cloud-mu 3.1.5 → 3.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Dockerfile +5 -1
- data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
- data/ansible/roles/mu-windows/files/config.xml +76 -0
- data/ansible/roles/mu-windows/tasks/main.yml +16 -0
- data/bin/mu-adopt +16 -12
- data/bin/mu-azure-tests +57 -0
- data/bin/mu-cleanup +2 -4
- data/bin/mu-configure +52 -0
- data/bin/mu-deploy +3 -3
- data/bin/mu-findstray-tests +25 -0
- data/bin/mu-gen-docs +2 -4
- data/bin/mu-load-config.rb +2 -1
- data/bin/mu-node-manage +15 -16
- data/bin/mu-run-tests +37 -12
- data/cloud-mu.gemspec +3 -3
- data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
- data/cookbooks/mu-tools/libraries/helper.rb +1 -1
- data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
- data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
- data/cookbooks/mu-tools/recipes/eks.rb +2 -2
- data/cookbooks/mu-tools/recipes/windows-client.rb +25 -22
- data/extras/clean-stock-amis +25 -19
- data/extras/generate-stock-images +1 -0
- data/extras/image-generators/AWS/win2k12.yaml +2 -0
- data/extras/image-generators/AWS/win2k16.yaml +2 -0
- data/extras/image-generators/AWS/win2k19.yaml +2 -0
- data/modules/mommacat.ru +1 -1
- data/modules/mu.rb +86 -98
- data/modules/mu/adoption.rb +373 -58
- data/modules/mu/cleanup.rb +214 -303
- data/modules/mu/cloud.rb +128 -1733
- data/modules/mu/cloud/database.rb +49 -0
- data/modules/mu/cloud/dnszone.rb +44 -0
- data/modules/mu/cloud/machine_images.rb +212 -0
- data/modules/mu/cloud/providers.rb +81 -0
- data/modules/mu/cloud/resource_base.rb +929 -0
- data/modules/mu/cloud/server.rb +40 -0
- data/modules/mu/cloud/server_pool.rb +1 -0
- data/modules/mu/cloud/ssh_sessions.rb +228 -0
- data/modules/mu/cloud/winrm_sessions.rb +237 -0
- data/modules/mu/cloud/wrappers.rb +169 -0
- data/modules/mu/config.rb +123 -81
- data/modules/mu/config/alarm.rb +2 -6
- data/modules/mu/config/bucket.rb +32 -3
- data/modules/mu/config/cache_cluster.rb +2 -2
- data/modules/mu/config/cdn.rb +100 -0
- data/modules/mu/config/collection.rb +1 -1
- data/modules/mu/config/container_cluster.rb +7 -2
- data/modules/mu/config/database.rb +84 -105
- data/modules/mu/config/database.yml +1 -2
- data/modules/mu/config/dnszone.rb +5 -4
- data/modules/mu/config/doc_helpers.rb +5 -6
- data/modules/mu/config/endpoint.rb +2 -1
- data/modules/mu/config/firewall_rule.rb +3 -19
- data/modules/mu/config/folder.rb +1 -1
- data/modules/mu/config/function.rb +17 -8
- data/modules/mu/config/group.rb +1 -1
- data/modules/mu/config/habitat.rb +1 -1
- data/modules/mu/config/job.rb +89 -0
- data/modules/mu/config/loadbalancer.rb +57 -11
- data/modules/mu/config/log.rb +1 -1
- data/modules/mu/config/msg_queue.rb +1 -1
- data/modules/mu/config/nosqldb.rb +1 -1
- data/modules/mu/config/notifier.rb +8 -19
- data/modules/mu/config/ref.rb +92 -14
- data/modules/mu/config/role.rb +1 -1
- data/modules/mu/config/schema_helpers.rb +38 -37
- data/modules/mu/config/search_domain.rb +1 -1
- data/modules/mu/config/server.rb +12 -13
- data/modules/mu/config/server_pool.rb +3 -7
- data/modules/mu/config/storage_pool.rb +1 -1
- data/modules/mu/config/tail.rb +11 -0
- data/modules/mu/config/user.rb +1 -1
- data/modules/mu/config/vpc.rb +27 -23
- data/modules/mu/config/vpc.yml +0 -1
- data/modules/mu/defaults/AWS.yaml +90 -90
- data/modules/mu/defaults/Azure.yaml +1 -0
- data/modules/mu/defaults/Google.yaml +1 -0
- data/modules/mu/deploy.rb +34 -20
- data/modules/mu/groomer.rb +16 -1
- data/modules/mu/groomers/ansible.rb +69 -4
- data/modules/mu/groomers/chef.rb +51 -4
- data/modules/mu/logger.rb +120 -144
- data/modules/mu/master.rb +97 -4
- data/modules/mu/mommacat.rb +160 -874
- data/modules/mu/mommacat/daemon.rb +23 -14
- data/modules/mu/mommacat/naming.rb +110 -3
- data/modules/mu/mommacat/search.rb +497 -0
- data/modules/mu/mommacat/storage.rb +252 -194
- data/modules/mu/{clouds → providers}/README.md +1 -1
- data/modules/mu/{clouds → providers}/aws.rb +258 -57
- data/modules/mu/{clouds → providers}/aws/alarm.rb +3 -3
- data/modules/mu/{clouds → providers}/aws/bucket.rb +275 -41
- data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +14 -50
- data/modules/mu/providers/aws/cdn.rb +782 -0
- data/modules/mu/{clouds → providers}/aws/collection.rb +5 -5
- data/modules/mu/{clouds → providers}/aws/container_cluster.rb +95 -84
- data/modules/mu/providers/aws/database.rb +1744 -0
- data/modules/mu/{clouds → providers}/aws/dnszone.rb +26 -12
- data/modules/mu/providers/aws/endpoint.rb +1072 -0
- data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +39 -32
- data/modules/mu/{clouds → providers}/aws/folder.rb +1 -1
- data/modules/mu/{clouds → providers}/aws/function.rb +289 -134
- data/modules/mu/{clouds → providers}/aws/group.rb +18 -20
- data/modules/mu/{clouds → providers}/aws/habitat.rb +3 -3
- data/modules/mu/providers/aws/job.rb +466 -0
- data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +77 -47
- data/modules/mu/{clouds → providers}/aws/log.rb +5 -5
- data/modules/mu/{clouds → providers}/aws/msg_queue.rb +14 -11
- data/modules/mu/{clouds → providers}/aws/nosqldb.rb +96 -5
- data/modules/mu/{clouds → providers}/aws/notifier.rb +135 -63
- data/modules/mu/{clouds → providers}/aws/role.rb +76 -48
- data/modules/mu/{clouds → providers}/aws/search_domain.rb +172 -41
- data/modules/mu/{clouds → providers}/aws/server.rb +66 -98
- data/modules/mu/{clouds → providers}/aws/server_pool.rb +42 -60
- data/modules/mu/{clouds → providers}/aws/storage_pool.rb +21 -38
- data/modules/mu/{clouds → providers}/aws/user.rb +12 -16
- data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +5 -4
- data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +0 -0
- data/modules/mu/{clouds → providers}/aws/vpc.rb +143 -74
- data/modules/mu/{clouds → providers}/aws/vpc_subnet.rb +0 -0
- data/modules/mu/{clouds → providers}/azure.rb +13 -0
- data/modules/mu/{clouds → providers}/azure/container_cluster.rb +1 -5
- data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +8 -1
- data/modules/mu/{clouds → providers}/azure/habitat.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/role.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/server.rb +32 -24
- data/modules/mu/{clouds → providers}/azure/user.rb +1 -1
- data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
- data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
- data/modules/mu/{clouds → providers}/azure/vpc.rb +4 -6
- data/modules/mu/{clouds → providers}/cloudformation.rb +10 -0
- data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
- data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
- data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
- data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +3 -3
- data/modules/mu/{clouds → providers}/docker.rb +0 -0
- data/modules/mu/{clouds → providers}/google.rb +29 -6
- data/modules/mu/{clouds → providers}/google/bucket.rb +4 -4
- data/modules/mu/{clouds → providers}/google/container_cluster.rb +38 -20
- data/modules/mu/{clouds → providers}/google/database.rb +5 -12
- data/modules/mu/{clouds → providers}/google/firewall_rule.rb +5 -5
- data/modules/mu/{clouds → providers}/google/folder.rb +5 -9
- data/modules/mu/{clouds → providers}/google/function.rb +6 -6
- data/modules/mu/{clouds → providers}/google/group.rb +9 -17
- data/modules/mu/{clouds → providers}/google/habitat.rb +4 -8
- data/modules/mu/{clouds → providers}/google/loadbalancer.rb +5 -5
- data/modules/mu/{clouds → providers}/google/role.rb +50 -31
- data/modules/mu/{clouds → providers}/google/server.rb +41 -24
- data/modules/mu/{clouds → providers}/google/server_pool.rb +14 -14
- data/modules/mu/{clouds → providers}/google/user.rb +34 -24
- data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
- data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
- data/modules/mu/{clouds → providers}/google/vpc.rb +45 -14
- data/modules/tests/aws-jobs-functions.yaml +46 -0
- data/modules/tests/centos6.yaml +15 -0
- data/modules/tests/centos7.yaml +15 -0
- data/modules/tests/centos8.yaml +12 -0
- data/modules/tests/ecs.yaml +2 -2
- data/modules/tests/eks.yaml +1 -1
- data/modules/tests/functions/node-function/lambda_function.js +10 -0
- data/modules/tests/functions/python-function/lambda_function.py +12 -0
- data/modules/tests/microservice_app.yaml +288 -0
- data/modules/tests/rds.yaml +108 -0
- data/modules/tests/regrooms/rds.yaml +123 -0
- data/modules/tests/server-with-scrub-muisms.yaml +1 -1
- data/modules/tests/super_complex_bok.yml +2 -2
- data/modules/tests/super_simple_bok.yml +3 -5
- data/spec/mu/clouds/azure_spec.rb +2 -2
- metadata +122 -92
- data/modules/mu/clouds/aws/database.rb +0 -1974
- data/modules/mu/clouds/aws/endpoint.rb +0 -596
File without changes
|
File without changes
|
File without changes
|
@@ -113,7 +113,7 @@ module MU
|
|
113
113
|
# Describe this VPC
|
114
114
|
# @return [Hash]
|
115
115
|
def notify
|
116
|
-
base = MU.structToHash(cloud_desc)
|
116
|
+
base = MU.structToHash(cloud_desc, stringify_keys: true)
|
117
117
|
base["cloud_id"] = @cloud_id
|
118
118
|
base["project_id"] = habitat_id
|
119
119
|
base.merge!(@config.to_h)
|
@@ -301,14 +301,10 @@ end
|
|
301
301
|
@deploy.deployment["vpcs"][@config['name']]["subnets"] and
|
302
302
|
@deploy.deployment["vpcs"][@config['name']]["subnets"].size > 0
|
303
303
|
@deploy.deployment["vpcs"][@config['name']]["subnets"].each { |desc|
|
304
|
-
subnet =
|
305
|
-
subnet["ip_block"] = desc['ip_block']
|
306
|
-
subnet["name"] = desc["name"]
|
304
|
+
subnet = desc.clone
|
307
305
|
subnet['mu_name'] = @config['scrub_mu_isms'] ? @cloud_id+subnet['name'].downcase : MU::Cloud::Google.nameStr(@deploy.getResourceName(subnet['name'], max_length: 61))
|
308
|
-
subnet["cloud_id"] = desc['cloud_id']
|
309
306
|
subnet["cloud_id"] ||= desc['self_link'].gsub(/.*?\/([^\/]+)$/, '\1')
|
310
307
|
subnet["cloud_id"] ||= subnet['mu_name']
|
311
|
-
subnet['az'] = desc["az"]
|
312
308
|
subnet['az'] ||= desc["region"].gsub(/.*?\/([^\/]+)$/, '\1')
|
313
309
|
@subnets << MU::Cloud::Google::VPC::Subnet.new(self, subnet, precache_description: false)
|
314
310
|
}
|
@@ -541,16 +537,16 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
|
|
541
537
|
# @param noop [Boolean]: If true, will only print what would be done
|
542
538
|
# @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
|
543
539
|
# @return [void]
|
544
|
-
def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {})
|
545
|
-
flags["
|
546
|
-
return if !MU::Cloud
|
540
|
+
def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, credentials: nil, flags: {})
|
541
|
+
flags["habitat"] ||= MU::Cloud::Google.defaultProject(credentials)
|
542
|
+
return if !MU::Cloud.resourceClass("Google", "Habitat").isLive?(flags["habitat"], credentials)
|
547
543
|
filter = %Q{(labels.mu-id = "#{MU.deploy_id.downcase}")}
|
548
544
|
if !ignoremaster and MU.mu_public_ip
|
549
545
|
filter += %Q{ AND (labels.mu-master-ip = "#{MU.mu_public_ip.gsub(/\./, "_")}")}
|
550
546
|
end
|
551
547
|
MU.log "Placeholder: Google VPC artifacts do not support labels, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: filter
|
552
548
|
|
553
|
-
purge_subnets(noop, project: flags['
|
549
|
+
purge_subnets(noop, project: flags['habitat'], credentials: credentials)
|
554
550
|
["route", "network"].each { |type|
|
555
551
|
# XXX tagged routes aren't showing up in list, and the networks that own them
|
556
552
|
# fail to delete silently
|
@@ -559,7 +555,7 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
|
|
559
555
|
begin
|
560
556
|
MU::Cloud::Google.compute(credentials: credentials).delete(
|
561
557
|
type,
|
562
|
-
flags["
|
558
|
+
flags["habitat"],
|
563
559
|
nil,
|
564
560
|
noop
|
565
561
|
)
|
@@ -569,13 +565,13 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
|
|
569
565
|
MU.log e.message, MU::WARN
|
570
566
|
if e.message.match(/Failed to delete network (.+)/)
|
571
567
|
network_name = Regexp.last_match[1]
|
572
|
-
fwrules = MU::Cloud
|
568
|
+
fwrules = MU::Cloud.resourceClass("Google", "FirewallRule").find(project: flags['habitat'], credentials: credentials)
|
573
569
|
fwrules.reject! { |_name, desc|
|
574
570
|
!desc.network.match(/.*?\/#{Regexp.quote(network_name)}$/)
|
575
571
|
}
|
576
572
|
fwrules.keys.each { |name|
|
577
573
|
MU.log "Attempting to delete firewall rule #{name} so that VPC #{network_name} can be removed", MU::NOTICE
|
578
|
-
MU::Cloud::Google.compute(credentials: credentials).delete_firewall(flags['
|
574
|
+
MU::Cloud::Google.compute(credentials: credentials).delete_firewall(flags['habitat'], name)
|
579
575
|
}
|
580
576
|
end
|
581
577
|
end
|
@@ -950,6 +946,41 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
|
|
950
946
|
createRoute(route, network: @url, tags: [MU::Cloud::Google.nameStr(server.mu_name)])
|
951
947
|
end
|
952
948
|
|
949
|
+
# Looks at existing subnets, and attempts to find the next available
|
950
|
+
# IP block that's roughly similar to the ones we already have. This
|
951
|
+
# checks against secondary IP ranges, as well as each subnet's primary
|
952
|
+
# CIDR block.
|
953
|
+
# @param exclude [Array<String>]: One or more CIDRs to treat as unavailable, in addition to those allocated to existing subnets
|
954
|
+
# @return [String]
|
955
|
+
def getUnusedAddressBlock(exclude: [], max_bits: 28)
|
956
|
+
used_ranges = exclude.map { |cidr| NetAddr::IPv4Net.parse(cidr) }
|
957
|
+
subnets.each { |s|
|
958
|
+
used_ranges << NetAddr::IPv4Net.parse(s.cloud_desc.ip_cidr_range)
|
959
|
+
if s.cloud_desc.secondary_ip_ranges
|
960
|
+
used_ranges.concat(s.cloud_desc.secondary_ip_ranges.map { |r| NetAddr::IPv4Net.parse(r.ip_cidr_range) })
|
961
|
+
end
|
962
|
+
}
|
963
|
+
# XXX sort used_ranges
|
964
|
+
candidate = used_ranges.first.next_sib
|
965
|
+
|
966
|
+
begin
|
967
|
+
if candidate.netmask.prefix_len > max_bits
|
968
|
+
candidate = candidate.resize(max_bits)
|
969
|
+
end
|
970
|
+
try_again = false
|
971
|
+
used_ranges.each { |cidr|
|
972
|
+
if !cidr.rel(candidate).nil?
|
973
|
+
candidate = candidate.next_sib
|
974
|
+
try_again = true
|
975
|
+
break
|
976
|
+
end
|
977
|
+
}
|
978
|
+
try_again = false if candidate.nil?
|
979
|
+
end while try_again
|
980
|
+
|
981
|
+
candidate.to_s
|
982
|
+
end
|
983
|
+
|
953
984
|
private
|
954
985
|
|
955
986
|
def self.genStandardSubnetACLs(vpc_cidr, vpc_name, configurator, project, _publicroute = true, credentials: nil)
|
@@ -1120,7 +1151,7 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
|
|
1120
1151
|
# Describe this VPC Subnet
|
1121
1152
|
# @return [Hash]
|
1122
1153
|
def notify
|
1123
|
-
MU.structToHash(cloud_desc)
|
1154
|
+
MU.structToHash(cloud_desc, stringify_keys: true)
|
1124
1155
|
end
|
1125
1156
|
|
1126
1157
|
# Return the +self_link+ to this subnet
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# clouds: AWS
|
2
|
+
---
|
3
|
+
appname: smoketest
|
4
|
+
jobs:
|
5
|
+
- name: event1
|
6
|
+
schedule:
|
7
|
+
minute: '0'
|
8
|
+
hour: '1'
|
9
|
+
day_of_month: '1'
|
10
|
+
month: "*"
|
11
|
+
day_of_week: "?"
|
12
|
+
year: "*"
|
13
|
+
targets:
|
14
|
+
- type: functions
|
15
|
+
name: python-function
|
16
|
+
- name: event2
|
17
|
+
disabled: true
|
18
|
+
schedule:
|
19
|
+
minute: '0'
|
20
|
+
hour: '2'
|
21
|
+
day_of_month: '1'
|
22
|
+
month: "*"
|
23
|
+
day_of_week: "?"
|
24
|
+
year: "*"
|
25
|
+
targets:
|
26
|
+
- type: functions
|
27
|
+
name: node-function
|
28
|
+
|
29
|
+
functions:
|
30
|
+
- name: python-function
|
31
|
+
handler: lambda_function.lambda_handler
|
32
|
+
memory: 128
|
33
|
+
runtime: python3.6
|
34
|
+
timeout: 300
|
35
|
+
code:
|
36
|
+
path: functions/python-function
|
37
|
+
environment_variable:
|
38
|
+
- key: foo
|
39
|
+
value: bar
|
40
|
+
- name: node-function
|
41
|
+
runtime: nodejs12.x
|
42
|
+
handler: lambda_function.lambda_handler
|
43
|
+
memory: 256
|
44
|
+
timeout: 60
|
45
|
+
code:
|
46
|
+
path: functions/node-function
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# groomers: Chef
|
2
|
+
---
|
3
|
+
appname: smoketest
|
4
|
+
vpcs:
|
5
|
+
- name: wrapper
|
6
|
+
servers:
|
7
|
+
- name: centos6
|
8
|
+
vpc:
|
9
|
+
name: wrapper
|
10
|
+
platform: centos6
|
11
|
+
size: m3.medium
|
12
|
+
run_list:
|
13
|
+
- recipe[mu-tools::apply_security]
|
14
|
+
- recipe[mu-tools::updates]
|
15
|
+
- recipe[mu-tools::split_var_partitions]
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# groomers: Chef
|
2
|
+
---
|
3
|
+
appname: smoketest
|
4
|
+
vpcs:
|
5
|
+
- name: wrapper
|
6
|
+
servers:
|
7
|
+
- name: centos7
|
8
|
+
platform: centos7
|
9
|
+
vpc:
|
10
|
+
name: wrapper
|
11
|
+
size: m3.medium
|
12
|
+
run_list:
|
13
|
+
- recipe[mu-tools::apply_security]
|
14
|
+
- recipe[mu-tools::updates]
|
15
|
+
- recipe[mu-tools::split_var_partitions]
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# groomers: Chef
|
2
|
+
# clouds: Azure, Google
|
3
|
+
---
|
4
|
+
appname: smoketest
|
5
|
+
servers:
|
6
|
+
- name: centos8
|
7
|
+
platform: centos8
|
8
|
+
size: m3.medium
|
9
|
+
run_list:
|
10
|
+
- recipe[mu-tools::apply_security]
|
11
|
+
- recipe[mu-tools::updates]
|
12
|
+
- recipe[mu-tools::split_var_partitions]
|
data/modules/tests/ecs.yaml
CHANGED
@@ -7,7 +7,7 @@ vpcs:
|
|
7
7
|
container_clusters:
|
8
8
|
- name: ecsplain
|
9
9
|
flavor: ECS
|
10
|
-
instance_type:
|
10
|
+
instance_type: t3.medium
|
11
11
|
vpc:
|
12
12
|
name: ecs
|
13
13
|
containers:
|
@@ -15,7 +15,7 @@ container_clusters:
|
|
15
15
|
image: "nginx:1.8"
|
16
16
|
- name: ecsfargate
|
17
17
|
flavor: Fargate
|
18
|
-
instance_type:
|
18
|
+
instance_type: t3.medium
|
19
19
|
vpc:
|
20
20
|
name: ecs
|
21
21
|
containers:
|
data/modules/tests/eks.yaml
CHANGED
@@ -0,0 +1,10 @@
|
|
1
|
+
console.log('Loading function');
|
2
|
+
|
3
|
+
exports.handler = async (event, context) => {
|
4
|
+
//console.log('Received event:', JSON.stringify(event, null, 2));
|
5
|
+
console.log('value1 =', event.key1);
|
6
|
+
console.log('value2 =', event.key2);
|
7
|
+
console.log('value3 =', event.key3);
|
8
|
+
return event.key1; // Echo back the first key value
|
9
|
+
// throw new Error('Something went wrong');
|
10
|
+
};
|
@@ -0,0 +1,12 @@
|
|
1
|
+
import json
|
2
|
+
|
3
|
+
print('Loading function')
|
4
|
+
|
5
|
+
|
6
|
+
def lambda_handler(event, context):
|
7
|
+
#print("Received event: " + json.dumps(event, indent=2))
|
8
|
+
print("value1 = " + event['key1'])
|
9
|
+
print("value2 = " + event['key2'])
|
10
|
+
print("value3 = " + event['key3'])
|
11
|
+
return event['key1'] # Echo back the first key value
|
12
|
+
#raise Exception('Something went wrong')
|
@@ -0,0 +1,288 @@
|
|
1
|
+
# Old Sitemonitor, with serial numbers and code filed off. This will *only*
|
2
|
+
# work on our own Labs sandbox, unless you feed it a different domain name to
|
3
|
+
# play in.
|
4
|
+
# clouds: AWS
|
5
|
+
---
|
6
|
+
appname: SMOKETEST
|
7
|
+
parameters:
|
8
|
+
- name: domain
|
9
|
+
default: "sandbox.egt-labs.com" # this must exist as a Route53 zone and have a corresponding wildcard ACM or IAM SSL certificate
|
10
|
+
jobs:
|
11
|
+
- name: clear-scan-data
|
12
|
+
schedule:
|
13
|
+
minute: '0'
|
14
|
+
hour: '1'
|
15
|
+
day_of_month: '*'
|
16
|
+
month: "*"
|
17
|
+
day_of_week: "?"
|
18
|
+
year: "*"
|
19
|
+
targets:
|
20
|
+
- type: functions
|
21
|
+
name: empty-out-table
|
22
|
+
- name: run-scans
|
23
|
+
schedule:
|
24
|
+
minute: '0'
|
25
|
+
hour: '2'
|
26
|
+
day_of_month: '*'
|
27
|
+
month: "*"
|
28
|
+
day_of_week: "?"
|
29
|
+
year: "*"
|
30
|
+
targets:
|
31
|
+
- type: functions
|
32
|
+
name: queue-domains
|
33
|
+
|
34
|
+
cdns:
|
35
|
+
- name: front
|
36
|
+
origins:
|
37
|
+
- name: default
|
38
|
+
bucket:
|
39
|
+
name: bucket
|
40
|
+
certificate:
|
41
|
+
name: "*.<%= domain %>"
|
42
|
+
dns_records:
|
43
|
+
- zone:
|
44
|
+
name: <%= domain %>
|
45
|
+
behaviors:
|
46
|
+
- origin: default
|
47
|
+
forwarded_values:
|
48
|
+
headers:
|
49
|
+
- Origin
|
50
|
+
- Access-Control-Request-Headers
|
51
|
+
- Access-Control-Request-Method
|
52
|
+
- Access-Control-Allow-Origin
|
53
|
+
|
54
|
+
roles:
|
55
|
+
- name: dynamostream-to-es
|
56
|
+
can_assume:
|
57
|
+
- assume_method: basic
|
58
|
+
entity_type: service
|
59
|
+
entity_id: lambda.amazonaws.com
|
60
|
+
attachable_policies:
|
61
|
+
- id: AWSLambdaInvocation-DynamoDB
|
62
|
+
- id: AWSLambdaBasicExecutionRole
|
63
|
+
policies:
|
64
|
+
- name: allow_es_posting
|
65
|
+
permissions:
|
66
|
+
- es:ESHttpPost
|
67
|
+
targets:
|
68
|
+
- identifier: domains-scan-data
|
69
|
+
type: search_domain
|
70
|
+
path: "/*"
|
71
|
+
- name: empty-out-table
|
72
|
+
can_assume:
|
73
|
+
- assume_method: basic
|
74
|
+
entity_type: service
|
75
|
+
entity_id: lambda.amazonaws.com
|
76
|
+
attachable_policies:
|
77
|
+
- id: AmazonDynamoDBFullAccess
|
78
|
+
- id: AWSLambdaBasicExecutionRole
|
79
|
+
- name: on-demand-scanner
|
80
|
+
can_assume:
|
81
|
+
- assume_method: basic
|
82
|
+
entity_type: service
|
83
|
+
entity_id: lambda.amazonaws.com
|
84
|
+
attachable_policies:
|
85
|
+
- id: AmazonDynamoDBFullAccess
|
86
|
+
- id: AWSLambdaBasicExecutionRole
|
87
|
+
- name: queue-domains
|
88
|
+
can_assume:
|
89
|
+
- assume_method: basic
|
90
|
+
entity_type: service
|
91
|
+
entity_id: lambda.amazonaws.com
|
92
|
+
attachable_policies:
|
93
|
+
- id: AmazonDynamoDBFullAccess
|
94
|
+
- id: AmazonSNSFullAccess
|
95
|
+
- id: AWSLambdaBasicExecutionRole
|
96
|
+
- name: scheduled-scanner
|
97
|
+
can_assume:
|
98
|
+
- assume_method: basic
|
99
|
+
entity_type: service
|
100
|
+
entity_id: lambda.amazonaws.com
|
101
|
+
attachable_policies:
|
102
|
+
- id: AmazonDynamoDBFullAccess
|
103
|
+
- id: AWSLambdaBasicExecutionRole
|
104
|
+
|
105
|
+
notifiers:
|
106
|
+
- name: publish-domains
|
107
|
+
subscriptions:
|
108
|
+
- type: lambda
|
109
|
+
resource:
|
110
|
+
type: functions
|
111
|
+
name: scheduled-scanner
|
112
|
+
|
113
|
+
functions:
|
114
|
+
- name: dynamostream-to-es
|
115
|
+
handler: lambda_function.lambda_handler
|
116
|
+
memory: 128
|
117
|
+
runtime: python2.7
|
118
|
+
timeout: 900
|
119
|
+
code:
|
120
|
+
path: functions/python-function
|
121
|
+
role:
|
122
|
+
name: dynamostream-to-es
|
123
|
+
type: roles
|
124
|
+
triggers:
|
125
|
+
- service: dynamodb
|
126
|
+
name: scan-data
|
127
|
+
dependencies:
|
128
|
+
- type: search_domain
|
129
|
+
name: domains-scan-data
|
130
|
+
phase: groom
|
131
|
+
- name: empty-out-table
|
132
|
+
handler: lambda_function.lambda_handler
|
133
|
+
memory: 128
|
134
|
+
runtime: python3.6
|
135
|
+
timeout: 300
|
136
|
+
code:
|
137
|
+
path: functions/python-function
|
138
|
+
environment_variable:
|
139
|
+
- key: table
|
140
|
+
value: scandata
|
141
|
+
role:
|
142
|
+
name: empty-out-table
|
143
|
+
type: roles
|
144
|
+
dependencies:
|
145
|
+
- type: nosqldb
|
146
|
+
name: scan-data
|
147
|
+
- type: nosqldb
|
148
|
+
name: domain-list
|
149
|
+
- name: on-demand-scanner
|
150
|
+
handler: lambda_function.lambda_handler
|
151
|
+
memory: 128
|
152
|
+
runtime: python3.6
|
153
|
+
timeout: 900
|
154
|
+
code:
|
155
|
+
path: functions/python-function
|
156
|
+
role:
|
157
|
+
name: on-demand-scanner
|
158
|
+
type: roles
|
159
|
+
dependencies:
|
160
|
+
- type: nosqldb
|
161
|
+
name: scan-data
|
162
|
+
triggers:
|
163
|
+
- service: apigateway
|
164
|
+
name: api
|
165
|
+
- name: queue-domains
|
166
|
+
handler: lambda_function.lambda_handler
|
167
|
+
memory: 128
|
168
|
+
runtime: python3.6
|
169
|
+
timeout: 900
|
170
|
+
code:
|
171
|
+
path: functions/python-function
|
172
|
+
role:
|
173
|
+
name: queue-domains
|
174
|
+
type: roles
|
175
|
+
invoke_on_completion:
|
176
|
+
invocation_type: "RequestResponse"
|
177
|
+
permissions:
|
178
|
+
- basic
|
179
|
+
- dynamo
|
180
|
+
dependencies:
|
181
|
+
- type: function
|
182
|
+
name: dynamostream-to-es
|
183
|
+
- type: nosqldb
|
184
|
+
name: domain-list
|
185
|
+
- type: nosqldb
|
186
|
+
name: scan-data
|
187
|
+
- type: notifier
|
188
|
+
name: publish-domains
|
189
|
+
phase: groom
|
190
|
+
- name: scheduled-scanner
|
191
|
+
handler: lambda_function.lambda_handler
|
192
|
+
memory: 256
|
193
|
+
runtime: python3.6
|
194
|
+
timeout: 900
|
195
|
+
code:
|
196
|
+
path: functions/python-function
|
197
|
+
role:
|
198
|
+
name: scheduled-scanner
|
199
|
+
type: roles
|
200
|
+
dependencies:
|
201
|
+
- type: nosqldb
|
202
|
+
name: scan-data
|
203
|
+
triggers:
|
204
|
+
- service: sns
|
205
|
+
name: publish-domains
|
206
|
+
|
207
|
+
endpoints:
|
208
|
+
- name: api
|
209
|
+
deploy_to: production
|
210
|
+
log_requests: true
|
211
|
+
methods:
|
212
|
+
- path: "/"
|
213
|
+
type: POST
|
214
|
+
cors: "*"
|
215
|
+
responses:
|
216
|
+
- code: 200
|
217
|
+
body:
|
218
|
+
- is_error: false
|
219
|
+
content_type: application/json
|
220
|
+
integrate_with:
|
221
|
+
name: on-demand-scanner
|
222
|
+
type: functions
|
223
|
+
integration_http_method: POST
|
224
|
+
async: true
|
225
|
+
backend_http_method: POST
|
226
|
+
passthrough_behavior: WHEN_NO_MATCH
|
227
|
+
domain_names:
|
228
|
+
- dns_record:
|
229
|
+
zone:
|
230
|
+
name: <%= domain %>
|
231
|
+
certificate:
|
232
|
+
name: "*.<%= domain %>"
|
233
|
+
|
234
|
+
buckets:
|
235
|
+
- name: bucket
|
236
|
+
web: false
|
237
|
+
cors:
|
238
|
+
- allowed_methods:
|
239
|
+
- GET
|
240
|
+
- POST
|
241
|
+
allowed_origins:
|
242
|
+
- "*"
|
243
|
+
upload:
|
244
|
+
# - source: "code/build"
|
245
|
+
- source: "functions"
|
246
|
+
destination: "/"
|
247
|
+
|
248
|
+
search_domains:
|
249
|
+
- name: domains-scan-data
|
250
|
+
elasticsearch_version: '7.4'
|
251
|
+
instance_count: 1
|
252
|
+
instance_type: r5.large.elasticsearch
|
253
|
+
ebs_size: 10
|
254
|
+
ebs_type: gp2
|
255
|
+
access_policies:
|
256
|
+
Version: '2012-10-17'
|
257
|
+
Statement:
|
258
|
+
- Effect: Allow
|
259
|
+
Principal:
|
260
|
+
AWS: "*"
|
261
|
+
Action: es:ESHttp*
|
262
|
+
nosqldbs:
|
263
|
+
- name: scan-data
|
264
|
+
read_capacity: 25
|
265
|
+
write_capacity: 25
|
266
|
+
attributes:
|
267
|
+
- name: domain
|
268
|
+
type: S
|
269
|
+
primary_partition: true
|
270
|
+
- name: last_scanned_date
|
271
|
+
type: S
|
272
|
+
primary_sort: true
|
273
|
+
stream: NEW_IMAGE
|
274
|
+
- name: domain-list
|
275
|
+
read_capacity: 100
|
276
|
+
write_capacity: 1
|
277
|
+
attributes:
|
278
|
+
- name: business_owner
|
279
|
+
type: S
|
280
|
+
primary_sort: true
|
281
|
+
- name: domain
|
282
|
+
type: S
|
283
|
+
primary_partition: true
|
284
|
+
populate:
|
285
|
+
- business_owner: TetraTech
|
286
|
+
staff_division: eGT
|
287
|
+
operational_division: eGTLabs
|
288
|
+
domain: egt-labs.com
|