TSystem Federated Rules

tmobile · Apr 30, 2019 · 04388fb · 04388fb
1 parent 4709eb1
commit 04388fb
Show file tree

Hide file tree

Showing 22 changed files with 2,095 additions and 16 deletions.
diff --git a/...awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/ACMCertificateExpiryRule.java b/...awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/ACMCertificateExpiryRule.java
@@ -0,0 +1,154 @@
+/*******************************************************************************
+ * Copyright 2019 T Mobile, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ ******************************************************************************/
+/**
+  Copyright (C) 2019 T Mobile Inc - All Rights Reserve
+  Purpose:
+  Author :Avinash 
+  Date: Feb 27, 2019
+  
+ **/
+package com.tmobile.cloud.awsrules.federated;
+
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.joda.time.DateTime;
+import org.joda.time.Days;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
+
+import com.tmobile.cloud.awsrules.utils.PacmanUtils;
+import com.tmobile.cloud.constants.PacmanRuleConstants;
+import com.tmobile.pacman.commons.PacmanSdkConstants;
+import com.tmobile.pacman.commons.exception.InvalidInputException;
+import com.tmobile.pacman.commons.rule.Annotation;
+import com.tmobile.pacman.commons.rule.BaseRule;
+import com.tmobile.pacman.commons.rule.PacmanRule;
+import com.tmobile.pacman.commons.rule.RuleResult;
+
+@PacmanRule(key = "check-for-acm-certificate-expiry", desc = "This Rule should look for the SSL(ACM) expiry with given Date Range", severity = PacmanSdkConstants.SEV_HIGH, category = PacmanSdkConstants.GOVERNANCE)
+public class ACMCertificateExpiryRule extends BaseRule{
+
+
+	private static final Logger logger = LoggerFactory.getLogger(ACMCertificateExpiryRule.class);
+
+	/**
+	 * The method will get triggered from Rule Engine with following parameters
+	 * 
+	 * @param ruleParam
+	 * 
+	 **************Following are the Rule Parameters********* <br><br>
+	 * 
+	 * ruleKey : check-for-acm-certificate-expiry <br><br>
+	 *
+	 * threadsafe : if true , rule will be executed on multiple threads <br><br>
+	 *
+	 * targetExpireDuration : specify the expiry duration in numbers <br><br>
+	 * 
+	 * severity : Enter the value of severity <br><br>
+	 * 
+	 * ruleCategory : Enter the value of category <br><br>
+	 *
+	 * @param resourceAttributes this is a resource in context which needs to be scanned this is provided by execution engine
+	 *
+	 */
+
+	public RuleResult execute(final Map<String, String> ruleParam,Map<String, String> resourceAttributes) {
+		logger.debug("========ACMCertificateExpiryRule started=========");
+		Annotation annotation = null;
+		Date validTo = null;
+		String expiredDate = resourceAttributes.get("expirydate");
+		SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+		String targetExpiryDurationInString = ruleParam.get(PacmanRuleConstants.EXPIRED_DURATION);
+		String severity = ruleParam.get(PacmanRuleConstants.SEVERITY);
+		String category = ruleParam.get(PacmanRuleConstants.CATEGORY);
+
+		MDC.put("executionId", ruleParam.get("executionId")); 
+		MDC.put("ruleId", ruleParam.get(PacmanSdkConstants.RULE_ID)); 
+
+		List<LinkedHashMap<String,Object>>issueList = new ArrayList<>();
+		LinkedHashMap<String,Object>issue = new LinkedHashMap<>();
+
+		if (!PacmanUtils.doesAllHaveValue(targetExpiryDurationInString,severity,category)) {
+			logger.info(PacmanRuleConstants.MISSING_CONFIGURATION);
+			throw new InvalidInputException(PacmanRuleConstants.MISSING_CONFIGURATION);
+		}
+		if (resourceAttributes != null && expiredDate != null) {
+			try {
+				validTo = dateFormat.parse(expiredDate);
+			} catch (ParseException e) {
+				logger.info("Exception in ACM accesskey" + e.getMessage());
+			}
+			int targetExpiryDurationInt = Integer.parseInt(targetExpiryDurationInString);
+			if (calculateSslExpiredDuration(validTo, targetExpiryDurationInt)) {
+					annotation = Annotation.buildAnnotation(ruleParam,Annotation.Type.ISSUE);
+					annotation.put(PacmanSdkConstants.DESCRIPTION,"SSL(ACM) Expiry within "+ targetExpiryDurationInString+ " days found!!");
+					annotation.put(PacmanRuleConstants.SEVERITY, severity);
+					annotation.put(PacmanRuleConstants.CATEGORY, category);
+
+					issue.put(PacmanRuleConstants.VIOLATION_REASON, "SSL(ACM) Expiry within "+ targetExpiryDurationInString+ " days found!!");
+					issueList.add(issue);
+					annotation.put("issueDetails",issueList.toString());
+					logger.debug("========ACMCertificateExpiryRule ended with annotation {} : =========",annotation);
+					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE,PacmanRuleConstants.FAILURE_MESSAGE, annotation);
+			} else {
+				logger.info("SSL(ACM) validity not expired");
+			}
+		}
+		logger.debug("========ACMCertificateExpiryRule ended=========");
+		return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS,PacmanRuleConstants.SUCCESS_MESSAGE);
+	}
+
+	public String getHelpText() {
+		return "This Rule should look for the SSL(ACM) expiry with given Date Range";
+	}
+
+	/**
+	 * This method calculates the difference between the current date and the
+	 * validto date It uses the TimeUnit utility for conversion purpose.
+	 * 
+	 * @param formattedDateString - String
+	 * @return expiredDuration - Long
+	 * @throws ParseException
+	 */
+
+	private boolean calculateSslExpiredDuration(Date expiryDateFormat, int targetExpiryDurationInt) {
+		boolean isFlag = false;
+		logger.debug("targetExpiryDurationInt" + targetExpiryDurationInt);
+		if(expiryDateFormat!=null){
+			DateTime expiryDate = new DateTime(expiryDateFormat);
+			logger.debug("expiryDate" + expiryDate);
+			DateTime currentDate = new DateTime();
+			logger.debug("currentDate" + currentDate);
+			int day = Days.daysBetween(currentDate, expiryDate).getDays();
+			logger.debug("day" + day);
+			if (Days.daysBetween(currentDate, expiryDate).getDays() <= targetExpiryDurationInt) {
+				isFlag = true;
+			}
+		}
+		logger.debug("isFlag" + isFlag);
+		 return isFlag;
+	}
+
+
+
+}
diff --git a/...pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/AccessLogForAppLB.java b/...pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/AccessLogForAppLB.java
@@ -0,0 +1,93 @@
+/*******************************************************************************
+ * Copyright 2019 T Mobile, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ ******************************************************************************/
+/**
+  Copyright (C) 2019 T Mobile Inc - All Rights Reserve
+  Purpose:
+  Author :Avinash 
+  Date: Jan 17, 2019
+  
+ **/
+package com.tmobile.cloud.awsrules.federated;
+
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.tmobile.cloud.awsrules.utils.PacmanUtils;
+import com.tmobile.cloud.constants.PacmanRuleConstants;
+import com.tmobile.pacman.commons.PacmanSdkConstants;
+import com.tmobile.pacman.commons.rule.BaseRule;
+import com.tmobile.pacman.commons.rule.PacmanRule;
+import com.tmobile.pacman.commons.rule.RuleResult;
+
+@PacmanRule(key = "check-for-access-log-for-application-elb", desc = "checks for access log for application elb and s3 bucket name for access log", severity = PacmanSdkConstants.SEV_HIGH, category = PacmanSdkConstants.GOVERNANCE)
+public class AccessLogForAppLB extends BaseRule {
+
+	private static final Logger logger = LoggerFactory.getLogger(AccessLogForAppLB.class);
+
+	/**
+	 * The method will get triggered from Rule Engine with following parameters
+	 * 
+	 * @param ruleParam
+	 * 
+	 ************** Following are the Rule Parameters********* <br><br>
+	 * 
+	 *ruleKey : check-for-access-log-for-application-elb <br><br>
+	 *
+	 *esAppElbWithInstanceUrl : Enter the application elb with instance api <br><br>
+	 *
+	 *threadsafe : if true , rule will be executed on multiple threads <br><br>
+	 *
+	 *severity : Enter the value of severity <br><br>
+	 * 
+	 *ruleCategory : Enter the value of category <br><br>
+	 *
+	 * @param resourceAttributes this is a resource in context which needs to be scanned this is provided by execution engine
+	 *
+	 */
+
+	public RuleResult execute(final Map<String, String> ruleParam,Map<String, String> resourceAttributes) {
+		logger.debug("========AccessLogForAppLB started=========");
+		String accessLog = resourceAttributes.get("accesslog");
+		String accessLogBucketName = resourceAttributes.get("accesslogbucketname");
+		String ruleParamBucketKey = ruleParam.get("accessLogBucketName");
+		String severity = ruleParam.get(PacmanRuleConstants.SEVERITY);
+		String category = ruleParam.get(PacmanRuleConstants.CATEGORY);
+		String loggingTags = resourceAttributes.get("tags.logging");
+		String description = "Access log for App LB";
+		if (resourceAttributes != null) {
+			if (loggingTags == null || loggingTags.equalsIgnoreCase("true")) {
+				if (accessLogBucketName != null && accessLogBucketName.equalsIgnoreCase(ruleParamBucketKey)
+						&& accessLog.equalsIgnoreCase("true")) {
+					logger.info("Access log for App LB is available in bucket " + accessLogBucketName);
+					return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
+				} else {
+					description += "is not available in S3 bucket";
+					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE,
+							PacmanUtils.createELBAnnotation("Application", ruleParam, description, severity, category));
+				}
+			} else {
+				return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
+			}
+		}
+		return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS,PacmanRuleConstants.SUCCESS_MESSAGE);
+	}
+
+	public String getHelpText() {
+		return "This rule checks for access log for application elb and s3 bucket name for access log";
+	}
+}
diff --git a/...an-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/AccessLogForClassicLB.java b/...an-awsrules/src/main/java/com/tmobile/cloud/awsrules/federated/AccessLogForClassicLB.java
@@ -0,0 +1,94 @@
+/*******************************************************************************
+ * Copyright 2019 T Mobile, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ ******************************************************************************/
+/**
+  Copyright (C) 2019 T Mobile Inc - All Rights Reserve
+  Purpose:
+  Author :Avinash 
+  Date: Jan 21, 2019
+  
+ **/
+package com.tmobile.cloud.awsrules.federated;
+
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.tmobile.cloud.awsrules.utils.PacmanUtils;
+import com.tmobile.cloud.constants.PacmanRuleConstants;
+import com.tmobile.pacman.commons.PacmanSdkConstants;
+import com.tmobile.pacman.commons.rule.BaseRule;
+import com.tmobile.pacman.commons.rule.PacmanRule;
+import com.tmobile.pacman.commons.rule.RuleResult;
+
+@PacmanRule(key = "check-for-access-log-for-classic-elb", desc = "checks for access log for application elb and s3 bucket name for access log", severity = PacmanSdkConstants.SEV_HIGH, category = PacmanSdkConstants.GOVERNANCE)
+public class AccessLogForClassicLB extends BaseRule {
+
+	private static final Logger logger = LoggerFactory.getLogger(AccessLogForClassicLB.class);
+
+	/**
+	 * The method will get triggered from Rule Engine with following parameters
+	 * 
+	 * @param ruleParam
+	 * 
+	 ************** Following are the Rule Parameters********* <br><br>
+	 * 
+	 *ruleKey : check-for-access-log-for-classic-elb <br><br>
+	 *
+	 *esAppElbWithInstanceUrl : Enter the application elb with instance api <br><br>
+	 *
+	 *threadsafe : if true , rule will be executed on multiple threads <br><br>
+	 *
+	 *severity : Enter the value of severity <br><br>
+	 * 
+	 *ruleCategory : Enter the value of category <br><br>
+	 *
+	 * @param resourceAttributes this is a resource in context which needs to be scanned this is provided by execution engine
+	 *
+	 */
+
+	public RuleResult execute(final Map<String, String> ruleParam,Map<String, String> resourceAttributes) {
+
+		logger.debug("========AccessLogForClassicLB started=========");
+		String accessLog = resourceAttributes.get("accesslog");
+		String accessLogBucketName = resourceAttributes.get("accesslogbucketname");
+		String ruleParamBucketKey = ruleParam.get("accessLogBucketName");
+		String severity = ruleParam.get(PacmanRuleConstants.SEVERITY);
+		String category = ruleParam.get(PacmanRuleConstants.CATEGORY);
+		String loggingTags = resourceAttributes.get("tags.logging");
+		String description = "Access log for Classic LB";
+		if (resourceAttributes != null) {
+			if (loggingTags == null || loggingTags.equalsIgnoreCase("true")) {
+				if (accessLogBucketName != null && accessLogBucketName.equalsIgnoreCase(ruleParamBucketKey)
+						&& accessLog.equalsIgnoreCase("true")) {
+					logger.info("Access log for Classic LB is available in bucket " + accessLogBucketName);
+					return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
+				} else {
+					description += "is not available in S3 bucket";
+					return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE,
+							PacmanUtils.createELBAnnotation("Application", ruleParam, description, severity, category));
+				}
+			} else {
+				return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE);
+			}
+		}
+		return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS,PacmanRuleConstants.SUCCESS_MESSAGE);
+	}
+
+	public String getHelpText() {
+		return "This rule checks unused application elb which are not associated with any instance";
+	}
+}