From 66158d987be1527d004550e2ca8d238903c0416b Mon Sep 17 00:00:00 2001 From: rahul188 Date: Mon, 1 Jul 2024 13:00:29 +0530 Subject: [PATCH 01/11] updated python version --- templates/control-tower-customization.template.yml | 8 ++++---- templates/newrelic-hub-cfct.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/templates/control-tower-customization.template.yml b/templates/control-tower-customization.template.yml index 5014ec2..2a8846b 100644 --- a/templates/control-tower-customization.template.yml +++ b/templates/control-tower-customization.template.yml @@ -288,7 +288,7 @@ Resources: Properties: Description: Copies objects from the S3 bucket to a new location. Handler: index.handler - Runtime: python3.7 + Runtime: python3.12 Role: !GetAtt 'CopyZipsRole.Arn' Timeout: 240 Code: @@ -350,7 +350,7 @@ Resources: S3Bucket: !Ref LambdaZipsBucket S3Key: !Join ['', [!Ref 'QSS3KeyPrefix', 'functions/packages/onboarding/NewRelicCTOnboarding.zip']] Handler: onboarding.lambda_handler - Runtime: python3.7 + Runtime: python3.12 Timeout: 120 Environment: Variables: @@ -548,7 +548,7 @@ Resources: S3Bucket: !Ref LambdaZipsBucket S3Key: !Join ['', [!Ref 'QSS3KeyPrefix', 'functions/packages/stackset/NewRelicCTStackSet.zip']] Handler: stackset.lambda_handler - Runtime: python3.7 + Runtime: python3.12 Timeout: 120 ReservedConcurrentExecutions: 1 Environment: @@ -624,7 +624,7 @@ Resources: S3Bucket: !Ref LambdaZipsBucket S3Key: !Join ['', [!Ref 'QSS3KeyPrefix', 'functions/packages/register/NewRelicCTRegister.zip']] Handler: register.lambda_handler - Runtime: python3.7 + Runtime: python3.12 Timeout: 120 ReservedConcurrentExecutions: 5 Environment: diff --git a/templates/newrelic-hub-cfct.yaml b/templates/newrelic-hub-cfct.yaml index 29f62d8..9b7b5a9 100644 --- a/templates/newrelic-hub-cfct.yaml +++ b/templates/newrelic-hub-cfct.yaml @@ -123,7 +123,7 @@ Resources: Properties: Description: Copies objects from the S3 bucket to a new location. Handler: index.handler - Runtime: python3.7 + Runtime: python3.12 Role: !GetAtt 'CopyZipsRole.Arn' Timeout: 240 Code: @@ -291,7 +291,7 @@ Resources: S3Bucket: !Ref LambdaZipsBucket S3Key: !Join ['', [!Ref 'QSS3KeyPrefix', !FindInMap ["SourceCode", "Key", "Register"]]] Handler: cfct_register.lambda_handler - Runtime: python3.7 + Runtime: python3.12 Timeout: 120 ReservedConcurrentExecutions: 5 Environment: From e661a31ac3116c2fb03242662a90a7d6c2960480 Mon Sep 17 00:00:00 2001 From: rahul188 Date: Thu, 4 Jul 2024 00:57:28 +0530 Subject: [PATCH 02/11] Updated python version & fix the URL Issues --- .../control-tower-customization.template.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/templates/control-tower-customization.template.yml b/templates/control-tower-customization.template.yml index 2a8846b..33feb20 100644 --- a/templates/control-tower-customization.template.yml +++ b/templates/control-tower-customization.template.yml @@ -225,11 +225,11 @@ Parameters: Default: NewRelic-Integration StackSetUrl: Type: String - Default: https://aws-quickstart.s3.amazonaws.com/quickstart-ct-newrelic-one/templates/newrelic-stack-set.yml + Default: https://cfn-ps-ct-newrelic-one.s3.us-east-2.amazonaws.com/newrelic-stack-set.yml Description: New Relic integration StackSet template URL QSS3BucketName: Type: String - Default: aws-ia + Default: cfn-ps-ct-newrelic-one Description: "S3 bucket for Quick Start assets. Use this if you want to customize your deployment. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but it cannot start or end with hyphens (-)." QSS3KeyPrefix: Type: String @@ -274,14 +274,14 @@ Resources: - s3:GetObject - s3:GetObjectTagging Resource: - - !Sub 'arn:${AWS::Partition}:s3:::${QSS3BucketName}/${QSS3KeyPrefix}*' + - !Sub 'arn:${AWS::Partition}:s3:::${QSS3BucketName}/*' - Effect: Allow Action: - s3:PutObject - s3:DeleteObject - s3:PutObjectTagging Resource: - - !Sub 'arn:${AWS::Partition}:s3:::${LambdaZipsBucket}/${QSS3KeyPrefix}*' + - !Sub 'arn:${AWS::Partition}:s3:::${LambdaZipsBucket}/*' CopyZipsFunction: Type: AWS::Lambda::Function @@ -394,11 +394,17 @@ Resources: PolicyDocument: Version: 2012-10-17 Statement: + - Sid: StackSet + Effect: Allow + Action: + - cloudformation:GetTemplateSummary + Resource: '*' - Sid: StackSetInstanceCreate Effect: Allow Action: - cloudformation:CreateStackInstances - cloudformation:ListStackInstances + - cloudformation:GetTemplateSummary Resource: !Join ['', ['arn:aws:cloudformation:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':stackset/', !Ref StackSetName, '*' ]] - Sid: StackSetInstanceDelete @@ -414,6 +420,7 @@ Resources: Action: - cloudformation:CreateStackSet - cloudformation:DescribeStackSet + - cloudformation:GetTemplateSummary Resource: !Join ['', ['arn:aws:cloudformation:', '*', ':', '*', ':stackset/NewRelic-*' ]] - Sid: S3Ops @@ -422,7 +429,7 @@ Resources: - s3:ListBucket - s3:GetObject Resource: - - !Join ['',['arn:aws:s3:::', !Ref QSS3BucketName, '/', !Ref QSS3KeyPrefix, '*']] + - !Join ['',['arn:aws:s3:::', !Ref QSS3BucketName, '/', '*']] - Sid: SNSOps Effect: Allow Action: From 1f77fd2e543ad2fbaaa8e44d4c77a22214aaedc3 Mon Sep 17 00:00:00 2001 From: rahul188 Date: Tue, 9 Jul 2024 03:49:26 +0530 Subject: [PATCH 03/11] Ignore E3030 check to account for potential future Python version changes --- .project_automation/static_tests/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.project_automation/static_tests/entrypoint.sh b/.project_automation/static_tests/entrypoint.sh index 4942979..85fb498 100755 --- a/.project_automation/static_tests/entrypoint.sh +++ b/.project_automation/static_tests/entrypoint.sh @@ -13,4 +13,4 @@ cd $PROJECT_PATH # E2521 - required properties, E3002 - resource properties - false positive for newer resources than pinned CloudFormation resource spec # E3005 - DependsOn - false positive for conditionals, # E9101 - Inclusive language check - false positive for database resources -cfn-lint --ignore-checks W,E1019,E2521,E3002,E3005,E9101 -t templates/**/*.yaml -a /tmp/qs-cfn-lint-rules/qs_cfn_lint_rules/ +cfn-lint --ignore-checks W,E1019,E2521,E3002,E3005,E9101,E3030 -t templates/**/*.yaml -a /tmp/qs-cfn-lint-rules/qs_cfn_lint_rules/ From 0afe764cb6920f3554d34b6a024217a1a517a23c Mon Sep 17 00:00:00 2001 From: rahul188 Date: Tue, 9 Jul 2024 04:23:54 +0530 Subject: [PATCH 04/11] Added Ignore E3030 check to templates for potential future Python version changes --- .project_automation/static_tests/entrypoint.sh | 2 +- templates/control-tower-customization.template.yml | 4 ++++ templates/newrelic-hub-cfct.yaml | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.project_automation/static_tests/entrypoint.sh b/.project_automation/static_tests/entrypoint.sh index 85fb498..4942979 100755 --- a/.project_automation/static_tests/entrypoint.sh +++ b/.project_automation/static_tests/entrypoint.sh @@ -13,4 +13,4 @@ cd $PROJECT_PATH # E2521 - required properties, E3002 - resource properties - false positive for newer resources than pinned CloudFormation resource spec # E3005 - DependsOn - false positive for conditionals, # E9101 - Inclusive language check - false positive for database resources -cfn-lint --ignore-checks W,E1019,E2521,E3002,E3005,E9101,E3030 -t templates/**/*.yaml -a /tmp/qs-cfn-lint-rules/qs_cfn_lint_rules/ +cfn-lint --ignore-checks W,E1019,E2521,E3002,E3005,E9101 -t templates/**/*.yaml -a /tmp/qs-cfn-lint-rules/qs_cfn_lint_rules/ diff --git a/templates/control-tower-customization.template.yml b/templates/control-tower-customization.template.yml index 33feb20..a9a5efb 100644 --- a/templates/control-tower-customization.template.yml +++ b/templates/control-tower-customization.template.yml @@ -1,6 +1,10 @@ AWSTemplateFormatVersion: 2010-09-09 Description: AWS Control Tower customization that adds in New Relic integration to your landing zone.(qs-1rsuloqd4) Metadata: + cfn-lint: + config: + ignore_checks: + - E3030 QuickStartDocumentation: EntrypointName: "Parameters for deploying New Relic AWS Control Tower integration" AWS::CloudFormation::Interface: diff --git a/templates/newrelic-hub-cfct.yaml b/templates/newrelic-hub-cfct.yaml index 9b7b5a9..6aba07f 100644 --- a/templates/newrelic-hub-cfct.yaml +++ b/templates/newrelic-hub-cfct.yaml @@ -1,6 +1,10 @@ AWSTemplateFormatVersion: 2010-09-09 Description: AWS CfCT stack for New Relic designated hub account. This deployment launches as a stack set in your AWS Control Tower landing zone (qs-1rsuloqd4) Metadata: + cfn-lint: + config: + ignore_checks: + - E3030 QuickStartDocumentation: EntrypointName: "Parameters for deploying New Relic AWS Control Tower integration" AWS::CloudFormation::Interface: From 96e912f8a42d7a5843fd044de4cc42bc13932744 Mon Sep 17 00:00:00 2001 From: rahul188 Date: Tue, 9 Jul 2024 04:30:07 +0530 Subject: [PATCH 05/11] Added .cfnlintrc file --- .cfnlintrc | 4 ++++ templates/newrelic-hub-cfct.yaml | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 .cfnlintrc diff --git a/.cfnlintrc b/.cfnlintrc new file mode 100644 index 0000000..dee0ee7 --- /dev/null +++ b/.cfnlintrc @@ -0,0 +1,4 @@ +templates: + - templates/* +ignore_checks: + - E3030 \ No newline at end of file diff --git a/templates/newrelic-hub-cfct.yaml b/templates/newrelic-hub-cfct.yaml index 6aba07f..9b7b5a9 100644 --- a/templates/newrelic-hub-cfct.yaml +++ b/templates/newrelic-hub-cfct.yaml @@ -1,10 +1,6 @@ AWSTemplateFormatVersion: 2010-09-09 Description: AWS CfCT stack for New Relic designated hub account. This deployment launches as a stack set in your AWS Control Tower landing zone (qs-1rsuloqd4) Metadata: - cfn-lint: - config: - ignore_checks: - - E3030 QuickStartDocumentation: EntrypointName: "Parameters for deploying New Relic AWS Control Tower integration" AWS::CloudFormation::Interface: From 0f047a066a8271d51c3ebdeaad5b6724846b4695 Mon Sep 17 00:00:00 2001 From: rahul188 Date: Tue, 9 Jul 2024 04:31:40 +0530 Subject: [PATCH 06/11] updated the metadata --- templates/control-tower-customization.template.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/templates/control-tower-customization.template.yml b/templates/control-tower-customization.template.yml index a9a5efb..33feb20 100644 --- a/templates/control-tower-customization.template.yml +++ b/templates/control-tower-customization.template.yml @@ -1,10 +1,6 @@ AWSTemplateFormatVersion: 2010-09-09 Description: AWS Control Tower customization that adds in New Relic integration to your landing zone.(qs-1rsuloqd4) Metadata: - cfn-lint: - config: - ignore_checks: - - E3030 QuickStartDocumentation: EntrypointName: "Parameters for deploying New Relic AWS Control Tower integration" AWS::CloudFormation::Interface: From c6917499ef2908e42f7749cdb1a2e1860a0c7ada Mon Sep 17 00:00:00 2001 From: rahul188 Date: Tue, 9 Jul 2024 04:46:39 +0530 Subject: [PATCH 07/11] updated the template file --- .cfnlintrc | 4 ---- templates/newrelic-hub-cfct.yaml | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) delete mode 100644 .cfnlintrc diff --git a/.cfnlintrc b/.cfnlintrc deleted file mode 100644 index dee0ee7..0000000 --- a/.cfnlintrc +++ /dev/null @@ -1,4 +0,0 @@ -templates: - - templates/* -ignore_checks: - - E3030 \ No newline at end of file diff --git a/templates/newrelic-hub-cfct.yaml b/templates/newrelic-hub-cfct.yaml index 9b7b5a9..1484629 100644 --- a/templates/newrelic-hub-cfct.yaml +++ b/templates/newrelic-hub-cfct.yaml @@ -286,6 +286,11 @@ Resources: NewRelicRegisterFunction: Type: AWS::Lambda::Function DependsOn: CopyZips + Metadata: + cfn-lint: + config: + ignore_checks: + - E3030 Properties: Code: S3Bucket: !Ref LambdaZipsBucket From 875d3ca5ba0ecef712b826d37a4b0eafbb168bd0 Mon Sep 17 00:00:00 2001 From: rahul188 Date: Tue, 9 Jul 2024 04:51:40 +0530 Subject: [PATCH 08/11] updated the template file --- templates/newrelic-hub-cfct.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/newrelic-hub-cfct.yaml b/templates/newrelic-hub-cfct.yaml index 1484629..1fb0681 100644 --- a/templates/newrelic-hub-cfct.yaml +++ b/templates/newrelic-hub-cfct.yaml @@ -120,6 +120,11 @@ Resources: CopyZipsFunction: Type: AWS::Lambda::Function + Metadata: + cfn-lint: + config: + ignore_checks: + - E3030 Properties: Description: Copies objects from the S3 bucket to a new location. Handler: index.handler From 489f117f93fcdadad18946543228472f85da3a1a Mon Sep 17 00:00:00 2001 From: rahul188 Date: Tue, 20 Aug 2024 15:27:17 +0530 Subject: [PATCH 09/11] Updated Taskcat.yml & .gitignore files --- .gitignore | 3 +++ .taskcat.yml | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 38dccc3..d07a438 100644 --- a/.gitignore +++ b/.gitignore @@ -160,3 +160,6 @@ cython_debug/ # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ + +taskcat_outputs +.taskcate_overrides.yml \ No newline at end of file diff --git a/.taskcat.yml b/.taskcat.yml index d146068..6da728b 100644 --- a/.taskcat.yml +++ b/.taskcat.yml @@ -5,11 +5,13 @@ project: tests: newrelic-onboarding-us-west-2: parameters: + NewRelicLicenseKey: '' + AdditionalParametersLicenseKey: '' NewRelicAccountNumber: '' LaunchAccountList: '' NewRelicAccessKey: '' StackSetName: 'NewRelic-Integration' - StackSetUrl: 'https://newrelic-aws-quickstart.s3.amazonaws.com/control-tower/templates/newrelic-stack-set.yml' + StackSetUrl: 'https://cfn-ps-ct-newrelic-one.s3.us-east-2.amazonaws.com/newrelic-stack-set.yml' regions: - us-west-2 template: templates/control-tower-customization.template.yml \ No newline at end of file From d10434087d9b45115844b30be517b421212df32a Mon Sep 17 00:00:00 2001 From: rahul188 Date: Wed, 4 Sep 2024 20:33:00 +0530 Subject: [PATCH 10/11] updated AllowedPattern --- templates/control-tower-customization.template.yml | 2 +- templates/newrelic-hub-cfct.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/control-tower-customization.template.yml b/templates/control-tower-customization.template.yml index 33feb20..1c1e2da 100644 --- a/templates/control-tower-customization.template.yml +++ b/templates/control-tower-customization.template.yml @@ -209,7 +209,7 @@ Parameters: NewRelicAccessKey: Type: String NoEcho: true - AllowedPattern: '^([A-Z0-9-]){32}$' + AllowedPattern: '^([A-Z0-9-]){40}$' ConstraintDescription: New Relic User key is 32 characters long, and contains only numbers and letters Description: New Relic NerdGraph User key. See https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-api-key NerdGraphEndpoint: diff --git a/templates/newrelic-hub-cfct.yaml b/templates/newrelic-hub-cfct.yaml index 1fb0681..5c30174 100644 --- a/templates/newrelic-hub-cfct.yaml +++ b/templates/newrelic-hub-cfct.yaml @@ -41,7 +41,7 @@ Parameters: NewRelicAccessKey: Type: String NoEcho: true - AllowedPattern: '^([A-Z0-9-]){32}$' + AllowedPattern: '^([A-Z0-9-]){40}$' ConstraintDescription: New Relic User key is 32 characters long, and contains only numbers and letters Description: New Relic NerdGraph User key. See https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-api-key NerdGraphEndpoint: From 9e09d0cdc7844d8f2f130a584e3e20829f7fd576 Mon Sep 17 00:00:00 2001 From: rahul188 Date: Wed, 4 Sep 2024 20:46:11 +0530 Subject: [PATCH 11/11] updated AllowedPattern --- templates/control-tower-customization.template.yml | 4 ++-- templates/newrelic-hub-cfct.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/control-tower-customization.template.yml b/templates/control-tower-customization.template.yml index 1c1e2da..f8fbfe3 100644 --- a/templates/control-tower-customization.template.yml +++ b/templates/control-tower-customization.template.yml @@ -209,8 +209,8 @@ Parameters: NewRelicAccessKey: Type: String NoEcho: true - AllowedPattern: '^([A-Z0-9-]){40}$' - ConstraintDescription: New Relic User key is 32 characters long, and contains only numbers and letters + AllowedPattern: '^[A-Za-z0-9]{40}$' + ConstraintDescription: New Relic User key is 40 characters long, and contains only numbers and letters Description: New Relic NerdGraph User key. See https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-api-key NerdGraphEndpoint: Type: String diff --git a/templates/newrelic-hub-cfct.yaml b/templates/newrelic-hub-cfct.yaml index 5c30174..e070720 100644 --- a/templates/newrelic-hub-cfct.yaml +++ b/templates/newrelic-hub-cfct.yaml @@ -41,8 +41,8 @@ Parameters: NewRelicAccessKey: Type: String NoEcho: true - AllowedPattern: '^([A-Z0-9-]){40}$' - ConstraintDescription: New Relic User key is 32 characters long, and contains only numbers and letters + AllowedPattern: '^[A-Za-z0-9]{40}$' + ConstraintDescription: New Relic User key is 40 characters long, and contains only numbers and letters Description: New Relic NerdGraph User key. See https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-api-key NerdGraphEndpoint: Type: String