Skip to content

Commit

Permalink
Oncall Fixes (#2077)
Browse files Browse the repository at this point in the history
* update whitelist

* more fixes

* update template urls

* made template generation dynamic

* mage gen fmt

* fix linting

* use dynamic fields

* fix ref

Co-authored-by: panther-bot <[email protected]>
  • Loading branch information
nhakmiller and panther-bot authored Nov 23, 2020
1 parent 4540537 commit db14dc0
Show file tree
Hide file tree
Showing 7 changed files with 22 additions and 17 deletions.
13 changes: 7 additions & 6 deletions deployments/core.yml
Original file line number Diff line number Diff line change
Expand Up @@ -750,16 +750,17 @@ Resources:
Description: Manages database of source integrations
Environment:
Variables:
DEBUG: !Ref Debug
DATA_CATALOG_UPDATER_QUEUE_URL: !Sub https://sqs.${AWS::Region}.${AWS::URLSuffix}/${AWS::AccountId}/panther-datacatalog-updater-queue
SNAPSHOT_POLLERS_QUEUE_URL: !Sub https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/panther-snapshot-queue
LOG_PROCESSOR_QUEUE_URL: !Sub https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/panther-input-data-notifications-queue
LOG_PROCESSOR_QUEUE_ARN: !Sub arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:panther-input-data-notifications-queue
TABLE_NAME: !Ref IntegrationsTable
ACCOUNT_ID: !Ref AWS::AccountId
DATA_CATALOG_UPDATER_QUEUE_URL: !Sub https://sqs.${AWS::Region}.${AWS::URLSuffix}/${AWS::AccountId}/panther-datacatalog-updater-queue
DEBUG: !Ref Debug
INPUT_DATA_ROLE_ARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/PantherInputDataLogProcessingRole-${AWS::Region}
INPUT_DATA_BUCKET_NAME: !Ref InputDataBucket
INPUT_DATA_TOPIC_ARN: !Ref InputDataTopicArn
LOG_PROCESSOR_QUEUE_URL: !Sub https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/panther-input-data-notifications-queue
LOG_PROCESSOR_QUEUE_ARN: !Sub arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:panther-input-data-notifications-queue
SNAPSHOT_POLLERS_QUEUE_URL: !Sub https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/panther-snapshot-queue
TABLE_NAME: !Ref IntegrationsTable
VERSION: !Ref CustomResourceVersion
FunctionName: panther-source-api
# <cfndoc>
# The `panther-source-api` lambda manages Cloud Security and Log Analysis sources. This includes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,7 @@ var (

// lambda
"AddLayerVersionPermission": {},
"Invoke": {},
"InvokeAsync": {},
"InvokeFunction": {},

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -361,7 +361,7 @@ func PollCloudFormationStacks(pollerInput *awsmodels.ResourcePollerInput) ([]api
resources := make([]apimodels.AddResourceEntry, 0, len(stacks))
for _, stack := range stacks {
// Check if this stack failed an earlier part of the scan
if ignoredIds[*stack.StackId] {
if stack == nil || ignoredIds[aws.StringValue(stack.StackId)] {
continue
}

Expand Down
10 changes: 5 additions & 5 deletions internal/core/source_api/api/get_integration_template.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,7 @@ import (
)

const (
TemplateBucket = "panther-public-cloudformation-templates"
CloudSecurityTemplateKey = "panther-cloudsec-iam/v1.0.1/template.yml"
LogAnalysisTemplateKey = "panther-log-analysis-iam/v1.0.0/template.yml"
TemplateBucket = "panther-public-cloudformation-templates"

LogAnalysisStackNameTemplate = "panther-log-analysis-setup-%s"
CloudSecStackName = "panther-cloudsec-setup"
Expand Down Expand Up @@ -134,11 +132,13 @@ func getTemplate(integrationType string) (string, error) {
templateRequest := &s3.GetObjectInput{
Bucket: aws.String(TemplateBucket),
}

if integrationType == models.IntegrationTypeAWSScan {
templateRequest.Key = aws.String(CloudSecurityTemplateKey)
templateRequest.Key = aws.String("panther-cloudsec-iam/" + env.Version + "/template.yml")
} else {
templateRequest.Key = aws.String(LogAnalysisTemplateKey)
templateRequest.Key = aws.String("panther-log-analysis-iam/" + env.Version + "/template.yml")
}
zap.L().Debug("requesting template", zap.String("key", *templateRequest.Key), zap.String("bucket", *templateRequest.Bucket))
s3Object, err := templateS3Client.GetObject(templateRequest)
if err != nil {
return "", err
Expand Down
7 changes: 4 additions & 3 deletions internal/core/source_api/api/vars.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,15 +54,16 @@ var (
)

type envConfig struct {
AccountID string `required:"true" split_words:"true"`
DataCatalogUpdaterQueueURL string `required:"true" split_words:"true"`
SnapshotPollersQueueURL string `required:"true" split_words:"true"`
LogProcessorQueueURL string `required:"true" split_words:"true"`
LogProcessorQueueArn string `required:"true" split_words:"true"`
TableName string `required:"true" split_words:"true"`
AccountID string `required:"true" split_words:"true"`
InputDataRoleArn string `required:"true" split_words:"true"`
InputDataBucketName string `required:"true" split_words:"true"`
InputDataTopicArn string `required:"true" split_words:"true"`
SnapshotPollersQueueURL string `required:"true" split_words:"true"`
TableName string `required:"true" split_words:"true"`
Version string `required:"true" split_words:"true"`
}

// Setup parses the environment and constructs AWS and http clients on a cold Lambda start.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
*/

import { Text, Box, Flex, SimpleGrid, Card, Img, Heading, Button, useSnackbar } from 'pouncejs';
import { STABLE_PANTHER_VERSION } from 'Source/constants';
import React from 'react';
import { downloadData } from 'Helpers/utils';
import { useFormikContext } from 'formik';
Expand Down Expand Up @@ -47,7 +48,7 @@ const StackDeployment: React.FC = () => {
const { stackName, body } = data?.getComplianceIntegrationTemplate ?? {};
const cfnConsoleLink =
`https://${pantherConfig.AWS_REGION}.console.aws.amazon.com/cloudformation/home?region=${pantherConfig.AWS_REGION}#/stacks/create/review` +
`?templateURL=https://s3-us-west-2.amazonaws.com/panther-public-cloudformation-templates/panther-cloudsec-iam/v1.0.0/template.yml` +
`?templateURL=https://s3-us-west-2.amazonaws.com/panther-public-cloudformation-templates/panther-cloudsec-iam/${STABLE_PANTHER_VERSION}/template.yml` +
`&stackName=${stackName}` +
`&param_MasterAccountRegion=${pantherConfig.AWS_REGION}` +
`&param_MasterAccountId=${pantherConfig.AWS_ACCOUNT_ID}` +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import { Text, Box, Flex, SimpleGrid, Card, Img, Heading, Button, useSnackbar } from 'pouncejs';
import React from 'react';
import { STABLE_PANTHER_VERSION } from 'Source/constants';
import { downloadData, toStackNameFormat } from 'Helpers/utils';
import { useFormikContext } from 'formik';
import { useWizardContext, WizardPanel } from 'Components/Wizard';
Expand Down Expand Up @@ -49,7 +50,7 @@ const StackDeployment: React.FC = () => {
const { stackName, body } = data?.getS3LogIntegrationTemplate ?? {};
const cfnConsoleLink =
`https://${pantherConfig.AWS_REGION}.console.aws.amazon.com/cloudformation/home?region=${pantherConfig.AWS_REGION}#/stacks/create/review` +
'?templateURL=https://panther-public-cloudformation-templates.s3-us-west-2.amazonaws.com/panther-log-analysis-iam/v1.0.0/template.yml' +
`?templateURL=https://panther-public-cloudformation-templates.s3-us-west-2.amazonaws.com/panther-log-analysis-iam/${STABLE_PANTHER_VERSION}/template.yml` +
`&stackName=${stackName}` +
`&param_MasterAccountId=${pantherConfig.AWS_ACCOUNT_ID}` +
`&param_RoleSuffix=${toStackNameFormat(values.integrationLabel)}` +
Expand Down

0 comments on commit db14dc0

Please sign in to comment.