Skip to content

Commit

Permalink
Release 2.6.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@itzikYeret @actions-user
itzikYeret authored and actions-user committed Dec 16, 2021
1 parent 3b4b18c commit cdb1d78
Show file tree
Hide file tree
Showing 18 changed files with 1,463 additions and 113 deletions.
12 changes: 11 additions & 1 deletion ....CloudGuardOnboarding.Orchestrator/AwsCloudFormation/StackConfig/ServerlessStackConfig.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,24 @@ namespace Dome9.CloudGuardOnboarding.Orchestrator
{
public class ServerlessStackConfig : OnboardingStackConfig
{
public string CloudGuardAwsAccountId { get; set; }
public string ServerlessStage { get; set; }
public string ServerlessRegion { get; set; }

public ServerlessStackConfig(
string templateS3Url,
string stackName,
string onboardingId,
string uniqueSuffix,
int executionTimeoutMinutes)
int executionTimeoutMinutes,
string cloudGuardAwsAccountId,
string serverlessStage,
string serverlessRegion)
: base(onboardingId, templateS3Url, stackName, uniqueSuffix, executionTimeoutMinutes)
{
CloudGuardAwsAccountId = cloudGuardAwsAccountId;
ServerlessStage = serverlessStage;
ServerlessRegion = serverlessRegion;
}
}
}
23 changes: 22 additions & 1 deletion ...loudGuardOnboarding.Orchestrator/AwsCloudFormation/StackWrapper/ServerlessStackWrapper.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
namespace Dome9.CloudGuardOnboarding.Orchestrator
using System;
using System.Collections.Generic;

namespace Dome9.CloudGuardOnboarding.Orchestrator
{
public class ServerlessStackWrapper : StackWrapperBase
{
Expand All @@ -7,5 +10,23 @@ public ServerlessStackWrapper(ICloudGuardApiWrapper apiProvider, IRetryAndBackof
}

protected override Enums.Feature Feature => Enums.Feature.ServerlessProtection;

protected override Dictionary<string, string> GetParameters(OnboardingStackConfig onboardingStackConfig)
{
Console.WriteLine($"[INFO] [GetParameters] {onboardingStackConfig.GetType().Name}=[{onboardingStackConfig}]");
if (!(onboardingStackConfig is ServerlessStackConfig))
{
throw new ArgumentException($"{nameof(onboardingStackConfig)} is not of type {nameof(ServerlessStackConfig)}");
}

var permissionsStackConfig = onboardingStackConfig as ServerlessStackConfig;
return new Dictionary<string, string>
{
{ "CloudGuardAwsAccountId", permissionsStackConfig.CloudGuardAwsAccountId },
{ "ServerlessStage", permissionsStackConfig.ServerlessStage },
{ "TimeStamp", DateTimeOffset.Now.ToUnixTimeMilliseconds().ToString() },
{ "ServerlessRegion", permissionsStackConfig.ServerlessRegion }
};
}
}
}
2 changes: 2 additions & 0 deletions ...udGuardOnboarding.Orchestrator/CloudGuardApi/Model/Response/ConfigurationResponseModel.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ public class ConfigurationResponseModel
public string ServerlessTemplateS3Path { get; set; }
public bool ServerlessProtectionEnabled { get; set; }
public string ServerlessCftRegion { get; set; }
public string ServerlessStage { get; set; }
public string IntelligenceStackName { get; set; }
public string IntelligenceTemplateS3Path { get; set; }
public bool IntelligenceEnabled { get; set; }
Expand All @@ -25,6 +26,7 @@ public override string ToString()
$"{nameof(PermissionsTemplateS3Path)}='{PermissionsTemplateS3Path}', " +
$"{nameof(ServerlessProtectionEnabled)}='{ServerlessProtectionEnabled}', " +
$"{nameof(ServerlessCftRegion)}='{ServerlessCftRegion}', " +
$"{nameof(ServerlessStage)}='{ServerlessStage}', " +
$"{nameof(IntelligenceStackName)}='{IntelligenceStackName}', " +
$"{nameof(IntelligenceTemplateS3Path)}='{IntelligenceTemplateS3Path}', " +
$"{nameof(IntelligenceEnabled)}='{IntelligenceEnabled}', " +
Expand Down
14 changes: 7 additions & 7 deletions Dome9.CloudGuardOnboarding.Orchestrator/Steps/ServerlessStackCreationStep.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,21 +6,21 @@ namespace Dome9.CloudGuardOnboarding.Orchestrator.Steps
{
public class ServerlessStackCreationStep : StepBase
{
private readonly string _awsAccountId;
private readonly string _onboardingId;
private readonly ServerlessStackWrapper _awsStackWrapper;
private readonly ServerlessStackConfig _stackConfig;
private readonly StackOperation _stackOperation;

public ServerlessStackCreationStep(ICloudGuardApiWrapper apiProvider, IRetryAndBackoffService retryAndBackoffService, string awsAccountId, string onboardingId, string serverlessStackS3Url, string serverlessStackName, string uniqueSuffix, StackOperation stackOperation = StackOperation.Create)
public ServerlessStackCreationStep(ICloudGuardApiWrapper apiProvider, IRetryAndBackoffService retryAndBackoffService,
string cftS3Buckets, string region,
string onboardingId, string templateS3Path, string serverlessStackName, string uniqueSuffix,
string cloudGuardAwsAccountId, string serverlessStage, string serverlessRegion)
{
_apiProvider = apiProvider;
_retryAndBackoffService = retryAndBackoffService;
_awsAccountId = awsAccountId;
_onboardingId = onboardingId;
_awsStackWrapper = new ServerlessStackWrapper(apiProvider, retryAndBackoffService);
_stackConfig = new ServerlessStackConfig(serverlessStackS3Url, serverlessStackName, onboardingId, uniqueSuffix, 30);
_stackOperation = stackOperation;
var s3Url = $"https://{cftS3Buckets}.s3.{region}.amazonaws.com/{templateS3Path}";
_stackConfig = new ServerlessStackConfig(s3Url, serverlessStackName, onboardingId, uniqueSuffix, 30, cloudGuardAwsAccountId, serverlessStage, serverlessRegion);

}
public override Task Cleanup()
Expand All @@ -34,7 +34,7 @@ public async override Task Execute()
Console.WriteLine($"[INFO] About to add serverless protection");
await _retryAndBackoffService.RunAsync(() => _apiProvider.UpdateOnboardingStatus(new StatusModel(_onboardingId, Enums.Feature.ServerlessProtection, Enums.Status.PENDING, "Adding serverless protection", null, null, null)));
Console.WriteLine($"[INFO][{nameof(ServerlessStackCreationStep)}.{nameof(Execute)}] RunStackAsync starting");
await _awsStackWrapper.RunStackAsync(_stackConfig, _stackOperation);
await _awsStackWrapper.RunStackAsync(_stackConfig, StackOperation.Create);
Console.WriteLine($"[INFO][{nameof(ServerlessStackCreationStep)}.{nameof(Execute)}] RunStackAsync finished");
await _retryAndBackoffService.RunAsync(() => _apiProvider.UpdateOnboardingStatus(new StatusModel(_onboardingId, Enums.Feature.ServerlessProtection, Enums.Status.ACTIVE, "Added serverless protection successfully", null, null, null)));
Console.WriteLine($"[INFO] Successfully added serverless protection");
Expand Down
2 changes: 1 addition & 1 deletion Dome9.CloudGuardOnboarding.Orchestrator/Workflow/OnboardingWorkflow.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public override async Task RunAsync(OnboardingRequest request, LambdaCustomResou
await ExecuteStep(new ServerlessAddAccountStep(_apiProvider, _retryAndBackoffService, request.AwsAccountId, request.OnboardingId));

// 8. create serverless protection stack if enabled
await ExecuteStep(new ServerlessStackCreationStep(_apiProvider, _retryAndBackoffService, request.AwsAccountId, request.OnboardingId, configuration.ServerlessTemplateS3Path, configuration.ServerlessStackName, request.UniqueSuffix));
await ExecuteStep(new ServerlessStackCreationStep(_apiProvider, _retryAndBackoffService, request.S3BucketName, request.AwsAccountRegion, request.OnboardingId, configuration.ServerlessTemplateS3Path, configuration.ServerlessStackName, request.UniqueSuffix, configuration.CloudGuardAwsAccountId, configuration.ServerlessStage, configuration.ServerlessCftRegion));
}
}
else
Expand Down
23 changes: 23 additions & 0 deletions cft/cft-replacer/replacer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,15 +38,22 @@ let replacer = function () {
const readonlyPolicy = yamlParse(fs.readFileSync(__dirname + '/../replacements/readonly_policy.yml', 'utf8'))
const readwritePolicy = yamlParse(fs.readFileSync(__dirname + '/../replacements/readwrite_policy.yml', 'utf8'))
const stackModifyPolicyStatements = yamlParse(fs.readFileSync(__dirname + '/../replacements/stack_modify_policy_statements.yml', 'utf8'))
const metadata = yamlParse(fs.readFileSync(__dirname + '/../replacements/metadata.yml', 'utf8'))
const userBasedOrchestratorRolePolicies = yamlParse(fs.readFileSync(__dirname + '/../replacements/user_based_orchestrator_role_policy_statements.yml', 'utf8'))
const roleBasedOrchestratorRolePolicies = yamlParse(fs.readFileSync(__dirname + '/../replacements/role_based_orchestrator_role_policy_statements.yml', 'utf8'))

writToFile('/generated/templates/policies/readonly_policy.json', JSON.stringify(readonlyPolicy, null, 4))
writToFile('/generated/templates/policies/readwrite_policy.json', JSON.stringify(readwritePolicy, null, 4))

// role based onboarding
let orchestratorRole = yamlParse(fs.readFileSync(__dirname + '/../replacements/orchestartor_role.yml', 'utf8'))
let onboardingJson = yamlParse(fs.readFileSync(__dirname + '/../role_based/onboarding.yml', 'utf8'))
replaceObjectByPlaceholders(onboardingJson, [
{key: 'REPLACEMENT_METADATA', value: metadata},
{key: 'REPLACEMENT_PARAMETERS', value: parameters},
{key: 'REPLACEMENT_SATCK_MODIFY_POLICY_STATEMENT', value: stackModifyPolicyStatements},
{key: 'REPLACEMENT_ORCHESTRATOR_ROLE', value: orchestratorRole},
{key: 'REPLACEMENT_ORCHESTRATOR_ROLE_POLICY_STATEMENTS', value: roleBasedOrchestratorRolePolicies},
{key: 'REPLACEMENT_ORCHESTRATOR', value: orchestrator},
{key: 'REPLACEMENT_ORCHESTRATOR_INVOKE_PROPERTIES', value: orchestratorInvokeProperties},
{key: 'REPLACEMENT_BUCKET_SUFFIX', value: bucketSuffix},
Expand Down Expand Up @@ -75,12 +82,24 @@ let replacer = function () {
let intelligence = fs.readFileSync(__dirname + '/../role_based/intelligence_cft.yml', 'utf8')
writToFile('/generated/templates/role_based/intelligence_cft.yml', intelligence)

// role based serverless
let serverlessJson = yamlParse(fs.readFileSync(__dirname + '/../role_based/serverless_cft.yml', 'utf8'))
replaceObjectByPlaceholders(serverlessJson, [
{key: 'REPLACEMENT_METADATA', value: metadata},
]);
let serverlessYml = yamlDump(serverlessJson)
writToFile('/generated/templates/role_based/serverless_cft.yml', serverlessYml)


// user based onboarding
orchestratorRole = yamlParse(fs.readFileSync(__dirname + '/../replacements/orchestartor_role.yml', 'utf8'))
onboardingJson = yamlParse(fs.readFileSync(__dirname + '/../user_based/onboarding.yml', 'utf8'))
replaceObjectByPlaceholders(onboardingJson, [
{key: 'REPLACEMENT_METADATA', value: metadata},
{key: 'REPLACEMENT_PARAMETERS', value: parameters},
{key: 'REPLACEMENT_SATCK_MODIFY_POLICY_STATEMENT', value: stackModifyPolicyStatements},
{key: 'REPLACEMENT_ORCHESTRATOR_ROLE', value: orchestratorRole},
{key: 'REPLACEMENT_ORCHESTRATOR_ROLE_POLICY_STATEMENTS', value: userBasedOrchestratorRolePolicies},
{key: 'REPLACEMENT_ORCHESTRATOR', value: orchestrator},
{key: 'REPLACEMENT_ORCHESTRATOR_INVOKE_PROPERTIES', value: orchestratorInvokeProperties},
{key: 'REPLACEMENT_BUCKET_SUFFIX', value: bucketSuffix},
Expand Down Expand Up @@ -151,6 +170,10 @@ function replaceObjectByPlaceholder(element, replacementKey, replacementValue) {
element[key] = value.replace(replacementKey, replacementValue)
} else if (Array.isArray(element)) {
element.splice(Number(key), 1);
if (replacementValue == null)
{
continue;
}
if (Array.isArray(replacementValue)) {
element.push(...replacementValue);
} else {
Expand Down
Loading

0 comments on commit cdb1d78

Please sign in to comment.