forked from globaldatanet/aws-firewall-factory
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Taskfile.yml
127 lines (126 loc) · 5.22 KB
/
Taskfile.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
version: '3'
#output: prefixed
env:
SKIP_QUOTA_CHECK: true
WAF_TEST: false
CREATE_DIAGRAM: true
CDK_DIFF: false
LASTEST_FIREWALLFACTORY_VERSION:
sh: curl --silent "https://api.github.com/repos/globaldatanet/aws-firewall-factory/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'
vars:
prerequisite:
config: # without .json
REGION:
sh: echo $AWS_REGION
CDK_DEFAULT_ACCOUNT:
sh: aws sts get-caller-identity |jq -r .
tasks:
deploy:
desc: Deploy Stack
cmds:
- task: clean
- task: cdkdiff
- task: cdkdeploy
- task: creatediagram
- task: testwaf
synth:
desc: synth Stack
cmds:
- task: clean
- cdk synth
vars:
ACCOUNT:
sh: aws sts get-caller-identity |jq -r .Account
TAGS:
sh: cat tags/tags.json | jq -j '.[]|"--tags " + (.Key)+"="+(.Value)+" "'
env:
PROCESS_PARAMETERS: values/{{.config}}.json
clean:
desc: Clean CDK Out
cmds:
- rm -rf ./cdk.out
- rm -rf ./node-modules
silent: true
cdkdiff:
desc: CDK Diff
cmds:
- if [[ {{.CDK_DIFF}} = true ]];then cdk diff; echo -n "Continue (y/n)?"; read CONT; if [ "$CONT" = "n" ]; then echo "NO" | exit 1; else echo "YES"; fi; else exit 0;fi;
silent: true
interactive: true
env:
PROCESS_PARAMETERS: values/{{.config}}.json
PREREQUISITE: "{{.prerequisite}}"
preconditions:
- sh: "test {{.config}}"
msg: "config Variable was not set"
- sh: "test -f values/{{.config}}.json"
msg: "Values file not found: values/{{.config}}.json"
cdkdeploy:
desc: CDK Deploy
cmds:
- cdk deploy --require-approval never {{.TAGS}}
- rm -f $(find ./cdk.out/*assets.json -type f) &> /dev/null
vars:
ACCOUNT:
sh: aws sts get-caller-identity |jq -r .Account
TAGS:
sh: cat tags/tags.json | jq -j '.[]|"--tags " + (.Key)+"="+(.Value)+" "'
preconditions:
- sh: "test {{.config}}"
msg: "config Variable was not set"
- sh: "test -f values/{{.config}}.json"
msg: "Values file not found: values/{{.config}}.json"
env:
PROCESS_PARAMETERS: values/{{.config}}.json
PREREQUISITE: "{{.prerequisite}}"
silent: true
interactive: true
creatediagram:
desc: Create Diagram
cmds:
- if [[ {{.CREATE_DIAGRAM}} = true ]] ; then echo 🤳🏻 $(cfn-dia draw.io -t cdk.out/"$(cat values/{{.config}}.json | jq -r '.General.Prefix')-WAF-$(cat values/{{.config}}.json | jq -r '.WebAcl.Name')-$(cat values/{{.config}}.json | jq -r '.General.Stage')-$(cat values/{{.config}}.json | jq -r '.General.DeployHash')".template.json --output-file $(sed "s/values/diagrams/g;s/.json/.drawio/g" <<< values/{{.config}}.json) --ci-mode --skip-synth); else echo ⏭ Skipping Diagram generation 🤳🏻 ; fi
silent: true
env:
PROCESS_PARAMETERS: values/{{.config}}.json
testwaf:
desc: Test of your waf using GoTestWAF
cmds:
- |
if [[ {{.WAF_TEST}} == true ]]; then
echo 🧪 Testing of your new 🔥 WAF using GoTestWAF
items=$(cat values/{{.config}}.json | jq -r '.[] | .SecuredDomain[]?')
for item in ${items[@]}; do
echo "Using fqdn in 🖥 url : $item"
./gotestwaf/gotestwaf --url https://$item --workers 50 --blockConnReset --wafName="$(cat values/{{.config}}.json | jq -r '.General.Prefix')-$(cat values/{{.config}}.json | jq -r '.WebAcl.Name')-$(cat values/{{.config}}.json | jq -r '.General.Stage')-$(cat values/{{.config}}.json | jq -r '.General.DeployHash')" --configPath=./gotestwaf/config.yaml --testCasesPath=./gotestwaf/testcases --skipWAFBlockCheck --reportPath "./waf-evaluation-report/$(date '+%Y-%m-%d')" --reportName "$(cat values/{{.config}}.json | jq -r '.General.Prefix')-$(cat values/{{.config}}.json | jq -r '.WebAcl.Name')-$(cat values/{{.config}}.json | jq -r '.General.Stage')-$(cat values/{{.config}}.json | jq -r '.General.DeployHash')"
done
else
echo "⏭ Skipping WAF Testing 🧪"
fi
silent: true
validateconfig:
desc: Validates the current config
cmds:
- ts-node test/config-loader.ts
silent: true
env:
PROCESS_PARAMETERS: values/{{.config}}.json
preconditions:
- sh: "test {{.config}}"
msg: "config Variable was not set"
- sh: "test -f values/{{.config}}.json"
msg: "Values file not found: values/{{.config}}.json"
generateconfig:
desc: Generate skeleton for a waf configuration file
cmds:
- if [[ "{{.config}}" ]] ; then ts-node lib/tools/generate-skeleton.ts >> values/{{.config}}.json ; else ts-node lib/tools/generate-skeleton.ts ; fi
silent: true
generateowasptoptenconfig:
desc: Generate skeleton for a waf configuration file with owasp top 10
cmds:
- if [[ "{{.config}}" ]] ; then ts-node lib/tools/get-owasp-top10-waf.ts >> values/{{.config}}.json ; else ts-node lib/tools/get-owasp-top10-waf.ts ; fi
silent: true
generateprerequisitesconfig:
desc: Generate skeleton for a prerequisites configuration
cmds:
- if [[ "{{.config}}" ]] ; then ts-node lib/tools/generate-prerequisites-skeleton.ts >> values/{{.config}}.json ; else ts-node lib/tools/generate-prerequisites-skeleton.ts ; fi
silent: true