chore:[devops-88]individual JD for Qualys

PaladinCloud · Aug 2, 2023 · 4cba378 · 4cba378
1 parent 21f4b7a
commit 4cba378
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 6 deletions.
diff --git a/installer/files/paladincloud-submitBatchjob.zip b/installer/files/paladincloud-submitBatchjob.zip
diff --git a/installer/resources/batch/job.py b/installer/resources/batch/job.py
@@ -58,10 +58,56 @@ class RuleEngineJobQueue(BatchJobQueueResource):
     state = Settings.get('JOB_QUEUE_STATUS', "ENABLED")
     priority = 6
     compute_environments = [RuleEngineBatchJobEnv.get_output_attr('arn')]
-
-
+
 class BatchJobsQueue(BatchJobQueueResource):
     name = "data"
     state = Settings.get('JOB_QUEUE_STATUS', "ENABLED")
     priority = 6
     compute_environments = [RuleEngineBatchJobEnv.get_output_attr('arn')]
+
+class SubmitAndQualysJobDefinition(BatchJobDefinitionResource):
+    name = 'qualys-engine'
+    jd_type = 'container'
+    attempts = 2
+    container_properties = json.dumps({
+        'command': [
+            "~/fetch_and_run.sh",
+            "Ref::executableName",
+            "Ref::params",
+            "Ref::jvmMemParams",
+            "Ref::ruleEngineExecutableName",
+            "Ref::entryPoint"
+        ],
+        'image': RuleEngineEcrRepository.get_output_attr('repository_url'),
+        'memory': Settings.get('QUALYS_JOB_MEMORY', 8192),
+        'vcpus': Settings.get('QUALYS_JOB_VCPU', 2),
+        'environment': [
+            {'name': "ES_HOST", 'value': ESDomain.get_http_url_with_port()},
+            {'name': "BASE_AWS_ACCOUNT", 'value': AwsAccount.get_output_attr('account_id')},
+            {'name': "ES_URI", 'value': ESDomain.get_http_url_with_port()},
+            {'name': "HEIMDALL_URI", 'value': ESDomain.get_http_url_with_port()},
+            {'name': "PACMAN_API_URI", 'value': ApplicationLoadBalancer.get_api_base_url()},
+            {'name': "CONFIG_CREDENTIALS", 'value': "dXNlcjpwYWNtYW4="},
+            {'name': "CONFIG_SERVICE_URL", 'value': ApplicationLoadBalancer.get_http_url() + "/api/config/rule,batch/prd/latest"},
+            {'name': "AUTH_API_URL",'value': "https://"+ Settings.COGNITO_DOMAIN + ".auth." + Settings.AWS_REGION + ".amazoncognito.com"},
+            {'name': "POLICY_DETAILS_URL", 'value': ApplicationLoadBalancer.get_http_url() + "/api/compliance/v1/policy-details-by-uuid?policyUUID="}
+        ]
+    })
+
+    def post_terraform_destroy(self):
+        deregister_task_definition(
+            self.get_input_attr('name'),
+            Settings.AWS_AUTH_CRED
+        )
+
+    def pre_terraform_destroy(self):
+        compute_env = RuleEngineBatchJobEnv.get_input_attr('compute_environment_name')
+        job_definition = self.get_input_attr('name')
+        utils.remove_batch_job_related_resources(compute_env, job_definition)
+
+
+class QualysBatchJobsQueue(BatchJobQueueResource):
+    name = "qualys"
+    state = Settings.get('JOB_QUEUE_STATUS', "ENABLED")
+    priority = 6
+    compute_environments = [RuleEngineBatchJobEnv.get_output_attr('arn')]
diff --git a/installer/resources/lambda_submit/function.py b/installer/resources/lambda_submit/function.py
@@ -7,7 +7,7 @@
 from resources.iam.lambda_role import LambdaRole
 from resources.iam.base_role import BaseRole
 from resources.s3.bucket import BucketStorage
-from resources.batch.job import SubmitAndRuleEngineJobDefinition, BatchJobsQueue
+from resources.batch.job import SubmitAndRuleEngineJobDefinition, BatchJobsQueue, SubmitAndQualysJobDefinition
 from resources.data.aws_info import AwsAccount, AwsRegion
 from resources.lambda_submit.s3_upload import UploadLambdaSubmitJobZipFile, BATCH_JOB_FILE_NAME
 from resources.pacbot_app.alb import ApplicationLoadBalancer
@@ -30,11 +30,12 @@ class SubmitJobLambdaFunction(LambdaFunctionResource):
             'JOB_DEFINITION': SubmitAndRuleEngineJobDefinition.get_output_attr('arn'),
             'CONFIG_URL': ApplicationLoadBalancer.get_api_base_url() + "/config/batch,inventory/prd/latest",
             'CONFIG_CREDENTIALS': "dXNlcjpwYWNtYW4=",
-            'CONFIG_SERVICE_URL': ApplicationLoadBalancer.get_http_url() + "/api/config/rule/prd/latest"
+            'CONFIG_SERVICE_URL': ApplicationLoadBalancer.get_http_url() + "/api/config/rule/prd/latest",
+            'QUALYS_JOB_DEFINATION': SubmitAndQualysJobDefinition.get_output_attr('arn')
         }
     }
 
-    DEPENDS_ON = [SubmitAndRuleEngineJobDefinition, BatchJobsQueue]
+    DEPENDS_ON = [SubmitAndRuleEngineJobDefinition, BatchJobsQueue,SubmitAndQualysJobDefinition]
 
 
 class DataCollectorEventRule(CloudWatchEventRuleResource):

diff --git a/installer/settings/common.py b/installer/settings/common.py
@@ -78,7 +78,7 @@
 }
 
 
-LAMBDA_PATH = "V6"
+LAMBDA_PATH = "V7"
 DATA_DIR = os.path.join(BASE_APP_DIR, 'data')
 LOG_DIR = os.path.join(BASE_APP_DIR, 'log')
 PROVISIONER_FILES_DIR_TO_COPY = os.path.join(BASE_APP_DIR, 'files')
@@ -180,6 +180,8 @@
 AQUA_IMAGE_VULNERABILITY_QUERY_PARAMS= "include_vpatch_info=true&show_negligible=true&hide_base_image=false&severities=critical,high,medium,low,negligible"
 GOOGLE_ANALYTICS = ""
 ECS_CPU = 1024
+QUALYS_JOB_MEMORY = 8196
+QUALYS_JOB_VCPU = 2
 
 try:
     from settings.local import *