Initial commit: add all project files

Author: prathamesh-sonpatki

.github/.github/workflows/run_iac.yaml

@@ -0,0 +1,67 @@
+name: Deploy Alert Rules
+
+on:
+  push:
+    paths:
+      - 'workspace/**'
+      - '.github/workflows/run_iac.yaml'
+
+jobs:
+  install-and-run:
+    name: Install and run Last9 IaC
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: setup python env
+        run: |
+          python -m venv env
+          . ./env/bin/activate
+
+      - name: Install IaC
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+        run: |
+          . ./env/bin/activate
+          ./scripts/install_iac.sh
+
+      - name: Run IaC plan
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+          AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
+          AWS_ASSUME_ROLE_EXTERNAL_ID: ${{ secrets.AWS_ASSUME_ROLE_EXTERNAL_ID }}
+          LAST9_BACKUP_S3_BUCKET: ${{ secrets.LAST9_BACKUP_S3_BUCKET }}
+          LAST9_API_CONFIG_STR: ${{ secrets.LAST9_API_CONFIG_STR }}
+        run: |
+          . ./env/bin/activate
+          ./scripts/run-iac.sh --run-all-files --plan
+
+      - name: Run IaC apply
+        if: github.ref == 'refs/heads/main'
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+          AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
+          AWS_ASSUME_ROLE_EXTERNAL_ID: ${{ secrets.AWS_ASSUME_ROLE_EXTERNAL_ID }}
+          LAST9_BACKUP_S3_BUCKET: ${{ secrets.LAST9_BACKUP_S3_BUCKET }}
+          LAST9_API_CONFIG_STR: ${{ secrets.LAST9_API_CONFIG_STR }}
+        run: |
+          . ./env/bin/activate
+          ./scripts/run-iac.sh --run-all-files --apply

.github/workflows/run_iac.yaml

@@ -0,0 +1,67 @@
+name: Deploy Alert Rules
+
+on:
+  push:
+    paths:
+      - 'workspace/**'
+      - '.github/workflows/run_iac.yaml'
+
+jobs:
+  install-and-run:
+    name: Install and run Last9 IaC
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11"]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: setup python env
+        run: |
+          python -m venv env
+          . ./env/bin/activate
+
+      - name: Install IaC
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+        run: |
+          . ./env/bin/activate
+          ./scripts/install_iac.sh
+
+      - name: Run IaC plan
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+          AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
+          AWS_ASSUME_ROLE_EXTERNAL_ID: ${{ secrets.AWS_ASSUME_ROLE_EXTERNAL_ID }}
+          LAST9_BACKUP_S3_BUCKET: ${{ secrets.LAST9_BACKUP_S3_BUCKET }}
+          LAST9_API_CONFIG_STR: ${{ secrets.LAST9_API_CONFIG_STR }}
+        run: |
+          . ./env/bin/activate
+          ./scripts/run-iac.sh --run-all-files --plan
+
+      - name: Run IaC apply
+        if: github.ref == 'refs/heads/main'
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+          AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
+          AWS_ASSUME_ROLE_EXTERNAL_ID: ${{ secrets.AWS_ASSUME_ROLE_EXTERNAL_ID }}
+          LAST9_BACKUP_S3_BUCKET: ${{ secrets.LAST9_BACKUP_S3_BUCKET }}
+          LAST9_API_CONFIG_STR: ${{ secrets.LAST9_API_CONFIG_STR }}
+        run: |
+          . ./env/bin/activate
+          ./scripts/run-iac.sh --run-all-files --apply

Makefile

@@ -0,0 +1,13 @@
+install:
+	./scripts/iac/install.sh
+
+apply:
+	@for file in ./rules/*.yaml; do \
+		l9iac -mf $$file -c ./config.json apply; \
+	done
+
+plan:
+	@for file in ./rules/*.yaml; do \
+		l9iac -mf $$file -c ./config.json plan; \
+	done
+

pyproject.toml

@@ -0,0 +1,16 @@
+[tool.black]
+# How many characters per line to allow.
+line-length = 119
+
+# A regular expression that matches files and directories that
+# should be included on recursive searches. An empty value means
+# all files are included regardless of the name.  Use forward
+# slashes for directories on all platforms (Windows, too).
+# Exclusions are calculated first, inclusions later.
+
+exclude = '''
+(
+    \.git
+  | test/
+)
+'''

scripts/.flake8

@@ -0,0 +1,49 @@
+[flake8]
+# Categories of error codes you wish Flake8 to report.
+# B = bugbear
+# E = pycodestyle errors
+# F = flake8 pyflakes
+# W = pycodestyle warnings
+# B9 = bugbear opinions
+
+# list of codes to ignore.
+ignore =
+        # multiple spaces or tab after ‘,’
+        E24,
+        # continuation line under-indented for hanging indent
+        E121,
+        # closing bracket does not match indentation of opening bracket’s line
+        E123,
+        # continuation line over-indented for hanging indent
+        E126,
+        # missing whitespace around arithmetic operator
+        E226,
+        # "It is fairly common for developers, especially those in closed-source projects, to change the maximum line length to 100 or 120 characters."
+        E501,
+        # multiple statements on one line (def)
+        E704,
+        # line break before binary operator
+        W503,
+        # line break after binary operator
+        W504
+
+# maximum length of any line (with some exceptions).
+max-line-length = 119
+
+# Show the total number of errors in report.
+count = True
+
+# Show number of occurrences of each error/warning code in report.
+statistics = True
+
+# Comma-separate list of glob patterns to include for checks.
+filename =
+    # include all python files
+    *.py
+
+exclude =
+    # exclude the test folder
+    test/,
+
+# Maximum allowed McCabe complexity value for a block of code.
+max-complexity = 18

scripts/assume-role-output-to-env.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Assume the role
+content=$(cat -)
+
+# Dump creds in output file
+echo export AWS_ACCESS_KEY_ID="$(echo -e "$content" | jq -r '.Credentials.AccessKeyId')"
+echo export AWS_SECRET_ACCESS_KEY="$(echo -e "$content" | jq -r '.Credentials.SecretAccessKey')"
+echo export AWS_SESSION_TOKEN="$(echo -e "$content" | jq -r '.Credentials.SessionToken')"