@Override public Optional<Boolean> isPubliclyAccessible(final String accountId, final String region, final List<String> instanceIds) { try { return Optional.ofNullable(applicationLifecycleService.findAppByInstanceIds(accountId, region, instanceIds)) .map(ApplicationEntity::getName) .map(kioOperations::getApplicationById) .map(Application::isPubliclyAccessible); } catch (final NotFoundException e) { log.warn(e.toString()); return Optional.empty(); } } }
@ApiOperation( value = "violations", notes = "Get one violation", response = Violation.class ) @ApiResponses(value = {@ApiResponse(code = 200, message = "Violation")}) @RequestMapping(value = "/{id}", method = GET) public Violation getViolation( @ApiParam(value = "Violation id") @PathVariable(value = "id") final Long id) throws NotFoundException { return Optional.ofNullable(violationService.findOne(id)) .map(entityToDto::convert) .orElseThrow(() -> new NotFoundException("Violation with id: " + id + " not found!")); }
@Override public LifecycleEntity saveInstanceLogLifecycle(final String instanceId, final DateTime instanceBootTime, final String userdataPath, final String region, final String logData, final String accountId) { final Optional<TaupageYaml> taupageYaml = Optional.ofNullable(logData) .map(base64Decoder::decode) .map(String::new) .map(TaupageYamlUtil::parseTaupageYaml); final Optional<ApplicationEntity> application = taupageYaml .map(TaupageYaml::getApplicationId) .map(ApplicationEntity::new); final Optional<VersionEntity> version = taupageYaml .map(TaupageYaml::getApplicationVersion) .map(VersionEntity::new); if (application.isPresent() && version.isPresent()) { final LifecycleEntity lifecycleEntity = new LifecycleEntity(); lifecycleEntity.setInstanceBootTime(instanceBootTime); lifecycleEntity.setInstanceId(instanceId); lifecycleEntity.setAccountId(accountId); lifecycleEntity.setRegion(region); lifecycleEntity.setUserdataPath(userdataPath); return self.saveLifecycle(application.get(), version.get(), lifecycleEntity); } else { log.warn("Empty or invalid taupage yaml."); return null; } }
@ApiOperation( value = "Resolve and explain this violation", notes = "Resolve and explain violation", response = Void.class ) @ApiResponses(value = {@ApiResponse(code = 200, message = "Violation resolved successfully")}) @RequestMapping(value = "/{id}/resolution", method = POST) public Violation resolveViolations( @ApiParam(value = "", required = true) @PathVariable("id") final Long id, @ApiParam(value = "", required = true) @RequestBody final String comment, @ApiIgnore @AuthenticationPrincipal(errorOnInvalidType = true) final String userId) throws NotFoundException, ForbiddenException { final ViolationEntity violation = violationService.findOne(id); if (violation == null) { throw new NotFoundException(format("Violation %s does not exist", id)); } if (!hasAccessToAccount(userId, violation.getAccountId())) { throw new ForbiddenException( format( "You must have access to AWS account '%s' to resolve violation '%s'", violation.getAccountId(), id)); } violation.setComment(comment); final ViolationEntity dbViolationEntity = violationService.save(violation); return entityToDto.convert(dbViolationEntity); }
private void processInstance(final AmazonEC2Client ec2Client, final String account, final String region, final Instance instance) { if (violationService.violationExists(account, region, EVENT_ID, instance.getInstanceId(), OUTDATED_TAUPAGE)) { return;
@RequestMapping(value = "/applications/{name}/versions/{version}", method = GET) @ApiOperation(value = "Shows a list of all rules", response = LifecylceDTO.class, responseContainer = "List", authorizations = {@Authorization(value = "oauth", scopes = {@AuthorizationScope(scope = "uid", description = "")})}) @ApiImplicitParams({ @ApiImplicitParam(name = "page", dataType = "integer", paramType = "query", value = "Results page you want to retrieve (0..N)"), @ApiImplicitParam(name = "size", dataType = "integer", paramType = "query", value = "Number of records per page."), @ApiImplicitParam(name = "sort", allowMultiple = true, dataType = "string", paramType = "query", value = "Sorting criteria in the format: \"property,[asc|desc]\". " + "Default sort order is ascending. " + "Multiple sort criteria are supported.") }) @ApiResponses(@ApiResponse(code = 200, message = "the list of violations grouped by version, instance, created; Ordered by date")) public Page<LifecylceDTO> findByApplicationName(@PathVariable("name") final String name, @PathVariable("version") final String version, @ApiIgnore @PageableDefault(page = 0, size = 10, sort = "created", direction = ASC) final Pageable pageable) { final Page<LifecycleEntity> lifecycleEntities = applicationLifecycleService.findByApplicationNameAndVersion(name, version, pageable); return mapToDto(lifecycleEntities); }
violationService.queryViolations( accounts, from, to, lastViolation, checked, severity, priority, auditRelevant, allTypes, whitelisted, applicationIds, applicationVersionIds, pageable));
private void saveLog(final LogObj instanceLog) { if (instanceLog.getLogType() == null) { log.error("You should use one of the allowed types."); throw new IllegalArgumentException("You should use one of the allowed types."); } final String userdataPath = s3Writer.writeToS3( instanceLog.getAccountId(), instanceLog.getRegion(), instanceLog.getInstanceBootTime(), instanceLog.getLogData(), instanceLog.getLogType().toString(), instanceLog.getInstanceId()); log.debug("Saved S3 logs with userdatapath: {}", userdataPath); if (instanceLog.getLogType() == LogType.USER_DATA) { final LifecycleEntity lifecycleEntity = applicationLifecycleService.saveInstanceLogLifecycle( instanceLog.getInstanceId(), new DateTime(instanceLog.getInstanceBootTime(), UTC), userdataPath, instanceLog.getRegion(), instanceLog.getLogData(), instanceLog.getAccountId()); log.info("Saving Lifecycle Entity: {}", lifecycleEntity); } } }
final Stack stack = applicationVersionService.saveStack(violation.getApplicationId(), violation.getApplicationVersion());
@Override protected void process(final EC2InstanceContext context) { final LifecycleEntity lifecycleEntity = new LifecycleEntity(); lifecycleEntity.setEventType(context.getEventName()); lifecycleEntity.setEventDate(getLifecycleDate(context)); lifecycleEntity.setAccountId(context.getAccountId()); lifecycleEntity.setRegion(context.getRegionAsString()); lifecycleEntity.setInstanceId(context.getInstanceId()); context.getAmiId().ifPresent(lifecycleEntity::setImageId); context.getAmi().map(Image::getName).ifPresent(lifecycleEntity::setImageName); final Optional<ApplicationEntity> application = context.getApplicationId().map(ApplicationEntity::new); if (!application.isPresent()) { log.warn("Could not determine applicationId. Skip processing of LifecyclePlugin."); return; } final Optional<VersionEntity> version = context.getVersionId().map(VersionEntity::new); if (!version.isPresent()) { log.warn("Could not determine versionId. Skip processing of LifecyclePlugin."); return; } applicationLifecycleService.saveLifecycle(application.get(), version.get(), lifecycleEntity); }
.ifPresent(metaData::putAll); if (violationService.violationExists(account, awsRegion.getName(), EVENT_ID, canonicalHostedZoneName, UNSECURED_PUBLIC_ENDPOINT)) { return;
@RequestMapping(value = "/applications/{name}/versions", method = GET) @ApiOperation(value = "Shows a list of all rules", response = LifecylceDTO.class, responseContainer = "List", authorizations = {@Authorization(value = "oauth", scopes = {@AuthorizationScope(scope = "uid", description = "")})}) @ApiImplicitParams({ @ApiImplicitParam(name = "page", dataType = "integer", paramType = "query", value = "Results page you want to retrieve (0..N)"), @ApiImplicitParam(name = "size", dataType = "integer", paramType = "query", value = "Number of records per page."), @ApiImplicitParam(name = "sort", allowMultiple = true, dataType = "string", paramType = "query", value = "Sorting criteria in the format: \"property,[asc|desc]\". " + "Default sort order is ascending. " + "Multiple sort criteria are supported.") }) @ApiResponses(@ApiResponse(code = 200, message = "the list of violations grouped by version, instance, created; Ordered by date")) public Page<LifecylceDTO> findByApplicationName(@PathVariable("name") final String name, @ApiIgnore @PageableDefault(page = 0, size = 10, sort = "created", direction = ASC) final Pageable pageable) { final Page<LifecycleEntity> lifecycleEntities = applicationLifecycleService.findByApplicationNameAndVersion(name, null, pageable); return mapToDto(lifecycleEntities); }
final String instancePublicIpAddress = instance.getPublicIpAddress(); if (violationService.violationExists(account, region, EVENT_ID, instance.getInstanceId(), UNSECURED_PUBLIC_ENDPOINT)) { return;