cloud-mu 3.2.0 → 3.5.0

data/modules/tests/aws-servers-with-handrolled-iam.yaml

@@ -0,0 +1,37 @@
+# clouds: AWS
+# groomers: Chef
+---
+appname: smoketest
+vpcs:
+- name: svrtest
+roles:
+- name: handrolled
+  scrub_mu_isms: true
+  can_assume:
+  - entity_id: ec2.amazonaws.com
+    entity_type: service
+  import:
+  - arn:aws:iam::aws:policy/AmazonRDSFullAccess
+servers:
+- name: iamtest1
+  size: t3.medium
+  iam_role: handrolled
+  platform: centos6
+  generate_iam_role: false
+  vpc:
+    name: svrtest
+server_pools:
+- name: iamtest2
+  scrub_mu_isms: true
+  min_size: 1
+  max_size: 1
+  wait_for_nodes: 1
+  platform: centos6
+  vpc:
+    name: svrtest
+  basis:
+    launch-config:
+      name: iamtest2
+      size: t3.medium
+      iam_role: handrolled
+      generate_iam_role: false

data/modules/tests/centos6.yaml

@@ -1,8 +1,12 @@
 # groomers: Chef
 ---
 appname: smoketest
+vpcs:
+- name: wrapper
 servers: 
 - name: centos6
+  vpc:
+    name: wrapper
   platform: centos6
   size: m3.medium
   run_list:

data/modules/tests/centos7.yaml

@@ -1,9 +1,13 @@
 # groomers: Chef
 ---
 appname: smoketest
+vpcs:
+- name: wrapper
 servers: 
 - name: centos7
   platform: centos7
+  vpc:
+    name: wrapper
   size: m3.medium
   run_list:
   - recipe[mu-tools::apply_security]

data/modules/tests/ecs.yaml

@@ -7,7 +7,7 @@ vpcs:
 container_clusters:
 - name: ecsplain
   flavor: ECS
-  instance_type: t2.medium
+  instance_type: t3.medium
   vpc:
     name: ecs
   containers:
@@ -15,7 +15,7 @@ container_clusters:
     image: "nginx:1.8"
 - name: ecsfargate
   flavor: Fargate
-  instance_type: t2.medium
+  instance_type: t3.medium
   vpc:
     name: ecs
   containers:

data/modules/tests/eks.yaml

@@ -10,7 +10,7 @@ container_clusters:
   vpc:
     vpc_name: eksvpc
   instance_count: 3
-  instance_type: t2.medium
+  instance_type: t3.medium
   kubernetes_resources:
   - apiVersion: apps/v1
     kind: Deployment

data/modules/tests/functions/node-function/lambda_function.js

@@ -0,0 +1,10 @@
+console.log('Loading function');
+
+exports.handler = async (event, context) => {
+    //console.log('Received event:', JSON.stringify(event, null, 2));
+    console.log('value1 =', event.key1);
+    console.log('value2 =', event.key2);
+    console.log('value3 =', event.key3);
+    return event.key1;  // Echo back the first key value
+    // throw new Error('Something went wrong');
+};

data/modules/tests/functions/python-function/lambda_function.py

@@ -0,0 +1,12 @@
+import json
+
+print('Loading function')
+
+
+def lambda_handler(event, context):
+    #print("Received event: " + json.dumps(event, indent=2))
+    print("value1 = " + event['key1'])
+    print("value2 = " + event['key2'])
+    print("value3 = " + event['key3'])
+    return event['key1']  # Echo back the first key value
+    #raise Exception('Something went wrong')

data/modules/tests/k8s.yaml

@@ -27,7 +27,7 @@ container_clusters:
     comment: meep
   vpc:
     vpc_name: k8s
-    subnet_pref: all_private
+    subnet_pref: all_public
   kubernetes_resources:
   - apiVersion: v1
     kind: Service

data/modules/tests/microservice_app.yaml

@@ -0,0 +1,288 @@
+# Old Sitemonitor, with serial numbers and code filed off. This will *only*
+# work on our own Labs sandbox, unless you feed it a different domain name to
+# play in.
+# clouds: AWS
+---
+appname: SMOKETEST
+parameters:
+- name: domain
+  default: "sandbox.egt-labs.com" # this must exist as a Route53 zone and have a corresponding wildcard ACM or IAM SSL certificate
+jobs:
+- name: clear-scan-data
+  schedule:
+    minute: '0'
+    hour: '1'
+    day_of_month: '*'
+    month: "*"
+    day_of_week: "?"
+    year: "*"
+  targets:
+  - type: functions
+    name: empty-out-table
+- name: run-scans
+  schedule:
+    minute: '0'
+    hour: '2'
+    day_of_month: '*'
+    month: "*"
+    day_of_week: "?"
+    year: "*"
+  targets:
+  - type: functions
+    name: queue-domains
+
+cdns:
+- name: front
+  origins:
+  - name: default
+    bucket:
+      name: bucket
+  certificate:
+    name: "*.<%= domain %>"
+  dns_records:
+  - zone:
+      name: <%= domain %>
+  behaviors:
+  - origin: default
+    forwarded_values:
+      headers:
+      - Origin
+      - Access-Control-Request-Headers
+      - Access-Control-Request-Method
+      - Access-Control-Allow-Origin
+
+roles:
+- name: dynamostream-to-es
+  can_assume:
+  - assume_method: basic
+    entity_type: service
+    entity_id: lambda.amazonaws.com
+  attachable_policies:
+  - id: AWSLambdaInvocation-DynamoDB
+  - id: AWSLambdaBasicExecutionRole
+  policies:
+  - name: allow_es_posting
+    permissions:
+    - es:ESHttpPost
+    targets:
+    - identifier: domains-scan-data
+      type: search_domain
+      path: "/*"
+- name: empty-out-table
+  can_assume:
+  - assume_method: basic
+    entity_type: service
+    entity_id: lambda.amazonaws.com
+  attachable_policies:
+  - id: AmazonDynamoDBFullAccess
+  - id: AWSLambdaBasicExecutionRole
+- name: on-demand-scanner
+  can_assume:
+  - assume_method: basic
+    entity_type: service
+    entity_id: lambda.amazonaws.com
+  attachable_policies:
+  - id: AmazonDynamoDBFullAccess
+  - id: AWSLambdaBasicExecutionRole
+- name: queue-domains
+  can_assume:
+  - assume_method: basic
+    entity_type: service
+    entity_id: lambda.amazonaws.com
+  attachable_policies:
+  - id: AmazonDynamoDBFullAccess
+  - id: AmazonSNSFullAccess
+  - id: AWSLambdaBasicExecutionRole
+- name: scheduled-scanner
+  can_assume:
+  - assume_method: basic
+    entity_type: service
+    entity_id: lambda.amazonaws.com
+  attachable_policies:
+  - id: AmazonDynamoDBFullAccess
+  - id: AWSLambdaBasicExecutionRole
+
+notifiers:
+- name: publish-domains
+  subscriptions:
+  - type: lambda
+    resource:
+      type: functions
+      name: scheduled-scanner
+
+functions:
+- name: dynamostream-to-es
+  handler: lambda_function.lambda_handler
+  memory: 128
+  runtime: python2.7
+  timeout: 900
+  code:
+    path: functions/python-function
+  role:
+    name: dynamostream-to-es
+    type: roles
+  triggers:
+  - service: dynamodb
+    name: scan-data
+  dependencies:
+  - type: search_domain
+    name: domains-scan-data
+    phase: groom
+- name: empty-out-table
+  handler: lambda_function.lambda_handler
+  memory: 128
+  runtime: python3.6
+  timeout: 300
+  code:
+    path: functions/python-function
+  environment_variable:
+  - key: table
+    value: scandata
+  role:
+    name: empty-out-table
+    type: roles
+  dependencies:
+  - type: nosqldb
+    name: scan-data
+  - type: nosqldb
+    name: domain-list
+- name: on-demand-scanner
+  handler: lambda_function.lambda_handler
+  memory: 128
+  runtime: python3.6
+  timeout: 900
+  code:
+    path: functions/python-function
+  role:
+    name: on-demand-scanner
+    type: roles
+  dependencies:
+  - type: nosqldb
+    name: scan-data
+  triggers:
+  - service: apigateway
+    name: api
+- name: queue-domains
+  handler: lambda_function.lambda_handler
+  memory: 128
+  runtime: python3.6
+  timeout: 900
+  code:
+    path: functions/python-function
+  role:
+    name: queue-domains
+    type: roles
+  invoke_on_completion:
+    invocation_type: "RequestResponse"
+  permissions:
+  - basic
+  - dynamo
+  dependencies:
+  - type: function
+    name: dynamostream-to-es
+  - type: nosqldb
+    name: domain-list
+  - type: nosqldb
+    name: scan-data
+  - type: notifier
+    name: publish-domains
+    phase: groom
+- name: scheduled-scanner
+  handler: lambda_function.lambda_handler
+  memory: 256
+  runtime: python3.6
+  timeout: 900
+  code:
+    path: functions/python-function
+  role:
+    name: scheduled-scanner
+    type: roles
+  dependencies:
+  - type: nosqldb
+    name: scan-data
+  triggers:
+  - service: sns
+    name: publish-domains
+
+endpoints:
+- name: api
+  deploy_to: production
+  log_requests: true
+  methods:
+  - path: "/"
+    type: POST
+    cors: "*"
+    responses:
+    - code: 200
+      body:
+      - is_error: false
+        content_type: application/json
+    integrate_with:
+      name: on-demand-scanner
+      type: functions
+      integration_http_method: POST
+      async: true
+      backend_http_method: POST
+      passthrough_behavior: WHEN_NO_MATCH
+  domain_names:
+  - dns_record:
+      zone:
+        name: <%= domain %>
+    certificate:
+      name: "*.<%= domain %>"
+
+buckets:
+- name: bucket
+  web: false
+  cors:
+  - allowed_methods:
+    - GET
+    - POST
+    allowed_origins:
+    - "*"
+  upload:
+#  - source: "code/build"
+  - source: "functions"
+    destination: "/"
+
+search_domains:
+- name: domains-scan-data
+  elasticsearch_version: '7.4'
+  instance_count: 1
+  instance_type: r5.large.elasticsearch
+  ebs_size: 10
+  ebs_type: gp2
+  access_policies:
+    Version: '2012-10-17'
+    Statement:
+    - Effect: Allow
+      Principal:
+        AWS: "*"
+      Action: es:ESHttp*
+nosqldbs:
+- name: scan-data
+  read_capacity: 25
+  write_capacity: 25
+  attributes:
+  - name: domain
+    type: S
+    primary_partition: true
+  - name: last_scanned_date
+    type: S
+    primary_sort: true
+  stream: NEW_IMAGE
+- name: domain-list
+  read_capacity: 100
+  write_capacity: 1
+  attributes:
+  - name: business_owner
+    type: S
+    primary_sort: true
+  - name: domain
+    type: S
+    primary_partition: true
+  populate:
+  - business_owner: TetraTech
+    staff_division: eGT
+    operational_division: eGTLabs
+    domain: egt-labs.com

data/modules/tests/rds.yaml

@@ -28,7 +28,7 @@ databases:
 #    name: rdstests
 
 - name: maria-base
-  size: db.t2.small
+  size: db.t3.small
   engine: mariadb
   db_parameter_group_parameters:
   - name: autocommit
@@ -44,7 +44,7 @@ databases:
   multi_az_on_create: true
   master_user: Bob
 - name: maria-from-snap
-  size: db.t2.small
+  size: db.t3.small
   engine: mariadb
   vpc:
     name: rdstests
@@ -86,12 +86,12 @@ databases:
     name: oracle-base
 
 - name: sqlserver-base
-  size: db.t2.small
+  size: db.t3.small
   engine: sqlserver-ex
   vpc:
     name: rdstests
 - name: sqlserver-from-snap
-  size: db.t2.small
+  size: db.t3.small
   engine: sqlserver-ex
   vpc:
     name: rdstests
@@ -99,7 +99,7 @@ databases:
   source:
     name: sqlserver-base
 - name: sqlserver-point-in-time
-  size: db.t2.small
+  size: db.t3.small
   engine: sqlserver-ex
   vpc:
     name: rdstests