From 50130a9e7fc625ab1054d79aca684384b569d30d Mon Sep 17 00:00:00 2001 From: shivani-sumo Date: Thu, 28 Mar 2024 16:11:55 +0530 Subject: [PATCH 1/6] SUMO-238066: Github action for CF --- .github/workflows/cf-test.yaml | 67 ++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 .github/workflows/cf-test.yaml diff --git a/.github/workflows/cf-test.yaml b/.github/workflows/cf-test.yaml new file mode 100644 index 00000000..4d517894 --- /dev/null +++ b/.github/workflows/cf-test.yaml @@ -0,0 +1,67 @@ +name: "CF template tests" + +on: + push: + paths: + - aws-observability + +jobs: + ValidateCF: + name: "Cloud Formation template validation" + runs-on: ubuntu-latest + steps: + - run: aws cloudformation validate-template --template-body $GITHUB_WORKSPACE/aws-observability/templates/sumologic_observability.master.template.yaml + + ValidateLinting: + name: "Cloud Formation template linting verification" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Cloud Formation Linter with Latest Version + uses: scottbrenner/cfn-lint-action@v2 + + - name: Print the Cloud Formation Linter Version & run Linter. + run: | + cfn-lint --version + cfn-lint -t $GITHUB_WORKSPACE/aws-observability/templates/sumologic_observability.master.template.yaml + + CFSecurityChecksCheckovt: + name: "Cloud Formation template tests using checkov" + runs-on: "ubuntu-latest" + steps: + - name: Checkout repo + uses: actions/checkout@v3 + + - uses: bridgecrewio/checkov-action@master + with: + file: $GITHUB_WORKSPACE/aws-observability/templates/sumologic_observability.master.template.yaml + quiet: false + framework: cloudformation + output_format: cli + output_bc_ids: true + + CFSecurityChecksCFNNAG: + name: "cfn-nag for Cloud Formation template" + runs-on: "ubuntu-latest" + steps: + - uses: stelligent/cfn_nag@master + with: + input_path: templates + + + ValidatePython: + name: "Validate Python test" + runs-on: "ubuntu-latest" + steps: + - name: Checkout repo + uses: actions/checkout@v3 + + - uses: bridgecrewio/checkov-action@master + with: + file: $GITHUB_WORKSPACE/aws-observability/templates/sumologic_observability.master.template.yaml + quiet: false + framework: python + output_format: cli + output_bc_ids: true \ No newline at end of file From 0c7b111eac425fb46f955d091a5ab1cf20074367 Mon Sep 17 00:00:00 2001 From: shivani-sumo Date: Thu, 28 Mar 2024 17:51:12 +0530 Subject: [PATCH 2/6] SUMO-238066: Removed Validate template job --- .github/workflows/cf-test.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/cf-test.yaml b/.github/workflows/cf-test.yaml index 4d517894..8cff45c7 100644 --- a/.github/workflows/cf-test.yaml +++ b/.github/workflows/cf-test.yaml @@ -6,12 +6,6 @@ on: - aws-observability jobs: - ValidateCF: - name: "Cloud Formation template validation" - runs-on: ubuntu-latest - steps: - - run: aws cloudformation validate-template --template-body $GITHUB_WORKSPACE/aws-observability/templates/sumologic_observability.master.template.yaml - ValidateLinting: name: "Cloud Formation template linting verification" runs-on: ubuntu-latest From 25114931b1706b5ac31c9d9034d7b1142f46d80e Mon Sep 17 00:00:00 2001 From: shivani-sumo Date: Fri, 29 Mar 2024 14:35:56 +0530 Subject: [PATCH 3/6] SUMO-238066: CF github changes --- .github/workflows/cf-test.yaml | 13 ++++++++----- aws-observability/apps/elb/elb_app.template.yaml | 14 ++++++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cf-test.yaml b/.github/workflows/cf-test.yaml index 8cff45c7..c6c049c9 100644 --- a/.github/workflows/cf-test.yaml +++ b/.github/workflows/cf-test.yaml @@ -4,6 +4,8 @@ on: push: paths: - aws-observability + workflow_dispatch: + - aws-observability jobs: ValidateLinting: @@ -18,8 +20,7 @@ jobs: - name: Print the Cloud Formation Linter Version & run Linter. run: | - cfn-lint --version - cfn-lint -t $GITHUB_WORKSPACE/aws-observability/templates/sumologic_observability.master.template.yaml + cfn-lint aws-observability/**/*.yaml --ignore-templates aws-observability/**/*TestTemplate.yaml CFSecurityChecksCheckovt: name: "Cloud Formation template tests using checkov" @@ -30,7 +31,7 @@ jobs: - uses: bridgecrewio/checkov-action@master with: - file: $GITHUB_WORKSPACE/aws-observability/templates/sumologic_observability.master.template.yaml + directory: aws-observability/ quiet: false framework: cloudformation output_format: cli @@ -42,7 +43,7 @@ jobs: steps: - uses: stelligent/cfn_nag@master with: - input_path: templates + input_path: aws-observability/**/*.yaml ValidatePython: @@ -52,9 +53,11 @@ jobs: - name: Checkout repo uses: actions/checkout@v3 + - run: | + unzip aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.17.zip -d SumoLogicAWSObservabilityHelperv2.0.17 - uses: bridgecrewio/checkov-action@master with: - file: $GITHUB_WORKSPACE/aws-observability/templates/sumologic_observability.master.template.yaml + directory: aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.17/ quiet: false framework: python output_format: cli diff --git a/aws-observability/apps/elb/elb_app.template.yaml b/aws-observability/apps/elb/elb_app.template.yaml index b35c3f1f..9e9dca9c 100755 --- a/aws-observability/apps/elb/elb_app.template.yaml +++ b/aws-observability/apps/elb/elb_app.template.yaml @@ -345,6 +345,20 @@ Resources: region: !Ref "AWS::Region" accountid: !Ref "AWS::AccountId" + SumoELBMetricsUpdateSource: + Type: Custom::SumoLogicUpdateFields + Condition: update_elb_metrics_source + Properties: + ServiceToken: !Ref Section6aParentStackLambdaARN + Region: !Ref "AWS::Region" + RemoveOnDeleteStack: !Ref Section1dRemoveSumoResourcesOnDeleteStack + SourceApiUrl: !Ref Section4aCloudWatchExistingSourceAPIUrl + SumoAccessID: !Ref Section1bSumoAccessID + SumoAccessKey: !Ref Section1cSumoAccessKey + SumoDeployment: !Ref Section1aSumoDeployment + Fields: + account: !GetAtt AccountAliasValue.ACCOUNT_ALIAS + ElbLogsFieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule Condition: create_fer From 863ec765212c47b9f88fdcbb4bf59ea91210d29d Mon Sep 17 00:00:00 2001 From: shivani-sumo Date: Fri, 29 Mar 2024 14:40:40 +0530 Subject: [PATCH 4/6] SUMO-238066: CF github update in path --- .github/workflows/cf-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cf-test.yaml b/.github/workflows/cf-test.yaml index c6c049c9..419d4b33 100644 --- a/.github/workflows/cf-test.yaml +++ b/.github/workflows/cf-test.yaml @@ -3,9 +3,9 @@ name: "CF template tests" on: push: paths: - - aws-observability + - 'aws-observability/**' workflow_dispatch: - - aws-observability + - 'aws-observability/**' jobs: ValidateLinting: From 739790b635f90bf054ab02b341be3670ef0e5c81 Mon Sep 17 00:00:00 2001 From: shivani-sumo Date: Fri, 29 Mar 2024 14:43:51 +0530 Subject: [PATCH 5/6] SUMO-238066: CF github update --- .github/workflows/cf-test.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/cf-test.yaml b/.github/workflows/cf-test.yaml index 419d4b33..ad7de77f 100644 --- a/.github/workflows/cf-test.yaml +++ b/.github/workflows/cf-test.yaml @@ -1,11 +1,5 @@ name: "CF template tests" - -on: - push: - paths: - - 'aws-observability/**' - workflow_dispatch: - - 'aws-observability/**' +on: [workflow_dispatch, pull_request] jobs: ValidateLinting: From 0d021dcf03c2a32c23b24f0c5eca07b19cf36e93 Mon Sep 17 00:00:00 2001 From: shivani-sumo Date: Fri, 29 Mar 2024 14:46:46 +0530 Subject: [PATCH 6/6] SUMO-238066: CF gitthub filename change --- .github/workflows/{cf-test.yaml => cf-test.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{cf-test.yaml => cf-test.yml} (100%) diff --git a/.github/workflows/cf-test.yaml b/.github/workflows/cf-test.yml similarity index 100% rename from .github/workflows/cf-test.yaml rename to .github/workflows/cf-test.yml