cloud-mu 1.9.0.pre.beta
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
|
@@ -0,0 +1,480 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Cloud
|
|
17
|
+
class AWS
|
|
18
|
+
# A MsgQueue as configured in {MU::Config::BasketofKittens::msg_queues}
|
|
19
|
+
class MsgQueue < MU::Cloud::MsgQueue
|
|
20
|
+
@deploy = nil
|
|
21
|
+
@config = nil
|
|
22
|
+
attr_reader :mu_name
|
|
23
|
+
attr_reader :config
|
|
24
|
+
attr_reader :cloud_id
|
|
25
|
+
|
|
26
|
+
@cloudformation_data = {}
|
|
27
|
+
attr_reader :cloudformation_data
|
|
28
|
+
|
|
29
|
+
# @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
|
|
30
|
+
# @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::msg_queues}
|
|
31
|
+
def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
|
|
32
|
+
@deploy = mommacat
|
|
33
|
+
@config = MU::Config.manxify(kitten_cfg)
|
|
34
|
+
@cloud_id ||= cloud_id
|
|
35
|
+
if mu_name
|
|
36
|
+
@mu_name = mu_name
|
|
37
|
+
cloud_desc if !@cloud_id
|
|
38
|
+
else
|
|
39
|
+
@mu_name ||= @deploy.getResourceName(@config["name"])
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Called automatically by {MU::Deploy#createResources}
|
|
44
|
+
def create
|
|
45
|
+
attrs = genQueueAttrs
|
|
46
|
+
|
|
47
|
+
namestr = @mu_name
|
|
48
|
+
namestr += ".fifo" if attrs['FifoQueue']
|
|
49
|
+
|
|
50
|
+
MU.log "Creating SQS queue #{namestr}", details: attrs
|
|
51
|
+
resp = MU::Cloud::AWS.sqs(@config['region']).create_queue(
|
|
52
|
+
queue_name: namestr,
|
|
53
|
+
attributes: attrs
|
|
54
|
+
)
|
|
55
|
+
sleep 1
|
|
56
|
+
MU.log "SQS queue #{@config['name']} is at: #{resp.queue_url}", MU::SUMMARY
|
|
57
|
+
@cloud_id = resp.queue_url
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
# Called automatically by {MU::Deploy#createResources}
|
|
61
|
+
def groom
|
|
62
|
+
tagQueue
|
|
63
|
+
|
|
64
|
+
cur_attrs = notify
|
|
65
|
+
if cur_attrs["Policy"]
|
|
66
|
+
MU.log "FECK", MU::WARN, details: JSON.parse(cur_attrs["Policy"]).to_yaml
|
|
67
|
+
end
|
|
68
|
+
new_attrs = genQueueAttrs
|
|
69
|
+
|
|
70
|
+
changed = false
|
|
71
|
+
new_attrs.each_pair { |k, v|
|
|
72
|
+
if !cur_attrs.has_key?(k) or cur_attrs[k] != new_attrs[k]
|
|
73
|
+
changed = true
|
|
74
|
+
end
|
|
75
|
+
}
|
|
76
|
+
if changed
|
|
77
|
+
MU.log "Updating SQS queue #{@mu_name}", MU::NOTICE, details: new_attrs
|
|
78
|
+
resp = MU::Cloud::AWS.sqs(@config['region']).set_queue_attributes(
|
|
79
|
+
queue_url: @cloud_id,
|
|
80
|
+
attributes: new_attrs
|
|
81
|
+
)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
# Canonical Amazon Resource Number for this resource
|
|
87
|
+
# @return [String]
|
|
88
|
+
def arn
|
|
89
|
+
"arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":sqs:"+@config['region']+":"+MU.account_number+":"+@cloud_id
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# Retrieve the AWS descriptor for this SQS queue. AWS doesn't exactly
|
|
93
|
+
# provide one; if you want real information for SQS ask notify()
|
|
94
|
+
# @return [Hash]: AWS doesn't return anything but the SQS URL, so supplement with attributes
|
|
95
|
+
def cloud_desc
|
|
96
|
+
if !@cloud_id
|
|
97
|
+
resp = MU::Cloud::AWS.sqs(@config['region']).list_queues(
|
|
98
|
+
queue_name_prefix: @mu_name
|
|
99
|
+
)
|
|
100
|
+
return nil if !resp or !resp.queue_urls
|
|
101
|
+
resp.queue_urls.each { |url|
|
|
102
|
+
if url.match(/\/#{Regexp.quote(@mu_name)}$/)
|
|
103
|
+
@cloud_id ||= url
|
|
104
|
+
break
|
|
105
|
+
end
|
|
106
|
+
}
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
return nil if !@cloud_id
|
|
110
|
+
MU::Cloud::AWS::MsgQueue.find(
|
|
111
|
+
cloud_id: @cloud_id.dup,
|
|
112
|
+
region: @config['region']
|
|
113
|
+
)
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
# Return the metadata for this MsgQueue rule
|
|
117
|
+
# @return [Hash]
|
|
118
|
+
def notify
|
|
119
|
+
cloud_desc
|
|
120
|
+
deploy_struct = MU::Cloud::AWS::MsgQueue.find(
|
|
121
|
+
cloud_id: @cloud_id,
|
|
122
|
+
region: @config['region']
|
|
123
|
+
)
|
|
124
|
+
return deploy_struct
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# Remove all msg_queues associated with the currently loaded deployment.
|
|
128
|
+
# @param noop [Boolean]: If true, will only print what would be done
|
|
129
|
+
# @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
|
|
130
|
+
# @param region [String]: The cloud provider region
|
|
131
|
+
# @return [void]
|
|
132
|
+
def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
|
|
133
|
+
resp = MU::Cloud::AWS.sqs(region).list_queues(
|
|
134
|
+
queue_name_prefix: MU.deploy_id
|
|
135
|
+
)
|
|
136
|
+
if resp and resp.queue_urls
|
|
137
|
+
threads = []
|
|
138
|
+
resp.queue_urls.each { |url|
|
|
139
|
+
threads << Thread.new {
|
|
140
|
+
MU.log "Deleting SQS queue #{url}"
|
|
141
|
+
if !noop
|
|
142
|
+
MU::Cloud::AWS.sqs(region).delete_queue(
|
|
143
|
+
queue_url: url
|
|
144
|
+
)
|
|
145
|
+
sleep 60 # per API docs, this is how long it takes to really delete
|
|
146
|
+
end
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
threads.each { |t|
|
|
150
|
+
t.join
|
|
151
|
+
}
|
|
152
|
+
end
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
# Locate an existing msg_queue.
|
|
156
|
+
# @param cloud_id [String]: The cloud provider's identifier for this resource.
|
|
157
|
+
# @param region [String]: The cloud provider region.
|
|
158
|
+
# @param flags [Hash]: Optional flags
|
|
159
|
+
# @return [Hash]: AWS doesn't return anything but the SQS URL, so supplement with attributes
|
|
160
|
+
def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
|
|
161
|
+
flags['account'] ||= MU.account_number
|
|
162
|
+
return nil if !cloud_id
|
|
163
|
+
|
|
164
|
+
# If it's a URL, make sure it's good
|
|
165
|
+
begin
|
|
166
|
+
if cloud_id.match(/^https?:/i)
|
|
167
|
+
resp = MU::Cloud::AWS.sqs(region).get_queue_attributes(
|
|
168
|
+
queue_url: cloud_id,
|
|
169
|
+
attribute_names: ["All"]
|
|
170
|
+
)
|
|
171
|
+
if resp and resp.attributes
|
|
172
|
+
desc = resp.attributes.dup
|
|
173
|
+
desc["Url"] = cloud_id
|
|
174
|
+
return desc
|
|
175
|
+
end
|
|
176
|
+
else
|
|
177
|
+
# If it's a plain queue name, resolve it to a URL
|
|
178
|
+
resp = MU::Cloud::AWS.sqs(region).get_queue_url(
|
|
179
|
+
queue_name: cloud_id,
|
|
180
|
+
queue_owner_aws_account_id: flags['account']
|
|
181
|
+
)
|
|
182
|
+
cloud_id = resp.queue_url if resp and resp.queue_url
|
|
183
|
+
end
|
|
184
|
+
rescue ::Aws::SQS::Errors::NonExistentQueue => e
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
# Go fetch its attributes
|
|
188
|
+
if cloud_id
|
|
189
|
+
resp = MU::Cloud::AWS.sqs(region).get_queue_attributes(
|
|
190
|
+
queue_url: cloud_id,
|
|
191
|
+
attribute_names: ["All"]
|
|
192
|
+
)
|
|
193
|
+
if resp and resp.attributes
|
|
194
|
+
desc = resp.attributes.dup
|
|
195
|
+
desc["Url"] = cloud_id
|
|
196
|
+
MU.log "RETURNING FROM FIND ON #{cloud_id}", MU::WARN, details: caller
|
|
197
|
+
return desc
|
|
198
|
+
end
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
nil
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
# Cloud-specific configuration properties.
|
|
205
|
+
# @param config [MU::Config]: The calling MU::Config object
|
|
206
|
+
# @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
|
|
207
|
+
def self.schema(config)
|
|
208
|
+
toplevel_required = []
|
|
209
|
+
schema = {
|
|
210
|
+
"max_msg_size" => {
|
|
211
|
+
"type" => "integer",
|
|
212
|
+
"description" => "Maximum size of messages in this queue, in kB. Must be between 1 and 256.",
|
|
213
|
+
"default" => 256
|
|
214
|
+
},
|
|
215
|
+
"retain" => {
|
|
216
|
+
"type" => "string",
|
|
217
|
+
"description" => "The length of time for which Amazon SQS retains a message. Assumed to be in seconds, unless you specify a string like '4d' or 'five hours'. Must be between 1 minute and 14 days.",
|
|
218
|
+
"default" => "4 days"
|
|
219
|
+
},
|
|
220
|
+
"delay" => {
|
|
221
|
+
"type" => "string",
|
|
222
|
+
"description" => "Delay delivery by up to 15 minutes. You can specify a string like '1m' or '600 seconds'.",
|
|
223
|
+
"default" => "0 seconds"
|
|
224
|
+
},
|
|
225
|
+
"receive_timeout" => {
|
|
226
|
+
"type" => "string",
|
|
227
|
+
"description" => "The length of time, for which a ReceiveMessage action waits for a message to arrive, between 0 and 20 seconds. You can specify a string like '5s' or '20 seconds'.",
|
|
228
|
+
"default" => "0 seconds"
|
|
229
|
+
},
|
|
230
|
+
"visibility_timeout" => {
|
|
231
|
+
"type" => "string",
|
|
232
|
+
"description" => "The length of time during which Amazon SQS prevents other consumers from receiving and processing a message after another consumer has received it. Must be between 0 seconds and 12 hours. You can specify a string like '5 minutes' or '3 hours'. See also: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html",
|
|
233
|
+
|
|
234
|
+
"default" => "30 seconds"
|
|
235
|
+
},
|
|
236
|
+
"fifo" => {
|
|
237
|
+
"type" => "boolean",
|
|
238
|
+
"description" => "Designate this queue as a FIFO queue. Messages in this queue must explicitly specify MessageGroupId. This cannot be changed once instantiated. This feature is not available in all regions. See also: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-understanding-logic",
|
|
239
|
+
"default" => false
|
|
240
|
+
},
|
|
241
|
+
"dedup" => {
|
|
242
|
+
"type" => "boolean",
|
|
243
|
+
"description" => "Enables content-based deduplication. When ContentBasedDeduplication is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered. This feature is not available in all regions. See also: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing",
|
|
244
|
+
"default" => false
|
|
245
|
+
},
|
|
246
|
+
"failqueue" => {
|
|
247
|
+
"type" => "object",
|
|
248
|
+
"description" => "Target queue for messages that can't be processed (consumed) successfully. See also: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html",
|
|
249
|
+
"properties" => {
|
|
250
|
+
"create" => {
|
|
251
|
+
"type" => "boolean",
|
|
252
|
+
"description" => "Create a separate MsgQueue on the fly."
|
|
253
|
+
},
|
|
254
|
+
"retries_before_fail" => {
|
|
255
|
+
"type" => "integer",
|
|
256
|
+
"description" => "Number of times a message should fail before being sent to this queue. Must be between 1 and 1000.",
|
|
257
|
+
"default" => 10
|
|
258
|
+
},
|
|
259
|
+
"name" => {
|
|
260
|
+
"type" => "string",
|
|
261
|
+
"description" => "The name of a sibling SQS resource in this deploy, or the cloud identifier or URL of a pre-existing one"
|
|
262
|
+
}
|
|
263
|
+
}
|
|
264
|
+
},
|
|
265
|
+
# TODO this doesn't work as either an ARN, short identifier, or full JSON policy descriptor. Docs are vague. Need to ask AWS.
|
|
266
|
+
# "iam_policy" => {
|
|
267
|
+
# "type" => "string",
|
|
268
|
+
# "description" => "An IAM policy document for access to this SQS queue. Our parser expects this to be defined inline like the rest of your YAML/JSON Basket of Kittens, not as raw JSON. For guidance on SQS IAM capabilities, see: https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonsqs.html"
|
|
269
|
+
# },
|
|
270
|
+
"kms" => {
|
|
271
|
+
"type" => "object",
|
|
272
|
+
"description" => "Use an Amazon KMS key to encrypt and decrypt messages in the background. This feature is not available in all regions. https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms",
|
|
273
|
+
"required" => ["key_id", "key_reuse_period"],
|
|
274
|
+
"properties" => {
|
|
275
|
+
"key_id" => {
|
|
276
|
+
"type" => "string",
|
|
277
|
+
"description" => "KMS key to use for encryption and decryption"
|
|
278
|
+
},
|
|
279
|
+
"key_reuse_period" => {
|
|
280
|
+
"type" => "string",
|
|
281
|
+
"description" => "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. You can specify a string like '5m' or '2 hours'.",
|
|
282
|
+
"default" => "5 minutes"
|
|
283
|
+
}
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
}
|
|
287
|
+
[toplevel_required, schema]
|
|
288
|
+
end
|
|
289
|
+
|
|
290
|
+
# Cloud-specific pre-processing of {MU::Config::BasketofKittens::msg_queues}, bare and unvalidated.
|
|
291
|
+
# @param queue [Hash]: The resource to process and validate
|
|
292
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
293
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
294
|
+
def self.validateConfig(queue, configurator)
|
|
295
|
+
ok = true
|
|
296
|
+
|
|
297
|
+
if queue['failqueue']
|
|
298
|
+
if (!queue['failqueue']['create'] and !queue['failqueue'].has_key?("name")) or
|
|
299
|
+
(queue['failqueue']['create'] and queue['failqueue']['name'])
|
|
300
|
+
MU.log "Must set exactly one of 'create' or 'failqueue' in MsgQueue #{queue['name']}.", MU::ERR
|
|
301
|
+
ok = false
|
|
302
|
+
end
|
|
303
|
+
if queue['failqueue']['retries_before_fail'] < 1 or
|
|
304
|
+
queue['failqueue']['retries_before_fail'] > 1000
|
|
305
|
+
MU.log "'retries_before_fail' must be between 1 and 1000 in MsgQueue #{queue['name']}.", MU::ERR
|
|
306
|
+
ok = false
|
|
307
|
+
end
|
|
308
|
+
if queue['failqueue']['create']
|
|
309
|
+
failq = queue.dup
|
|
310
|
+
failq['name'] += "-fail"
|
|
311
|
+
failq.delete("failqueue")
|
|
312
|
+
ok = false if !configurator.insertKitten(failq, "msg_queues")
|
|
313
|
+
queue['failqueue']['name'] = failq['name']
|
|
314
|
+
queue['dependencies'] << {
|
|
315
|
+
"name" => failq['name'],
|
|
316
|
+
"type" => "msg_queue"
|
|
317
|
+
}
|
|
318
|
+
else
|
|
319
|
+
if configurator.haveLitterMate?(queue['failqueue']['name'], "msg_queue")
|
|
320
|
+
queue['dependencies'] << {
|
|
321
|
+
"name" => queue['failqueue']['name'],
|
|
322
|
+
"type" => "msg_queue"
|
|
323
|
+
}
|
|
324
|
+
else
|
|
325
|
+
failq = MU::Cloud::AWS::MsgQueue.find(cloud_id: queue['failqueue']['name'])
|
|
326
|
+
if !failq
|
|
327
|
+
MU.log "Could not find an SQS queue named #{queue['failqueue']['name']} for failqueue in MsgQueue '#{queue['name']}'", MU::ERR
|
|
328
|
+
ok = false
|
|
329
|
+
end
|
|
330
|
+
end
|
|
331
|
+
end
|
|
332
|
+
end
|
|
333
|
+
|
|
334
|
+
if queue['max_msg_size'] < 1 or queue['max_msg_size'] > 256
|
|
335
|
+
MU.log "Must specify a 'max_msg_size' value between 1 and 256 in MsgQueue #{queue['name']}.", MU::ERR
|
|
336
|
+
ok = false
|
|
337
|
+
end
|
|
338
|
+
queue['max_msg_size'] *= 1024 # the API takes it in bytes
|
|
339
|
+
|
|
340
|
+
queue['retain'] = ChronicDuration.parse(queue['retain'], :keep_zero => true)
|
|
341
|
+
if !queue['retain'] or queue['retain'] < 60 or queue['retain'] > 1209600
|
|
342
|
+
MU.log "Must specify a 'retain' value between 1 minute and 14 days in MsgQueue #{queue['name']}.", MU::ERR
|
|
343
|
+
ok = false
|
|
344
|
+
end
|
|
345
|
+
|
|
346
|
+
queue['delay'] = ChronicDuration.parse(queue['delay'], :keep_zero => true)
|
|
347
|
+
if !queue['delay'] or queue['delay'] < 0 or queue['delay'] > 900
|
|
348
|
+
MU.log "'delay' value must be between 0 seconds and 15 minutes in MsgQueue #{queue['name']}.", MU::ERR
|
|
349
|
+
ok = false
|
|
350
|
+
end
|
|
351
|
+
|
|
352
|
+
queue['receive_timeout'] = ChronicDuration.parse(queue['receive_timeout'], :keep_zero => true)
|
|
353
|
+
if !queue['receive_timeout'] or queue['receive_timeout'] < 0 or queue['receive_timeout'] > 20
|
|
354
|
+
MU.log "'receive_timeout' value must be between 0 seconds and 20 seconds in MsgQueue #{queue['name']}.", MU::ERR
|
|
355
|
+
ok = false
|
|
356
|
+
end
|
|
357
|
+
|
|
358
|
+
queue['visibility_timeout'] = ChronicDuration.parse(queue['visibility_timeout'], :keep_zero => true)
|
|
359
|
+
if !queue['visibility_timeout'] or queue['visibility_timeout'] < 0 or queue['visibility_timeout'] > 43200
|
|
360
|
+
MU.log "'visibility_timeout' value must be between 0 seconds and 12 hours in MsgQueue #{queue['name']}.", MU::ERR
|
|
361
|
+
ok = false
|
|
362
|
+
end
|
|
363
|
+
|
|
364
|
+
if queue['kms']
|
|
365
|
+
good_regions = ["us-east-1", "us-east-2", "us-west-2"]
|
|
366
|
+
if !good_regions.include?(queue['region'])
|
|
367
|
+
MU.log "KMS SQS encryption isn't supported in all regions, and #{queue['region']} wasn't on the list last we checked. Queue '#{queue['name']}' may not work.", MU::WARN, details: good_regions
|
|
368
|
+
end
|
|
369
|
+
queue['kms']['key_reuse_period'] = ChronicDuration.parse(queue['kms']['key_reuse_period'], :keep_zero => true)
|
|
370
|
+
if !queue['kms']['key_reuse_period'] or queue['kms']['key_reuse_period'] < 60 or queue['kms']['key_reuse_period'] > 86400
|
|
371
|
+
MU.log "KMS 'visibility_period' value must be between 60 seconds and 24 hours in MsgQueue #{queue['name']}.", MU::ERR
|
|
372
|
+
ok = false
|
|
373
|
+
end
|
|
374
|
+
begin
|
|
375
|
+
MU::Cloud::AWS.kms(queue['region']).describe_key(key_id: queue['kms']['key_id'])
|
|
376
|
+
rescue Aws::KMS::Errors::NotFoundException => e
|
|
377
|
+
MU.log "KMS key '#{queue['kms']['key_id']}' specified in Queue '#{queue['name']}' was not found.", MU::ERR, details: "Key IDs are of the form bf64a093-2c3d-46fa-0d4f-8232fa7ed53. Keys can be created at https://console.aws.amazon.com/iam/home#/encryptionKeys/#{queue['region']}"
|
|
378
|
+
ok = false
|
|
379
|
+
end
|
|
380
|
+
|
|
381
|
+
end
|
|
382
|
+
|
|
383
|
+
good_regions = ["us-east-1", "us-east-2", "us-west-2", "eu-west-1"]
|
|
384
|
+
|
|
385
|
+
if (queue['fifo'] or queue['dedup']) and !good_regions.include?(queue['region'])
|
|
386
|
+
MU.log "Fifo queues aren't supported in all regions, and #{queue['region']} wasn't on the list last we checked. MsgQueue '#{queue['name']}' may not work.", MU::WARN, details: good_regions
|
|
387
|
+
end
|
|
388
|
+
|
|
389
|
+
# TODO have IAM API validate queue['iam_policy'] if any is set
|
|
390
|
+
|
|
391
|
+
ok
|
|
392
|
+
end
|
|
393
|
+
|
|
394
|
+
private
|
|
395
|
+
|
|
396
|
+
def genQueueAttrs
|
|
397
|
+
attrs = {
|
|
398
|
+
"MaximumMessageSize" => @config['max_msg_size'].to_s,
|
|
399
|
+
"MessageRetentionPeriod" => @config['retain'].to_s,
|
|
400
|
+
"DelaySeconds" => @config['delay'].to_s,
|
|
401
|
+
"ReceiveMessageWaitTimeSeconds" => @config['receive_timeout'].to_s
|
|
402
|
+
}
|
|
403
|
+
|
|
404
|
+
if @config['failqueue']
|
|
405
|
+
sibling = @deploy.findLitterMate(type: "msg_queue", name: config['failqueue']['name'])
|
|
406
|
+
id = config['failqueue']['name']
|
|
407
|
+
if sibling # resolve sibling queues to something useful
|
|
408
|
+
id = sibling.cloud_id
|
|
409
|
+
end
|
|
410
|
+
desc = MU::Cloud::AWS::MsgQueue.find(cloud_id: id)
|
|
411
|
+
if !desc
|
|
412
|
+
raise MuError, "Failed to get cloud descriptor for SQS queue #{config['failqueue']['name']}"
|
|
413
|
+
end
|
|
414
|
+
rdr_pol = {
|
|
415
|
+
"deadLetterTargetArn" => desc["QueueArn"],
|
|
416
|
+
"maxReceiveCount" => config['failqueue']['retries_before_fail']
|
|
417
|
+
}
|
|
418
|
+
attrs["RedrivePolicy"] = JSON.generate(rdr_pol)
|
|
419
|
+
end
|
|
420
|
+
|
|
421
|
+
# These aren't supported in most regions, and will fail loudly and
|
|
422
|
+
# spectacularly if you try to use them in the forbidden lands.
|
|
423
|
+
if @config['fifo'] or @config['dedup']
|
|
424
|
+
attrs["FifoQueue"] = "true" # dedup enables fifo implicitly
|
|
425
|
+
attrs["ContentBasedDeduplication"] = @config['dedup'].to_s
|
|
426
|
+
end
|
|
427
|
+
if @config['kms']
|
|
428
|
+
attrs["KmsMasterKeyId"] = @config['kms']['key_id'].to_s
|
|
429
|
+
attrs["KmsDataKeyReusePeriodSeconds"] = @config['kms']['key_reuse_period'].to_s
|
|
430
|
+
end
|
|
431
|
+
|
|
432
|
+
# TODO this doesn't work as either an ARN, short identifier, or full JSON policy descriptor. Docs are vague. Need to ask AWS.
|
|
433
|
+
# if @config['iam_policy']
|
|
434
|
+
# attrs["Policy"] = JSON.generate(@config['iam_policy'])
|
|
435
|
+
# end
|
|
436
|
+
|
|
437
|
+
attrs
|
|
438
|
+
end
|
|
439
|
+
|
|
440
|
+
def tagQueue(url = nil)
|
|
441
|
+
tags = {}
|
|
442
|
+
tags["Name"] = @mu_name
|
|
443
|
+
|
|
444
|
+
MU::MommaCat.listStandardTags.each_pair { |name, value|
|
|
445
|
+
tags[name] = value
|
|
446
|
+
}
|
|
447
|
+
|
|
448
|
+
if @config['optional_tags']
|
|
449
|
+
MU::MommaCat.listOptionalTags.each_pair { |name, value|
|
|
450
|
+
tags[name] = value
|
|
451
|
+
}
|
|
452
|
+
end
|
|
453
|
+
|
|
454
|
+
if @config['tags']
|
|
455
|
+
@config['tags'].each { |tag|
|
|
456
|
+
tags[tag['key']] = tag['value']
|
|
457
|
+
}
|
|
458
|
+
end
|
|
459
|
+
if !url
|
|
460
|
+
desc = cloud_desc
|
|
461
|
+
url = desc["Url"]
|
|
462
|
+
if !url
|
|
463
|
+
raise MU::MuError, "Can't tag SQS queue, failed to retrieve queue_url"
|
|
464
|
+
end
|
|
465
|
+
end
|
|
466
|
+
|
|
467
|
+
begin
|
|
468
|
+
MU::Cloud::AWS.sqs(@config['region']).tag_queue(
|
|
469
|
+
queue_url: url,
|
|
470
|
+
tags: tags
|
|
471
|
+
)
|
|
472
|
+
rescue ::Aws::SQS::Errors::UnsupportedOperation, NameError => e
|
|
473
|
+
MU.log "We appear to be in a region that does not support SQS tagging. Skipping tags for #{@mu_name}", MU::NOTICE, details: e.message
|
|
474
|
+
end
|
|
475
|
+
end
|
|
476
|
+
|
|
477
|
+
end
|
|
478
|
+
end
|
|
479
|
+
end
|
|
480
|
+
end
|
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Cloud
|
|
17
|
+
class AWS
|
|
18
|
+
# Support for AWS SNS
|
|
19
|
+
class Notification < MU::Cloud::Notification
|
|
20
|
+
# Remove all notifications associated with the currently loaded deployment.
|
|
21
|
+
# @param noop [Boolean]: If true, will only print what would be done
|
|
22
|
+
# @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
|
|
23
|
+
# @param region [String]: The cloud provider region
|
|
24
|
+
# @return [void]
|
|
25
|
+
def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
|
|
26
|
+
MU::Cloud::AWS.sns(region).list_topics.topics.each { |topic|
|
|
27
|
+
if topic.topic_arn.match(MU.deploy_id)
|
|
28
|
+
# We don't have a way to tag our SNS topics, so we will delete any topic that has the MU-ID in its ARN.
|
|
29
|
+
# This may fail to find notification groups in some cases (eg. cache_cluster) so we might want to delete from each API as well.
|
|
30
|
+
MU::Cloud::AWS.sns(region).delete_topic(topic_arn: topic.topic_arn)
|
|
31
|
+
MU.log "Deleted SNS topic: #{topic.topic_arn}"
|
|
32
|
+
end
|
|
33
|
+
}
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# Canonical Amazon Resource Number for this resource
|
|
37
|
+
# @return [String]
|
|
38
|
+
def arn
|
|
39
|
+
"arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":sns:"+@config['region']+":"+MU.account_number+":"+@cloud_id
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
# Locate an existing notification.
|
|
43
|
+
# @param cloud_id [String]: The cloud provider's identifier for this resource.
|
|
44
|
+
# @param region [String]: The cloud provider region.
|
|
45
|
+
# @param flags [Hash]: Optional flags
|
|
46
|
+
# @return [OpenStruct]: The cloud provider's complete descriptions of matching notification.
|
|
47
|
+
def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
|
|
48
|
+
# Not implemented
|
|
49
|
+
# XXX well it fuckin' needs to be
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# Cloud-specific configuration properties.
|
|
53
|
+
# @param config [MU::Config]: The calling MU::Config object
|
|
54
|
+
# @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
|
|
55
|
+
def self.schema(config)
|
|
56
|
+
toplevel_required = []
|
|
57
|
+
schema = {}
|
|
58
|
+
[toplevel_required, schema]
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
# Cloud-specific pre-processing of {MU::Config::BasketofKittens::notifications}, bare and unvalidated.
|
|
62
|
+
|
|
63
|
+
# XXX placeholder (notification is not a BoK primitive, is it?)
|
|
64
|
+
# @param notification [Hash]: The resource to process and validate
|
|
65
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
66
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
67
|
+
def self.validateConfig(notification, configurator)
|
|
68
|
+
true
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
# Create a new notification group. Will check if the group exists before creating it.
|
|
72
|
+
# @param topic_name [String]: The cloud provider's name for the notification group.
|
|
73
|
+
# @param region [String]: The cloud provider region.
|
|
74
|
+
# @param account_number [String]: The cloud provider account number.
|
|
75
|
+
# @return [string]: The cloud provider's identifier.
|
|
76
|
+
def self.createTopic(topic_name, region: MU.curRegion, account_number: MU.account_number)
|
|
77
|
+
unless topicExist(topic_name, region: region, account_number: account_number)
|
|
78
|
+
MU::Cloud::AWS.sns(region).create_topic(name: topic_name).topic_arn
|
|
79
|
+
MU.log "Created SNS topic #{topic_name}"
|
|
80
|
+
end
|
|
81
|
+
topicExist(topic_name, region: region, account_number: account_number)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
# Subscribe to a notification group. This can either be an email address, SQS queue, application endpoint, etc...
|
|
85
|
+
# Will create the subscription only if it doesn't already exist.
|
|
86
|
+
# @param arn [String]: The cloud provider's identifier of the notification group.
|
|
87
|
+
# @param protocol [String]: The type of the subscription (eg. email,https, etc..).
|
|
88
|
+
# @param endpoint [String]: The endpoint of the subscription. This will depend on the 'protocol' (as an example if protocol is email, endpoint will be the email address) ..
|
|
89
|
+
# @param region [String]: The cloud provider region.
|
|
90
|
+
def self.subscribe(arn: nil, protocol: nil, endpoint: nil, region: MU.curRegion)
|
|
91
|
+
retries = 0
|
|
92
|
+
begin
|
|
93
|
+
resp = MU::Cloud::AWS.sns(region).list_subscriptions_by_topic(topic_arn: arn).subscriptions
|
|
94
|
+
rescue Aws::SNS::Errors::NotFound
|
|
95
|
+
if retries < 5
|
|
96
|
+
MU.log "Couldn't find topic #{arn}, retrying several times in case of a lagging resource"
|
|
97
|
+
retries += 1
|
|
98
|
+
sleep 30
|
|
99
|
+
retry
|
|
100
|
+
else
|
|
101
|
+
raise MuError, "Couldn't find topic #{arn}, giving up"
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
already_subscribed = false
|
|
106
|
+
if resp && !resp.empty?
|
|
107
|
+
resp.each { |subscription|
|
|
108
|
+
already_subscribed = true if subscription.protocol == protocol && subscription.endpoint == endpoint
|
|
109
|
+
}
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
unless already_subscribed
|
|
113
|
+
MU::Cloud::AWS.sns(region).subscribe(topic_arn: arn, protocol: protocol, endpoint: endpoint)
|
|
114
|
+
MU.log "Subscribed #{endpoint} to SNS topic #{arn}"
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
# Test if a notification group exists
|
|
119
|
+
# Create a new notification group. Will check if the group exists before creating it.
|
|
120
|
+
# @param topic_name [String]: The cloud provider's name for the notification group.
|
|
121
|
+
# @param region [String]: The cloud provider region.
|
|
122
|
+
# @param account_number [String]: The cloud provider account number.
|
|
123
|
+
# @return [string]: The cloud provider's identifier.
|
|
124
|
+
def self.topicExist(topic_name, region: MU.curRegion, account_number: MU.account_number)
|
|
125
|
+
arn = "arn:#{MU::Cloud::AWS.isGovCloud?(region) ? "aws-us-gov" : "aws"}:sns:#{region}:#{account_number}:#{topic_name}"
|
|
126
|
+
match = nil
|
|
127
|
+
MU::Cloud::AWS.sns(region).list_topics.topics.each { |topic|
|
|
128
|
+
if topic.topic_arn == arn
|
|
129
|
+
match = topic.topic_arn
|
|
130
|
+
break
|
|
131
|
+
end
|
|
132
|
+
}
|
|
133
|
+
return match
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
end
|
|
137
|
+
end
|
|
138
|
+
end
|
|
139
|
+
end
|