From 191b5818ca09eb57574235c242e63d94431712ac Mon Sep 17 00:00:00 2001 From: Sean Lin Date: Fri, 17 Apr 2020 10:55:08 -0700 Subject: [PATCH] feature: enable s3 prefix in waf logging (#148) --- .../command/core/CreateWafLoggingCommand.java | 7 +++++++ .../domain/cloudformation/WafLoggingParameters.java | 11 +++++++++++ .../operation/core/CreateWafLoggingOperation.java | 10 +++++++++- src/main/resources/cloudformation/waf-logging.yaml | 5 ++++- 4 files changed, 31 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/nike/cerberus/command/core/CreateWafLoggingCommand.java b/src/main/java/com/nike/cerberus/command/core/CreateWafLoggingCommand.java index a655f591..be24d9ea 100644 --- a/src/main/java/com/nike/cerberus/command/core/CreateWafLoggingCommand.java +++ b/src/main/java/com/nike/cerberus/command/core/CreateWafLoggingCommand.java @@ -45,6 +45,13 @@ public boolean isSkipStackCreation() { return skipStackCreation; } + @Parameter(names = {"--s3-prefix"}, description = "The prefix of WAF logs in S3 bucket.") + private String s3Prefix = "firehose/"; + + public String getS3Prefix() { + return s3Prefix; + } + public CloudFormationParametersDelegate getCloudFormationParametersDelegate() { return cloudFormationParametersDelegate; } diff --git a/src/main/java/com/nike/cerberus/domain/cloudformation/WafLoggingParameters.java b/src/main/java/com/nike/cerberus/domain/cloudformation/WafLoggingParameters.java index 10282c55..4eb194c5 100644 --- a/src/main/java/com/nike/cerberus/domain/cloudformation/WafLoggingParameters.java +++ b/src/main/java/com/nike/cerberus/domain/cloudformation/WafLoggingParameters.java @@ -22,6 +22,17 @@ public class WafLoggingParameters { private String environmentName; + private String s3Prefix; + + public String getS3Prefix() { + return s3Prefix; + } + + public WafLoggingParameters setS3Prefix(String s3Prefix) { + this.s3Prefix = s3Prefix; + return this; + } + public String getEnvironmentName() { return environmentName; } diff --git a/src/main/java/com/nike/cerberus/operation/core/CreateWafLoggingOperation.java b/src/main/java/com/nike/cerberus/operation/core/CreateWafLoggingOperation.java index c088ae4e..960b4921 100644 --- a/src/main/java/com/nike/cerberus/operation/core/CreateWafLoggingOperation.java +++ b/src/main/java/com/nike/cerberus/operation/core/CreateWafLoggingOperation.java @@ -77,10 +77,18 @@ public CreateWafLoggingOperation(@Named(ENV_NAME) String environmentName, public void run(CreateWafLoggingCommand command) { Regions region = command.getCloudFormationParametersDelegate().getStackRegion() .orElse(configStore.getPrimaryRegion()); + String s3Prefix = command.getS3Prefix(); + if (!s3Prefix.endsWith("/")) { + s3Prefix += "/"; + } + if (s3Prefix.startsWith("/")) { + s3Prefix = s3Prefix.substring(1); + } if (!command.isSkipStackCreation()) { WafLoggingParameters wafLoggingParameters = new WafLoggingParameters() - .setEnvironmentName(environmentName); + .setEnvironmentName(environmentName) + .setS3Prefix(s3Prefix); Map parameters = cloudFormationObjectMapper.convertValue(wafLoggingParameters); diff --git a/src/main/resources/cloudformation/waf-logging.yaml b/src/main/resources/cloudformation/waf-logging.yaml index fcc2cbb5..567896ad 100644 --- a/src/main/resources/cloudformation/waf-logging.yaml +++ b/src/main/resources/cloudformation/waf-logging.yaml @@ -9,6 +9,9 @@ Parameters: environmentName: Description: The Cerberus environment name. Type: String + s3Prefix: + Description: The prefix of WAF logs in S3 bucket. + Type: String Resources: KinesisFirehoseDeliveryStream: Type: 'AWS::KinesisFirehose::DeliveryStream' @@ -28,7 +31,7 @@ Resources: IntervalInSeconds: 300 SizeInMBs: 5 CompressionFormat: UNCOMPRESSED - Prefix: firehose/ + Prefix: !Ref s3Prefix RoleARN: !GetAtt DeliveryRole.Arn S3DestinationBucket: Type: AWS::S3::Bucket