Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Auto-remediation for check EKS-001 #67

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add Auto-remediation for check EKS-001 #67

wants to merge 3 commits into from

Conversation

gmagella-ca
Copy link

@gmagella-ca gmagella-ca commented Apr 8, 2020
edited
Loading

Add auto-remediation for check EKS-001.
LambdaVersion had to be disabled in serverless.yaml to support the number of resources needed.

@PatrickQuintal PatrickQuintal requested review from PatrickQuintal and removed request for PatrickQuintal April 24, 2020 03:59
binli0114
binli0114 suggested changes Jul 4, 2020
View reviewed changes
Copy link
Contributor

@binli0114 binli0114 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry about the delay PR review.
Left some comments and please let me know if any problem.

functions/AutoRemediateEKS-001.js
return handleError('Invalid event')
}

const clustername=event.resource.split('/')[1];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const clustername=event.resource.split('/')[1];
const resourceItems = event.resource.split('/');
if (resourceItems.length<1){
return handleError('Invalid resource');
}
const clustername=resourceItems[1];

functions/AutoRemediateEKS-001.js
}
};

let eks = new AWS.EKS({region: event.region})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let eks = new AWS.EKS({region: event.region})
const eks = new AWS.EKS({region: event.region})

functions/AutoRemediateEKS-001.js
Comment on lines +26 to +27
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These if condition can be removed because line 29 handles it

Suggested change
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response

functions/AutoRemediateEKS-001.js

let eks = new AWS.EKS({region: event.region})

eks.updateClusterConfig(params, function(err, data) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggest to use asynchronous flow instead of using callbacks.
ref: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/using-promises.html

functions/AutoRemediateOrchestrator.js

module.exports.handler = (event, context, callback) => {
console.log('Received event: ', JSON.stringify(event, null, 2))
console.log('Config settings: ', JSON.stringify(CONFIG, null, 2))
//console.log('Config settings: ', JSON.stringify(CONFIG, null, 2))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove unused code

Suggested change
//console.log('Config settings: ', JSON.stringify(CONFIG, null, 2))

functions/AutoRemediateOrchestrator.js
else{

//Compose the function name based on its own name...
let FunctionName =
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let FunctionName =
const FunctionName =

serverless.yml
Properties:
MessageRetentionPeriod: 7200 #2 Hours
QueueName: CloudConformityAutoRemediate

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SQS queue must be encrypted at rest. Please configure KMS KeyId in the queue property

test/AutoRemediateEKS-001.js
'region': 'us-east-1'
}

let AutoRemediate = require('../functions/AutoRemediateEKS-001')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let AutoRemediate = require('../functions/AutoRemediateEKS-001')
const AutoRemediate = require('../functions/AutoRemediateEKS-001')

test/AutoRemediateEKS-001.js
@@ -0,0 +1,11 @@
let event = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let event = {
const event = {

test/AutoRemediateEKS-001.js

let AutoRemediate = require('../functions/AutoRemediateEKS-001')

AutoRemediate.handler(event, {}, function (err, data) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add valid unit tests here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@binli0114 binli0114 binli0114 requested changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gmagella-ca @binli0114 @Gmagella