cloud-mu 3.1.4 → 3.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Dockerfile +5 -1
- data/ansible/roles/mu-windows/README.md +33 -0
- data/ansible/roles/mu-windows/defaults/main.yml +2 -0
- data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
- data/ansible/roles/mu-windows/files/config.xml +76 -0
- data/ansible/roles/mu-windows/handlers/main.yml +2 -0
- data/ansible/roles/mu-windows/meta/main.yml +53 -0
- data/ansible/roles/mu-windows/tasks/main.yml +36 -0
- data/ansible/roles/mu-windows/tests/inventory +2 -0
- data/ansible/roles/mu-windows/tests/test.yml +5 -0
- data/ansible/roles/mu-windows/vars/main.yml +2 -0
- data/bin/mu-adopt +16 -12
- data/bin/mu-azure-tests +57 -0
- data/bin/mu-cleanup +2 -4
- data/bin/mu-configure +52 -0
- data/bin/mu-deploy +3 -3
- data/bin/mu-findstray-tests +25 -0
- data/bin/mu-gen-docs +2 -4
- data/bin/mu-load-config.rb +2 -1
- data/bin/mu-node-manage +15 -16
- data/bin/mu-run-tests +37 -12
- data/cloud-mu.gemspec +5 -3
- data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
- data/cookbooks/mu-tools/libraries/helper.rb +1 -1
- data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
- data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
- data/cookbooks/mu-tools/recipes/eks.rb +2 -2
- data/cookbooks/mu-tools/recipes/selinux.rb +2 -1
- data/cookbooks/mu-tools/recipes/windows-client.rb +163 -164
- data/cookbooks/mu-tools/resources/windows_users.rb +44 -43
- data/extras/clean-stock-amis +25 -19
- data/extras/generate-stock-images +1 -0
- data/extras/image-generators/AWS/win2k12.yaml +18 -13
- data/extras/image-generators/AWS/win2k16.yaml +18 -13
- data/extras/image-generators/AWS/win2k19.yaml +21 -0
- data/modules/mommacat.ru +1 -1
- data/modules/mu.rb +158 -107
- data/modules/mu/adoption.rb +386 -59
- data/modules/mu/cleanup.rb +214 -303
- data/modules/mu/cloud.rb +128 -1632
- data/modules/mu/cloud/database.rb +49 -0
- data/modules/mu/cloud/dnszone.rb +44 -0
- data/modules/mu/cloud/machine_images.rb +212 -0
- data/modules/mu/cloud/providers.rb +81 -0
- data/modules/mu/cloud/resource_base.rb +926 -0
- data/modules/mu/cloud/server.rb +40 -0
- data/modules/mu/cloud/server_pool.rb +1 -0
- data/modules/mu/cloud/ssh_sessions.rb +228 -0
- data/modules/mu/cloud/winrm_sessions.rb +237 -0
- data/modules/mu/cloud/wrappers.rb +169 -0
- data/modules/mu/config.rb +135 -82
- data/modules/mu/config/alarm.rb +2 -6
- data/modules/mu/config/bucket.rb +32 -3
- data/modules/mu/config/cache_cluster.rb +2 -2
- data/modules/mu/config/cdn.rb +100 -0
- data/modules/mu/config/collection.rb +1 -1
- data/modules/mu/config/container_cluster.rb +7 -2
- data/modules/mu/config/database.rb +84 -105
- data/modules/mu/config/database.yml +1 -2
- data/modules/mu/config/dnszone.rb +5 -4
- data/modules/mu/config/doc_helpers.rb +5 -6
- data/modules/mu/config/endpoint.rb +2 -1
- data/modules/mu/config/firewall_rule.rb +3 -19
- data/modules/mu/config/folder.rb +1 -1
- data/modules/mu/config/function.rb +17 -8
- data/modules/mu/config/group.rb +1 -1
- data/modules/mu/config/habitat.rb +1 -1
- data/modules/mu/config/job.rb +89 -0
- data/modules/mu/config/loadbalancer.rb +57 -11
- data/modules/mu/config/log.rb +1 -1
- data/modules/mu/config/msg_queue.rb +1 -1
- data/modules/mu/config/nosqldb.rb +1 -1
- data/modules/mu/config/notifier.rb +8 -19
- data/modules/mu/config/ref.rb +92 -14
- data/modules/mu/config/role.rb +1 -1
- data/modules/mu/config/schema_helpers.rb +38 -37
- data/modules/mu/config/search_domain.rb +1 -1
- data/modules/mu/config/server.rb +12 -13
- data/modules/mu/config/server.yml +1 -0
- data/modules/mu/config/server_pool.rb +3 -7
- data/modules/mu/config/storage_pool.rb +1 -1
- data/modules/mu/config/tail.rb +11 -0
- data/modules/mu/config/user.rb +1 -1
- data/modules/mu/config/vpc.rb +27 -23
- data/modules/mu/config/vpc.yml +0 -1
- data/modules/mu/defaults/AWS.yaml +91 -68
- data/modules/mu/defaults/Azure.yaml +1 -0
- data/modules/mu/defaults/Google.yaml +1 -0
- data/modules/mu/deploy.rb +33 -19
- data/modules/mu/groomer.rb +16 -1
- data/modules/mu/groomers/ansible.rb +123 -21
- data/modules/mu/groomers/chef.rb +64 -11
- data/modules/mu/logger.rb +120 -144
- data/modules/mu/master.rb +97 -4
- data/modules/mu/master/ssl.rb +0 -1
- data/modules/mu/mommacat.rb +154 -867
- data/modules/mu/mommacat/daemon.rb +23 -14
- data/modules/mu/mommacat/naming.rb +110 -3
- data/modules/mu/mommacat/search.rb +495 -0
- data/modules/mu/mommacat/storage.rb +225 -192
- data/modules/mu/{clouds → providers}/README.md +1 -1
- data/modules/mu/{clouds → providers}/aws.rb +281 -64
- data/modules/mu/{clouds → providers}/aws/alarm.rb +3 -3
- data/modules/mu/{clouds → providers}/aws/bucket.rb +275 -41
- data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +14 -50
- data/modules/mu/providers/aws/cdn.rb +782 -0
- data/modules/mu/{clouds → providers}/aws/collection.rb +5 -5
- data/modules/mu/{clouds → providers}/aws/container_cluster.rb +708 -749
- data/modules/mu/providers/aws/database.rb +1744 -0
- data/modules/mu/{clouds → providers}/aws/dnszone.rb +75 -57
- data/modules/mu/providers/aws/endpoint.rb +1072 -0
- data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +212 -242
- data/modules/mu/{clouds → providers}/aws/folder.rb +1 -1
- data/modules/mu/{clouds → providers}/aws/function.rb +289 -134
- data/modules/mu/{clouds → providers}/aws/group.rb +18 -20
- data/modules/mu/{clouds → providers}/aws/habitat.rb +3 -3
- data/modules/mu/providers/aws/job.rb +466 -0
- data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +50 -41
- data/modules/mu/{clouds → providers}/aws/log.rb +5 -5
- data/modules/mu/{clouds → providers}/aws/msg_queue.rb +14 -11
- data/modules/mu/{clouds → providers}/aws/nosqldb.rb +96 -5
- data/modules/mu/{clouds → providers}/aws/notifier.rb +135 -63
- data/modules/mu/{clouds → providers}/aws/role.rb +94 -57
- data/modules/mu/{clouds → providers}/aws/search_domain.rb +173 -42
- data/modules/mu/{clouds → providers}/aws/server.rb +782 -1107
- data/modules/mu/{clouds → providers}/aws/server_pool.rb +36 -46
- data/modules/mu/{clouds → providers}/aws/storage_pool.rb +21 -38
- data/modules/mu/{clouds → providers}/aws/user.rb +12 -16
- data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +5 -4
- data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +2 -1
- data/modules/mu/{clouds → providers}/aws/vpc.rb +429 -849
- data/modules/mu/providers/aws/vpc_subnet.rb +286 -0
- data/modules/mu/{clouds → providers}/azure.rb +13 -0
- data/modules/mu/{clouds → providers}/azure/container_cluster.rb +1 -5
- data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +8 -1
- data/modules/mu/{clouds → providers}/azure/habitat.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/role.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/server.rb +32 -24
- data/modules/mu/{clouds → providers}/azure/user.rb +1 -1
- data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
- data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
- data/modules/mu/{clouds → providers}/azure/vpc.rb +4 -6
- data/modules/mu/{clouds → providers}/cloudformation.rb +10 -0
- data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
- data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
- data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
- data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +3 -3
- data/modules/mu/{clouds → providers}/docker.rb +0 -0
- data/modules/mu/{clouds → providers}/google.rb +29 -6
- data/modules/mu/{clouds → providers}/google/bucket.rb +5 -5
- data/modules/mu/{clouds → providers}/google/container_cluster.rb +59 -37
- data/modules/mu/{clouds → providers}/google/database.rb +5 -12
- data/modules/mu/{clouds → providers}/google/firewall_rule.rb +5 -5
- data/modules/mu/{clouds → providers}/google/folder.rb +5 -9
- data/modules/mu/{clouds → providers}/google/function.rb +14 -8
- data/modules/mu/{clouds → providers}/google/group.rb +9 -17
- data/modules/mu/{clouds → providers}/google/habitat.rb +4 -8
- data/modules/mu/{clouds → providers}/google/loadbalancer.rb +5 -5
- data/modules/mu/{clouds → providers}/google/role.rb +50 -31
- data/modules/mu/{clouds → providers}/google/server.rb +142 -55
- data/modules/mu/{clouds → providers}/google/server_pool.rb +14 -14
- data/modules/mu/{clouds → providers}/google/user.rb +34 -24
- data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
- data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
- data/modules/mu/{clouds → providers}/google/vpc.rb +46 -15
- data/modules/tests/aws-jobs-functions.yaml +46 -0
- data/modules/tests/centos6.yaml +15 -0
- data/modules/tests/centos7.yaml +15 -0
- data/modules/tests/centos8.yaml +12 -0
- data/modules/tests/ecs.yaml +23 -0
- data/modules/tests/eks.yaml +1 -1
- data/modules/tests/functions/node-function/lambda_function.js +10 -0
- data/modules/tests/functions/python-function/lambda_function.py +12 -0
- data/modules/tests/includes-and-params.yaml +2 -1
- data/modules/tests/microservice_app.yaml +288 -0
- data/modules/tests/rds.yaml +108 -0
- data/modules/tests/regrooms/rds.yaml +123 -0
- data/modules/tests/server-with-scrub-muisms.yaml +2 -1
- data/modules/tests/super_complex_bok.yml +2 -2
- data/modules/tests/super_simple_bok.yml +3 -5
- data/modules/tests/win2k12.yaml +25 -0
- data/modules/tests/win2k16.yaml +25 -0
- data/modules/tests/win2k19.yaml +25 -0
- data/requirements.txt +1 -0
- data/spec/mu/clouds/azure_spec.rb +2 -2
- metadata +169 -93
- data/extras/image-generators/AWS/windows.yaml +0 -18
- data/modules/mu/clouds/aws/database.rb +0 -1974
- data/modules/mu/clouds/aws/endpoint.rb +0 -596
- data/modules/tests/needwork/win2k12.yaml +0 -13
@@ -0,0 +1,15 @@
|
|
1
|
+
# groomers: Chef
|
2
|
+
---
|
3
|
+
appname: smoketest
|
4
|
+
vpcs:
|
5
|
+
- name: wrapper
|
6
|
+
servers:
|
7
|
+
- name: centos6
|
8
|
+
vpc:
|
9
|
+
name: wrapper
|
10
|
+
platform: centos6
|
11
|
+
size: m3.medium
|
12
|
+
run_list:
|
13
|
+
- recipe[mu-tools::apply_security]
|
14
|
+
- recipe[mu-tools::updates]
|
15
|
+
- recipe[mu-tools::split_var_partitions]
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# groomers: Chef
|
2
|
+
---
|
3
|
+
appname: smoketest
|
4
|
+
vpcs:
|
5
|
+
- name: wrapper
|
6
|
+
servers:
|
7
|
+
- name: centos7
|
8
|
+
platform: centos7
|
9
|
+
vpc:
|
10
|
+
name: wrapper
|
11
|
+
size: m3.medium
|
12
|
+
run_list:
|
13
|
+
- recipe[mu-tools::apply_security]
|
14
|
+
- recipe[mu-tools::updates]
|
15
|
+
- recipe[mu-tools::split_var_partitions]
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# groomers: Chef
|
2
|
+
# clouds: Azure, Google
|
3
|
+
---
|
4
|
+
appname: smoketest
|
5
|
+
servers:
|
6
|
+
- name: centos8
|
7
|
+
platform: centos8
|
8
|
+
size: m3.medium
|
9
|
+
run_list:
|
10
|
+
- recipe[mu-tools::apply_security]
|
11
|
+
- recipe[mu-tools::updates]
|
12
|
+
- recipe[mu-tools::split_var_partitions]
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# Test ECS
|
2
|
+
# clouds: AWS
|
3
|
+
---
|
4
|
+
appname: smoketest
|
5
|
+
vpcs:
|
6
|
+
- name: ecs
|
7
|
+
container_clusters:
|
8
|
+
- name: ecsplain
|
9
|
+
flavor: ECS
|
10
|
+
instance_type: t3.medium
|
11
|
+
vpc:
|
12
|
+
name: ecs
|
13
|
+
containers:
|
14
|
+
- name: nginx
|
15
|
+
image: "nginx:1.8"
|
16
|
+
- name: ecsfargate
|
17
|
+
flavor: Fargate
|
18
|
+
instance_type: t3.medium
|
19
|
+
vpc:
|
20
|
+
name: ecs
|
21
|
+
containers:
|
22
|
+
- name: nginx
|
23
|
+
image: "nginx:1.8"
|
data/modules/tests/eks.yaml
CHANGED
@@ -0,0 +1,10 @@
|
|
1
|
+
console.log('Loading function');
|
2
|
+
|
3
|
+
exports.handler = async (event, context) => {
|
4
|
+
//console.log('Received event:', JSON.stringify(event, null, 2));
|
5
|
+
console.log('value1 =', event.key1);
|
6
|
+
console.log('value2 =', event.key2);
|
7
|
+
console.log('value3 =', event.key3);
|
8
|
+
return event.key1; // Echo back the first key value
|
9
|
+
// throw new Error('Something went wrong');
|
10
|
+
};
|
@@ -0,0 +1,12 @@
|
|
1
|
+
import json
|
2
|
+
|
3
|
+
print('Loading function')
|
4
|
+
|
5
|
+
|
6
|
+
def lambda_handler(event, context):
|
7
|
+
#print("Received event: " + json.dumps(event, indent=2))
|
8
|
+
print("value1 = " + event['key1'])
|
9
|
+
print("value2 = " + event['key2'])
|
10
|
+
print("value3 = " + event['key3'])
|
11
|
+
return event['key1'] # Echo back the first key value
|
12
|
+
#raise Exception('Something went wrong')
|
@@ -7,7 +7,7 @@ appname: smoketest
|
|
7
7
|
parameters:
|
8
8
|
- name: instancesize
|
9
9
|
prettyname: "Instance Size"
|
10
|
-
default: <%= $environment == "prod" ? "
|
10
|
+
default: <%= $environment == "prod" ? "m4.large" : "t2.small" %>
|
11
11
|
<%= include("poolparams-include.inc") %>
|
12
12
|
vpcs:
|
13
13
|
- name: parsemess
|
@@ -18,6 +18,7 @@ server_pools:
|
|
18
18
|
- name: svr
|
19
19
|
cloud: AWS
|
20
20
|
ssh_user: ec2-user
|
21
|
+
platform: amazon
|
21
22
|
tags:
|
22
23
|
- key: Env
|
23
24
|
value: <%= env %>
|
@@ -0,0 +1,288 @@
|
|
1
|
+
# Old Sitemonitor, with serial numbers and code filed off. This will *only*
|
2
|
+
# work on our own Labs sandbox, unless you feed it a different domain name to
|
3
|
+
# play in.
|
4
|
+
# clouds: AWS
|
5
|
+
---
|
6
|
+
appname: SMOKETEST
|
7
|
+
parameters:
|
8
|
+
- name: domain
|
9
|
+
default: "sandbox.egt-labs.com" # this must exist as a Route53 zone and have a corresponding wildcard ACM or IAM SSL certificate
|
10
|
+
jobs:
|
11
|
+
- name: clear-scan-data
|
12
|
+
schedule:
|
13
|
+
minute: '0'
|
14
|
+
hour: '1'
|
15
|
+
day_of_month: '*'
|
16
|
+
month: "*"
|
17
|
+
day_of_week: "?"
|
18
|
+
year: "*"
|
19
|
+
targets:
|
20
|
+
- type: functions
|
21
|
+
name: empty-out-table
|
22
|
+
- name: run-scans
|
23
|
+
schedule:
|
24
|
+
minute: '0'
|
25
|
+
hour: '2'
|
26
|
+
day_of_month: '*'
|
27
|
+
month: "*"
|
28
|
+
day_of_week: "?"
|
29
|
+
year: "*"
|
30
|
+
targets:
|
31
|
+
- type: functions
|
32
|
+
name: queue-domains
|
33
|
+
|
34
|
+
cdns:
|
35
|
+
- name: front
|
36
|
+
origins:
|
37
|
+
- name: default
|
38
|
+
bucket:
|
39
|
+
name: bucket
|
40
|
+
certificate:
|
41
|
+
name: "*.<%= domain %>"
|
42
|
+
dns_records:
|
43
|
+
- zone:
|
44
|
+
name: <%= domain %>
|
45
|
+
behaviors:
|
46
|
+
- origin: default
|
47
|
+
forwarded_values:
|
48
|
+
headers:
|
49
|
+
- Origin
|
50
|
+
- Access-Control-Request-Headers
|
51
|
+
- Access-Control-Request-Method
|
52
|
+
- Access-Control-Allow-Origin
|
53
|
+
|
54
|
+
roles:
|
55
|
+
- name: dynamostream-to-es
|
56
|
+
can_assume:
|
57
|
+
- assume_method: basic
|
58
|
+
entity_type: service
|
59
|
+
entity_id: lambda.amazonaws.com
|
60
|
+
attachable_policies:
|
61
|
+
- id: AWSLambdaInvocation-DynamoDB
|
62
|
+
- id: AWSLambdaBasicExecutionRole
|
63
|
+
policies:
|
64
|
+
- name: allow_es_posting
|
65
|
+
permissions:
|
66
|
+
- es:ESHttpPost
|
67
|
+
targets:
|
68
|
+
- identifier: domains-scan-data
|
69
|
+
type: search_domain
|
70
|
+
path: "/*"
|
71
|
+
- name: empty-out-table
|
72
|
+
can_assume:
|
73
|
+
- assume_method: basic
|
74
|
+
entity_type: service
|
75
|
+
entity_id: lambda.amazonaws.com
|
76
|
+
attachable_policies:
|
77
|
+
- id: AmazonDynamoDBFullAccess
|
78
|
+
- id: AWSLambdaBasicExecutionRole
|
79
|
+
- name: on-demand-scanner
|
80
|
+
can_assume:
|
81
|
+
- assume_method: basic
|
82
|
+
entity_type: service
|
83
|
+
entity_id: lambda.amazonaws.com
|
84
|
+
attachable_policies:
|
85
|
+
- id: AmazonDynamoDBFullAccess
|
86
|
+
- id: AWSLambdaBasicExecutionRole
|
87
|
+
- name: queue-domains
|
88
|
+
can_assume:
|
89
|
+
- assume_method: basic
|
90
|
+
entity_type: service
|
91
|
+
entity_id: lambda.amazonaws.com
|
92
|
+
attachable_policies:
|
93
|
+
- id: AmazonDynamoDBFullAccess
|
94
|
+
- id: AmazonSNSFullAccess
|
95
|
+
- id: AWSLambdaBasicExecutionRole
|
96
|
+
- name: scheduled-scanner
|
97
|
+
can_assume:
|
98
|
+
- assume_method: basic
|
99
|
+
entity_type: service
|
100
|
+
entity_id: lambda.amazonaws.com
|
101
|
+
attachable_policies:
|
102
|
+
- id: AmazonDynamoDBFullAccess
|
103
|
+
- id: AWSLambdaBasicExecutionRole
|
104
|
+
|
105
|
+
notifiers:
|
106
|
+
- name: publish-domains
|
107
|
+
subscriptions:
|
108
|
+
- type: lambda
|
109
|
+
resource:
|
110
|
+
type: functions
|
111
|
+
name: scheduled-scanner
|
112
|
+
|
113
|
+
functions:
|
114
|
+
- name: dynamostream-to-es
|
115
|
+
handler: lambda_function.lambda_handler
|
116
|
+
memory: 128
|
117
|
+
runtime: python2.7
|
118
|
+
timeout: 900
|
119
|
+
code:
|
120
|
+
path: functions/python-function
|
121
|
+
role:
|
122
|
+
name: dynamostream-to-es
|
123
|
+
type: roles
|
124
|
+
triggers:
|
125
|
+
- service: dynamodb
|
126
|
+
name: scan-data
|
127
|
+
dependencies:
|
128
|
+
- type: search_domain
|
129
|
+
name: domains-scan-data
|
130
|
+
phase: groom
|
131
|
+
- name: empty-out-table
|
132
|
+
handler: lambda_function.lambda_handler
|
133
|
+
memory: 128
|
134
|
+
runtime: python3.6
|
135
|
+
timeout: 300
|
136
|
+
code:
|
137
|
+
path: functions/python-function
|
138
|
+
environment_variable:
|
139
|
+
- key: table
|
140
|
+
value: scandata
|
141
|
+
role:
|
142
|
+
name: empty-out-table
|
143
|
+
type: roles
|
144
|
+
dependencies:
|
145
|
+
- type: nosqldb
|
146
|
+
name: scan-data
|
147
|
+
- type: nosqldb
|
148
|
+
name: domain-list
|
149
|
+
- name: on-demand-scanner
|
150
|
+
handler: lambda_function.lambda_handler
|
151
|
+
memory: 128
|
152
|
+
runtime: python3.6
|
153
|
+
timeout: 900
|
154
|
+
code:
|
155
|
+
path: functions/python-function
|
156
|
+
role:
|
157
|
+
name: on-demand-scanner
|
158
|
+
type: roles
|
159
|
+
dependencies:
|
160
|
+
- type: nosqldb
|
161
|
+
name: scan-data
|
162
|
+
triggers:
|
163
|
+
- service: apigateway
|
164
|
+
name: api
|
165
|
+
- name: queue-domains
|
166
|
+
handler: lambda_function.lambda_handler
|
167
|
+
memory: 128
|
168
|
+
runtime: python3.6
|
169
|
+
timeout: 900
|
170
|
+
code:
|
171
|
+
path: functions/python-function
|
172
|
+
role:
|
173
|
+
name: queue-domains
|
174
|
+
type: roles
|
175
|
+
invoke_on_completion:
|
176
|
+
invocation_type: "RequestResponse"
|
177
|
+
permissions:
|
178
|
+
- basic
|
179
|
+
- dynamo
|
180
|
+
dependencies:
|
181
|
+
- type: function
|
182
|
+
name: dynamostream-to-es
|
183
|
+
- type: nosqldb
|
184
|
+
name: domain-list
|
185
|
+
- type: nosqldb
|
186
|
+
name: scan-data
|
187
|
+
- type: notifier
|
188
|
+
name: publish-domains
|
189
|
+
phase: groom
|
190
|
+
- name: scheduled-scanner
|
191
|
+
handler: lambda_function.lambda_handler
|
192
|
+
memory: 256
|
193
|
+
runtime: python3.6
|
194
|
+
timeout: 900
|
195
|
+
code:
|
196
|
+
path: functions/python-function
|
197
|
+
role:
|
198
|
+
name: scheduled-scanner
|
199
|
+
type: roles
|
200
|
+
dependencies:
|
201
|
+
- type: nosqldb
|
202
|
+
name: scan-data
|
203
|
+
triggers:
|
204
|
+
- service: sns
|
205
|
+
name: publish-domains
|
206
|
+
|
207
|
+
endpoints:
|
208
|
+
- name: api
|
209
|
+
deploy_to: production
|
210
|
+
log_requests: true
|
211
|
+
methods:
|
212
|
+
- path: "/"
|
213
|
+
type: POST
|
214
|
+
cors: "*"
|
215
|
+
responses:
|
216
|
+
- code: 200
|
217
|
+
body:
|
218
|
+
- is_error: false
|
219
|
+
content_type: application/json
|
220
|
+
integrate_with:
|
221
|
+
name: on-demand-scanner
|
222
|
+
type: functions
|
223
|
+
integration_http_method: POST
|
224
|
+
async: true
|
225
|
+
backend_http_method: POST
|
226
|
+
passthrough_behavior: WHEN_NO_MATCH
|
227
|
+
domain_names:
|
228
|
+
- dns_record:
|
229
|
+
zone:
|
230
|
+
name: <%= domain %>
|
231
|
+
certificate:
|
232
|
+
name: "*.<%= domain %>"
|
233
|
+
|
234
|
+
buckets:
|
235
|
+
- name: bucket
|
236
|
+
web: false
|
237
|
+
cors:
|
238
|
+
- allowed_methods:
|
239
|
+
- GET
|
240
|
+
- POST
|
241
|
+
allowed_origins:
|
242
|
+
- "*"
|
243
|
+
upload:
|
244
|
+
# - source: "code/build"
|
245
|
+
- source: "functions"
|
246
|
+
destination: "/"
|
247
|
+
|
248
|
+
search_domains:
|
249
|
+
- name: domains-scan-data
|
250
|
+
elasticsearch_version: '7.4'
|
251
|
+
instance_count: 1
|
252
|
+
instance_type: r5.large.elasticsearch
|
253
|
+
ebs_size: 10
|
254
|
+
ebs_type: gp2
|
255
|
+
access_policies:
|
256
|
+
Version: '2012-10-17'
|
257
|
+
Statement:
|
258
|
+
- Effect: Allow
|
259
|
+
Principal:
|
260
|
+
AWS: "*"
|
261
|
+
Action: es:ESHttp*
|
262
|
+
nosqldbs:
|
263
|
+
- name: scan-data
|
264
|
+
read_capacity: 25
|
265
|
+
write_capacity: 25
|
266
|
+
attributes:
|
267
|
+
- name: domain
|
268
|
+
type: S
|
269
|
+
primary_partition: true
|
270
|
+
- name: last_scanned_date
|
271
|
+
type: S
|
272
|
+
primary_sort: true
|
273
|
+
stream: NEW_IMAGE
|
274
|
+
- name: domain-list
|
275
|
+
read_capacity: 100
|
276
|
+
write_capacity: 1
|
277
|
+
attributes:
|
278
|
+
- name: business_owner
|
279
|
+
type: S
|
280
|
+
primary_sort: true
|
281
|
+
- name: domain
|
282
|
+
type: S
|
283
|
+
primary_partition: true
|
284
|
+
populate:
|
285
|
+
- business_owner: TetraTech
|
286
|
+
staff_division: eGT
|
287
|
+
operational_division: eGTLabs
|
288
|
+
domain: egt-labs.com
|
@@ -0,0 +1,108 @@
|
|
1
|
+
# clouds: AWS
|
2
|
+
---
|
3
|
+
appname: smoketest
|
4
|
+
vpcs:
|
5
|
+
- name: rdstests
|
6
|
+
databases:
|
7
|
+
- name: pgcluster
|
8
|
+
size: db.t3.medium
|
9
|
+
engine: postgres
|
10
|
+
engine_version: "10"
|
11
|
+
auto_minor_version_upgrade: true
|
12
|
+
backup_retention_period: 10
|
13
|
+
cluster_node_count: 2
|
14
|
+
create_cluster: true
|
15
|
+
cluster_parameter_group_parameters:
|
16
|
+
- name: log_disconnections
|
17
|
+
value: "0"
|
18
|
+
vpc:
|
19
|
+
name: rdstests
|
20
|
+
master_user: Bob
|
21
|
+
|
22
|
+
#- name: mysqlcluster
|
23
|
+
# size: db.t3.medium
|
24
|
+
# engine: aurora
|
25
|
+
# cluster_mode: serverless
|
26
|
+
# create_cluster: true
|
27
|
+
# vpc:
|
28
|
+
# name: rdstests
|
29
|
+
|
30
|
+
- name: maria-base
|
31
|
+
size: db.t3.small
|
32
|
+
engine: mariadb
|
33
|
+
db_parameter_group_parameters:
|
34
|
+
- name: autocommit
|
35
|
+
value: "0"
|
36
|
+
vpc:
|
37
|
+
name: rdstests
|
38
|
+
region: us-east-1
|
39
|
+
create_read_replica: true
|
40
|
+
allow_major_version_upgrade: true
|
41
|
+
read_replica_region: us-east-2
|
42
|
+
cloudwatch_logs:
|
43
|
+
- slowquery
|
44
|
+
multi_az_on_create: true
|
45
|
+
master_user: Bob
|
46
|
+
- name: maria-from-snap
|
47
|
+
size: db.t3.small
|
48
|
+
engine: mariadb
|
49
|
+
vpc:
|
50
|
+
name: rdstests
|
51
|
+
creation_style: new_snapshot
|
52
|
+
source:
|
53
|
+
name: maria-base
|
54
|
+
- name: maria-point-in-time
|
55
|
+
creation_style: point_in_time
|
56
|
+
size: db.t2.micro
|
57
|
+
engine: mariadb
|
58
|
+
cloudwatch_logs:
|
59
|
+
- error
|
60
|
+
- general
|
61
|
+
source:
|
62
|
+
name: maria-base
|
63
|
+
vpc:
|
64
|
+
name: rdstests
|
65
|
+
|
66
|
+
- name: oracle-base
|
67
|
+
size: db.m5.large
|
68
|
+
engine: oracle
|
69
|
+
vpc:
|
70
|
+
name: rdstests
|
71
|
+
- name: oracle-from-snap
|
72
|
+
size: db.m5.large
|
73
|
+
engine: oracle
|
74
|
+
vpc:
|
75
|
+
name: rdstests
|
76
|
+
creation_style: new_snapshot
|
77
|
+
source:
|
78
|
+
name: oracle-base
|
79
|
+
- name: oracle-point-in-time
|
80
|
+
size: db.m5.large
|
81
|
+
engine: oracle
|
82
|
+
vpc:
|
83
|
+
name: rdstests
|
84
|
+
creation_style: point_in_time
|
85
|
+
source:
|
86
|
+
name: oracle-base
|
87
|
+
|
88
|
+
- name: sqlserver-base
|
89
|
+
size: db.t3.small
|
90
|
+
engine: sqlserver-ex
|
91
|
+
vpc:
|
92
|
+
name: rdstests
|
93
|
+
- name: sqlserver-from-snap
|
94
|
+
size: db.t3.small
|
95
|
+
engine: sqlserver-ex
|
96
|
+
vpc:
|
97
|
+
name: rdstests
|
98
|
+
creation_style: new_snapshot
|
99
|
+
source:
|
100
|
+
name: sqlserver-base
|
101
|
+
- name: sqlserver-point-in-time
|
102
|
+
size: db.t3.small
|
103
|
+
engine: sqlserver-ex
|
104
|
+
vpc:
|
105
|
+
name: rdstests
|
106
|
+
creation_style: point_in_time
|
107
|
+
source:
|
108
|
+
name: sqlserver-base
|