cloud-mu 1.9.0.pre.beta
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
@@ -0,0 +1,327 @@
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
2
|
+
#
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
6
|
+
#
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module MU
|
16
|
+
class Config
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/dnszone.rb
|
18
|
+
class DNSZone
|
19
|
+
|
20
|
+
# Base configuration schema for a DNSZone
|
21
|
+
# @return [Hash]
|
22
|
+
def self.schema
|
23
|
+
{
|
24
|
+
"type" => "object",
|
25
|
+
"additionalProperties" => false,
|
26
|
+
"description" => "Create a DNS zone in Route 53.",
|
27
|
+
"required" => ["name", "cloud"],
|
28
|
+
"properties" => {
|
29
|
+
"name" => {
|
30
|
+
"type" => "string",
|
31
|
+
"description" => "The domain name to create. Must comply with RFC 1123",
|
32
|
+
"pattern" => "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"
|
33
|
+
},
|
34
|
+
"scrub_mu_isms" => {
|
35
|
+
"type" => "boolean",
|
36
|
+
"default" => false,
|
37
|
+
"description" => "When 'cloud' is set to 'CloudFormation,' use this flag to strip out Mu-specific artifacts (tags, standard userdata, naming conventions, etc) to yield a clean, source-agnostic template."
|
38
|
+
},
|
39
|
+
"private" => {
|
40
|
+
"type" => "boolean",
|
41
|
+
"default" => true,
|
42
|
+
"description" => "Create as a private internal domain, not publicly resolvable."
|
43
|
+
},
|
44
|
+
"all_account_vpcs" => {
|
45
|
+
"type" => "boolean",
|
46
|
+
"default" => true,
|
47
|
+
"description" => "If this zone is private, make sure it is resolvable from all VPCs in this account. Will supercede the list in {MU::Config::BasketofKittens::dnszones.vpcs} for VPCs in this account."
|
48
|
+
},
|
49
|
+
"records" => records_primitive(),
|
50
|
+
"vpcs" => {
|
51
|
+
"type" => "array",
|
52
|
+
"items" => MU::Config::VPC.reference(MU::Config::VPC::NO_SUBNETS, MU::Config::VPC::NO_NAT_OPTS)
|
53
|
+
}
|
54
|
+
}
|
55
|
+
}
|
56
|
+
end
|
57
|
+
|
58
|
+
# Generate a schema definition for a set of DNS records
|
59
|
+
# @param need_target [Boolean]: Whether the target of the record needs to be a required parameter
|
60
|
+
# @param default_type [String]: The type of record to make default (e.g. An, CNAME, etc)
|
61
|
+
# @param need_zone [Boolean]: Whether to explicitly require a zone be declared
|
62
|
+
# @return [Hash]
|
63
|
+
def self.records_primitive(need_target: true, default_type: nil, need_zone: false)
|
64
|
+
dns_records_primitive = {
|
65
|
+
"type" => "array",
|
66
|
+
"maxItems" => 100,
|
67
|
+
"items" => {
|
68
|
+
"type" => "object",
|
69
|
+
"required" => ["target", "type"],
|
70
|
+
"additionalProperties" => false,
|
71
|
+
"description" => "DNS records to create. If specified inside another resource (e.g. {MU::Config::BasketofKittens::servers}, {MU::Config::BasketofKittens::loadbalancers}, or {MU::Config::BasketofKittens::databases}), the record(s) will automatically target that resource.",
|
72
|
+
"properties" => {
|
73
|
+
"override_existing" => {
|
74
|
+
"type" => "boolean",
|
75
|
+
"description" => "If true, this record will overwrite any existing record of the same name and type.",
|
76
|
+
"default" => false
|
77
|
+
},
|
78
|
+
"type" => {
|
79
|
+
"type" => "string",
|
80
|
+
"description" => "The class of DNS record to create. The R53ALIAS type is not traditional DNS, but instead refers to AWS Route53's alias functionality. An R53ALIAS is only valid if the target is an Elastic LoadBalancer, CloudFront, S3 bucket (configured as a public web server), or another record in the same Route53 hosted zone.",
|
81
|
+
"enum" => ["SOA", "A", "TXT", "NS", "CNAME", "MX", "PTR", "SRV", "SPF", "AAAA", "R53ALIAS"],
|
82
|
+
"default_if" => [
|
83
|
+
{
|
84
|
+
"key_is" => "mu_type",
|
85
|
+
"value_is" => "loadbalancer",
|
86
|
+
"set" => "R53ALIAS"
|
87
|
+
},
|
88
|
+
{
|
89
|
+
"key_is" => "mu_type",
|
90
|
+
"value_is" => "database",
|
91
|
+
"set" => "CNAME"
|
92
|
+
},
|
93
|
+
{
|
94
|
+
"key_is" => "mu_type",
|
95
|
+
"value_is" => "server",
|
96
|
+
"set" => "A"
|
97
|
+
}
|
98
|
+
]
|
99
|
+
},
|
100
|
+
"alias_zone" => {
|
101
|
+
"type" => "string",
|
102
|
+
"description" => "If using a type of R53ALIAS, this is the hosted zone ID of the target. Defaults to the zone to which this record is being added."
|
103
|
+
},
|
104
|
+
"deploy_id" => {
|
105
|
+
"type" => "string",
|
106
|
+
"description" => "Look for a resource in another Mu deployment with this id. Requires mu_type",
|
107
|
+
},
|
108
|
+
"mu_type" => {
|
109
|
+
"type" => "string",
|
110
|
+
"description" => "The Mu resource type to search the deployment for.",
|
111
|
+
"enum" => ["loadbalancer", "server", "database", "cache_cluster"]
|
112
|
+
},
|
113
|
+
"target_type" => {
|
114
|
+
"description" => "If the target is a public or a private resource. This only applies to servers/server_pools when using automatic DNS registration. If set to public but the target only has a private address, the private address will be used",
|
115
|
+
"type" => "string",
|
116
|
+
"enum" => ["public", "private"]
|
117
|
+
},
|
118
|
+
"weight" => {
|
119
|
+
"type" => "integer",
|
120
|
+
"description" => "Set the proportion of traffic directed to this target, based on the relative weight of other records with the same DNS name and type."
|
121
|
+
},
|
122
|
+
"region" => MU::Config.region_primitive,
|
123
|
+
"failover" => {
|
124
|
+
"type" => "string",
|
125
|
+
"description" => "Failover classification",
|
126
|
+
"enum" => ["PRIMARY", "SECONDARY"]
|
127
|
+
},
|
128
|
+
"ttl" => {
|
129
|
+
"type" => "integer",
|
130
|
+
"description" => "DNS time-to-live value for query caching.",
|
131
|
+
"default" => 7200
|
132
|
+
},
|
133
|
+
"target" => {
|
134
|
+
"type" => "string",
|
135
|
+
"description" => "The value of this record. Must be valid for the 'type' field, e.g. A records must point to an IP address. If creating a record for an existing deployment, specify the mu_name of the resource, you must also specifiy deploy_id and mu_type",
|
136
|
+
},
|
137
|
+
"name" => {
|
138
|
+
"description" => "Name of the record to create. If not specified, will default to the Mu resource name.",
|
139
|
+
"type" => "string",
|
140
|
+
"pattern" => "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"
|
141
|
+
},
|
142
|
+
"append_environment_name" => {
|
143
|
+
"description" => "If to append the environment name (eg mydnsname.dev.mudomain.com). to the DNS name",
|
144
|
+
"type" => "boolean",
|
145
|
+
"default" => false
|
146
|
+
},
|
147
|
+
"geo_location" => {
|
148
|
+
"type" => "object",
|
149
|
+
"description" => "Set location for location-based routing.",
|
150
|
+
"additionalProperties" => false,
|
151
|
+
"properties" => {
|
152
|
+
"continent_code" => {
|
153
|
+
"type" => "string",
|
154
|
+
"description" => "The code for a continent geo location. Note: only continent locations have a continent code. Specifying continent_code with either country_code or subdivision_code returns an InvalidInput error.",
|
155
|
+
"enum" => ["AF", "AN", "AS", "EU", "OC", "NA", "SA"]
|
156
|
+
},
|
157
|
+
"country_code" => {
|
158
|
+
"type" => "string",
|
159
|
+
"description" => "The code for a country geo location. The default location uses '' for the country code and will match all locations that are not matched by a geo location. All other country codes follow the ISO 3166 two-character code."
|
160
|
+
},
|
161
|
+
"subdivision_code" => {
|
162
|
+
"type" => "string",
|
163
|
+
"description" => "The code for a country's subdivision (e.g., a province of Canada). A subdivision code is only valid with the appropriate country code. Specifying subdivision_code without country_code returns an InvalidInput error."
|
164
|
+
}
|
165
|
+
}
|
166
|
+
},
|
167
|
+
"healthchecks" => {
|
168
|
+
"type" => "array",
|
169
|
+
"items" => {
|
170
|
+
"type" => "object",
|
171
|
+
"required" => ["method", "name"],
|
172
|
+
"additionalProperties" => false,
|
173
|
+
"description" => "Check used to determine instance health for failover routing.",
|
174
|
+
"properties" => {
|
175
|
+
"method" => {
|
176
|
+
"type" => "string",
|
177
|
+
"description" => "The health check method to use",
|
178
|
+
"enum" => ["HTTP", "HTTPS", "HTTP_STR_MATCH", "HTTPS_STR_MATCH", "TCP", "CALCULATED", "CLOUDWATCH_METRIC"]
|
179
|
+
},
|
180
|
+
"port" => {
|
181
|
+
"type" => "integer",
|
182
|
+
"description" => "Port on which this health check should expect to find a working service. For HTTP and HTTP_STR_MATCH this defaults to 80 if the port is not specified. For HTTPS and HTTPS_STR_MATCH this defaults to 443 if the port is not specified.",
|
183
|
+
},
|
184
|
+
"path" => {
|
185
|
+
"type" => "string",
|
186
|
+
"description" => "Path to check for HTTP-based health checks."
|
187
|
+
},
|
188
|
+
"type" => {
|
189
|
+
"type" => "string",
|
190
|
+
"description" => "When using CALCULATED based health checks make sure to set only the CALCULATED health check to primary while setting all other health checks to secondary.",
|
191
|
+
"default" => "primary",
|
192
|
+
"enum" => ["primary", "secondary"]
|
193
|
+
},
|
194
|
+
"name" => {
|
195
|
+
"type" => "string",
|
196
|
+
"description" => "The health check name."
|
197
|
+
},
|
198
|
+
"search_string" => {
|
199
|
+
"type" => "string",
|
200
|
+
"description" => "Path to check for STR_MATCH-based health checks."
|
201
|
+
},
|
202
|
+
"check_interval" => {
|
203
|
+
"type" => "integer",
|
204
|
+
"description" => "The frequency of health checks in seconds.",
|
205
|
+
"default" => 30,
|
206
|
+
"enum" => [10, 30]
|
207
|
+
},
|
208
|
+
"failure_threshold" => {
|
209
|
+
"type" => "integer",
|
210
|
+
"description" => "The number of failed health checks before we consider this entry in failure. Values can be between 1-10.",
|
211
|
+
"default" => 2,
|
212
|
+
"pattern" => "^([1-9]|10)$"
|
213
|
+
},
|
214
|
+
"insufficient_data" => {
|
215
|
+
"type" => "string",
|
216
|
+
"description" => "What should the health check status be set to if there is insufficient data return from the CloudWatch alarm. Used only with CLOUDWATCH_METRIC based health checks.",
|
217
|
+
"enum" => ["Healthy", "Unhealthy", "LastKnownStatus"]
|
218
|
+
},
|
219
|
+
"regions" => {
|
220
|
+
"type" => "array",
|
221
|
+
"description" => "The cloud provider's regions from which to test the status of the health check. If not specified will use all regions. Used only with HTTP/HTTPS/TCP based health checks.",
|
222
|
+
"items" => {
|
223
|
+
"type" => "string"
|
224
|
+
}
|
225
|
+
},
|
226
|
+
"latency" => {
|
227
|
+
"description" => "If to measure and graph latency between the health checkers and the endpoint. Used only with HTTP/HTTPS/TCP based health checks.",
|
228
|
+
"type" => "boolean",
|
229
|
+
"default" => false
|
230
|
+
},
|
231
|
+
"inverted" => {
|
232
|
+
"description" => "If the status of the health check should be inverted, eg. if health check status is healthy but you would like it to be evaluated as not healthy",
|
233
|
+
"type" => "boolean",
|
234
|
+
"default" => false
|
235
|
+
},
|
236
|
+
"enable_sni" => {
|
237
|
+
"description" => "Enabled by default on HTTPS or HTTPS_STR_MATCH",
|
238
|
+
"type" => "boolean",
|
239
|
+
"default" => false,
|
240
|
+
"default_if" => [
|
241
|
+
{
|
242
|
+
"key_is" => "method",
|
243
|
+
"value_is" => "HTTPS",
|
244
|
+
"set" => true
|
245
|
+
},
|
246
|
+
{
|
247
|
+
"key_is" => "method",
|
248
|
+
"value_is" => "HTTPS_STR_MATCH",
|
249
|
+
"set" => true
|
250
|
+
}
|
251
|
+
]
|
252
|
+
},
|
253
|
+
"health_threshold" => {
|
254
|
+
"type" => "integer",
|
255
|
+
"description" => "The minimum number of health checks that must be healthy when configuring a health check of type CALCULATED. Values can be between 0-256.",
|
256
|
+
"default" => 1,
|
257
|
+
"pattern" => "^[\\d]?{3}$"
|
258
|
+
},
|
259
|
+
"health_check_ids" => {
|
260
|
+
"type" => "array",
|
261
|
+
"description" => "The IDs of existing health checks to use when method is set to CALCULATED.",
|
262
|
+
"items" => {
|
263
|
+
"type" => "string"
|
264
|
+
}
|
265
|
+
},
|
266
|
+
"alarm_region" => {
|
267
|
+
"type" => "string",
|
268
|
+
"description" => "The cloud provider's region the cloudwatch alarm was created in. Used with CLOUDWATCH_METRIC health checks"
|
269
|
+
},
|
270
|
+
"alarm_name" => {
|
271
|
+
"type" => "string",
|
272
|
+
"description" => "The cloudwatch alarm name. Used with CLOUDWATCH_METRIC health checks"
|
273
|
+
}
|
274
|
+
}
|
275
|
+
}
|
276
|
+
}
|
277
|
+
}
|
278
|
+
}
|
279
|
+
}
|
280
|
+
|
281
|
+
if !need_target
|
282
|
+
dns_records_primitive["items"]["required"].delete("target")
|
283
|
+
dns_records_primitive["items"]["properties"].delete("target")
|
284
|
+
end
|
285
|
+
|
286
|
+
if need_zone
|
287
|
+
dns_records_primitive["items"]["required"] << "zone"
|
288
|
+
dns_records_primitive["items"]["properties"]["zone"] = {
|
289
|
+
"type" => "object",
|
290
|
+
"additionalProperties" => false,
|
291
|
+
"minProperties" => 1,
|
292
|
+
"description" => "The zone to which to add this record, either as a domain name or as a Route53 zone identifier.",
|
293
|
+
"properties" => {
|
294
|
+
"name" => {
|
295
|
+
"type" => "string",
|
296
|
+
"description" => "The domain name of the DNS zone to which to add this record."
|
297
|
+
},
|
298
|
+
"id" => {
|
299
|
+
"type" => "string",
|
300
|
+
"description" => "The Route53 identifier of the zone to which to add this record."
|
301
|
+
}
|
302
|
+
}
|
303
|
+
}
|
304
|
+
end
|
305
|
+
|
306
|
+
if !default_type.nil?
|
307
|
+
dns_records_primitive["items"]["properties"]["type"]["default"] = default_type
|
308
|
+
dns_records_primitive["items"]["required"].delete("type")
|
309
|
+
end
|
310
|
+
|
311
|
+
return dns_records_primitive
|
312
|
+
end
|
313
|
+
|
314
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::dnszones}, bare and unvalidated.
|
315
|
+
# @param zone [Hash]: The resource to process and validate
|
316
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
317
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
318
|
+
def self.validate(zone, configurator)
|
319
|
+
ok = true
|
320
|
+
ok
|
321
|
+
end
|
322
|
+
# TODO non-local VPCs are valid, but require an account field, which insertKitten doesn't know anything about
|
323
|
+
# if !zone['account'].nil? and zone['account'] != MU.account_number
|
324
|
+
|
325
|
+
end
|
326
|
+
end
|
327
|
+
end
|
@@ -0,0 +1,118 @@
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
2
|
+
#
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
6
|
+
#
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module MU
|
16
|
+
class Config
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/firewall_rule.rb
|
18
|
+
class FirewallRule
|
19
|
+
|
20
|
+
# Base configuration schema for a FirewallRule
|
21
|
+
# @return [Hash]
|
22
|
+
def self.schema
|
23
|
+
{
|
24
|
+
"type" => "object",
|
25
|
+
"required" => ["name"],
|
26
|
+
"additionalProperties" => false,
|
27
|
+
"description" => "Create network-level access controls.",
|
28
|
+
"properties" => {
|
29
|
+
"name" => {"type" => "string"},
|
30
|
+
"vpc_name" => {
|
31
|
+
"type" => "string",
|
32
|
+
"description" => "Backwards-compatibility means of identifying a VPC; see {MU::Config::BasketofKittens::firewall_rules::vpc}"
|
33
|
+
},
|
34
|
+
"vpc_id" => {
|
35
|
+
"type" => "string",
|
36
|
+
"description" => "Backwards-compatibility means of identifying a VPC; see {MU::Config::BasketofKittens::firewall_rules::vpc}"
|
37
|
+
},
|
38
|
+
"vpc" => MU::Config::VPC.reference(MU::Config::VPC::NO_SUBNETS, MU::Config::VPC::NO_NAT_OPTS),
|
39
|
+
"tags" => MU::Config.tags_primitive,
|
40
|
+
"optional_tags" => MU::Config.optional_tags_primitive,
|
41
|
+
"self_referencing" => {
|
42
|
+
"type" => "boolean",
|
43
|
+
"default" => false
|
44
|
+
},
|
45
|
+
"admin" => {
|
46
|
+
"type" => "boolean",
|
47
|
+
"description" => "Internal use only. Flag generic administrative firewall rulesets for use by the Mu Master",
|
48
|
+
"default" => false
|
49
|
+
},
|
50
|
+
"rules" => {
|
51
|
+
"type" => "array",
|
52
|
+
"items" => ruleschema
|
53
|
+
}
|
54
|
+
}
|
55
|
+
}
|
56
|
+
end
|
57
|
+
|
58
|
+
# Generate schema for an individual firewall rule
|
59
|
+
# @return [Hash]
|
60
|
+
def self.ruleschema
|
61
|
+
{
|
62
|
+
"type" => "object",
|
63
|
+
"description" => "Network ingress and/or egress rules.",
|
64
|
+
"additionalProperties" => false,
|
65
|
+
"properties" => {
|
66
|
+
"port_range" => {"type" => "string"},
|
67
|
+
"port" => {"type" => "integer"},
|
68
|
+
"proto" => {
|
69
|
+
"enum" => ["udp", "tcp", "icmp"],
|
70
|
+
"default" => "tcp",
|
71
|
+
"type" => "string"
|
72
|
+
},
|
73
|
+
"ingress" => {
|
74
|
+
"type" => "boolean",
|
75
|
+
"default" => true
|
76
|
+
},
|
77
|
+
"egress" => {
|
78
|
+
"type" => "boolean",
|
79
|
+
"default" => false
|
80
|
+
},
|
81
|
+
"hosts" => {
|
82
|
+
"type" => "array",
|
83
|
+
"items" => MU::Config::CIDR_PRIMITIVE
|
84
|
+
}
|
85
|
+
}
|
86
|
+
}
|
87
|
+
end
|
88
|
+
|
89
|
+
# Schema block for other resources to use when referencing a sibling FirewallRule
|
90
|
+
# @return [Hash]
|
91
|
+
def self.reference
|
92
|
+
{
|
93
|
+
"type" => "array",
|
94
|
+
"items" => {
|
95
|
+
"type" => "object",
|
96
|
+
"additionalProperties" => false,
|
97
|
+
"description" => "Apply one or more network rulesets, defined in this stack or pre-existing, to this resource. Note that if you add a pre-existing ACL to your resource, they must be compatible (e.g. if using VPCs, they must reside in the same VPC).",
|
98
|
+
"minProperties" => 1,
|
99
|
+
"properties" => {
|
100
|
+
"rule_id" => {"type" => "string"},
|
101
|
+
"rule_name" => {"type" => "string"}
|
102
|
+
}
|
103
|
+
}
|
104
|
+
}
|
105
|
+
end
|
106
|
+
|
107
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::firewall_rules}, bare and unvalidated.
|
108
|
+
# @param acl [Hash]: The resource to process and validate
|
109
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
110
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
111
|
+
def self.validate(acl, configurator)
|
112
|
+
ok = true
|
113
|
+
ok
|
114
|
+
end
|
115
|
+
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
2
|
+
#
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License in the root of the folder or at
|
6
|
+
#
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module MU
|
16
|
+
class Config
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/folder.rb
|
18
|
+
class Folder
|
19
|
+
|
20
|
+
# Base configuration schema for a Folder
|
21
|
+
# @return [Hash]
|
22
|
+
def self.schema
|
23
|
+
{
|
24
|
+
"type" => "object",
|
25
|
+
"additionalProperties" => false,
|
26
|
+
"description" => "Set up a cloud provider folder/OU for containing other account-level resources",
|
27
|
+
"properties" => {
|
28
|
+
"name" => { "type" => "string" },
|
29
|
+
}
|
30
|
+
}
|
31
|
+
end
|
32
|
+
|
33
|
+
# Chunk of schema to reference a folder/OU, here to be embedded
|
34
|
+
# into the schemas of other resources.
|
35
|
+
def self.reference
|
36
|
+
{
|
37
|
+
"type" => "object",
|
38
|
+
"description" => "Deploy into or connect with resources in a specific account/project",
|
39
|
+
"minProperties" => 1,
|
40
|
+
"additionalProperties" => false,
|
41
|
+
"properties" => {
|
42
|
+
"id" => {
|
43
|
+
"type" => "string",
|
44
|
+
"description" => "Discover this folder/OU by looking by its cloud provider identifier "
|
45
|
+
},
|
46
|
+
"name" => {
|
47
|
+
"type" => "string",
|
48
|
+
"description" => "Discover this folder/OU by Mu-internal name; typically the shorthand 'name' field of an Folder object declared elsewhere in the deploy, or in another deploy that's being referenced with 'deploy_id'."
|
49
|
+
},
|
50
|
+
"cloud" => MU::Config.cloud_primitive,
|
51
|
+
"deploy_id" => {
|
52
|
+
"type" => "string",
|
53
|
+
"description" => "Search for this folder in an existing Mu deploy; specify a Mu deploy id (e.g. DEMO-DEV-2014111400-NG)."
|
54
|
+
}
|
55
|
+
}
|
56
|
+
}
|
57
|
+
end
|
58
|
+
|
59
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::folder}, bare and unvalidated.
|
60
|
+
# @param folder [Hash]: The resource to process and validate
|
61
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
62
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
63
|
+
def self.validate(folder, configurator)
|
64
|
+
ok = true
|
65
|
+
ok
|
66
|
+
end
|
67
|
+
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,140 @@
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
2
|
+
#
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
6
|
+
#
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module MU
|
16
|
+
class Config
|
17
|
+
# Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/function.rb
|
18
|
+
class Function
|
19
|
+
|
20
|
+
# Base configuration schema for a Function
|
21
|
+
# @return [Hash]
|
22
|
+
def self.schema
|
23
|
+
{
|
24
|
+
"type" => "object",
|
25
|
+
"title" => "Function",
|
26
|
+
"description" => "Create a cloud function.",
|
27
|
+
"required" => ["name", "cloud","runtime","iam_role","handler","code","region"],
|
28
|
+
"additionalProperties" => false,
|
29
|
+
"properties" => {
|
30
|
+
"cloud" => MU::Config.cloud_primitive,
|
31
|
+
"name" => {"type" => "string"},
|
32
|
+
"runtime" => {
|
33
|
+
"type" => "string",
|
34
|
+
"enum" => %w{nodejs nodejs4.3 nodejs6.10 nodejs8.10 java8 python2.7 python3.6 dotnetcore1.0 dotnetcore2.0 dotnetcore2.1 nodejs4.3-edge go1.x}
|
35
|
+
},
|
36
|
+
"iam_role" => {"type" => "string"},
|
37
|
+
"region" => MU::Config.region_primitive,
|
38
|
+
"vpc" => MU::Config::VPC.reference(MU::Config::VPC::ONE_SUBNET+MU::Config::VPC::MANY_SUBNETS, MU::Config::VPC::NO_NAT_OPTS, "all_private"),
|
39
|
+
"handler" => {
|
40
|
+
"type" => "string",
|
41
|
+
"description" => "The function within your code that Lambda calls to begin execution. For Node.js, it is the module-name.export value in your function. For Java, it can be package.class-name::handler or package.class-name. For more information, see https://docs.aws.amazon.com/lambda/latest/dg/java-programming-model-handler-types.html"
|
42
|
+
},
|
43
|
+
"timeout" => {
|
44
|
+
"type" => "integer",
|
45
|
+
"description" => "Maximum run time for an invocation of this function, in seconds",
|
46
|
+
"default" => 3
|
47
|
+
},
|
48
|
+
"tags" => MU::Config.tags_primitive,
|
49
|
+
"optional_tags" => MU::Config.optional_tags_primitive,
|
50
|
+
"memory" => {
|
51
|
+
"type" => "integer",
|
52
|
+
"default" => 128,
|
53
|
+
"description" => "Memory to allocation for function, in MB. The value must be a multiple of 64 MB."
|
54
|
+
},
|
55
|
+
"dependencies" => MU::Config.dependencies_primitive,
|
56
|
+
"triggers" => {
|
57
|
+
"type" => "array",
|
58
|
+
"items" => {
|
59
|
+
"type" => "object",
|
60
|
+
"description" => "Trigger for lambda function",
|
61
|
+
"required" => ["service"],
|
62
|
+
"additionalProperties" => false,
|
63
|
+
"properties" => {
|
64
|
+
"service" => {
|
65
|
+
"type" => "string",
|
66
|
+
"enum" => %w{apigateway events s3 sns sqs dynamodb kinesis ses cognito alexa iot},
|
67
|
+
"description" => "The name of the AWS service that will trigger this function"
|
68
|
+
},
|
69
|
+
"name" => {
|
70
|
+
"type" => "string",
|
71
|
+
"description" => "The name of the API Gateway, Cloudwatch Event, or other event trigger object"
|
72
|
+
}
|
73
|
+
}
|
74
|
+
}
|
75
|
+
},
|
76
|
+
"code" => {
|
77
|
+
"type" => "object",
|
78
|
+
"description" => "Zipped deployment package to upload to Lambda. You must specify either s3_bucket+s3_key or zip_file.",
|
79
|
+
"additionalProperties" => false,
|
80
|
+
"properties" => {
|
81
|
+
"s3_bucket" => {
|
82
|
+
"type" => "string",
|
83
|
+
"description" => "An S3 bucket where the deployment package can be found. Must be used in conjunction with s3_key."
|
84
|
+
},
|
85
|
+
"s3_key" => {
|
86
|
+
"type" => "string",
|
87
|
+
"description" => "Key in s3_bucket where the deployment package can be found. Must be used in conjunction with s3_bucket."
|
88
|
+
},
|
89
|
+
"s3_object_version" => {
|
90
|
+
"type" => "string",
|
91
|
+
"description" => "Specify an S3 object version for the deployment package, instead of the current default"
|
92
|
+
},
|
93
|
+
"zip_file" => {
|
94
|
+
"type" => "string",
|
95
|
+
"description" => "Path to a zipped deployment package to upload."
|
96
|
+
}
|
97
|
+
}
|
98
|
+
},
|
99
|
+
"environment_variable" => {
|
100
|
+
"type" => "array",
|
101
|
+
"minItems" => 1,
|
102
|
+
"items" => {
|
103
|
+
"description" => "environment variables",
|
104
|
+
"type" => "object",
|
105
|
+
"title" => "tags",
|
106
|
+
"required" => ["key", "value"],
|
107
|
+
"additionalProperties" => false,
|
108
|
+
"properties" => {
|
109
|
+
"key" => {
|
110
|
+
"type" => "string",
|
111
|
+
},
|
112
|
+
"value" => {
|
113
|
+
"type" => "string",
|
114
|
+
}
|
115
|
+
}
|
116
|
+
}
|
117
|
+
}
|
118
|
+
}
|
119
|
+
}
|
120
|
+
end
|
121
|
+
|
122
|
+
# Generic pre-processing of {MU::Config::BasketofKittens::functions}, bare and unvalidated.
|
123
|
+
# @param function [Hash]: The resource to process and validate
|
124
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
125
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
126
|
+
def self.validate(function, configurator)
|
127
|
+
ok = true
|
128
|
+
if function['code']['zip_file']
|
129
|
+
if !File.readable?(function['code']['zip_file'])
|
130
|
+
MU.log "Can't read deployment package #{function['code']['zip_file']}", MU::ERR
|
131
|
+
ok = false
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
ok
|
136
|
+
end
|
137
|
+
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|