This repository was archived by the owner on Sep 17, 2021. It is now read-only.
Release v0.7.0 #417
Merged
Release v0.7.0 #417
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Add support for custom watchers and auditors
Change summary:
* Fix Error in exception handling
* Adding audit class to distinguish items created by different
auditors of the same type
* Adding custom directories
* Adding development guidelines documentation
* Fixing links in documentation
* Removing duplicate auditors
* Adding init test for scheduler
* Fixing DB error in scheduler test
* Removing unneeded DB insert from test case
* Race condition with watcher_registry
* Fixing DB migration conflict
* Picking up pubspec.lock changes
* Code style cleanup
* Update file headers for contribution prep
Change-Id: Id72322f6dbccedc701e9c17dc9a5b8dc26bf30c1
* Updating documentation sample to use proper index.
* Refactoring improper use of dunderscores with single prefixed underscore
* Removing references to __check_auth__. Relying on RBAC decorators.
* Removing deprecated __check_auth__ imports
* Make SSO work for Google Apps For Work When trying to make SSO work for Google Apps For Work, I faced the following error message: Error: invalid_request Invalid response_type: authorization_code Learn more That’s all we know. The only way I made it work was to change a few parameters: responseType, scope. I also hade to modify the url_for() call as my securitymonkey install is behind a SSL proxy. There are certainly better ways to make it work but I'm not a Flask expert and could not find a way to have it create the proper urls. * Limit Google SSO to specific domain In order to limit Google SSO to specific Hosted Domains, we introduce a new configuration setting (optional): GOOGLE_HOSTED_DOMAIN If GOOGLE_HOSTED_DOMAIN is not set, nothing happens. If GOOGLE_HOSTED_DOMAIN is set in the config file, its value is used as the parameter 'hd' in calls to Google SSO authentication request (to GOOGLE_AUTH_ENDPOINT), and the returned ID token will also be verified to conform to this Hosted Domain. That way you can limit login only to users of your organisation. * Fixing a copy/paste typo
For some reason these weren't working for me until I added an additional -/ to the url.
* Added error handling for invalid certs * Adding a call to slurp_exception, which itself records the exception to the DB for later analysis.
* Add support for custom watchers and auditors
Change summary:
* Fix Error in exception handling
* Adding audit class to distinguish items created by different
auditors of the same type
* Adding custom directories
* Adding development guidelines documentation
* Fixing links in documentation
* Removing duplicate auditors
* Adding init test for scheduler
* Fixing DB error in scheduler test
* Removing unneeded DB insert from test case
* Race condition with watcher_registry
* Fixing DB migration conflict
* Picking up pubspec.lock changes
* Code style cleanup
* Update file headers for contribution prep
Change-Id: Id72322f6dbccedc701e9c17dc9a5b8dc26bf30c1
* Add new watchers
List of added watchers:
* CloudTrail
* AWSConfig
* AWSConfigRecorder
* DirectConnect::Connection
* DirectConnect::VirtualGateway
* EC2::EbsSnapshot
* EC2::EbsVolume
* EC2::Image
* EC2::Instance
* ENI
* KMS::Grant
* KMS::Key
* Lambda
* RDS::ClusterSnapshot
* RDS::DBCluster
* RDS::DBInstace
* RDS::Snapshot
* RDS::SubnetGroup
* Route53
* Route53Domains
* TrustedAdvisor
* VPC::DHCP
* VPC::Endpoint
* VPC::FlowLog
* VPC::NatGateway
* VPC::NetworkACL
* VPC::Peering
Additional changes:
* Move rds[security_group] to rds/ directory.
* Update vpc/route_table to use boto3 lib.
* Add tests for tech types supported by moto
* Initialize name to avoid UnboundLocalError
* Update RDS watcher ephemeral values
* Use boto3.session.get_available_regions in select watchers
* Convert routetable watcher to decorator pattern
* Convert route53 domains to decorator pattern
* Handle the case where the aws principle is a string
* Catching assume role exception in decorator
* store_exception() should create technology if it doesn't already exist
* Fixing region bug in the kms watcher.
* Adding ARN to some watchers.
* Fixes defect with muptiple accounts
* Change config recorder watcher to decorator pattern
* Removing virtual_gateway.py (vpn gateway?) from this PR while we get it straightened out. We can re-add it later.
* Fixing error where audit_changes was called instead of _audit_changes
Fixes to #411 and preparation for v0.7.0
Contributor
Author
|
Holding off on merging. Working on an problem where duplicate audit issues are being recorded. |
added 6 commits
September 21, 2016 13:44
Fixing bug that would cause duplicate issues.
… to violate the unique constraint on the item.arn column.
Auditor will now fix any issues that are not attached to an AuditorSetting
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
v0.7.0 (2016-09-21)
New Watchers:
Important Notes:
Contributors: