cfn-guardian 0.9.2 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/docs/custom_checks/websocket.md +16 -0
- data/docs/overview.md +1 -0
- data/lib/cfnguardian/compile.rb +1 -0
- data/lib/cfnguardian/models/alarm.rb +12 -0
- data/lib/cfnguardian/models/check.rb +15 -1
- data/lib/cfnguardian/models/event.rb +32 -1
- data/lib/cfnguardian/resources/autoscaling_group.rb +10 -0
- data/lib/cfnguardian/resources/websocket.rb +32 -0
- data/lib/cfnguardian/stacks/main.rb +1 -1
- data/lib/cfnguardian/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5c46c2a4b2730c333ff1e85810cd65f9fb8df414f4109e7c2959c4c9bfda3b43
|
|
4
|
+
data.tar.gz: f47115047e95163b834b80577dce76b81903c98611178bfd3348183f7bc599c1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 56b5fff929781714f5b006c2589145e9780cdd65ceb1b993513f0a8d52581eb2e5f4898b795a983718c81a477c57ee906466a3f93d4778633b18bb0c413facb2
|
|
7
|
+
data.tar.gz: 636bd4eed99c7a26febce34dc77ad581900dd23072b2f5770e6ac45b1f5030539b8b9d7c43d691c806bec9b1fa5ed3c0e619dd9652e31d74ea1c898234a7c51b
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Websocket
|
|
2
|
+
|
|
3
|
+
## WebsocketCheck
|
|
4
|
+
|
|
5
|
+
Cloudwatch NameSpace: `WebSocketCheck`
|
|
6
|
+
|
|
7
|
+
```yaml
|
|
8
|
+
Resources:
|
|
9
|
+
WebSocket:
|
|
10
|
+
# Array of resources defining the http endpoint with the Id: key
|
|
11
|
+
- Id: wss://example.com/websocket
|
|
12
|
+
# message to send to websocket
|
|
13
|
+
Message: {'ping-test'}
|
|
14
|
+
# expected suffix response from websocket eg: response message starts with '{"id":"ping-test","message":...,
|
|
15
|
+
Expected_Response: '{"id":"ping-test","message":{...'
|
|
16
|
+
```
|
data/docs/overview.md
CHANGED
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
8. [TLS](custom_checks/tls.md)
|
|
16
16
|
9. [Azure File Check](custom_checks/azure_file_check.md)
|
|
17
17
|
10. [ECS Container Instance Check](custom_checks/ecs_container_instance_check.md)
|
|
18
|
+
11. [Web Socket](custom_checks/websocket.md)
|
|
18
19
|
5. [Event Subscriptions](event_subscriptions.md)
|
|
19
20
|
6. [Notifiers](notifiers.md)
|
|
20
21
|
7. [Maintenance Mode](maintenance_mode.md)
|
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -24,6 +24,7 @@ require 'cfnguardian/resources/elastic_file_system'
|
|
|
24
24
|
require 'cfnguardian/resources/elasticache_replication_group'
|
|
25
25
|
require 'cfnguardian/resources/elastic_loadbalancer'
|
|
26
26
|
require 'cfnguardian/resources/http'
|
|
27
|
+
require 'cfnguardian/resources/websocket'
|
|
27
28
|
require 'cfnguardian/resources/internal_http'
|
|
28
29
|
require 'cfnguardian/resources/port'
|
|
29
30
|
require 'cfnguardian/resources/internal_port'
|
|
@@ -322,6 +322,18 @@ module CfnGuardian
|
|
|
322
322
|
end
|
|
323
323
|
end
|
|
324
324
|
|
|
325
|
+
class WebSocketAlarm < BaseAlarm
|
|
326
|
+
def initialize(resource)
|
|
327
|
+
super(resource)
|
|
328
|
+
@group = 'WebSocket'
|
|
329
|
+
@namespace = 'WebSocketCheck'
|
|
330
|
+
@dimensions = { Endpoint: resource['Id'] }
|
|
331
|
+
@comparison_operator = 'LessThanThreshold'
|
|
332
|
+
@threshold = 1
|
|
333
|
+
@evaluation_periods = 2
|
|
334
|
+
end
|
|
335
|
+
end
|
|
336
|
+
|
|
325
337
|
class InternalHttpAlarm < HttpAlarm
|
|
326
338
|
def initialize(resource)
|
|
327
339
|
super(resource)
|
|
@@ -15,7 +15,8 @@ module CfnGuardian
|
|
|
15
15
|
:subnets,
|
|
16
16
|
:vpc,
|
|
17
17
|
:memory,
|
|
18
|
-
:timeout
|
|
18
|
+
:timeout,
|
|
19
|
+
:branch
|
|
19
20
|
|
|
20
21
|
def initialize(resource)
|
|
21
22
|
@type = 'Check'
|
|
@@ -30,6 +31,7 @@ module CfnGuardian
|
|
|
30
31
|
@vpc = nil
|
|
31
32
|
@memory = 128
|
|
32
33
|
@timeout = 120
|
|
34
|
+
@branch = "master"
|
|
33
35
|
end
|
|
34
36
|
end
|
|
35
37
|
|
|
@@ -44,6 +46,18 @@ module CfnGuardian
|
|
|
44
46
|
@runtime = 'python3.7'
|
|
45
47
|
end
|
|
46
48
|
end
|
|
49
|
+
class WebSocketCheck < BaseCheck
|
|
50
|
+
def initialize(resource)
|
|
51
|
+
super(resource)
|
|
52
|
+
@group = 'WebSocket'
|
|
53
|
+
@name = 'WebSocketCheck'
|
|
54
|
+
@package = 'websocket-check'
|
|
55
|
+
@handler = 'handler.websocket_check'
|
|
56
|
+
@version = '1f242f6741f6b561f22f6761a1287e7a0b69d06f'
|
|
57
|
+
@runtime = 'python3.7'
|
|
58
|
+
@branch = 'main'
|
|
59
|
+
end
|
|
60
|
+
end
|
|
47
61
|
|
|
48
62
|
class InternalHttpCheck < HttpCheck
|
|
49
63
|
def initialize(resource)
|
|
@@ -30,7 +30,7 @@ module CfnGuardian
|
|
|
30
30
|
@ssm_parameters = []
|
|
31
31
|
end
|
|
32
32
|
end
|
|
33
|
-
|
|
33
|
+
|
|
34
34
|
class HttpEvent < BaseEvent
|
|
35
35
|
|
|
36
36
|
attr_accessor :endpoint,
|
|
@@ -72,6 +72,37 @@ module CfnGuardian
|
|
|
72
72
|
return payload.to_json
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
|
+
|
|
76
|
+
class WebSocketEvent < BaseEvent
|
|
77
|
+
|
|
78
|
+
attr_accessor :endpoint,
|
|
79
|
+
:message,
|
|
80
|
+
:expected_response,
|
|
81
|
+
:timeout,
|
|
82
|
+
:payload
|
|
83
|
+
|
|
84
|
+
def initialize(resource)
|
|
85
|
+
super(resource)
|
|
86
|
+
@group = 'WebSocket'
|
|
87
|
+
@name = 'WebSocketEvent'
|
|
88
|
+
@target = 'WebSocketCheckFunction'
|
|
89
|
+
@endpoint = resource['Id']
|
|
90
|
+
@message = resource.fetch('Message',nil)
|
|
91
|
+
@expected_response = resource.fetch('Expected_Response',nil)
|
|
92
|
+
@timeout = resource.fetch('Timeout',50)
|
|
93
|
+
@payload = resource.fetch('Payload',nil)
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
def payload
|
|
97
|
+
payload = {
|
|
98
|
+
'ENDPOINT' => @endpoint,
|
|
99
|
+
'MESSAGE' => @message,
|
|
100
|
+
'EXPECTED_RESPONSE' => @expected_response
|
|
101
|
+
}
|
|
102
|
+
payload['PAYLOAD'] = @payload unless @payload.nil?
|
|
103
|
+
return payload.to_json
|
|
104
|
+
end
|
|
105
|
+
end
|
|
75
106
|
|
|
76
107
|
class InternalHttpEvent < HttpEvent
|
|
77
108
|
def initialize(resource,environment)
|
|
@@ -18,5 +18,15 @@ module CfnGuardian::Resource
|
|
|
18
18
|
@alarms.push(alarm)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
def default_event_subscriptions()
|
|
22
|
+
event_subscription = CfnGuardian::Models::AutoScalingGroupEventSubscription.new(@resource)
|
|
23
|
+
event_subscription.name = 'LaunchUnsuccessful'
|
|
24
|
+
event_subscription.detail_type = 'EC2 Instance Launch Unsuccessful'
|
|
25
|
+
event_subscription.detail = {
|
|
26
|
+
'instance-id' => [@resource['Id']],
|
|
27
|
+
'state' => ['terminated']
|
|
28
|
+
}
|
|
29
|
+
@event_subscriptions.push(event_subscription)
|
|
30
|
+
end
|
|
21
31
|
end
|
|
22
32
|
end
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
require 'digest/md5'
|
|
2
|
+
|
|
3
|
+
module CfnGuardian::Resource
|
|
4
|
+
class WebSocket < Base
|
|
5
|
+
|
|
6
|
+
def default_alarms
|
|
7
|
+
alarm = CfnGuardian::Models::WebSocketAlarm.new(@resource)
|
|
8
|
+
alarm.name = 'EndpointAvailable'
|
|
9
|
+
alarm.metric_name = 'Available'
|
|
10
|
+
@alarms.push(alarm)
|
|
11
|
+
|
|
12
|
+
alarm = CfnGuardian::Models::WebSocketAlarm.new(@resource)
|
|
13
|
+
alarm.name = 'EndpointTimeTaken'
|
|
14
|
+
alarm.comparison_operator = 'GreaterThanThreshold'
|
|
15
|
+
alarm.metric_name = 'TimeTaken'
|
|
16
|
+
alarm.statistic = 'Minimum'
|
|
17
|
+
alarm.threshold = 5000
|
|
18
|
+
alarm.period = 300
|
|
19
|
+
alarm.evaluation_periods = 1
|
|
20
|
+
@alarms.push(alarm)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def default_events()
|
|
24
|
+
@events.push(CfnGuardian::Models::WebSocketEvent.new(@resource))
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def default_checks()
|
|
28
|
+
@checks.push(CfnGuardian::Models::WebSocketCheck.new(@resource))
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -136,7 +136,7 @@ module CfnGuardian
|
|
|
136
136
|
Lambda_Function("#{check.name}Function#{check.environment}") do
|
|
137
137
|
Code({
|
|
138
138
|
S3Bucket: FnSub("base2.guardian.lambda.checks.${AWS::Region}"),
|
|
139
|
-
S3Key: "#{check.package}
|
|
139
|
+
S3Key: "#{check.package}/#{check.branch}/#{check.version}.zip"
|
|
140
140
|
})
|
|
141
141
|
Handler check.handler
|
|
142
142
|
MemorySize check.memory
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-11-
|
|
11
|
+
date: 2022-11-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -262,6 +262,7 @@ files:
|
|
|
262
262
|
- docs/custom_checks/sftp.md
|
|
263
263
|
- docs/custom_checks/sql.md
|
|
264
264
|
- docs/custom_checks/tls.md
|
|
265
|
+
- docs/custom_checks/websocket.md
|
|
265
266
|
- docs/custom_metrics.md
|
|
266
267
|
- docs/event_subscriptions.md
|
|
267
268
|
- docs/maintenance_mode.md
|
|
@@ -331,6 +332,7 @@ files:
|
|
|
331
332
|
- lib/cfnguardian/resources/tls.rb
|
|
332
333
|
- lib/cfnguardian/resources/vpn_connection.rb
|
|
333
334
|
- lib/cfnguardian/resources/vpn_tunnel.rb
|
|
335
|
+
- lib/cfnguardian/resources/websocket.rb
|
|
334
336
|
- lib/cfnguardian/s3.rb
|
|
335
337
|
- lib/cfnguardian/stacks/main.rb
|
|
336
338
|
- lib/cfnguardian/stacks/resources.rb
|