cfn-guardian 0.11.10 → 0.11.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7bd6e97a40ddb635e1b77930c9c86aa955f31dc2dc31025706a51c14aa71ac88
-  data.tar.gz: 1b04f751759f877ea32cf8470249712af0054e94cb208f314884287534b5fa56
+  metadata.gz: 1d45d4575c7023a67061939e1d14b62c089824906da0c8f9a5ff7e91cb14a2b4
+  data.tar.gz: ce8d4d1cb8542ec9c61723da1ce99db119982fce02329415eadb25e439dadb3d
 SHA512:
-  metadata.gz: d293b763c17981ec283bab6ddd3262a7c5c5fef4df50af6f934f6a408c29a8f75cf1615ea64080dc743154afe6e25a5595cd744bf3415f6200a0b72e02143498
-  data.tar.gz: e296b1a03e226c0fbef8699573f5e4a1c3c5268538200d6307e9a76bdbb377ed711c20b302bdbc4a8a72df44b3d7c4d92953cdb56c0e7c3a7502edf4bca0814e
+  metadata.gz: 3972ebc39d657e401cce3d033e99a0fef4030acb11b4a7ffc45b040041e9b629d9965210b39476e456f7e6de94dd6222858c92d9c38e16074cdf53df3de4b2ac
+  data.tar.gz: a7763f0ee6301f50ceae0a84328a4502040801524d13b1b609c53d615a50721c9228e266407d72d7b4bd159f3b599772d9989dbf8cbca7cc6860effd8540889f

data/.github/workflows/push.yml

@@ -18,17 +18,17 @@ jobs:
       uses: rlespinasse/github-slug-action@v3.x  
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to  GitHub Container Repository
-      uses: docker/login-action@v1
+      uses: docker/login-action@v3
       with:
         registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PUSH_TOKEN }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build and push Container Image to GitHub Container Repository
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v6
       with:
         context: .
         file: ./Dockerfile

data/.github/workflows/release-image.yml

@@ -20,8 +20,8 @@ jobs:
       uses: docker/login-action@v1
       with:
         registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PUSH_TOKEN }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build and push Container Image to GitHub Container Repository
       uses: docker/build-push-action@v2

data/Dockerfile

@@ -8,7 +8,7 @@ COPY . /src
 
 WORKDIR /src
 
-RUN apk add --no-cache git \
+RUN apk add --no-cache git build-base \
     && gem build cfn-guardian.gemspec \
     && gem install cfn-guardian-${GUARDIAN_VERSION}.gem \
     && rm -rf /src

data/cfn-guardian.gemspec

@@ -38,7 +38,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'aws-sdk-codecommit', '~> 1.53', '<2'
   spec.add_dependency 'aws-sdk-codepipeline', '~> 1.55', '<2'
   
-  spec.add_runtime_dependency('rexml', '>= 0')
+  spec.add_runtime_dependency('rexml', '3.3.0')
   
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 13.0"

data/lib/cfnguardian/compile.rb

@@ -30,6 +30,8 @@ require 'cfnguardian/resources/internal_http'
 require 'cfnguardian/resources/port'
 require 'cfnguardian/resources/internal_port'
 require 'cfnguardian/resources/nrpe'
+require 'cfnguardian/resources/kafka_cluster'
+require 'cfnguardian/resources/kafka_topic'
 require 'cfnguardian/resources/lambda'
 require 'cfnguardian/resources/network_targetgroup'
 require 'cfnguardian/resources/rds_cluster'

data/lib/cfnguardian/models/alarm.rb

@@ -394,6 +394,34 @@ module CfnGuardian
       end
     end
 
+    class KafkaClusterAlarm < BaseAlarm
+      def initialize(resource,broker)
+        super(resource)
+        @group = 'KafkaCluster'
+        @namespace = 'AWS/Kafka'
+        @dimensions = { 'Cluster Name': resource['Id'], 'Broker ID': broker }
+        @statistic = 'Average'
+        @evaluation_periods = 1
+        @datapoints_to_alarm = 1
+        @period = 300
+        @treat_missing_data = 'breaching'
+      end
+    end
+
+    class KafkaTopicAlarm < BaseAlarm
+      def initialize(resource,broker)
+        super(resource)
+        @group = 'KafkaTopic'
+        @namespace = 'AWS/Kafka'
+        @dimensions = { 'Cluster Name': resource['ClusterName'], 'Broker ID': broker, Topic: resource['Id'] }
+        @statistic = 'Average'
+        @evaluation_periods = 1
+        @datapoints_to_alarm = 1
+        @period = 300
+        @treat_missing_data = 'breaching'
+      end
+    end
+
     class LambdaAlarm < BaseAlarm
       def initialize(resource)
         super(resource)

data/lib/cfnguardian/resources/application_targetgroup.rb

@@ -9,7 +9,6 @@ module CfnGuardian::Resource
       alarm.statistic = 'Minimum'
       alarm.threshold = 2
       alarm.evaluation_periods = 1
-      alarm.comparison_operator = 'LessThanThreshold'
       @alarms.push(alarm)
       
       alarm = CfnGuardian::Models::ApplicationTargetGroupAlarm.new(@resource)

data/lib/cfnguardian/resources/kafka_cluster.rb

@@ -0,0 +1,74 @@
+module CfnGuardian::Resource
+  class KafkaCluster < Base
+
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
+      @brokers_list = resource['Brokers']
+    end
+
+    def default_alarms
+      @brokers_list.each do |broker|
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-CPUUserCritical"
+        alarm.metric_name = 'CpuUser'
+        alarm.threshold = 80
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-CPUUserWarning"
+        alarm.metric_name = 'CpuUser'
+        alarm.threshold = 50
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-KafkaDataLogsDiskUsedCritical"
+        alarm.metric_name = 'KafkaDataLogsDiskUsed'
+        alarm.threshold = 85
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-KafkaDataLogsDiskUsedWarning"
+        alarm.metric_name = 'KafkaDataLogsDiskUsed'
+        alarm.threshold = 70
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-BurstBalance"
+        alarm.metric_name = 'BurstBalance'
+        alarm.threshold = 1
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-MemoryFreeCritical"
+        alarm.metric_name = 'MemoryFree'
+        alarm.threshold = 10
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-MemoryFreeWarning"
+        alarm.metric_name = 'MemoryFree'
+        alarm.threshold = 50
+        alarm.alarm_action = 'Warning'
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-NetworkRxErrorsCritical"
+        alarm.metric_name = 'NetworkRxErrors'
+        alarm.threshold = 10
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::KafkaClusterAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-NetworkRxErrorsWarning"
+        alarm.metric_name = 'NetworkRxErrors'
+        alarm.threshold = 5
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)
+      end
+    end
+  end
+end

data/lib/cfnguardian/resources/kafka_topic.rb

@@ -0,0 +1,20 @@
+module CfnGuardian::Resource
+  class KafkaTopic < Base
+
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
+      @brokers_list = resource['Brokers']
+    end
+
+    def default_alarms
+      @brokers_list.each do |broker|  
+        alarm = CfnGuardian::Models::KafkaTopicAlarm.new(@resource,broker)
+        alarm.name = "Broker#{broker}-MessagesInPerSec"
+        alarm.metric_name = 'MessagesInPerSec'
+        alarm.threshold = 5
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+      end
+    end
+  end
+end

data/lib/cfnguardian/tagger.rb

@@ -63,7 +63,7 @@ module CfnGuardian
     end
 
     def get_tags_to_delete(current_tags, new_tags)
-      return current_tags.select {|tag| !new_tags.has_key?(tag.key)}.map {|tag| tag.key}
+      return current_tags.select {|tag| !new_tags.has_key?(tag.key) && !tag.key.start_with?('aws:') }.map { |tag| tag.key }
     end
 
     def tags_changed?(current_tags, new_tags)

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.11.10"
+  VERSION = "0.11.11"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.11.10
+  version: 0.11.11
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-01-23 00:00:00.000000000 Z
+date: 2024-07-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -228,16 +228,16 @@ dependencies:
   name: rexml
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.3.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -357,6 +357,8 @@ files:
 - lib/cfnguardian/resources/internal_port.rb
 - lib/cfnguardian/resources/internal_sftp.rb
 - lib/cfnguardian/resources/jenkins.rb
+- lib/cfnguardian/resources/kafka_cluster.rb
+- lib/cfnguardian/resources/kafka_topic.rb
 - lib/cfnguardian/resources/lambda.rb
 - lib/cfnguardian/resources/log_group.rb
 - lib/cfnguardian/resources/network_targetgroup.rb