cfn-guardian 0.11.10 → 0.11.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/push.yml +5 -5
- data/.github/workflows/release-image.yml +2 -2
- data/Dockerfile +1 -1
- data/cfn-guardian.gemspec +1 -1
- data/lib/cfnguardian/compile.rb +2 -0
- data/lib/cfnguardian/models/alarm.rb +28 -0
- data/lib/cfnguardian/resources/application_targetgroup.rb +0 -1
- data/lib/cfnguardian/resources/kafka_cluster.rb +74 -0
- data/lib/cfnguardian/resources/kafka_topic.rb +20 -0
- data/lib/cfnguardian/tagger.rb +1 -1
- data/lib/cfnguardian/version.rb +1 -1
- metadata +8 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1d45d4575c7023a67061939e1d14b62c089824906da0c8f9a5ff7e91cb14a2b4
|
4
|
+
data.tar.gz: ce8d4d1cb8542ec9c61723da1ce99db119982fce02329415eadb25e439dadb3d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3972ebc39d657e401cce3d033e99a0fef4030acb11b4a7ffc45b040041e9b629d9965210b39476e456f7e6de94dd6222858c92d9c38e16074cdf53df3de4b2ac
|
7
|
+
data.tar.gz: a7763f0ee6301f50ceae0a84328a4502040801524d13b1b609c53d615a50721c9228e266407d72d7b4bd159f3b599772d9989dbf8cbca7cc6860effd8540889f
|
data/.github/workflows/push.yml
CHANGED
@@ -18,17 +18,17 @@ jobs:
|
|
18
18
|
uses: rlespinasse/github-slug-action@v3.x
|
19
19
|
|
20
20
|
- name: Set up Docker Buildx
|
21
|
-
uses: docker/setup-buildx-action@
|
21
|
+
uses: docker/setup-buildx-action@v3
|
22
22
|
|
23
23
|
- name: Login to GitHub Container Repository
|
24
|
-
uses: docker/login-action@
|
24
|
+
uses: docker/login-action@v3
|
25
25
|
with:
|
26
26
|
registry: ghcr.io
|
27
|
-
username: ${{ github.
|
28
|
-
password: ${{ secrets.
|
27
|
+
username: ${{ github.actor }}
|
28
|
+
password: ${{ secrets.GITHUB_TOKEN }}
|
29
29
|
|
30
30
|
- name: Build and push Container Image to GitHub Container Repository
|
31
|
-
uses: docker/build-push-action@
|
31
|
+
uses: docker/build-push-action@v6
|
32
32
|
with:
|
33
33
|
context: .
|
34
34
|
file: ./Dockerfile
|
@@ -20,8 +20,8 @@ jobs:
|
|
20
20
|
uses: docker/login-action@v1
|
21
21
|
with:
|
22
22
|
registry: ghcr.io
|
23
|
-
username: ${{ github.
|
24
|
-
password: ${{ secrets.
|
23
|
+
username: ${{ github.actor }}
|
24
|
+
password: ${{ secrets.GITHUB_TOKEN }}
|
25
25
|
|
26
26
|
- name: Build and push Container Image to GitHub Container Repository
|
27
27
|
uses: docker/build-push-action@v2
|
data/Dockerfile
CHANGED
data/cfn-guardian.gemspec
CHANGED
@@ -38,7 +38,7 @@ Gem::Specification.new do |spec|
|
|
38
38
|
spec.add_dependency 'aws-sdk-codecommit', '~> 1.53', '<2'
|
39
39
|
spec.add_dependency 'aws-sdk-codepipeline', '~> 1.55', '<2'
|
40
40
|
|
41
|
-
spec.add_runtime_dependency('rexml', '
|
41
|
+
spec.add_runtime_dependency('rexml', '3.3.0')
|
42
42
|
|
43
43
|
spec.add_development_dependency "bundler", "~> 2.0"
|
44
44
|
spec.add_development_dependency "rake", "~> 13.0"
|
data/lib/cfnguardian/compile.rb
CHANGED
@@ -30,6 +30,8 @@ require 'cfnguardian/resources/internal_http'
|
|
30
30
|
require 'cfnguardian/resources/port'
|
31
31
|
require 'cfnguardian/resources/internal_port'
|
32
32
|
require 'cfnguardian/resources/nrpe'
|
33
|
+
require 'cfnguardian/resources/kafka_cluster'
|
34
|
+
require 'cfnguardian/resources/kafka_topic'
|
33
35
|
require 'cfnguardian/resources/lambda'
|
34
36
|
require 'cfnguardian/resources/network_targetgroup'
|
35
37
|
require 'cfnguardian/resources/rds_cluster'
|
@@ -394,6 +394,34 @@ module CfnGuardian
|
|
394
394
|
end
|
395
395
|
end
|
396
396
|
|
397
|
+
class KafkaClusterAlarm < BaseAlarm
|
398
|
+
def initialize(resource,broker)
|
399
|
+
super(resource)
|
400
|
+
@group = 'KafkaCluster'
|
401
|
+
@namespace = 'AWS/Kafka'
|
402
|
+
@dimensions = { 'Cluster Name': resource['Id'], 'Broker ID': broker }
|
403
|
+
@statistic = 'Average'
|
404
|
+
@evaluation_periods = 1
|
405
|
+
@datapoints_to_alarm = 1
|
406
|
+
@period = 300
|
407
|
+
@treat_missing_data = 'breaching'
|
408
|
+
end
|
409
|
+
end
|
410
|
+
|
411
|
+
class KafkaTopicAlarm < BaseAlarm
|
412
|
+
def initialize(resource,broker)
|
413
|
+
super(resource)
|
414
|
+
@group = 'KafkaTopic'
|
415
|
+
@namespace = 'AWS/Kafka'
|
416
|
+
@dimensions = { 'Cluster Name': resource['ClusterName'], 'Broker ID': broker, Topic: resource['Id'] }
|
417
|
+
@statistic = 'Average'
|
418
|
+
@evaluation_periods = 1
|
419
|
+
@datapoints_to_alarm = 1
|
420
|
+
@period = 300
|
421
|
+
@treat_missing_data = 'breaching'
|
422
|
+
end
|
423
|
+
end
|
424
|
+
|
397
425
|
class LambdaAlarm < BaseAlarm
|
398
426
|
def initialize(resource)
|
399
427
|
super(resource)
|
@@ -9,7 +9,6 @@ module CfnGuardian::Resource
|
|
9
9
|
alarm.statistic = 'Minimum'
|
10
10
|
alarm.threshold = 2
|
11
11
|
alarm.evaluation_periods = 1
|
12
|
-
alarm.comparison_operator = 'LessThanThreshold'
|
13
12
|
@alarms.push(alarm)
|
14
13
|
|
15
14
|
alarm = CfnGuardian::Models::ApplicationTargetGroupAlarm.new(@resource)
|
@@ -0,0 +1,74 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class KafkaCluster < Base
|
3
|
+
|
4
|
+
def initialize(resource, override_group = nil)
|
5
|
+
super(resource, override_group)
|
6
|
+
@brokers_list = resource['Brokers']
|
7
|
+
end
|
8
|
+
|
9
|
+
def default_alarms
|
10
|
+
@brokers_list.each do |broker|
|
11
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
12
|
+
alarm.name = "Broker#{broker}-CPUUserCritical"
|
13
|
+
alarm.metric_name = 'CpuUser'
|
14
|
+
alarm.threshold = 80
|
15
|
+
@alarms.push(alarm)
|
16
|
+
|
17
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
18
|
+
alarm.name = "Broker#{broker}-CPUUserWarning"
|
19
|
+
alarm.metric_name = 'CpuUser'
|
20
|
+
alarm.threshold = 50
|
21
|
+
alarm.alarm_action = 'Warning'
|
22
|
+
@alarms.push(alarm)
|
23
|
+
|
24
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
25
|
+
alarm.name = "Broker#{broker}-KafkaDataLogsDiskUsedCritical"
|
26
|
+
alarm.metric_name = 'KafkaDataLogsDiskUsed'
|
27
|
+
alarm.threshold = 85
|
28
|
+
@alarms.push(alarm)
|
29
|
+
|
30
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
31
|
+
alarm.name = "Broker#{broker}-KafkaDataLogsDiskUsedWarning"
|
32
|
+
alarm.metric_name = 'KafkaDataLogsDiskUsed'
|
33
|
+
alarm.threshold = 70
|
34
|
+
alarm.alarm_action = 'Warning'
|
35
|
+
@alarms.push(alarm)
|
36
|
+
|
37
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
38
|
+
alarm.name = "Broker#{broker}-BurstBalance"
|
39
|
+
alarm.metric_name = 'BurstBalance'
|
40
|
+
alarm.threshold = 1
|
41
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
42
|
+
@alarms.push(alarm)
|
43
|
+
|
44
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
45
|
+
alarm.name = "Broker#{broker}-MemoryFreeCritical"
|
46
|
+
alarm.metric_name = 'MemoryFree'
|
47
|
+
alarm.threshold = 10
|
48
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
49
|
+
@alarms.push(alarm)
|
50
|
+
|
51
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
52
|
+
alarm.name = "Broker#{broker}-MemoryFreeWarning"
|
53
|
+
alarm.metric_name = 'MemoryFree'
|
54
|
+
alarm.threshold = 50
|
55
|
+
alarm.alarm_action = 'Warning'
|
56
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
57
|
+
@alarms.push(alarm)
|
58
|
+
|
59
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
60
|
+
alarm.name = "Broker#{broker}-NetworkRxErrorsCritical"
|
61
|
+
alarm.metric_name = 'NetworkRxErrors'
|
62
|
+
alarm.threshold = 10
|
63
|
+
@alarms.push(alarm)
|
64
|
+
|
65
|
+
alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
|
66
|
+
alarm.name = "Broker#{broker}-NetworkRxErrorsWarning"
|
67
|
+
alarm.metric_name = 'NetworkRxErrors'
|
68
|
+
alarm.threshold = 5
|
69
|
+
alarm.alarm_action = 'Warning'
|
70
|
+
@alarms.push(alarm)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class KafkaTopic < Base
|
3
|
+
|
4
|
+
def initialize(resource, override_group = nil)
|
5
|
+
super(resource, override_group)
|
6
|
+
@brokers_list = resource['Brokers']
|
7
|
+
end
|
8
|
+
|
9
|
+
def default_alarms
|
10
|
+
@brokers_list.each do |broker|
|
11
|
+
alarm = CfnGuardian::Models::KafkaTopicAlarm.new(@resource,broker)
|
12
|
+
alarm.name = "Broker#{broker}-MessagesInPerSec"
|
13
|
+
alarm.metric_name = 'MessagesInPerSec'
|
14
|
+
alarm.threshold = 5
|
15
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
16
|
+
@alarms.push(alarm)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
data/lib/cfnguardian/tagger.rb
CHANGED
@@ -63,7 +63,7 @@ module CfnGuardian
|
|
63
63
|
end
|
64
64
|
|
65
65
|
def get_tags_to_delete(current_tags, new_tags)
|
66
|
-
return current_tags.select {|tag| !new_tags.has_key?(tag.key)}.map {|tag| tag.key}
|
66
|
+
return current_tags.select {|tag| !new_tags.has_key?(tag.key) && !tag.key.start_with?('aws:') }.map { |tag| tag.key }
|
67
67
|
end
|
68
68
|
|
69
69
|
def tags_changed?(current_tags, new_tags)
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-guardian
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.11.
|
4
|
+
version: 0.11.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -228,16 +228,16 @@ dependencies:
|
|
228
228
|
name: rexml
|
229
229
|
requirement: !ruby/object:Gem::Requirement
|
230
230
|
requirements:
|
231
|
-
- -
|
231
|
+
- - '='
|
232
232
|
- !ruby/object:Gem::Version
|
233
|
-
version:
|
233
|
+
version: 3.3.0
|
234
234
|
type: :runtime
|
235
235
|
prerelease: false
|
236
236
|
version_requirements: !ruby/object:Gem::Requirement
|
237
237
|
requirements:
|
238
|
-
- -
|
238
|
+
- - '='
|
239
239
|
- !ruby/object:Gem::Version
|
240
|
-
version:
|
240
|
+
version: 3.3.0
|
241
241
|
- !ruby/object:Gem::Dependency
|
242
242
|
name: bundler
|
243
243
|
requirement: !ruby/object:Gem::Requirement
|
@@ -357,6 +357,8 @@ files:
|
|
357
357
|
- lib/cfnguardian/resources/internal_port.rb
|
358
358
|
- lib/cfnguardian/resources/internal_sftp.rb
|
359
359
|
- lib/cfnguardian/resources/jenkins.rb
|
360
|
+
- lib/cfnguardian/resources/kafka_cluster.rb
|
361
|
+
- lib/cfnguardian/resources/kafka_topic.rb
|
360
362
|
- lib/cfnguardian/resources/lambda.rb
|
361
363
|
- lib/cfnguardian/resources/log_group.rb
|
362
364
|
- lib/cfnguardian/resources/network_targetgroup.rb
|