Class: ESP::CustomSignature

Inherits:

Resource

Object
ActiveResource::Base
Resource
ESP::CustomSignature

show all

Defined in:: lib/esp/resources/custom_signature.rb

Constant Summary

Constants inherited from Resource

Resource::PREDICATES

Class Method Summary collapse

.run(arguments = {}) ⇒ Object

Run a custom signature that has not been saved.
.run!(arguments = {}) ⇒ Object

Run a custom signature that has not been saved.

Instance Method Summary collapse

#organization ⇒ Object

The organization this custom signature belongs to.
#run(arguments = {}) ⇒ Object

Run this custom signature instance.
#run!(arguments = {}) ⇒ Object

Run this custom signature instance.
#suppress(arguments = {}) ⇒ Object

Create a suppression for this custom signature.
#teams ⇒ Object

The collection of teams that belong to the custom_signature.

Methods inherited from Resource

arrange_options, filters, find, make_pageable, #serializable_hash, where

Class Method Details

.run(arguments = {}) ⇒ `Object`

Run a custom signature that has not been saved. Useful for debugging a custom signature. Returns a collection of alerts. If not successful, returns a CustomSignature object with the errors object populated.

Parameters

arguments | Required | A hash of run arguments

Valid Arguments

See API documentation for valid arguments

Example

signature = "# Demo Ruby Signature\r\nconfigure do |c|\r\n  # Set regions to run in. Remove this line to run in all regions.\r\n  c.valid_regions     = [:us_east_1]\r\n  # Override region to display as global. Useful when checking resources\r\n  # like IAM that do not have a specific region.\r\n  c.display_as        = :global\r\n  # deep_inspection works with set_data to automically collect\r\n  # data fields for each alert. Not required.\r\n  c.deep_inspection   = [:users]\r\nend\r\n\r\n# Required perform method\r\ndef perform(aws)\r\n  list_users = aws.iam.list_users\r\n  count = list_users[:users].count\r\n\r\n  # Set data for deep_inspection to use\r\n  set_data(list_users)\r\n\r\n  if count == 0\r\n    fail(user_count: count, condition: 'count == 0')\r\n  else\r\n    pass(user_count: count, condition: 'count >= 1')\r\n  end\r\nend\r\n"
alerts = ESP::CustomSignature.run(external_account_id: 3, regions: ['us_east_1'], language: 'ruby', signature: signature)

# File 'lib/esp/resources/custom_signature.rb', line 51

def self.run(arguments = {})
  arguments = arguments.with_indifferent_access
  arguments[:regions] = Array(arguments[:regions])
  new(arguments).run
end

.run!(arguments = {}) ⇒ `Object`

Run a custom signature that has not been saved. Useful for debugging a custom signature. Returns a collection of alerts. Throws an error if not successful.

Parameters

arguments | Required | A hash of run arguments

Valid Arguments

See API documentation for valid arguments

Example

signature = "# Demo Ruby Signature\r\nconfigure do |c|\r\n  # Set regions to run in. Remove this line to run in all regions.\r\n  c.valid_regions     = [:us_east_1]\r\n  # Override region to display as global. Useful when checking resources\r\n  # like IAM that do not have a specific region.\r\n  c.display_as        = :global\r\n  # deep_inspection works with set_data to automically collect\r\n  # data fields for each alert. Not required.\r\n  c.deep_inspection   = [:users]\r\nend\r\n\r\n# Required perform method\r\ndef perform(aws)\r\n  list_users = aws.iam.list_users\r\n  count = list_users[:users].count\r\n\r\n  # Set data for deep_inspection to use\r\n  set_data(list_users)\r\n\r\n  if count == 0\r\n    fail(user_count: count, condition: 'count == 0')\r\n  else\r\n    pass(user_count: count, condition: 'count >= 1')\r\n  end\r\nend\r\n"
alerts = ESP::CustomSignature.run!(external_account_id: 3, regions: ['us_east_1'], language: 'ruby', signature: signature)

# File 'lib/esp/resources/custom_signature.rb', line 29

def self.run!(arguments = {})
  result = run(arguments)
  return result if result.is_a?(ActiveResource::Collection)
  result.message = result.errors.full_messages.join(' ')
  fail(ActiveResource::ResourceInvalid.new(result)) # rubocop:disable Style/RaiseArgs
end

Instance Method Details

#organization ⇒ `Object`

The organization this custom signature belongs to.

5	# File 'lib/esp/resources/custom_signature.rb', line 5 belongs_to :organization, class_name: 'ESP::Organization'

#run(arguments = {}) ⇒ `Object`

Run this custom signature instance. Returns a collection of alerts. If not successful, returns a CustomSignature object with the errors object populated.

Parameters

arguments | Required | A hash of run arguments

Valid Arguments

See API documentation for valid arguments

Example

custom_signature = ESP::CustomSignature.find(365)
alerts = custom_signature.run(external_account_id: 3, regions: ['us_east_1'])

# File 'lib/esp/resources/custom_signature.rb', line 94

def run(arguments = {})
  arguments = arguments.with_indifferent_access

  attributes['external_account_id'] ||= arguments[:external_account_id]
  attributes['regions'] ||= Array(arguments[:regions])

  response = connection.post endpoint, to_json
  ESP::Alert.send(:instantiate_collection, self.class.format.decode(response.body))
rescue ActiveResource::BadRequest, ActiveResource::ResourceInvalid, ActiveResource::ResourceNotFound => error
  load_remote_errors(error, true)
  self.code = error.response.code
  self
end

#run!(arguments = {}) ⇒ `Object`

Run this custom signature instance. Returns a collection of alerts. Throws an error if not successful.

Parameters

arguments | Required | A hash of run arguments

Valid Arguments

See API documentation for valid arguments

Example

custom_signature = ESP::CustomSignature.find(365)
alerts = custom_signature.run!(external_account_id: 3, regions: ['us_east_1'])

# File 'lib/esp/resources/custom_signature.rb', line 72

def run!(arguments = {})
  result = run(arguments)
  return result if result.is_a?(ActiveResource::Collection)
  self.message = errors.full_messages.join(' ')
  fail(ActiveResource::ResourceInvalid.new(self)) # rubocop:disable Style/RaiseArgs
end

#suppress(arguments = {}) ⇒ `Object`

Create a suppression for this custom signature.

Parameter

arguments | Required | A hash of signature suppression attributes

Valid Arguments

See API documentation for valid arguments

Example

suppress(regions: ['us_east_1'], external_account_ids: [5], reason: 'My very good reason for creating this suppression')

# File 'lib/esp/resources/custom_signature.rb', line 120

def suppress(arguments = {})
  arguments = arguments.with_indifferent_access
  ESP::Suppression::Signature.create(custom_signature_ids: [id], regions: Array(arguments[:regions]), external_account_ids: Array(arguments[:external_account_ids]), reason: arguments[:reason])
end

#teams ⇒ `Object`

The collection of teams that belong to the custom_signature.

# File 'lib/esp/resources/custom_signature.rb', line 9

def teams
  return attributes['teams'] if attributes['teams'].present?
  Team.where(custom_signatures_id_eq: id)
end

Class: ESP::CustomSignature

Constant Summary

Constants inherited from Resource

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Resource

Class Method Details

.run(arguments = {}) ⇒ Object

Parameters

Valid Arguments

Example

.run!(arguments = {}) ⇒ Object

Parameters

Valid Arguments

Example

Instance Method Details

#organization ⇒ Object

#run(arguments = {}) ⇒ Object

Parameters

Valid Arguments

Example

#run!(arguments = {}) ⇒ Object

Parameters

Valid Arguments

Example

#suppress(arguments = {}) ⇒ Object

Parameter

Valid Arguments

Example

#teams ⇒ Object

.run(arguments = {}) ⇒ `Object`

.run!(arguments = {}) ⇒ `Object`

#organization ⇒ `Object`

#run(arguments = {}) ⇒ `Object`

#run!(arguments = {}) ⇒ `Object`

#suppress(arguments = {}) ⇒ `Object`

#teams ⇒ `Object`