From e0ddf778d6dbf8aa84c81675ab47e0ad18afcf06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Wrzeszcz?= Date: Thu, 10 Oct 2019 17:00:43 +0200 Subject: [PATCH] Removed `logretention` custom resource. --- README.md | 8 +- .../lambda-cform-logretention/pom.xml | 118 --------------- .../src/main/checkstyle/java.header | 8 - .../lambda/cform/logretention/Handler.java | 46 ------ .../logretention/model/RetentionRequest.java | 28 ---- .../service/RetentionManager.java | 97 ------------ .../src/main/resources/logback.xml | 29 ---- .../src/site/markdown/guide/usage.md | 112 -------------- .../src/site/site.xml | 23 --- .../lambda/cform/logrotation/HandlerTest.java | 67 -------- .../service/RetentionManagerTest.java | 143 ------------------ lambda-cform/pom.xml | 1 - 12 files changed, 4 insertions(+), 676 deletions(-) delete mode 100644 lambda-cform/lambda-cform-logretention/pom.xml delete mode 100644 lambda-cform/lambda-cform-logretention/src/main/checkstyle/java.header delete mode 100644 lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/Handler.java delete mode 100644 lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/model/RetentionRequest.java delete mode 100644 lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/service/RetentionManager.java delete mode 100644 lambda-cform/lambda-cform-logretention/src/main/resources/logback.xml delete mode 100644 lambda-cform/lambda-cform-logretention/src/site/markdown/guide/usage.md delete mode 100644 lambda-cform/lambda-cform-logretention/src/site/site.xml delete mode 100644 lambda-cform/lambda-cform-logretention/src/test/java/test/pl/wrzasq/lambda/cform/logrotation/HandlerTest.java delete mode 100644 lambda-cform/lambda-cform-logretention/src/test/java/test/pl/wrzasq/lambda/cform/logrotation/service/RetentionManagerTest.java diff --git a/README.md b/README.md index 1360de2b9..ddf519428 100644 --- a/README.md +++ b/README.md @@ -59,14 +59,14 @@ resource. **IAM** password policy enforcer as **CloudFormation** custom resource. -## [Lambda-CForm LogRetention](https://rafalwrzeszcz-wrzasqpl.github.io/pl.wrzasq.lambda/lambda-cform/lambda-cform-logretention/) - -**CloudFormation** custom resource handler for setting log retention for **CloudWatch** log groups. - ## [Lambda-Metrics DynamoDb](https://rafalwrzeszcz-wrzasqpl.github.io/pl.wrzasq.lambda/lambda-metrics/lambda-metrics-dynamodb/) **CloudWatch** custom metrics for **DynamoDb**. +## [Lambda-Macro Lambda Function](https://rafalwrzeszcz-wrzasqpl.github.io/pl.wrzasq.lambda/lambda-macro/lambda-macro-lambda-function/) + +**CloudFormation** macro for enhancing Lambda function deployment. + # Resources - [GitHub page with API documentation](https://rafalwrzeszcz-wrzasqpl.github.io/pl.wrzasq.lambda) diff --git a/lambda-cform/lambda-cform-logretention/pom.xml b/lambda-cform/lambda-cform-logretention/pom.xml deleted file mode 100644 index 0cf78b993..000000000 --- a/lambda-cform/lambda-cform-logretention/pom.xml +++ /dev/null @@ -1,118 +0,0 @@ - - - - 4.0.0 - - - lambda-cform-logretention - jar - - pl.wrzasq.lambda - lambda-cform - 1.0.36-SNAPSHOT - ../ - - - - WrzasqPl CloudFormation CloudWatch log retention handler - https://rafalwrzeszcz-wrzasqpl.github.io/pl.wrzasq.lambda/lambda-cform/lambda-cform-logretention/ - CloudWatch log group retention handler for CloudFormation. - 2019 - - - - - - org.apache.maven.plugins - maven-dependency-plugin - - - ${project.groupId}:lambda-json - com.amazonaws:aws-xray-recorder-sdk-aws-sdk - com.amazonaws:aws-xray-recorder-sdk-aws-sdk-instrumentor - io.symphonia:lambda-logging - javax.xml.bind:jaxb-api - - - - - - org.apache.maven.plugins - maven-shade-plugin - - - - - - - - ${project.groupId} - lambda-json - ${project.version} - - - - com.amazonaws - aws-java-sdk-logs - 1.11.588 - - - - com.amazonaws - aws-lambda-java-core - 1.2.0 - - - - com.amazonaws - aws-xray-recorder-sdk-aws-sdk - 2.2.1 - - - - com.amazonaws - aws-xray-recorder-sdk-aws-sdk-instrumentor - 2.2.1 - - - - com.sunrun - cfn-response - 1.2.1 - - - - io.symphonia - lambda-logging - 1.0.3 - - - - javax.xml.bind - jaxb-api - 2.3.1 - - - - org.slf4j - slf4j-api - 1.7.26 - - - - pl.wrzasq.commons - commons-aws - 1.0.24 - - - diff --git a/lambda-cform/lambda-cform-logretention/src/main/checkstyle/java.header b/lambda-cform/lambda-cform-logretention/src/main/checkstyle/java.header deleted file mode 100644 index 69b84c831..000000000 --- a/lambda-cform/lambda-cform-logretention/src/main/checkstyle/java.header +++ /dev/null @@ -1,8 +0,0 @@ -^/\*$ -^ \* This file is part of the pl\.wrzasq\.lambda\.$ -^ \*$ -^ \* @license http://mit-license\.org/ The MIT license$ -^ \* @copyright \d{4}[0-9, -]* © by Rafał Wrzeszcz - Wrzasq\.pl\.$ -^ \*/$ - -^package pl\.wrzasq\.lambda\.cform\.logretention(\..+)?;$ diff --git a/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/Handler.java b/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/Handler.java deleted file mode 100644 index 01bdd6f18..000000000 --- a/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/Handler.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * This file is part of the pl.wrzasq.lambda. - * - * @license http://mit-license.org/ The MIT license - * @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl. - */ - -package pl.wrzasq.lambda.cform.logretention; - -import com.amazonaws.services.lambda.runtime.Context; -import com.amazonaws.services.logs.AWSLogs; -import com.amazonaws.services.logs.AWSLogsClientBuilder; -import com.sunrun.cfnresponse.CfnRequest; -import pl.wrzasq.commons.aws.cloudformation.CustomResourceHandler; -import pl.wrzasq.lambda.cform.logretention.model.RetentionRequest; -import pl.wrzasq.lambda.cform.logretention.service.RetentionManager; - -/** - * CloudFormation request handler. - * - *

Recommended memory: 256MB.

- */ -public class Handler { - /** - * CloudFormation response handler. - */ - private static CustomResourceHandler handler; - - static { - AWSLogs cloudWatch = AWSLogsClientBuilder.defaultClient(); - - RetentionManager deploy = new RetentionManager(cloudWatch); - - Handler.handler = new CustomResourceHandler<>(deploy::provision, deploy::provision, deploy::delete); - } - - /** - * Handles invocation. - * - * @param request CloudFormation request. - * @param context AWS Lambda context. - */ - public void handle(CfnRequest request, Context context) { - Handler.handler.handle(request, context); - } -} diff --git a/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/model/RetentionRequest.java b/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/model/RetentionRequest.java deleted file mode 100644 index 800fb4f30..000000000 --- a/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/model/RetentionRequest.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * This file is part of the pl.wrzasq.lambda. - * - * @license http://mit-license.org/ The MIT license - * @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl. - */ - -package pl.wrzasq.lambda.cform.logretention.model; - -import java.util.List; - -import lombok.Data; - -/** - * Retention and groups CloudFormation request. - */ -@Data -public class RetentionRequest { - /** - * List of log groups. - */ - private List logGroups; - - /** - * Number of days to retain logs. - */ - private int retentionDays; -} diff --git a/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/service/RetentionManager.java b/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/service/RetentionManager.java deleted file mode 100644 index c60409f07..000000000 --- a/lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/service/RetentionManager.java +++ /dev/null @@ -1,97 +0,0 @@ -/* - * This file is part of the pl.wrzasq.lambda. - * - * @license http://mit-license.org/ The MIT license - * @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl. - */ - -package pl.wrzasq.lambda.cform.logretention.service; - -import java.util.UUID; - -import com.amazonaws.services.logs.AWSLogs; -import com.amazonaws.services.logs.model.DeleteRetentionPolicyRequest; -import com.amazonaws.services.logs.model.PutRetentionPolicyRequest; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import pl.wrzasq.commons.aws.cloudformation.CustomResourceResponse; -import pl.wrzasq.lambda.cform.logretention.model.RetentionRequest; - -/** - * CloudWatch API implementation. - */ -public class RetentionManager { - /** - * Logger. - */ - private Logger logger = LoggerFactory.getLogger(RetentionManager.class); - - /** - * AWS CloudWatch API client. - */ - private AWSLogs cloudWatch; - - /** - * Initializes object with given CloudWatch client. - * - * @param cloudWatch AWS CloudWatch client. - */ - public RetentionManager(AWSLogs cloudWatch) { - this.cloudWatch = cloudWatch; - } - - /** - * Handles LogGroup retention setting. - * - * @param input Resource creation request. - * @param physicalResourceId Physical ID of existing resource (in this case always null). - * @return Data about published version. - */ - public CustomResourceResponse provision(RetentionRequest input, String physicalResourceId) { - // new ID needed, just to track it - if (physicalResourceId == null) { - physicalResourceId = UUID.randomUUID().toString(); - } - - for (String logGroup : input.getLogGroups()) { - this.putRetentionPolicy(logGroup, input.getRetentionDays()); - } - - return new CustomResourceResponse<>(null, physicalResourceId); - } - - /** - * Handles rule deletion. - * - * @param input Resource delete request. - * @param physicalResourceId Physical ID of existing resource (if present). - * @return Empty response. - */ - public CustomResourceResponse delete(RetentionRequest input, String physicalResourceId) { - input.getLogGroups() - .stream() - .map(DeleteRetentionPolicyRequest::new) - .forEach(this.cloudWatch::deleteRetentionPolicy); - - this.logger.info( - "Removed retention policy from CloudWatch LogGroups {}.", - input.getLogGroups() - ); - - return new CustomResourceResponse<>(null, physicalResourceId); - } - - /** - * Sets retention policy for single log group. - * - * @param logGroup LogGroup name. - * @param days Retention days. - */ - private void putRetentionPolicy(String logGroup, int days) { - this.cloudWatch.putRetentionPolicy( - new PutRetentionPolicyRequest(logGroup, days) - ); - - this.logger.info("Setting retention days of LogGroup {} to {}.", logGroup, days); - } -} diff --git a/lambda-cform/lambda-cform-logretention/src/main/resources/logback.xml b/lambda-cform/lambda-cform-logretention/src/main/resources/logback.xml deleted file mode 100644 index 27f1ea8bc..000000000 --- a/lambda-cform/lambda-cform-logretention/src/main/resources/logback.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - %d{HH:mm:ss.SSS} [%thread] %-5level %logger - %msg%n%ex{full} - - - - - - - - - - - - - - - - - diff --git a/lambda-cform/lambda-cform-logretention/src/site/markdown/guide/usage.md b/lambda-cform/lambda-cform-logretention/src/site/markdown/guide/usage.md deleted file mode 100644 index ebd0a1314..000000000 --- a/lambda-cform/lambda-cform-logretention/src/site/markdown/guide/usage.md +++ /dev/null @@ -1,112 +0,0 @@ - - -# Using in CloudFormation - -This resource sets log retention time for already existing **CloudWatch** log groups. - -**Note:** **CloudFormation** provider [LogGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html) -resource which can also set retention policy. You should use `lambda-cform-logretention` only in case you can not -control log group creation directly. An example can be a log group of **Lambda** function that is used directly in -CloudFormation (eg. as a custom resource handler). - -# Required permissions - -`lambda-cform-logretention` Lambda needs following permissions: - -- `logs:DeleteRetentionPolicy`, -- `logs:PutRetentionPolicy`. - -Additionally you may want to add following policies to it's role: - -- `arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole` (if you want to see **CloudWatch** logs of -resource handler execution); -- `arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess` (if you want more detailed tracing, package is built with -**X-Ray** instrumentor). - -# Properties - -## `retentionDays` (required) - int - -Number of days to keep logs for. - -## `logGroups` (required) - string[] - -List of log groups to apply policy to. - -# Output values - -This resource type does not expose any attributes. - -**Note:** Custom resource physical ID is set a random string and is maintained between deploys to avoid re-creation. It -doesn't carry any information. - -# Example - -```yaml - RetentionManagerRole: - Type: "AWS::IAM::Role" - Properties: - AssumeRolePolicyDocument: - Statement: - - - Action: "sts:AssumeRole" - Effect: "Allow" - Principal: - Service: - - "lambda.amazonaws.com" - ManagedPolicyArns: - - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - Policies: - - - PolicyName: "AllowManagingRetention" - PolicyDocument: - Version: "2012-10-17" - Statement: - - - Action: - - "logs:DeleteRetentionPolicy" - - "logs:PutRetentionPolicy" - Effect: "Allow" - Resource: - - "*" - - RetentionManager: - Type: "AWS::Lambda::Function" - Properties: - Runtime: "java8" - Code: - # put your source bucket - S3Bucket: "your-bucket" - S3Key: "lambda-cform-logretention-1.0.29-standalone.jar" - Handler: "pl.wrzasq.lambda.cform.logretention.Handler::handle" - MemorySize: 256 - Description: "AWS CloudWatch Logs retention deployment." - Timeout: 300 - TracingConfig: - Mode: "Active" - Role: !GetAtt "RetentionManagerRole.Arn" - - ShortRetention: - Type: "AWS::CloudFormation::CustomResource" - Properties: - # reference to deploy function - ServiceToken: !GetAtt "RetentionManager.Arn" - retentionDays: 7 - logGroups: - - "/aws/lambda/yourlambda-1" - - "/aws/lambda/yourlambda-2" - - LongRetention: - Type: "AWS::CloudFormation::CustomResource" - Properties: - # reference to deploy function - ServiceToken: !GetAtt "RetentionManager.Arn" - retentionDays: 30 - logGroups: - - "/aws/codebuild/BuildProject-123" -``` diff --git a/lambda-cform/lambda-cform-logretention/src/site/site.xml b/lambda-cform/lambda-cform-logretention/src/site/site.xml deleted file mode 100644 index 6d5cf9464..000000000 --- a/lambda-cform/lambda-cform-logretention/src/site/site.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - diff --git a/lambda-cform/lambda-cform-logretention/src/test/java/test/pl/wrzasq/lambda/cform/logrotation/HandlerTest.java b/lambda-cform/lambda-cform-logretention/src/test/java/test/pl/wrzasq/lambda/cform/logrotation/HandlerTest.java deleted file mode 100644 index e1aba77be..000000000 --- a/lambda-cform/lambda-cform-logretention/src/test/java/test/pl/wrzasq/lambda/cform/logrotation/HandlerTest.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * This file is part of the pl.wrzasq.lambda. - * - * @license http://mit-license.org/ The MIT license - * @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl. - */ - -package test.pl.wrzasq.lambda.cform.logrotation; - -import java.lang.reflect.Field; - -import com.amazonaws.services.lambda.runtime.Context; -import com.sunrun.cfnresponse.CfnRequest; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.junit.jupiter.MockitoExtension; -import pl.wrzasq.commons.aws.cloudformation.CustomResourceHandler; -import pl.wrzasq.lambda.cform.logretention.Handler; -import pl.wrzasq.lambda.cform.logretention.model.RetentionRequest; - -@ExtendWith(MockitoExtension.class) -public class HandlerTest { - @Mock - private CustomResourceHandler handler; - - @Mock - private Context context; - - private CustomResourceHandler originalHandler; - - @BeforeEach - public void setUp() throws NoSuchFieldException, IllegalAccessException { - this.originalHandler = this.setHandler(this.handler); - } - - @AfterEach - public void tearDown() throws NoSuchFieldException, IllegalAccessException { - this.setHandler(this.originalHandler); - } - - @Test - public void handle() { - CfnRequest request = new CfnRequest<>(); - request.setRequestType("Create"); - request.setResourceProperties(new RetentionRequest()); - - new Handler().handle(request, this.context); - - Mockito.verify(this.handler).handle(request, this.context); - } - - private CustomResourceHandler setHandler( - CustomResourceHandler sender - ) - throws NoSuchFieldException, IllegalAccessException { - Field hack = Handler.class.getDeclaredField("handler"); - hack.setAccessible(true); - CustomResourceHandler original - = CustomResourceHandler.class.cast(hack.get(null)); - hack.set(null, sender); - return original; - } -} diff --git a/lambda-cform/lambda-cform-logretention/src/test/java/test/pl/wrzasq/lambda/cform/logrotation/service/RetentionManagerTest.java b/lambda-cform/lambda-cform-logretention/src/test/java/test/pl/wrzasq/lambda/cform/logrotation/service/RetentionManagerTest.java deleted file mode 100644 index 77a111d0e..000000000 --- a/lambda-cform/lambda-cform-logretention/src/test/java/test/pl/wrzasq/lambda/cform/logrotation/service/RetentionManagerTest.java +++ /dev/null @@ -1,143 +0,0 @@ -/* - * This file is part of the pl.wrzasq.lambda. - * - * @license http://mit-license.org/ The MIT license - * @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl. - */ - -package test.pl.wrzasq.lambda.cform.logrotation.service; - -import java.util.ArrayList; -import java.util.Arrays; - -import com.amazonaws.services.logs.AWSLogs; -import com.amazonaws.services.logs.model.DeleteRetentionPolicyRequest; -import com.amazonaws.services.logs.model.PutRetentionPolicyRequest; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.ArgumentCaptor; -import org.mockito.Captor; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.junit.jupiter.MockitoExtension; -import pl.wrzasq.lambda.cform.logretention.model.RetentionRequest; -import pl.wrzasq.lambda.cform.logretention.service.RetentionManager; - -@ExtendWith(MockitoExtension.class) -public class RetentionManagerTest { - private static final String ID = "test"; - - private static final String LOG_GROUP_1 = "/aws/lambda/first"; - - private static final String LOG_GROUP_2 = "/aws/lambda/second"; - - private static final int DAYS = 7; - - @Mock - private AWSLogs cloudWatch; - - @Captor - ArgumentCaptor deleteRequest; - - @Captor - ArgumentCaptor putRequest; - - @Test - public void provision() { - RetentionRequest input = this.createRequest(); - - RetentionManager manager = new RetentionManager(this.cloudWatch); - - manager.provision(input, null); - - Mockito.verify(this.cloudWatch, Mockito.times(2)).putRetentionPolicy(this.putRequest.capture()); - - Assertions.assertEquals( - 2, - this.putRequest.getAllValues().size(), - "RetentionManager.provision() should set retention for specified groups." - ); - - PutRetentionPolicyRequest request = this.putRequest.getAllValues().get(0); - Assertions.assertEquals( - RetentionManagerTest.LOG_GROUP_1, - request.getLogGroupName(), - "RetentionManager.provision() should set retention for specified groups." - ); - Assertions.assertEquals( - RetentionManagerTest.DAYS, - request.getRetentionInDays(), - "RetentionManager.provision() should set retention for specified groups." - ); - - request = this.putRequest.getAllValues().get(1); - Assertions.assertEquals( - RetentionManagerTest.LOG_GROUP_2, - request.getLogGroupName(), - "RetentionManager.provision() should set retention for specified groups." - ); - Assertions.assertEquals( - RetentionManagerTest.DAYS, - request.getRetentionInDays(), - "RetentionManager.provision() should set retention for specified groups." - ); - } - - @Test - public void provisionExistingId() { - RetentionRequest request = new RetentionRequest(); - request.setLogGroups(new ArrayList<>()); - - RetentionManager manager = new RetentionManager(this.cloudWatch); - - Assertions.assertEquals( - RetentionManagerTest.ID, - manager.provision(request, RetentionManagerTest.ID).getPhysicalResourceId(), - "RetentionManager.provision() should return ID of existing resource." - ); - } - - @Test - public void delete() { - RetentionRequest input = this.createRequest(); - - RetentionManager manager = new RetentionManager(this.cloudWatch); - - manager.delete(input, null); - - Mockito.verify(this.cloudWatch, Mockito.times(2)).deleteRetentionPolicy(this.deleteRequest.capture()); - - Assertions.assertEquals( - 2, - this.deleteRequest.getAllValues().size(), - "RetentionManager.delete() should set retention for specified groups." - ); - - DeleteRetentionPolicyRequest request = this.deleteRequest.getAllValues().get(0); - Assertions.assertEquals( - RetentionManagerTest.LOG_GROUP_1, - request.getLogGroupName(), - "RetentionManager.delete() should set retention for specified groups." - ); - - request = this.deleteRequest.getAllValues().get(1); - Assertions.assertEquals( - RetentionManagerTest.LOG_GROUP_2, - request.getLogGroupName(), - "RetentionManager.delete() should set retention for specified groups." - ); - } - - private RetentionRequest createRequest() { - RetentionRequest request = new RetentionRequest(); - request.setRetentionDays(RetentionManagerTest.DAYS); - request.setLogGroups( - Arrays.asList( - RetentionManagerTest.LOG_GROUP_1, - RetentionManagerTest.LOG_GROUP_2 - ) - ); - return request; - } -} diff --git a/lambda-cform/pom.xml b/lambda-cform/pom.xml index 8d3107e4f..d94bc435b 100644 --- a/lambda-cform/pom.xml +++ b/lambda-cform/pom.xml @@ -32,7 +32,6 @@ lambda-cform-account - lambda-cform-logretention lambda-cform-organization lambda-cform-organization-unit lambda-cform-passwordpolicy