Merge pull request #318 from sajeer-nooh/installer-release-1.6

UI modifications for vulnerability change is done
tmobile · Sep 23, 2019 · 39d9c73 · 39d9c73
2 parents 8836cf3 + f178ea5
commit 39d9c73
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 7 deletions.
diff --git a/installer/files/scripts/build_pacbot.py b/installer/files/scripts/build_pacbot.py
@@ -22,14 +22,15 @@ class Buildpacbot(object):
     archive_type = "zip"  # What type of archive is required
     issue_email_template = ''
 
-    def __init__(self, aws_details, api_domain_url, upload_dir, log_dir, pacbot_code_dir):
+    def __init__(self, aws_details, api_domain_url, upload_dir, log_dir, pacbot_code_dir, enabled_vulnerability_feautre):
         self.api_domain_url = api_domain_url
         self.cwd = pacbot_code_dir
         self.codebase_root_dir = pacbot_code_dir
         self.debug_log = os.path.join(log_dir, "debug.log")
         self.maven_build_log = os.path.join(log_dir, "maven_build.log")
         self.upload_dir = upload_dir
         self.s3_client = prepare_aws_client_with_given_aws_details('s3', aws_details)
+        self.enabled_vulnerability_feautre = enabled_vulnerability_feautre
 
     def _clean_up_all(self):
         os.chdir(self.cwd)
@@ -154,6 +155,9 @@ def _update_variables_in_ui_config(self, webapp_dir):
             if "AD_AUTHENTICATION: false" in line:
                 lines[idx] = lines[idx].replace("AD_AUTHENTICATION: false", "AD_AUTHENTICATION: true")
 
+            if "qualysEnabled: false" in line:
+                lines[idx] = lines[idx].replace("qualysEnabled: false", "qualysEnabled: %s" % self.enabled_vulnerability_feautre)
+
             if "ISSUE_MAIL_TEMPLATE_URL: ''" in line:
                 lines[idx] = lines[idx].replace("ISSUE_MAIL_TEMPLATE_URL: ''", "ISSUE_MAIL_TEMPLATE_URL: '" + self.issue_email_template + "'")
 
@@ -202,14 +206,16 @@ def write_to_debug_log(self, msg):
     provider_json_file = os.getenv('PROVIDER_FILE')
     s3_bucket = os.getenv('S3_BUCKET')
     s3_key_prefix = os.getenv('S3_KEY_PREFIX')
+    enabled_vulnerability_feautre = os.getenv('ENABLED_VULNERABILITY_FEATURE')
     aws_details = get_provider_details("aws", provider_json_file)
 
     Buildpacbot(
         aws_details,
         api_domain_url,
         dist_files_upload_dir,
         log_dir,
-        pacbot_code_dir).build_api_and_ui_apps(
+        pacbot_code_dir,
+        enabled_vulnerability_feautre).build_api_and_ui_apps(
             s3_bucket,
             s3_key_prefix
     )
diff --git a/installer/resources/datastore/es.py b/installer/resources/datastore/es.py
@@ -42,7 +42,7 @@ class ESDomain(ElasticsearchDomainResource):
     zone_awareness_enabled = False
     ebs_enabled = True
     volume_type = "gp2"
-    volume_size = 20
+    volume_size = Settings.get('ES_VOLUME_SIZE', 20)
     automated_snapshot_start_hour = 23
     security_group_ids = [InfraSecurityGroupResource.get_output_attr('id')]
     subnet_ids = [Settings.get('VPC')['SUBNETS'][0]]

diff --git a/installer/resources/iam/all_read_role.py b/installer/resources/iam/all_read_role.py
@@ -96,15 +96,35 @@ class AllReadRoleAutoFixPolicyDocument(iam.IAMPolicyDocumentData):
                 "ec2:DeleteSecurityGroup",
             ],
             'resources': ["*"],
-            'effect': "Allow"
+            'effect': "Allow",
+            'condition': [
+                {
+                    'test': "StringEquals",
+                    'variable': "ec2:ResourceTag/pacbot-delete-sg",
+                    'values': ["true"]
+                }
+            ]
         },
         {
             'actions': [
                 "ec2:ReleaseAddress",
             ],
             'resources': ["*"],
             'effect': "Allow"
-        }
+        },
+        {
+            'actions': [
+                "rds:modifyDBInstance",
+                "rds:describeDBInstances",
+                "rds:AddTagsToResource",
+                "rds:CreateDBSecurityGroup",
+                "es:describeElasticsearchDomain",
+                "es:updateElasticsearchDomainConfig",
+                "es:addTags"
+            ],
+            'resources': ["*"],
+            'effect': "Allow"
+        },
     ]
 
 

diff --git a/installer/resources/pacbot_app/build_ui_and_api.py b/installer/resources/pacbot_app/build_ui_and_api.py
@@ -28,7 +28,8 @@ def get_provisioners(self):
                     'DIST_FILES_UPLOAD_DIR': upload_dir,
                     'LOG_DIR': Settings.LOG_DIR,
                     'S3_BUCKET': BucketStorage.get_output_attr('bucket'),
-                    'S3_KEY_PREFIX': Settings.RESOURCE_NAME_PREFIX
+                    'S3_KEY_PREFIX': Settings.RESOURCE_NAME_PREFIX,
+                    'ENABLED_VULNERABILITY_FEATURE': str(Settings.ENABLE_VULNERABILITY_FEATURE).lower()
                 },
                 'interpreter': [Settings.PYTHON_INTERPRETER]
             }

diff --git a/installer/settings/default.local.py b/installer/settings/default.local.py
@@ -20,7 +20,7 @@
 
 # ElasticSearch Related Configurations
 ES_INSTANCE_TYPE = "m4.large.elasticsearch"  # Possibble values m4.xlarge.elasticsearch, t2.xlarge.elasticsearch etc
-
+ES_VOLUME_SIZE = 20
 
 # ALB related configurations
 MAKE_ALB_INTERNAL = True  # False if ALB need to be public(internet facing) else True