cfn-guardian 0.9.2 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/docs/custom_checks/websocket.md +16 -0
- data/docs/overview.md +1 -0
- data/lib/cfnguardian/compile.rb +1 -0
- data/lib/cfnguardian/models/alarm.rb +12 -0
- data/lib/cfnguardian/models/check.rb +15 -1
- data/lib/cfnguardian/models/event.rb +32 -1
- data/lib/cfnguardian/resources/autoscaling_group.rb +10 -0
- data/lib/cfnguardian/resources/websocket.rb +32 -0
- data/lib/cfnguardian/stacks/main.rb +1 -1
- data/lib/cfnguardian/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5c46c2a4b2730c333ff1e85810cd65f9fb8df414f4109e7c2959c4c9bfda3b43
|
|
4
|
+
data.tar.gz: f47115047e95163b834b80577dce76b81903c98611178bfd3348183f7bc599c1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 56b5fff929781714f5b006c2589145e9780cdd65ceb1b993513f0a8d52581eb2e5f4898b795a983718c81a477c57ee906466a3f93d4778633b18bb0c413facb2
|
|
7
|
+
data.tar.gz: 636bd4eed99c7a26febce34dc77ad581900dd23072b2f5770e6ac45b1f5030539b8b9d7c43d691c806bec9b1fa5ed3c0e619dd9652e31d74ea1c898234a7c51b
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Websocket
|
|
2
|
+
|
|
3
|
+
## WebsocketCheck
|
|
4
|
+
|
|
5
|
+
Cloudwatch NameSpace: `WebSocketCheck`
|
|
6
|
+
|
|
7
|
+
```yaml
|
|
8
|
+
Resources:
|
|
9
|
+
WebSocket:
|
|
10
|
+
# Array of resources defining the http endpoint with the Id: key
|
|
11
|
+
- Id: wss://example.com/websocket
|
|
12
|
+
# message to send to websocket
|
|
13
|
+
Message: {'ping-test'}
|
|
14
|
+
# expected suffix response from websocket eg: response message starts with '{"id":"ping-test","message":...,
|
|
15
|
+
Expected_Response: '{"id":"ping-test","message":{...'
|
|
16
|
+
```
|
data/docs/overview.md
CHANGED
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
8. [TLS](custom_checks/tls.md)
|
|
16
16
|
9. [Azure File Check](custom_checks/azure_file_check.md)
|
|
17
17
|
10. [ECS Container Instance Check](custom_checks/ecs_container_instance_check.md)
|
|
18
|
+
11. [Web Socket](custom_checks/websocket.md)
|
|
18
19
|
5. [Event Subscriptions](event_subscriptions.md)
|
|
19
20
|
6. [Notifiers](notifiers.md)
|
|
20
21
|
7. [Maintenance Mode](maintenance_mode.md)
|
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -24,6 +24,7 @@ require 'cfnguardian/resources/elastic_file_system'
|
|
|
24
24
|
require 'cfnguardian/resources/elasticache_replication_group'
|
|
25
25
|
require 'cfnguardian/resources/elastic_loadbalancer'
|
|
26
26
|
require 'cfnguardian/resources/http'
|
|
27
|
+
require 'cfnguardian/resources/websocket'
|
|
27
28
|
require 'cfnguardian/resources/internal_http'
|
|
28
29
|
require 'cfnguardian/resources/port'
|
|
29
30
|
require 'cfnguardian/resources/internal_port'
|
|
@@ -322,6 +322,18 @@ module CfnGuardian
|
|
|
322
322
|
end
|
|
323
323
|
end
|
|
324
324
|
|
|
325
|
+
class WebSocketAlarm < BaseAlarm
|
|
326
|
+
def initialize(resource)
|
|
327
|
+
super(resource)
|
|
328
|
+
@group = 'WebSocket'
|
|
329
|
+
@namespace = 'WebSocketCheck'
|
|
330
|
+
@dimensions = { Endpoint: resource['Id'] }
|
|
331
|
+
@comparison_operator = 'LessThanThreshold'
|
|
332
|
+
@threshold = 1
|
|
333
|
+
@evaluation_periods = 2
|
|
334
|
+
end
|
|
335
|
+
end
|
|
336
|
+
|
|
325
337
|
class InternalHttpAlarm < HttpAlarm
|
|
326
338
|
def initialize(resource)
|
|
327
339
|
super(resource)
|
|
@@ -15,7 +15,8 @@ module CfnGuardian
|
|
|
15
15
|
:subnets,
|
|
16
16
|
:vpc,
|
|
17
17
|
:memory,
|
|
18
|
-
:timeout
|
|
18
|
+
:timeout,
|
|
19
|
+
:branch
|
|
19
20
|
|
|
20
21
|
def initialize(resource)
|
|
21
22
|
@type = 'Check'
|
|
@@ -30,6 +31,7 @@ module CfnGuardian
|
|
|
30
31
|
@vpc = nil
|
|
31
32
|
@memory = 128
|
|
32
33
|
@timeout = 120
|
|
34
|
+
@branch = "master"
|
|
33
35
|
end
|
|
34
36
|
end
|
|
35
37
|
|
|
@@ -44,6 +46,18 @@ module CfnGuardian
|
|
|
44
46
|
@runtime = 'python3.7'
|
|
45
47
|
end
|
|
46
48
|
end
|
|
49
|
+
class WebSocketCheck < BaseCheck
|
|
50
|
+
def initialize(resource)
|
|
51
|
+
super(resource)
|
|
52
|
+
@group = 'WebSocket'
|
|
53
|
+
@name = 'WebSocketCheck'
|
|
54
|
+
@package = 'websocket-check'
|
|
55
|
+
@handler = 'handler.websocket_check'
|
|
56
|
+
@version = '1f242f6741f6b561f22f6761a1287e7a0b69d06f'
|
|
57
|
+
@runtime = 'python3.7'
|
|
58
|
+
@branch = 'main'
|
|
59
|
+
end
|
|
60
|
+
end
|
|
47
61
|
|
|
48
62
|
class InternalHttpCheck < HttpCheck
|
|
49
63
|
def initialize(resource)
|
|
@@ -30,7 +30,7 @@ module CfnGuardian
|
|
|
30
30
|
@ssm_parameters = []
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
|
-
|
|
33
|
+
|
|
34
34
|
class HttpEvent < BaseEvent
|
|
35
35
|
|
|
36
36
|
attr_accessor :endpoint,
|
|
@@ -72,6 +72,37 @@ module CfnGuardian
|
|
|
72
72
|
return payload.to_json
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
|
+
|
|
76
|
+
class WebSocketEvent < BaseEvent
|
|
77
|
+
|
|
78
|
+
attr_accessor :endpoint,
|
|
79
|
+
:message,
|
|
80
|
+
:expected_response,
|
|
81
|
+
:timeout,
|
|
82
|
+
:payload
|
|
83
|
+
|
|
84
|
+
def initialize(resource)
|
|
85
|
+
super(resource)
|
|
86
|
+
@group = 'WebSocket'
|
|
87
|
+
@name = 'WebSocketEvent'
|
|
88
|
+
@target = 'WebSocketCheckFunction'
|
|
89
|
+
@endpoint = resource['Id']
|
|
90
|
+
@message = resource.fetch('Message',nil)
|
|
91
|
+
@expected_response = resource.fetch('Expected_Response',nil)
|
|
92
|
+
@timeout = resource.fetch('Timeout',50)
|
|
93
|
+
@payload = resource.fetch('Payload',nil)
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
def payload
|
|
97
|
+
payload = {
|
|
98
|
+
'ENDPOINT' => @endpoint,
|
|
99
|
+
'MESSAGE' => @message,
|
|
100
|
+
'EXPECTED_RESPONSE' => @expected_response
|
|
101
|
+
}
|
|
102
|
+
payload['PAYLOAD'] = @payload unless @payload.nil?
|
|
103
|
+
return payload.to_json
|
|
104
|
+
end
|
|
105
|
+
end
|
|
75
106
|
|
|
76
107
|
class InternalHttpEvent < HttpEvent
|
|
77
108
|
def initialize(resource,environment)
|
|
@@ -18,5 +18,15 @@ module CfnGuardian::Resource
|
|
|
18
18
|
@alarms.push(alarm)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
def default_event_subscriptions()
|
|
22
|
+
event_subscription = CfnGuardian::Models::AutoScalingGroupEventSubscription.new(@resource)
|
|
23
|
+
event_subscription.name = 'LaunchUnsuccessful'
|
|
24
|
+
event_subscription.detail_type = 'EC2 Instance Launch Unsuccessful'
|
|
25
|
+
event_subscription.detail = {
|
|
26
|
+
'instance-id' => [@resource['Id']],
|
|
27
|
+
'state' => ['terminated']
|
|
28
|
+
}
|
|
29
|
+
@event_subscriptions.push(event_subscription)
|
|
30
|
+
end
|
|
21
31
|
end
|
|
22
32
|
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
require 'digest/md5'
|
|
2
|
+
|
|
3
|
+
module CfnGuardian::Resource
|
|
4
|
+
class WebSocket < Base
|
|
5
|
+
|
|
6
|
+
def default_alarms
|
|
7
|
+
alarm = CfnGuardian::Models::WebSocketAlarm.new(@resource)
|
|
8
|
+
alarm.name = 'EndpointAvailable'
|
|
9
|
+
alarm.metric_name = 'Available'
|
|
10
|
+
@alarms.push(alarm)
|
|
11
|
+
|
|
12
|
+
alarm = CfnGuardian::Models::WebSocketAlarm.new(@resource)
|
|
13
|
+
alarm.name = 'EndpointTimeTaken'
|
|
14
|
+
alarm.comparison_operator = 'GreaterThanThreshold'
|
|
15
|
+
alarm.metric_name = 'TimeTaken'
|
|
16
|
+
alarm.statistic = 'Minimum'
|
|
17
|
+
alarm.threshold = 5000
|
|
18
|
+
alarm.period = 300
|
|
19
|
+
alarm.evaluation_periods = 1
|
|
20
|
+
@alarms.push(alarm)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def default_events()
|
|
24
|
+
@events.push(CfnGuardian::Models::WebSocketEvent.new(@resource))
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def default_checks()
|
|
28
|
+
@checks.push(CfnGuardian::Models::WebSocketCheck.new(@resource))
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -136,7 +136,7 @@ module CfnGuardian
|
|
|
136
136
|
Lambda_Function("#{check.name}Function#{check.environment}") do
|
|
137
137
|
Code({
|
|
138
138
|
S3Bucket: FnSub("base2.guardian.lambda.checks.${AWS::Region}"),
|
|
139
|
-
S3Key: "#{check.package}
|
|
139
|
+
S3Key: "#{check.package}/#{check.branch}/#{check.version}.zip"
|
|
140
140
|
})
|
|
141
141
|
Handler check.handler
|
|
142
142
|
MemorySize check.memory
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-11-
|
|
11
|
+
date: 2022-11-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -262,6 +262,7 @@ files:
|
|
|
262
262
|
- docs/custom_checks/sftp.md
|
|
263
263
|
- docs/custom_checks/sql.md
|
|
264
264
|
- docs/custom_checks/tls.md
|
|
265
|
+
- docs/custom_checks/websocket.md
|
|
265
266
|
- docs/custom_metrics.md
|
|
266
267
|
- docs/event_subscriptions.md
|
|
267
268
|
- docs/maintenance_mode.md
|
|
@@ -331,6 +332,7 @@ files:
|
|
|
331
332
|
- lib/cfnguardian/resources/tls.rb
|
|
332
333
|
- lib/cfnguardian/resources/vpn_connection.rb
|
|
333
334
|
- lib/cfnguardian/resources/vpn_tunnel.rb
|
|
335
|
+
- lib/cfnguardian/resources/websocket.rb
|
|
334
336
|
- lib/cfnguardian/s3.rb
|
|
335
337
|
- lib/cfnguardian/stacks/main.rb
|
|
336
338
|
- lib/cfnguardian/stacks/resources.rb
|