-
Notifications
You must be signed in to change notification settings - Fork 22
/
Taskfile.yml
107 lines (107 loc) · 4.31 KB
/
Taskfile.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
version: '3'
#output: prefixed
env:
SKIP_QUOTA_CHECK: true
WAF_TEST: TRUE
WAF_TEST_PASS_STATUS_CODES: 200 # HTTP response status code that WAF uses while passing requests (default [200,404])
CREATE_DIAGRAM: false
TOOL_KIT_STACKNAME: CDKToolkit
LASTEST_FIREWALLFACTORY_VERSION:
sh: curl --silent "https://api.github.com/repos/globaldatanet/aws-firewall-factory/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'
vars:
prerequisite:
config: # without .json
REGION:
sh: echo $AWS_REGION
CDK_DEFAULT_ACCOUNT:
sh: aws sts get-caller-identity |jq -r .
tasks:
destroy:
desc: Destroy Stack
cmds:
- task: cdkdestroy
deploy:
desc: Deploy Stack
cmds:
- task: cdkdeploy
- task: creatediagram
synth:
desc: synth Stack
cmds:
- cdk synth
vars:
ACCOUNT:
sh: aws sts get-caller-identity |jq -r .Account
TAGS:
sh: cat tags/tags.json | jq -j '.[]|"--tags " + (.Key)+"="+(.Value)+" "'
env:
PROCESS_PARAMETERS: .config
diff:
desc: CDK Diff
cmds:
- bash -c 'source options.sh && cdk diff --toolkit-stack-name {{.TOOL_KIT_STACKNAME}}'
silent: true
interactive: true
env:
PROCESS_PARAMETERS: "{{.config}}"
PREREQUISITE: "{{.prerequisite}}"
cdkdestroy:
desc: CDK Destroy
cmds:
- bash -c 'source options.sh && cdk destroy --force'
vars:
ACCOUNT:
sh: aws sts get-caller-identity |jq -r .Account
env:
PROCESS_PARAMETERS: "{{.config}}"
PREREQUISITE: "{{.prerequisite}}"
silent: true
interactive: true
cdkdeploy:
desc: CDK Deploy
cmds:
- bash -c 'source options.sh && cdk deploy --require-approval never {{.TAGS}} --toolkit-stack-name {{.TOOL_KIT_STACKNAME}}'
vars:
ACCOUNT:
sh: aws sts get-caller-identity |jq -r .Account
TAGS:
sh: cat tags/tags.json | jq -j '.[]|"--tags " + (.Key)+"="+(.Value)+" "'
env:
PROCESS_PARAMETERS: "{{.config}}"
PREREQUISITE: "{{.prerequisite}}"
silent: true
interactive: true
creatediagram:
desc: Create Diagram
cmds:
- if [[ {{.CREATE_DIAGRAM}} = true ]] ; then echo 🤳🏻 $(cfn-dia draw.io -t cdk.out/"$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.Prefix')-WAF-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.WebAcl.Name')-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.Stage')-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.DeployHash')".template.json --output-file $(sed "s/values/diagrams/g;s/.json/.drawio/g" <<< values/{{.config}}.json) --ci-mode --skip-synth); else echo ⏭ Skipping Diagram generation 🤳🏻 ; fi
silent: true
env:
PROCESS_PARAMETERS: values/{{.config}}.json
testwaf:
desc: Test of your waf using GoTestWAF
cmds:
- echo 🧪 Testing of your new 🔥 WAF using GoTestWAF
- mkdir -p ./waf-evaluation-report/$(date '+%Y-%m-%d')
- |
items=$(ts-node ./gotestwaf/gotestwaf.ts | jq -r '.[] | .SecuredDomain[]?')
for item in ${items[@]}; do
echo "Using fqdn in 🖥 url : $item"
./gotestwaf/gotestwaf --url https://$item --workers 50 --blockConnReset --wafName="$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.Prefix')-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.WebAcl.Name')-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.Stage')-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.DeployHash')" --configPath=./gotestwaf/config.yaml --testCasesPath=./gotestwaf/testcases --skipWAFBlockCheck --reportPath "./waf-evaluation-report/$(date '+%Y-%m-%d')" --reportName "$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.Prefix')-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.WebAcl.Name')-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.Stage')-$(ts-node ./gotestwaf/gotestwaf.ts| jq -r '.General.DeployHash')-$item" --passStatusCodes {{.WAF_TEST_PASS_STATUS_CODES}} --blockConnReset
done
silent: true
env:
PROCESS_PARAMETERS: "{{.config}}"
preconditions:
- sh: "[ '{{.WAF_TEST}}' != 'true' ]"
msg: ⏭ Skipping WAF Testing 🧪
generate-waf-skeleton:
desc: Generate WAF Skeleton
silent: true
cmds:
- ts-node ./lib/tools/generate-waf-skeleton.ts
generate-shield-skeleton:
desc: Generate Shield Skeleton
silent: true
cmds:
- ts-node ./lib/tools/generate-shield-skeleton.ts