class CloudNotificationCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = CloudNotificationCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'CloudNotificationCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "aws-cloud-notification-collector",
'jobUuid': "pacman-cloud-notifications-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "Health Notification Collector",
'environmentVariables': [
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/api/prd/latest"},
{'name': "PACMAN_API_URI", 'value': ApplicationLoadBalancer.get_api_base_url()},
{'name': "LOGGING_ES_HOST_NAME", 'value': ESDomain.get_http_url_with_port()},
{'name': "ES_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "ENVIRONMENT", 'value': "prd"},
{'name': "APP_NAME", 'value': "aws-cloud-notification-collector"},
{'name': "APP_TYPE", 'value': "etl"},
{'name': "BASE_AWS_ACCOUNT", 'value': AwsAccount.get_output_attr('account_id')},
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
{'encrypt': False, 'key': "conf_src", 'value': "api-prd,application-prd"},
]
})
class RecommendationsCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = RecommendationsCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'RecommendationsCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "aws-recommendations-collector",
'jobUuid': "recommendation-enricher-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "Index trusted advisor checks as recommendations",
'environmentVariables': [
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/batch,recommendation-enricher/prd/latest"},
{'name': "PACMAN_API_URI", 'value': ApplicationLoadBalancer.get_api_base_url()},
{'name': "LOGGING_ES_HOST_NAME", 'value': ESDomain.get_http_url_with_port()},
{'name': "ES_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "ENVIRONMENT", 'value': "prd"},
{'name': "APP_NAME", 'value': "aws-recommendations-collector"},
{'name': "APP_TYPE", 'value': "etl"},
{'name': "HEIMDALL_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "BASE_AWS_ACCOUNT", 'value': AwsAccount.get_output_attr('account_id')},
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile.cso.pacbot"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
]
})
class DataCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = DataCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'DataCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "AWS-Data-Collector",
'jobUuid': "pacman-aws-inventory-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "AWS-Data-Collection",
'environmentVariables': [
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/batch,inventory/prd/latest"},
{'name': "CONFIG_CREDENTIALS", 'value': "dXNlcjpwYWNtYW4="},
{'name': "CONFIG_SERVICE_URL", 'value': ApplicationLoadBalancer.get_http_url() + "/api/config/rule/prd/latest"}
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile.cso.pacman"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
{'encrypt': False, 'key': "accountinfo", 'value': AwsAccount.get_output_attr('account_id')},
# {'encrypt': False, 'key': "base-account", 'value': AwsAccount.get_output_attr('account_id')},
# {'encrypt': False, 'key': "discovery-role", 'value': BaseRole.get_output_attr('name')},
# {'encrypt': False, 'key': "s3", 'value': BucketStorage.get_output_attr('bucket')},
# {'encrypt': False, 'key': "s3-data", 'value': "inventory"}, # TODO: need to be changed with s3obj class
# {'encrypt': False, 'key': "s3-processed", 'value': "backup"},
# {'encrypt': False, 'key': "s3-role", 'value': BaseRole.get_output_attr('name')},
# {'encrypt': False, 'key': "s3-region", 'value': AwsRegion.get_output_attr('name')},
# {'encrypt': False, 'key': "file-path", 'value': "/home/ec2-user/data"},
# {'encrypt': False, 'key': "base-region", 'value': AwsRegion.get_output_attr('name')}
]
})
class SubmitJobLambdaFunction(LambdaFunctionResource):
function_name = "datacollector"
role = LambdaRole.get_output_attr('arn')
handler = BATCH_JOB_FILE_NAME + ".lambda_handler"
runtime = "python2.7"
s3_bucket = BucketStorage.get_output_attr('bucket')
s3_key = UploadLambdaSubmitJobZipFile.get_output_attr('id')
environment = {
'variables': {
'JOB_QUEUE':
BatchJobsQueue.get_input_attr('name'),
'JOB_DEFINITION':
SubmitAndRuleEngineJobDefinition.get_output_attr('arn'),
'CONFIG_URL':
ApplicationLoadBalancer.get_api_base_url() +
"/config/batch,inventory/prd/latest",
'CONFIG_CREDENTIALS':
"dXNlcjpwYWNtYW4=",
'CONFIG_SERVICE_URL':
ApplicationLoadBalancer.get_http_url() +
"/api/config/rule/prd/latest"
}
}
DEPENDS_ON = [SubmitAndRuleEngineJobDefinition, BatchJobsQueue]
class DataShipperCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = DataShipperEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'DataShipperTarger' # Unique identifier
target_input = json.dumps({
'jobName': "aws-redshift-es-data-shipper",
'jobUuid': "data-shipper-jar-with-dependencies",
'jobType': "jar",
'jobDesc': "Ship aws data periodically from redshfit to ES",
'environmentVariables': [
# {'name': "ES_HOST", 'value': ESDomain.get_output_attr('endpoint')},
# {'name': "RDS_DB_URL", 'value': MySQLDatabase.get_rds_db_url()},
# {'name': "ES_PORT", 'value': "80"},
# {'name': "STAT_API_URL", 'value': ApplicationLoadBalancer.get_api_version_url('statistics')},
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/batch,data-shipper/prd/latest"},
{'name': "ASSET_API_URL", 'value': ApplicationLoadBalancer.get_api_version_url('asset')},
{'name': "CMPL_API_URL", 'value': ApplicationLoadBalancer.get_api_version_url('compliance')},
{'name': "AUTH_API_URL", 'value': ApplicationLoadBalancer.get_api_version_url('auth')},
{'name': "CONFIG_CREDENTIALS", 'value': "dXNlcjpwYWNtYW4="},
{'name': "CONFIG_SERVICE_URL", 'value': ApplicationLoadBalancer.get_http_url() + "/api/config/rule/prd/latest"}
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile"},
{'encrypt': False, 'key': "datasource", 'value': "aws"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
{'encrypt': False, 'key': "apiauthinfo",
'value': "MjJlMTQ5MjItODdkNy00ZWU0LWE0NzAtZGEwYmIxMGQ0NWQzOmNzcldwYzVwN0pGRjR2RVpCa3dHQ0FoNjdrR1FHd1h2NDZxdWc3djVad3RLZw=="}
]
})
class SubmitAndRuleEngineJobDefinition(BatchJobDefinitionResource):
name = 'rule-engine'
jd_type = 'container'
attempts = 2
container_properties = json.dumps({
'command': [
"~/fetch_and_run.sh", "Ref::executableName", "Ref::params",
"Ref::jvmMemParams", "Ref::ruleEngineExecutableName",
"Ref::entryPoint"
],
'image':
RuleEngineEcrRepository.get_output_attr('repository_url'),
'memory':
5000,
'vcpus':
1,
'environment': [{
'name': "ES_HOST",
'value': ESDomain.get_http_url_with_port()
}, {
'name': "BASE_AWS_ACCOUNT",
'value': AwsAccount.get_output_attr('account_id')
}, {
'name': "ES_URI",
'value': ESDomain.get_http_url_with_port()
}, {
'name': "HEIMDALL_URI",
'value': ESDomain.get_http_url_with_port()
}, {
'name': "PACMAN_API_URI",
'value': ApplicationLoadBalancer.get_api_base_url()
}, {
'name': "CONFIG_CREDENTIALS",
'value': "dXNlcjpwYWNtYW4="
}, {
'name':
"CONFIG_SERVICE_URL",
'value':
ApplicationLoadBalancer.get_http_url() +
"/api/config/rule/prd/latest"
}]
})
def post_terraform_destroy(self):
deregister_task_definition(Settings.AWS_ACCESS_KEY,
Settings.AWS_SECRET_KEY,
Settings.AWS_REGION,
self.get_input_attr('name'))
def pre_terraform_destroy(self):
compute_env = RuleEngineBatchJobEnv.get_input_attr(
'compute_environment_name')
job_definition = self.get_input_attr('name')
utils.remove_batch_job_related_resources(compute_env, job_definition)
def get_provisioners(self):
pacbot_build_script = os.path.join(get_terraform_scripts_dir(),
'build_pacbot.py')
upload_dir = self._create_dir_to_store_build_ap()
local_execs = [{
'local-exec': {
'command': pacbot_build_script,
'environment': {
'PROVIDER_FILE':
get_terraform_provider_file(),
'APPLICATION_DOMAIN':
ApplicationLoadBalancer.get_pacbot_domain_url(),
'PACBOT_CODE_DIR':
Settings.PACBOT_CODE_DIR,
'DIST_FILES_UPLOAD_DIR':
upload_dir,
'LOG_DIR':
Settings.LOG_DIR,
'S3_BUCKET':
BucketStorage.get_output_attr('bucket'),
'S3_KEY_PREFIX':
Settings.RESOURCE_NAME_PREFIX
},
'interpreter': [Settings.PYTHON_INTERPRETER]
}
}]
return local_execs
class ApplicationLoadBalancerListener(ALBListenerResource):
load_balancer_arn = ApplicationLoadBalancer.get_output_attr('arn')
port = 80
protocol = "HTTP"
default_action_target_group_arn = tg.NginxALBTargetGroup.get_output_attr(
'arn')
default_action_type = "forward"
class SubmitAndRuleEngineJobDefinition(BatchJobDefinitionResource):
name = 'rule-engine'
jd_type = 'container'
attempts = 2
container_properties = json.dumps({
'command': [
"~/fetch_and_run.sh",
"Ref::executableName",
"Ref::params",
"Ref::jvmMemParams",
"Ref::ruleEngineExecutableName",
"Ref::entryPoint"
],
'image': RuleEngineEcrRepository.get_output_attr('repository_url'),
'memory': 5000,
'vcpus': 1,
'environment': [
{'name': "ES_HOST", 'value': ESDomain.get_http_url_with_port()},
{'name': "BASE_AWS_ACCOUNT", 'value': AwsAccount.get_output_attr('account_id')},
{'name': "ES_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "HEIMDALL_URI", 'value': ESDomain.get_http_url_with_port()},
{'name': "PACMAN_API_URI", 'value': ApplicationLoadBalancer.get_api_base_url()}
]
})
def post_terraform_destroy(self):
delete_task_definition(
Settings.AWS_ACCESS_KEY,
Settings.AWS_SECRET_KEY,
Settings.AWS_REGION,
self.get_input_attr('name')
)
class DataCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = DataCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'DataCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName':
"AWS-Data-Collector",
'jobUuid':
"pacman-aws-inventory-jar-with-dependencies",
'jobType':
"jar",
'jobDesc':
"AWS-Data-Collection",
'environmentVariables': [{
'name':
"CONFIG_URL",
'value':
ApplicationLoadBalancer.get_api_base_url() +
"/config/batch,inventory/prd/latest"
}, {
'name': "CONFIG_CREDENTIALS",
'value': "dXNlcjpwYWNtYW4="
}, {
'name':
"CONFIG_SERVICE_URL",
'value':
ApplicationLoadBalancer.get_http_url() +
"/api/config/rule/prd/latest"
}],
'params': [
{
'encrypt': False,
'key': "package_hint",
'value': "com.tmobile.cso.pacman"
},
{
'encrypt': False,
'key': "config_creds",
'value': "dXNlcjpwYWNtYW4="
},
{
'encrypt': False,
'key': "accountinfo",
'value': AwsAccount.get_output_attr('account_id')
},
]
})
class PacBotHttpsListener(ALBListenerResource):
load_balancer_arn = ApplicationLoadBalancer.get_output_attr('arn')
port = 443
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = Settings.get('SSL_CERTIFICATE_ARN')
default_action_target_group_arn = tg.NginxALBTargetGroup.get_output_attr('arn')
default_action_type = "forward"
class QualysAssetDataImporterCloudWatchEventTarget(
CloudWatchEventTargetResource):
rule = QualysAssetDataImporterEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'QualysAssetDataImporterTarget' # Unique identifier
target_input = json.dumps({
'jobName':
"qualys-asset-data-importer",
'jobUuid':
"qualys-asset-data-importer",
'jobType':
"jar",
'jobDesc':
"Qualys Asset Data Importer",
'environmentVariables': [
{
'name':
"CONFIG_URL",
'value':
ApplicationLoadBalancer.get_api_base_url() +
"/config/batch,qualys-enricher/prd/latest"
},
],
'params': [{
'encrypt': False,
'key': "package_hint",
'value': "com.tmobile"
}, {
'encrypt': False,
'key': "config_creds",
'value': "dXNlcjpwYWNtYW4="
}, {
'encrypt': False,
'key': "job_hint",
'value': "qualys"
}, {
'encrypt': False,
'key': "server_type",
'value': "ec2"
}, {
'encrypt': False,
'key': "datasource",
'value': "aws"
}]
})
PROCESS = need_to_deploy_vulnerability_service()
def get_auth_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-auth.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "DOMAIN_URL",
'value': ApplicationLoadBalancer.get_api_server_url('auth')
}]
def run_pre_deployment_process(self, resources_to_process):
"""
Before redeploy get started do predeployment activities
Args:
resources_to_process (list): List of resources to be created/updated
"""
if not self.dry_run:
elb.delete_all_listeners_of_alb(
ApplicationLoadBalancer.get_input_attr('name'),
Settings.AWS_AUTH_CRED)
tg_resources = self._get_resources_of_a_given_class_type(resources_to_process, ALBTargetGroupResource)
tg_names = [resource.get_input_attr('name') for resource in tg_resources]
elb.delete_alltarget_groups(
tg_names,
Settings.AWS_AUTH_CRED)
class AzureDataCollectorCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = AzureDataCollectorEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'AzureDataCollectorTarget' # Unique identifier
target_input = json.dumps({
'jobName': "pacbot-azure-discovery",
'jobUuid': "pacbot-azure-discovery",
'jobType': "jar",
'jobDesc': "Collects azure data and upload to S3",
'environmentVariables': [
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/batch,azure-discovery/prd/latest"},
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile.pacbot"},
{'encrypt': False, 'key': "file.path", 'value': "/home/ec2-user/azure-data"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
{'encrypt': False, 'key': "tenants", 'value': get_azure_tenants()}
]
})
PROCESS = need_to_enable_azure()
class AzureDataShipperCloudWatchEventTarget(CloudWatchEventTargetResource):
rule = AzureDataShipperEventRule.get_output_attr('name')
arn = SubmitJobLambdaFunction.get_output_attr('arn')
target_id = 'AzureDataShipperTarget' # Unique identifier
target_input = json.dumps({
'jobName': "data-shipper-azure",
'jobUuid': "data-shipper-azure",
'jobType': "jar",
'jobDesc': "Ship Azure Data from S3 to PacBot ES",
'environmentVariables': [
{'name': "CONFIG_URL", 'value': ApplicationLoadBalancer.get_api_base_url() + "/config/batch,azure-discovery/prd/latest"},
],
'params': [
{'encrypt': False, 'key': "package_hint", 'value': "com.tmobile.cso.pacman"},
{'encrypt': False, 'key': "config_creds", 'value': "dXNlcjpwYWNtYW4="},
{'encrypt': False, 'key': "datasource", 'value': "azure"},
{'encrypt': False, 'key': "s3.data", 'value': "azure-inventory"}
]
})
PROCESS = need_to_enable_azure()
class ContainerDefinitions:
ui_image = UIEcrRepository.get_output_attr(
'repository_url') + ":" + "latest"
api_image = APIEcrRepository.get_output_attr(
'repository_url') + ":" + "latest"
ui_cw_log_group = UiCloudWatchLogGroup.get_output_attr('name')
api_cw_log_group = ApiCloudWatchLogGroup.get_output_attr('name')
CONFIG_PASSWORD = "******"
CONFIG_SERVER_URL = ApplicationLoadBalancer.get_api_server_url('config')
ES_CLUSTER_NAME = ESDomain.get_input_attr('domain_name')
ES_HEIMDALL_HOST_NAME = ESDomain.get_output_attr('endpoint')
ES_HEIMDALL_PORT = str(ESDomain.get_es_port())
ES_HOST_NAME = ESDomain.get_output_attr('endpoint')
ES_PORT = str(ESDomain.get_es_port())
LOGGING_ES_HOST_NAME = ESDomain.get_output_attr('endpoint')
LOGGING_ES_PORT = str(ESDomain.get_es_port())
PACMAN_HOST_NAME = ApplicationLoadBalancer.get_http_url()
RDS_USERNAME = MySQLDatabase.get_input_attr('username')
RDS_PASSWORD = MySQLDatabase.get_input_attr('password')
RDS_URL = MySQLDatabase.get_rds_db_url()
REDSHIFT_URL = RedshiftCluster.get_redshift_url()
REDSHIFT_USER_NAME = RedshiftCluster.get_input_attr('master_username')
REDSHIFT_PASSWORD = RedshiftCluster.get_input_attr('master_password')
ES_UPDATE_HOST = ESDomain.get_output_attr('endpoint')
ES_UPDATE_PORT = str(ESDomain.get_es_port())
ES_UPDATE_CLUSTER_NAME = ESDomain.get_input_attr('domain_name')
LDAP_DOMAIN = "http://localhost"
LDAP_PORT = "389"
LDAP_BASEDN = "http://localhost"
LDAP_HOSTLIST = "http://localhost"
LDAP_RESPONSETIMEOUT = "60"
LDAP_CONNECTIONTIMEOUT = "60"
def get_container_definitions_without_env_vars(self, container_name):
return {
'name': container_name,
"image":
self.ui_image if container_name == 'nginx' else self.api_image,
"essential": True,
"entrypoint": ["sh", "-c"],
"command": ["sh /entrypoint.sh"],
"portMappings": [{
"containerPort": 80,
"hostPort": 80
}],
"memory": 1024,
"networkMode": "awsvpc",
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group":
self.ui_cw_log_group
if container_name == 'nginx' else self.api_cw_log_group,
"awslogs-region":
AwsRegion.get_output_attr('name'),
"awslogs-stream-prefix":
Settings.RESOURCE_NAME_PREFIX + "-" + container_name
}
}
}
def get_container_definitions(self, container_name):
definitions = self.get_container_definitions_without_env_vars(
container_name)
env_vars = self._get_env_vars_for_container_service(container_name)
if env_vars:
definitions['environment'] = env_vars
return json.dumps([definitions])
def _get_env_vars_for_container_service(self, container_name):
def function_not_found():
return None
fun_name = "get_%s_container_env_vars" % container_name.replace(
'-', '_')
call_fun = getattr(self, fun_name, function_not_found)
return call_fun()
def get_config_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "config.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}]
def get_admin_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-admin.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "ES_CLUSTER_NAME",
'value': self.ES_CLUSTER_NAME
}, {
'name': "ES_HEIMDALL_HOST_NAME",
'value': self.ES_HEIMDALL_HOST_NAME
}, {
'name': "ES_HEIMDALL_PORT",
'value': self.ES_HEIMDALL_PORT
}, {
'name': "ES_HOST_NAME",
'value': self.ES_HOST_NAME
}, {
'name': "ES_PORT",
'value': self.ES_PORT
}, {
'name': "LOGGING_ES_HOST_NAME",
'value': self.LOGGING_ES_HOST_NAME
}, {
'name': "LOGGING_ES_PORT",
'value': self.LOGGING_ES_PORT
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
}, {
'name': "RDS_URL",
'value': self.RDS_URL
}, {
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
}, {
'name': "ES_UPDATE_HOST",
'value': self.ES_UPDATE_HOST
}, {
'name': "ES_UPDATE_PORT",
'value': self.ES_UPDATE_PORT
}, {
'name': "ES_UPDATE_CLUSTER_NAME",
'value': self.ES_UPDATE_CLUSTER_NAME
}, {
'name': "SECURITY_USERNAME",
'value': "admin"
}, {
'name': "SECURITY_PASSWORD",
'value': "admin@123"
}, {
'name': "ACCESS_KEY",
'value': "test_key_1"
}, {
'name': "SECRET_KEY",
'value': "test_key_2"
}, {
'name': "DOMAIN_URL",
'value': ApplicationLoadBalancer.get_api_server_url('admin')
}, {
'name': "ADMIN_SERVER",
'value': "http://localhost/pacmonitor"
}, {
'name': "ROLE_ARN",
'value': ECSRole.get_output_attr('arn')
}, {
'name':
"JOB_FUNCTION_NAME",
'value':
SubmitJobLambdaFunction.get_input_attr('function_name')
}, {
'name': "JOB_FUNCTION_ARN",
'value': SubmitJobLambdaFunction.get_output_attr('arn')
}, {
'name': "JOB_LAMBDA_REGION",
'value': AwsRegion.get_output_attr('name')
}, {
'name': "JOB_BUCKET_REGION",
'value': AwsRegion.get_output_attr('name')
}, {
'name':
"RULE_FUNCTION_NAME",
'value':
RuleEngineLambdaFunction.get_input_attr('function_name')
}, {
'name': "RULE_FUNCTION_ARN",
'value': RuleEngineLambdaFunction.get_output_attr('arn')
}, {
'name': "RULE_BUCKET_REGION",
'value': AwsRegion.get_output_attr('name')
}, {
'name': "RULE_LAMBDA_REGION",
'value': AwsRegion.get_output_attr('name')
}, {
'name': "RULE_JOB_BUCKET_NAME",
'value': BucketStorage.get_output_attr('bucket')
}]
def get_compliance_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-compliance.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "ES_CLUSTER_NAME",
'value': self.ES_CLUSTER_NAME
}, {
'name': "ES_HEIMDALL_HOST_NAME",
'value': self.ES_HEIMDALL_HOST_NAME
}, {
'name': "ES_HEIMDALL_PORT",
'value': self.ES_HEIMDALL_PORT
}, {
'name': "ES_HOST_NAME",
'value': self.ES_HOST_NAME
}, {
'name': "ES_PORT",
'value': self.ES_PORT
}, {
'name': "LOGGING_ES_HOST_NAME",
'value': self.LOGGING_ES_HOST_NAME
}, {
'name': "LOGGING_ES_PORT",
'value': self.LOGGING_ES_PORT
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
}, {
'name': "RDS_URL",
'value': self.RDS_URL
}, {
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
}, {
'name': "REDSHIFT_URL",
'value': self.REDSHIFT_URL
}, {
'name': "REDSHIFT_USER_NAME",
'value': self.REDSHIFT_USER_NAME
}, {
'name': "REDSHIFT_PASSWORD",
'value': self.REDSHIFT_PASSWORD
}, {
'name': "ES_UPDATE_HOST",
'value': self.ES_UPDATE_HOST
}, {
'name': "ES_UPDATE_PORT",
'value': self.ES_UPDATE_PORT
}, {
'name': "ES_UPDATE_CLUSTER_NAME",
'value': self.ES_UPDATE_CLUSTER_NAME
}, {
'name': "LDAP_DOMAIN",
'value': self.LDAP_DOMAIN
}, {
'name': "LDAP_BASEDN",
'value': self.LDAP_BASEDN
}, {
'name': "LDAP_PORT",
'value': self.LDAP_PORT
}, {
'name': "LDAP_RESPONSETIMEOUT",
'value': self.LDAP_RESPONSETIMEOUT
}, {
'name': "LDAP_CONNECTIONTIMEOUT",
'value': self.LDAP_CONNECTIONTIMEOUT
}, {
'name': "LDAP_HOSTLIST",
'value': self.LDAP_HOSTLIST
}, {
'name': "CERTIFICATE_FEATURE_ENABLED",
'value': "false"
}, {
'name': "PATCHING_FEATURE_ENABLED",
'value': "false"
}, {
'name': "VULNERABILITY_FEATURE_ENABLED",
'value': "false"
}]
def get_notifications_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-notification.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "ES_CLUSTER_NAME",
'value': self.ES_CLUSTER_NAME
}, {
'name': "ES_HEIMDALL_HOST_NAME",
'value': self.ES_HEIMDALL_HOST_NAME
}, {
'name': "ES_HEIMDALL_PORT",
'value': self.ES_HEIMDALL_PORT
}, {
'name': "ES_HOST_NAME",
'value': self.ES_HOST_NAME
}, {
'name': "ES_PORT",
'value': self.ES_PORT
}, {
'name': "LOGGING_ES_HOST_NAME",
'value': self.LOGGING_ES_HOST_NAME
}, {
'name': "LOGGING_ES_PORT",
'value': self.LOGGING_ES_PORT
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
}, {
'name': "RDS_URL",
'value': self.RDS_URL
}, {
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
}, {
'name': "REDSHIFT_URL",
'value': self.REDSHIFT_URL
}, {
'name': "REDSHIFT_USER_NAME",
'value': self.REDSHIFT_USER_NAME
}, {
'name': "REDSHIFT_PASSWORD",
'value': self.REDSHIFT_PASSWORD
}, {
'name': "ES_UPDATE_HOST",
'value': self.ES_UPDATE_HOST
}, {
'name': "ES_UPDATE_PORT",
'value': self.ES_UPDATE_PORT
}, {
'name': "ES_UPDATE_CLUSTER_NAME",
'value': self.ES_UPDATE_CLUSTER_NAME
}, {
'name': "LDAP_DOMAIN",
'value': self.LDAP_DOMAIN
}, {
'name': "LDAP_BASEDN",
'value': self.LDAP_BASEDN
}, {
'name': "LDAP_PORT",
'value': self.LDAP_PORT
}, {
'name': "LDAP_RESPONSETIMEOUT",
'value': self.LDAP_RESPONSETIMEOUT
}, {
'name': "LDAP_CONNECTIONTIMEOUT",
'value': self.LDAP_CONNECTIONTIMEOUT
}, {
'name': "LDAP_HOSTLIST",
'value': self.LDAP_HOSTLIST
}]
def get_statistics_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-statistics.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "ES_CLUSTER_NAME",
'value': self.ES_CLUSTER_NAME
}, {
'name': "ES_HEIMDALL_HOST_NAME",
'value': self.ES_HEIMDALL_HOST_NAME
}, {
'name': "ES_HEIMDALL_PORT",
'value': self.ES_HEIMDALL_PORT
}, {
'name': "ES_HOST_NAME",
'value': self.ES_HOST_NAME
}, {
'name': "ES_PORT",
'value': self.ES_PORT
}, {
'name': "LOGGING_ES_HOST_NAME",
'value': self.LOGGING_ES_HOST_NAME
}, {
'name': "LOGGING_ES_PORT",
'value': self.LOGGING_ES_PORT
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
}, {
'name': "RDS_URL",
'value': self.RDS_URL
}, {
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
}, {
'name': "REDSHIFT_URL",
'value': self.REDSHIFT_URL
}, {
'name': "REDSHIFT_USER_NAME",
'value': self.REDSHIFT_USER_NAME
}, {
'name': "REDSHIFT_PASSWORD",
'value': self.REDSHIFT_PASSWORD
}, {
'name': "ES_UPDATE_HOST",
'value': self.ES_UPDATE_HOST
}, {
'name': "ES_UPDATE_PORT",
'value': self.ES_UPDATE_PORT
}, {
'name': "ES_UPDATE_CLUSTER_NAME",
'value': self.ES_UPDATE_CLUSTER_NAME
}, {
'name': "LDAP_DOMAIN",
'value': self.LDAP_DOMAIN
}, {
'name': "LDAP_BASEDN",
'value': self.LDAP_BASEDN
}, {
'name': "LDAP_PORT",
'value': self.LDAP_PORT
}, {
'name': "LDAP_RESPONSETIMEOUT",
'value': self.LDAP_RESPONSETIMEOUT
}, {
'name': "LDAP_CONNECTIONTIMEOUT",
'value': self.LDAP_CONNECTIONTIMEOUT
}, {
'name': "LDAP_HOSTLIST",
'value': self.LDAP_HOSTLIST
}]
def get_asset_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-asset.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "ES_CLUSTER_NAME",
'value': self.ES_CLUSTER_NAME
}, {
'name': "ES_HEIMDALL_HOST_NAME",
'value': self.ES_HEIMDALL_HOST_NAME
}, {
'name': "ES_HEIMDALL_PORT",
'value': self.ES_HEIMDALL_PORT
}, {
'name': "ES_HOST_NAME",
'value': self.ES_HOST_NAME
}, {
'name': "ES_PORT",
'value': self.ES_PORT
}, {
'name': "LOGGING_ES_HOST_NAME",
'value': self.LOGGING_ES_HOST_NAME
}, {
'name': "LOGGING_ES_PORT",
'value': self.LOGGING_ES_PORT
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
}, {
'name': "RDS_URL",
'value': self.RDS_URL
}, {
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
}, {
'name': "REDSHIFT_URL",
'value': self.REDSHIFT_URL
}, {
'name': "REDSHIFT_USER_NAME",
'value': self.REDSHIFT_USER_NAME
}, {
'name': "REDSHIFT_PASSWORD",
'value': self.REDSHIFT_PASSWORD
}, {
'name': "ES_UPDATE_HOST",
'value': self.ES_UPDATE_HOST
}, {
'name': "ES_UPDATE_PORT",
'value': self.ES_UPDATE_PORT
}, {
'name': "ES_UPDATE_CLUSTER_NAME",
'value': self.ES_UPDATE_CLUSTER_NAME
}, {
'name': "LDAP_DOMAIN",
'value': self.LDAP_DOMAIN
}, {
'name': "LDAP_BASEDN",
'value': self.LDAP_BASEDN
}, {
'name': "LDAP_PORT",
'value': self.LDAP_PORT
}, {
'name': "LDAP_RESPONSETIMEOUT",
'value': self.LDAP_RESPONSETIMEOUT
}, {
'name': "LDAP_CONNECTIONTIMEOUT",
'value': self.LDAP_CONNECTIONTIMEOUT
}, {
'name': "LDAP_HOSTLIST",
'value': self.LDAP_HOSTLIST
}, {
'name': "CLOUD_INSIGHTS_COST_URL",
'value': "http://localhost"
}, {
'name': "CLOUD_INSIGHTS_TOKEN_URL",
'value': "http://localhost"
}, {
'name': "SVC_CORP_PASSWORD",
'value': "password"
}, {
'name': "SVC_CORP_USER_ID",
'value': "testid"
}]
def get_auth_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-auth.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "DOMAIN_URL",
'value': ApplicationLoadBalancer.get_api_server_url('auth')
}, {
'name': "ES_CLUSTER_NAME",
'value': self.ES_CLUSTER_NAME
}, {
'name': "ES_HEIMDALL_HOST_NAME",
'value': self.ES_HEIMDALL_HOST_NAME
}, {
'name': "ES_HEIMDALL_PORT",
'value': self.ES_HEIMDALL_PORT
}, {
'name': "ES_HOST_NAME",
'value': self.ES_HOST_NAME
}, {
'name': "ES_PORT",
'value': self.ES_PORT
}, {
'name': "LOGGING_ES_HOST_NAME",
'value': self.LOGGING_ES_HOST_NAME
}, {
'name': "LOGGING_ES_PORT",
'value': self.LOGGING_ES_PORT
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
}, {
'name': "RDS_URL",
'value': self.RDS_URL
}, {
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
}, {
'name': "REDSHIFT_URL",
'value': self.REDSHIFT_URL
}, {
'name': "REDSHIFT_USER_NAME",
'value': self.REDSHIFT_USER_NAME
}, {
'name': "REDSHIFT_PASSWORD",
'value': self.REDSHIFT_PASSWORD
}, {
'name': "ES_UPDATE_HOST",
'value': self.ES_UPDATE_HOST
}, {
'name': "ES_UPDATE_PORT",
'value': self.ES_UPDATE_PORT
}, {
'name': "ES_UPDATE_CLUSTER_NAME",
'value': self.ES_UPDATE_CLUSTER_NAME
}, {
'name': "LDAP_DOMAIN",
'value': self.LDAP_DOMAIN
}, {
'name': "LDAP_BASEDN",
'value': self.LDAP_BASEDN
}, {
'name': "LDAP_PORT",
'value': self.LDAP_PORT
}, {
'name': "LDAP_RESPONSETIMEOUT",
'value': self.LDAP_RESPONSETIMEOUT
}, {
'name': "LDAP_CONNECTIONTIMEOUT",
'value': self.LDAP_CONNECTIONTIMEOUT
}, {
'name': "LDAP_HOSTLIST",
'value': self.LDAP_HOSTLIST
}, {
'name': "OAUTH2_CLIENT_ID",
'value': "22e14922-87d7-4ee4-a470-da0bb10d45d3"
}]
class ContainerDefinitions:
"""Friend class for getting the container definitions of each service"""
ui_image = UIEcrRepository.get_output_attr(
'repository_url') + ":" + "latest"
api_image = APIEcrRepository.get_output_attr(
'repository_url') + ":" + "latest"
ui_cw_log_group = UiCloudWatchLogGroup.get_output_attr('name')
api_cw_log_group = ApiCloudWatchLogGroup.get_output_attr('name')
CONFIG_PASSWORD = "******"
CONFIG_SERVER_URL = ApplicationLoadBalancer.get_api_server_url('config')
PACMAN_HOST_NAME = ApplicationLoadBalancer.get_http_url()
RDS_USERNAME = MySQLDatabase.get_input_attr('username')
RDS_PASSWORD = MySQLDatabase.get_input_attr('password')
RDS_URL = MySQLDatabase.get_rds_db_url()
def get_container_definitions_without_env_vars(self, container_name):
"""
This method returns the basic common container definitioons for all task definitions
Returns:
container_definitions (dict): Container definitions
"""
memory = 1024 if container_name == "nginx" else 3072
return {
'name': container_name,
"image":
self.ui_image if container_name == 'nginx' else self.api_image,
"essential": True,
"entrypoint": ["sh", "-c"],
"command": ["sh /entrypoint.sh"],
"portMappings": [{
"containerPort": 80,
"hostPort": 80
}],
"memory": memory,
"networkMode": "awsvpc",
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group":
self.ui_cw_log_group
if container_name == 'nginx' else self.api_cw_log_group,
"awslogs-region":
AwsRegion.get_output_attr('name'),
"awslogs-stream-prefix":
Settings.RESOURCE_NAME_PREFIX + "-" + container_name
}
}
}
def get_container_definitions(self, container_name):
"""
This method find complete container definitions for a task definiiton and returns it
Returns:
container_definitions (json): Josn data of complete Container definitions
"""
definitions = self.get_container_definitions_without_env_vars(
container_name)
env_vars = self._get_env_vars_for_container_service(container_name)
if env_vars:
definitions['environment'] = env_vars
return json.dumps([definitions])
def _get_env_vars_for_container_service(self, container_name):
"""
Dynamically call the function based on the container name to get all environment variables
Returns:
env_variables (list): List of dict of env variables
"""
def function_not_found():
return None
fun_name = "get_%s_container_env_vars" % container_name.replace(
'-', '_')
call_fun = getattr(self, fun_name, function_not_found)
return call_fun()
def get_config_container_env_vars(self):
return [
{
'name': "JAR_FILE",
'value': "config.jar"
},
{
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
},
{
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
},
{
'name': "RDS_URL",
'value': self.RDS_URL
},
{
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
},
{
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
},
]
def get_admin_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-admin.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "DOMAIN_URL",
'value': ApplicationLoadBalancer.get_api_server_url('admin')
}]
def get_compliance_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-compliance.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name':
"DOMAIN_URL",
'value':
ApplicationLoadBalancer.get_api_server_url('compliance')
}]
def get_notifications_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-notification.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name':
"DOMAIN_URL",
'value':
ApplicationLoadBalancer.get_api_server_url('notifications')
}]
def get_statistics_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-statistics.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name':
"DOMAIN_URL",
'value':
ApplicationLoadBalancer.get_api_server_url('statistics')
}]
def get_asset_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-asset.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "DOMAIN_URL",
'value': ApplicationLoadBalancer.get_api_server_url('asset')
}]
def get_auth_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-auth.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "DOMAIN_URL",
'value': ApplicationLoadBalancer.get_api_server_url('auth')
}]
def get_vulnerability_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-vulnerability.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name':
"DOMAIN_URL",
'value':
ApplicationLoadBalancer.get_api_server_url('vulnerability')
}]
def get_provisioners(self):
script = os.path.join(get_terraform_scripts_dir(), 'sql_replace_placeholder.py')
db_user_name = MySQLDatabase.get_input_attr('username')
db_password = MySQLDatabase.get_input_attr('password')
db_host = MySQLDatabase.get_output_attr('endpoint')
local_execs = [
{
'local-exec': {
'command': script,
'environment': {
'SQL_FILE_PATH': self.dest_file,
'ENV_region': AwsRegion.get_output_attr('name'),
'ENV_account': AwsAccount.get_output_attr('account_id'),
'ENV_eshost': ESDomain.get_http_url(),
'ENV_esport': ESDomain.get_es_port(),
'ENV_LOGGING_ES_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_LOGGING_ES_PORT': str(ESDomain.get_es_port()),
'ENV_ES_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_ES_PORT': str(ESDomain.get_es_port()),
'ENV_ES_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_ES_PORT_ADMIN': str(ESDomain.get_es_port()),
'ENV_ES_HEIMDALL_HOST_NAME': ESDomain.get_output_attr('endpoint'),
'ENV_ES_HEIMDALL_PORT': str(ESDomain.get_es_port()),
'ENV_ES_HEIMDALL_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_ES_HEIMDALL_PORT_ADMIN': str(ESDomain.get_es_port()),
'ENV_ES_UPDATE_HOST': ESDomain.get_output_attr('endpoint'),
'ENV_ES_UPDATE_PORT': str(ESDomain.get_es_port()),
'ENV_ES_UPDATE_CLUSTER_NAME': ESDomain.get_input_attr('domain_name'),
'ENV_PACMAN_HOST_NAME': ApplicationLoadBalancer.get_http_url(),
'ENV_RDS_URL': MySQLDatabase.get_rds_db_url(),
'ENV_RDS_USERNAME': MySQLDatabase.get_input_attr('username'),
'ENV_RDS_PASSWORD': MySQLDatabase.get_input_attr('password'),
'ENV_JOB_BUCKET_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_JOB_BUCKET_NAME': BucketStorage.get_output_attr('bucket'),
'ENV_JOB_LAMBDA_REGION': AwsRegion.get_output_attr('name'),
'ENV_JOB_FUNCTION_NAME': SubmitJobLambdaFunction.get_input_attr('function_name'),
'ENV_JOB_FUNCTION_ARN': SubmitJobLambdaFunction.get_output_attr('arn'),
'ENV_RULE_BUCKET_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_JOB_BUCKET_NAME': BucketStorage.get_output_attr('bucket'),
'ENV_RULE_LAMBDA_REGION': AwsRegion.get_output_attr('name'),
'ENV_RULE_FUNCTION_NAME': RuleEngineLambdaFunction.get_input_attr('function_name'),
'ENV_RULE_FUNCTION_ARN': RuleEngineLambdaFunction.get_output_attr('arn'),
'ENV_CLOUD_INSIGHTS_TOKEN_URL': "http://localhost",
'ENV_CLOUD_INSIGHTS_COST_URL': "http://localhost",
'ENV_SVC_CORP_USER_ID': "testid",
'ENV_SVC_CORP_PASSWORD': "******",
'ENV_CERTIFICATE_FEATURE_ENABLED': "false",
'ENV_PATCHING_FEATURE_ENABLED': "false",
'ENV_VULNERABILITY_FEATURE_ENABLED': str(Settings.get('ENABLE_VULNERABILITY_FEATURE', False)).lower(),
'ENV_MAIL_SERVER': Settings.MAIL_SERVER,
'ENV_PACMAN_S3': "pacman-email-templates",
'ENV_DATA_IN_DIR': "inventory",
'ENV_DATA_BKP_DIR': "backup",
'ENV_PAC_ROLE': BaseRole.get_input_attr('name'),
'ENV_BASE_REGION': AwsRegion.get_output_attr('name'),
'ENV_DATA_IN_S3': BucketStorage.get_output_attr('bucket'),
'ENV_BASE_ACCOUNT': AwsAccount.get_output_attr('account_id'),
'ENV_PAC_RO_ROLE': BaseRole.get_input_attr('name'),
'ENV_MAIL_SERVER_PORT': Settings.MAIL_SERVER_PORT,
'ENV_MAIL_PROTOCOL': Settings.MAIL_PROTOCOL,
'ENV_MAIL_SERVER_USER': Settings.MAIL_SERVER_USER,
'ENV_MAIL_SERVER_PWD': Settings.MAIL_SERVER_PWD,
'ENV_MAIL_SMTP_AUTH': Settings.MAIL_SMTP_AUTH,
'ENV_MAIL_SMTP_SSL_ENABLE': Settings.MAIL_SMTP_SSL_ENABLE,
'ENV_MAIL_SMTP_SSL_TEST_CONNECTION': Settings.MAIL_SMTP_SSL_TEST_CONNECTION,
'ENV_PACMAN_LOGIN_USER_NAME': "*****@*****.**",
'ENV_PACMAN_LOGIN_PASSWORD': "******",
'ENV_CONFIG_CREDENTIALS': "dXNlcjpwYWNtYW4=",
'ENV_CONFIG_SERVICE_URL': ApplicationLoadBalancer.get_http_url() + "/api/config/rule/prd/latest",
'ENV_PACBOT_AUTOFIX_RESOURCEOWNER_FALLBACK_MAILID': Settings.get('USER_EMAIL_ID', ""),
'ENV_QUALYS_INFO': Settings.get('QUALYS_INFO', ""),
'ENV_QUALYS_API_URL': Settings.get('QUALYS_API_URL', "")
},
'interpreter': [Settings.PYTHON_INTERPRETER]
}
}
]
return local_execs
def get_admin_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-admin.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "ES_CLUSTER_NAME",
'value': self.ES_CLUSTER_NAME
}, {
'name': "ES_HEIMDALL_HOST_NAME",
'value': self.ES_HEIMDALL_HOST_NAME
}, {
'name': "ES_HEIMDALL_PORT",
'value': self.ES_HEIMDALL_PORT
}, {
'name': "ES_HOST_NAME",
'value': self.ES_HOST_NAME
}, {
'name': "ES_PORT",
'value': self.ES_PORT
}, {
'name': "LOGGING_ES_HOST_NAME",
'value': self.LOGGING_ES_HOST_NAME
}, {
'name': "LOGGING_ES_PORT",
'value': self.LOGGING_ES_PORT
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
}, {
'name': "RDS_URL",
'value': self.RDS_URL
}, {
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
}, {
'name': "ES_UPDATE_HOST",
'value': self.ES_UPDATE_HOST
}, {
'name': "ES_UPDATE_PORT",
'value': self.ES_UPDATE_PORT
}, {
'name': "ES_UPDATE_CLUSTER_NAME",
'value': self.ES_UPDATE_CLUSTER_NAME
}, {
'name': "SECURITY_USERNAME",
'value': "admin"
}, {
'name': "SECURITY_PASSWORD",
'value': "admin@123"
}, {
'name': "ACCESS_KEY",
'value': "test_key_1"
}, {
'name': "SECRET_KEY",
'value': "test_key_2"
}, {
'name': "DOMAIN_URL",
'value': ApplicationLoadBalancer.get_api_server_url('admin')
}, {
'name': "ADMIN_SERVER",
'value': "http://localhost/pacmonitor"
}, {
'name': "ROLE_ARN",
'value': ECSRole.get_output_attr('arn')
}, {
'name':
"JOB_FUNCTION_NAME",
'value':
SubmitJobLambdaFunction.get_input_attr('function_name')
}, {
'name': "JOB_FUNCTION_ARN",
'value': SubmitJobLambdaFunction.get_output_attr('arn')
}, {
'name': "JOB_LAMBDA_REGION",
'value': AwsRegion.get_output_attr('name')
}, {
'name': "JOB_BUCKET_REGION",
'value': AwsRegion.get_output_attr('name')
}, {
'name':
"RULE_FUNCTION_NAME",
'value':
RuleEngineLambdaFunction.get_input_attr('function_name')
}, {
'name': "RULE_FUNCTION_ARN",
'value': RuleEngineLambdaFunction.get_output_attr('arn')
}, {
'name': "RULE_BUCKET_REGION",
'value': AwsRegion.get_output_attr('name')
}, {
'name': "RULE_LAMBDA_REGION",
'value': AwsRegion.get_output_attr('name')
}, {
'name': "RULE_JOB_BUCKET_NAME",
'value': BucketStorage.get_output_attr('bucket')
}]
def get_auth_container_env_vars(self):
return [{
'name': "JAR_FILE",
'value': "pacman-api-auth.jar"
}, {
'name': "CONFIG_PASSWORD",
'value': self.CONFIG_PASSWORD
}, {
'name': "CONFIG_SERVER_URL",
'value': self.CONFIG_SERVER_URL
}, {
'name': "DOMAIN_URL",
'value': ApplicationLoadBalancer.get_api_server_url('auth')
}, {
'name': "ES_CLUSTER_NAME",
'value': self.ES_CLUSTER_NAME
}, {
'name': "ES_HEIMDALL_HOST_NAME",
'value': self.ES_HEIMDALL_HOST_NAME
}, {
'name': "ES_HEIMDALL_PORT",
'value': self.ES_HEIMDALL_PORT
}, {
'name': "ES_HOST_NAME",
'value': self.ES_HOST_NAME
}, {
'name': "ES_PORT",
'value': self.ES_PORT
}, {
'name': "LOGGING_ES_HOST_NAME",
'value': self.LOGGING_ES_HOST_NAME
}, {
'name': "LOGGING_ES_PORT",
'value': self.LOGGING_ES_PORT
}, {
'name': "PACMAN_HOST_NAME",
'value': self.PACMAN_HOST_NAME
}, {
'name': "RDS_PASSWORD",
'value': self.RDS_PASSWORD
}, {
'name': "RDS_URL",
'value': self.RDS_URL
}, {
'name': "RDS_USERNAME",
'value': self.RDS_USERNAME
}, {
'name': "REDSHIFT_URL",
'value': self.REDSHIFT_URL
}, {
'name': "REDSHIFT_USER_NAME",
'value': self.REDSHIFT_USER_NAME
}, {
'name': "REDSHIFT_PASSWORD",
'value': self.REDSHIFT_PASSWORD
}, {
'name': "ES_UPDATE_HOST",
'value': self.ES_UPDATE_HOST
}, {
'name': "ES_UPDATE_PORT",
'value': self.ES_UPDATE_PORT
}, {
'name': "ES_UPDATE_CLUSTER_NAME",
'value': self.ES_UPDATE_CLUSTER_NAME
}, {
'name': "LDAP_DOMAIN",
'value': self.LDAP_DOMAIN
}, {
'name': "LDAP_BASEDN",
'value': self.LDAP_BASEDN
}, {
'name': "LDAP_PORT",
'value': self.LDAP_PORT
}, {
'name': "LDAP_RESPONSETIMEOUT",
'value': self.LDAP_RESPONSETIMEOUT
}, {
'name': "LDAP_CONNECTIONTIMEOUT",
'value': self.LDAP_CONNECTIONTIMEOUT
}, {
'name': "LDAP_HOSTLIST",
'value': self.LDAP_HOSTLIST
}, {
'name': "OAUTH2_CLIENT_ID",
'value': "22e14922-87d7-4ee4-a470-da0bb10d45d3"
}]
