bfb016ed0924bff971503d34288caf56d787cc4145426988734b146ec9cdcd7addc8eebf5049fe29
6
+ metadata.gz: a6c49d85573e1032d893a1142a8b578be35cdf795dbc42e82159309bd8e98d8894cf8260eb6c0762ffdc3e23b538317347db5696ada71cdf7bab03375a5843cb
7
+ data.tar.gz: 959866a604e7cd3c668ba2e99ac28ca1f74ae5ac6fe65fd452840e9d3b4d2a9d248f93a5591319bcc04e92cd210c3341eaa0e9c2d5ff9be8f63f342468212d51
data/.gitignore CHANGED
@@ -9,4 +9,5 @@
9
9
 
10
10
  cfn-guardian-*.gem
11
11
 
12
- out/
12
+ out/
13
+ alarms.yaml
data/Dockerfile CHANGED
@@ -1,6 +1,6 @@
1
1
  FROM ruby:2.7-alpine
2
2
 
3
- ARG GUARDIAN_VERSION="0.6.9"
3
+ ARG GUARDIAN_VERSION="0.7.1"
4
4
 
5
5
  COPY . /src
6
6
 
data/docs/custom_checks/http.md CHANGED
@@ -32,6 +32,8 @@ Resources:
32
32
  Method: post
33
33
  # specify headers using "key=value key=value"
34
34
  Headers: content-type=application/json
35
+ # specify a useragent that contains spaces
36
+ UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Base2/Lambda
35
37
  # pass in custom payload for the request
36
38
  Payload: '{"name": "john"}'
37
39
  ```
data/docs/custom_checks/log_group_metric_filters.md CHANGED
@@ -15,10 +15,20 @@ Resources:
15
15
  # Name of the cloud watch metric
16
16
  - MetricName: MyFunctionErrors
17
17
  # search pattern, see aws docs for syntax
18
- Pattern: error
18
+ Pattern: 'error'
19
19
  # metric to push to cloudwatch. Optional as it defaults to 1
20
20
  MetricValue: 1
21
-
21
+ - Id: /prod/custom/app
22
+ # List of metric filters
23
+ MetricFilters:
24
+ # Name of the cloud watch metric
25
+ - MetricName: MyAppErrors
26
+ # search pattern, see aws docs for syntax
27
+ # note; any non-alphanumeric characters have to be wrapped in double quotes WITHIN single quotes
28
+ Pattern: '"Connection to ssl://mail.google.com:465 Timed Out"'
29
+ # metric to push to cloudwatch. Optional as it defaults to 1
30
+ MetricValue: 1
31
+
22
32
  Templates:
23
33
  LogGroup:
24
34
  # use the MetricName name to override the alarm defaults
data/lib/cfnguardian/compile.rb CHANGED
@@ -44,6 +44,7 @@ require 'cfnguardian/resources/step_functions'
44
44
  require 'cfnguardian/resources/vpn_tunnel'
45
45
  require 'cfnguardian/resources/vpn_connection'
46
46
  require 'cfnguardian/resources/elastic_search'
47
+ require 'cfnguardian/resources/jenkins'
47
48
  require 'cfnguardian/version'
48
49
  require 'cfnguardian/error'
49
50
 
data/lib/cfnguardian/models/alarm.rb CHANGED
@@ -485,6 +485,15 @@ module CfnGuardian
485
485
  end
486
486
  end
487
487
 
488
+ class JenkinsAlarm < BaseAlarm
489
+ def initialize(resource)
490
+ super(resource)
491
+ @group = 'Jenkins'
492
+ @namespace = 'Ciinabox/Jenkins'
493
+ @dimensions = { Jenkins: resource['Id'], Monitoring: 'JenkMon' }
494
+ end
495
+ end
496
+
488
497
  class VPNTunnelAlarm < BaseAlarm
489
498
  def initialize(resource)
490
499
  super(resource)
data/lib/cfnguardian/models/check.rb CHANGED
@@ -40,7 +40,7 @@ module CfnGuardian
40
40
  @name = 'HttpCheck'
41
41
  @package = 'http-check'
42
42
  @handler = 'handler.http_check'
43
- @version = 'dba2670c753d0d3386937fbcc1fc89499a4a0fa7'
43
+ @version = '0e945240f9d93242f807e86d1a9b3383a1764b96'
44
44
  @runtime = 'python3.7'
45
45
  end
46
46
  end
data/lib/cfnguardian/models/event.rb CHANGED
@@ -52,6 +52,7 @@ module CfnGuardian
52
52
  @status_code = resource.fetch('StatusCode',200)
53
53
  @body_regex = resource.fetch('BodyRegex',nil)
54
54
  @headers = resource.fetch('Headers',nil)
55
+ @user_agent = resource.fetch('UserAgent',nil)
55
56
  @payload = resource.fetch('Payload',nil)
56
57
  @compressed = resource.fetch('Compressed',false)
57
58
  end
@@ -65,6 +66,7 @@ module CfnGuardian
65
66
  }
66
67
  payload['BODY_REGEX_MATCH'] = @body_regex unless @body_regex.nil?
67
68
  payload['HEADERS'] = @headers unless @headers.nil?
69
+ payload['USER_AGENT'] = @user_agent unless @user_agent.nil?
68
70
  payload['PAYLOAD'] = @payload unless @payload.nil?
69
71
  payload['COMPRESSED'] = '1' if @compressed
70
72
  return payload.to_json
data/lib/cfnguardian/resources/amazonmq_broker.rb CHANGED
@@ -13,7 +13,7 @@ module CfnGuardian::Resource
13
13
  @alarms.push(alarm)
14
14
 
15
15
  alarm = CfnGuardian::Models::AmazonMQBrokerAlarm.new(@resource)
16
- alarm.name = 'CpuCreditBalanceCritical'
16
+ alarm.name = 'CpuCreditBalanceWarning'
17
17
  alarm.metric_name = 'CpuCreditBalance'
18
18
  alarm.comparison_operator = 'LessThanThreshold'
19
19
  alarm.statistic = 'Minimum'
data/lib/cfnguardian/resources/apigateway.rb CHANGED
@@ -26,6 +26,7 @@ module CfnGuardian::Resource
26
26
  alarm.statistic = 'Average'
27
27
  alarm.threshold = 1000
28
28
  alarm.evaluation_periods = 2
29
+ alarm.treat_missing_data = 'notBreaching'
29
30
  @alarms.push(alarm)
30
31
  end
31
32
 
data/lib/cfnguardian/resources/base.rb CHANGED
@@ -26,6 +26,9 @@ module CfnGuardian::Resource
26
26
  end
27
27
 
28
28
  def get_alarms(group,overides={})
29
+ # deep copying the overrides to preserse it's reference before doing any changes to it
30
+ overides = Marshal.load(Marshal.dump(overides))
31
+
29
32
  # generate default alarms
30
33
  default_alarms()
31
34
 
data/lib/cfnguardian/resources/jenkins.rb ADDED
@@ -0,0 +1,17 @@
1
+ module CfnGuardian::Resource
2
+ class Jenkins < Base
3
+
4
+ def default_alarms
5
+ alarm = CfnGuardian::Models::JenkinsAlarm.new(@resource)
6
+ alarm.name = 'NoSuccess'
7
+ alarm.metric_name = 'Success'
8
+ alarm.statistic = 'Maximum'
9
+ alarm.treat_missing_data = 'breaching'
10
+ alarm.alarm_action = 'Warning'
11
+ alarm.period = 3600
12
+ alarm.comparison_operator = 'LessThanThreshold'
13
+ alarm.threshold = 1
14
+ @alarms.push(alarm)
15
+ end
16
+ end
17
+ end
data/lib/cfnguardian/resources/lambda.rb CHANGED
@@ -6,24 +6,28 @@ module CfnGuardian::Resource
6
6
  alarm.name = 'LambdaErrors'
7
7
  alarm.metric_name = 'Errors'
8
8
  alarm.threshold = 0.5
9
+ alarm.treat_missing_data = 'notBreaching'
9
10
  @alarms.push(alarm)
10
11
 
11
12
  alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
12
13
  alarm.name = 'Throttles'
13
14
  alarm.metric_name = 'Throttles'
14
15
  alarm.threshold = 0.5
16
+ alarm.treat_missing_data = 'notBreaching'
15
17
  @alarms.push(alarm)
16
18
 
17
19
  alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
18
20
  alarm.name = 'DeadLetterErrors'
19
21
  alarm.metric_name = 'DeadLetterErrors'
20
22
  alarm.threshold = 0.5
23
+ alarm.treat_missing_data = 'notBreaching'
21
24
  @alarms.push(alarm)
22
25
 
23
26
  alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
24
27
  alarm.name = 'IteratorAge'
25
28
  alarm.metric_name = 'IteratorAge'
26
29
  alarm.threshold = 600000
30
+ alarm.treat_missing_data = 'notBreaching'
27
31
  @alarms.push(alarm)
28
32
 
29
33
  alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
@@ -31,6 +35,7 @@ module CfnGuardian::Resource
31
35
  alarm.metric_name = 'Duration'
32
36
  alarm.statistic = 'Average'
33
37
  alarm.threshold = 30
38
+ alarm.treat_missing_data = 'notBreaching'
34
39
  @alarms.push(alarm)
35
40
  end
36
41
 
data/lib/cfnguardian/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module CfnGuardian
2
- VERSION = "0.7.1"
2
+ VERSION = "0.7.5"
3
3
  CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-guardian
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.1
4
+ version: 0.7.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Guslington
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-09-07 00:00:00.000000000 Z
11
+ date: 2021-11-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -295,6 +295,7 @@ files:
295
295
  - lib/cfnguardian/resources/internal_http.rb
296
296
  - lib/cfnguardian/resources/internal_port.rb
297
297
  - lib/cfnguardian/resources/internal_sftp.rb
298
+ - lib/cfnguardian/resources/jenkins.rb
298
299
  - lib/cfnguardian/resources/lambda.rb
299
300
  - lib/cfnguardian/resources/log_group.rb
300
301
  - lib/cfnguardian/resources/network_targetgroup.rb