Skip to content

Commit

Permalink
Merging next to main for release 2.1.8 (#11)
Browse files Browse the repository at this point in the history
* Generate README.md content based on data from app JSON and/or rename readme.md -> README.md

* Bumped up the version of awswafv2 from 2.1.7 to 2.1.8

* Update pre-commit hook version

* Updating start-release action trigger

* Adding workflow file for release review

* 'stop maintaining and delete release_notes.html'

* 'create generate-doc.yml file'

* 'update generate-doc.yml file'

* 'update generate-doc.yml file'

* 'update generate-doc.yml file with manual_readme_content.md'

* Remove semgrep workflow file

* 'convert readme.html to manual_readme_content.md'

* Removed requests, six and indirect requirements from requirements.txt (#10)

* Removed requests, six and indirect requirements from requirements.txt

* Release notes for version 2.1.8

* Updating min_phantom_version and license period

* Update README.md

* Release notes for version 2.1.8

---------

Co-authored-by: Jason DeMelo <[email protected]>
Co-authored-by: root <root@splunksoar>
Co-authored-by: splunk-soar-connectors-admin <admin@splunksoar>
Co-authored-by: bb-splunk <[email protected]>
Co-authored-by: Bartosz Bieliński <[email protected]>
Co-authored-by: bbielinski-splunk <[email protected]>
  • Loading branch information
7 people authored Feb 8, 2024
1 parent 5e1acc1 commit c1861e2
Show file tree
Hide file tree
Showing 33 changed files with 388 additions and 343 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/generate-doc.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Generate Readme Doc
on:
workflow_dispatch:
push:
paths:
- '*.json'
- 'readme.html'
- 'manual_readme_content.md'
tags-ignore:
- '**'
branches-ignore:
- next
- main
jobs:
generate-doc:
runs-on: ubuntu-latest
steps:
- uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
with:
GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/linting.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Linting
on: [push, pull_request]
jobs:
lint:
lint:
# Run per push for internal contributers. This isn't possible for forked pull requests,
# so we'll need to run on PR events for external contributers.
# String comparison below is case insensitive.
Expand Down
22 changes: 22 additions & 0 deletions .github/workflows/review-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Review Release
concurrency:
group: app-release
cancel-in-progress: true
permissions:
contents: read
id-token: write
statuses: write
on:
workflow_dispatch:
inputs:
task_token:
description: 'StepFunction task token'
required: true

jobs:
review:
uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
with:
task_token: ${{ inputs.task_token }}
secrets:
resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}
8 changes: 6 additions & 2 deletions .github/workflows/start-release.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
name: Start Release
on: workflow_dispatch
on:
workflow_dispatch:
push:
tags:
- '*-beta*'
jobs:
start-release:
runs-on: ubuntu-latest
steps:
- uses: 'phantomcyber/dev-cicd-tools/github-actions/start-release@main'
with:
GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
4 changes: 2 additions & 2 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
repos:
- repo: https://github.com/phantomcyber/dev-cicd-tools
rev: v1.4
rev: v1.16
hooks:
- id: org-hook
- id: package-app-dependencies
- repo: https://github.com/Yelp/detect-secrets
rev: v1.1.0
rev: v1.4.0
hooks:
- id: detect-secrets
args: ['--no-verify', '--exclude-files', '^awswafv2.json$']
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright 2021 Splunk Inc.
Copyright (c) 2021-2024 Splunk Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
244 changes: 244 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,244 @@
[comment]: # "Auto-generated SOAR connector documentation"
# AWS WAF V2

Publisher: Splunk
Connector Version: 2.1.8
Product Vendor: AWS
Product Name: WAF V2
Product Version Supported (regex): ".\*"
Minimum Product Version: 6.1.1

This app integrates with AWS WAF to add and delete IP addresses using API version V2

[comment]: # " File: README.md"
[comment]: # " Copyright (c) 2018-2021 Splunk Inc."
[comment]: # ""
[comment]: # " SPLUNK CONFIDENTIAL - Use or disclosure of this material in whole or in part"
[comment]: # " without a valid written license from Splunk Inc. is PROHIBITED."
[comment]: # ""
## Asset Configuration

There are two ways to configure an AWS WAF asset. The first is to configure the **access_key** ,
**secret_key** and **region** variables. If it is preferred to use a role and Phantom is running as
an EC2 instance, the **use_role** checkbox can be checked instead. This will allow the role that is
attached to the instance to be used. Please see the [AWS EC2 and IAM
documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
for more information.

Region parameter provided in the asset configuration parameter and region of the bucket which is
created in AWS console must match, otherwise the user will get an InvalidLocationConstraint error.

For the **Update bucket** action, the
API is unable to validate the KMS key. Hence, it is recommended to provide a
valid KMS key in this action parameter, otherwise it will affect the S3 bucket. For example,
if we update the S3 bucket with an invalid KMS key and run the
'create object' action on the bucket then the action will not work for encryption = NONE.

## Assumed Role Credentials

The optional **credentials** action parameter consists of temporary **assumed role** credentials
that will be used to perform the action instead of those that are configured in the **asset** . The
parameter is not designed to be configured manually, but should instead be used in conjunction with
the Phantom AWS Security Token Service app. The output of the **assume_role** action of the STS app
with data path **assume_role\_\<number>:action_result.data.\*.Credentials** consists of a dictionary
containing the **AccessKeyId** , **SecretAccessKey** , **SessionToken** and **Expiration** key/value
pairs. This dictionary can be passed directly into the credentials parameter in any of the following
actions within a playbook. For more information, please see the [AWS Identity and Access Management
documentation](https://docs.aws.amazon.com/iam/index.html) .


### Configuration Variables
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a WAF V2 asset in SOAR.

VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
**access_key_id** | optional | password | Access Key ID
**access_key_secret** | optional | password | Access Key Secret
**scope** | required | string | Specifies whether this is for an AWS CloudFront distribution or a regional application
**region** | required | string | Region
**use_role** | optional | boolean | Use attached role when running Phantom in EC2

### Supported Actions
[test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration
[add ip](#action-add-ip) - Add new IP(s) to an existing IP set or a new IP set
[delete ip](#action-delete-ip) - Remove IP(s) from an existing IP set
[delete ip set](#action-delete-ip-set) - Remove the specified IP Set
[list acls](#action-list-acls) - List all ACLs
[list ip sets](#action-list-ip-sets) - List all IP sets

## action: 'test connectivity'
Validate the asset configuration for connectivity using supplied configuration

Type: **test**
Read only: **True**

#### Action Parameters
No parameters are required for this action

#### Action Output
No Output

## action: 'add ip'
Add new IP(s) to an existing IP set or a new IP set

Type: **contain**
Read only: **False**

The ip_set_id or ip_set_name must be given as input for adding an IP to the IP set, ip_set_id will be considered if both ip_set_id and ip_set_name is provided in input. If the given ip_set_name does not exist on the server and the name matches the WAF IP set name criteria, the new IP set with a given input will be created on the server.

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**ip_set_id** | optional | ID of the IP set | string | `awswaf ip set id`
**ip_set_name** | optional | Name of the IP set | string | `awswaf ip set name`
**ip_address** | required | IP Address (Allows comma-separated) | string | `awswaf ip mask`
**credentials** | optional | Assumed role credentials | string | `aws credentials`

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.ip_address | string | `awswaf ip mask` | 126.0.0.0/24
action_result.parameter.ip_set_id | string | `awswaf ip set id` | 0778db34-cc96-4795-8c14-d1a146888391
action_result.parameter.ip_set_name | string | `awswaf ip set name` | test_ip_set test_ip_set_6
action_result.data.\*.Id | string | `awswaf ip set id` | b53eef26-f2be-44ef-9bcf-c16c3d07d791
action_result.data.\*.ResponseMetadata.HTTPHeaders.content-length | string | | 54
action_result.data.\*.ResponseMetadata.HTTPHeaders.content-type | string | | application/x-amz-json-1.1
action_result.data.\*.ResponseMetadata.HTTPHeaders.date | string | | Thu, 04 Apr 2019 09:02:54 GMT
action_result.data.\*.ResponseMetadata.HTTPHeaders.x-amzn-requestid | string | | 6e762be6-56b8-11e9-ab52-739c81485c05
action_result.data.\*.ResponseMetadata.HTTPStatusCode | numeric | | 200
action_result.data.\*.ResponseMetadata.RequestId | string | | 6e762be6-56b8-11e9-ab52-739c81485c05
action_result.data.\*.ResponseMetadata.RetryAttempts | numeric | | 0
action_result.summary.ip_status | string | | IP(s) added successfully
action_result.message | string | | Ip status: IP(s) added successfully
action_result.data.\*.NextLockToken | string | |
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
action_result.parameter.credentials | string | `aws credentials` | {'AccessKeyId': '\*REDACTED\*', 'Expiration': '2021-06-07 22:28:04', 'SecretAccessKey': '\*REDACTED\*', 'SessionToken': '\*REDACTED\*'}

## action: 'delete ip'
Remove IP(s) from an existing IP set

Type: **correct**
Read only: **False**

The ip_set_id or ip_set_name must be given as input for deleting an IP from the IP set, ip_set_id will be considered if both ip_set_id and ip_set_name is provided in input.

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**ip_set_id** | optional | IP Set ID | string | `awswaf ip set id`
**ip_set_name** | optional | IP Set Name | string | `awswaf ip set name`
**ip_address** | required | IP Address (Allows comma-separated) | string | `awswaf ip mask`
**credentials** | optional | Assumed role credentials | string | `aws credentials`

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.ip_address | string | `awswaf ip mask` | 126.0.0.0/24
action_result.parameter.ip_set_id | string | `awswaf ip set id` | 0778db34-cc96-4795-8c14-d1a146888391
action_result.parameter.ip_set_name | string | `awswaf ip set name` | test_ip test_ip_set_5
action_result.data.\*.ResponseMetadata.HTTPHeaders.content-length | string | | 54
action_result.data.\*.ResponseMetadata.HTTPHeaders.content-type | string | | application/x-amz-json-1.1
action_result.data.\*.ResponseMetadata.HTTPHeaders.date | string | | Thu, 04 Apr 2019 09:08:32 GMT
action_result.data.\*.ResponseMetadata.HTTPHeaders.x-amzn-requestid | string | | 389889ac-56b9-11e9-ab52-739c81485c05
action_result.data.\*.ResponseMetadata.HTTPStatusCode | numeric | | 200
action_result.data.\*.ResponseMetadata.RequestId | string | | 389889ac-56b9-11e9-ab52-739c81485c05
action_result.data.\*.ResponseMetadata.RetryAttempts | numeric | | 0
action_result.summary.ip_status | string | | IP(s) deleted successfully
action_result.message | string | | Ip status: IP(s) deleted successfully
action_result.data.\*.NextLockToken | string | |
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
action_result.parameter.credentials | string | `aws credentials` | {'AccessKeyId': '\*REDACTED\*', 'Expiration': '2021-06-07 22:28:04', 'SecretAccessKey': '\*REDACTED\*', 'SessionToken': '\*REDACTED\*'}

## action: 'delete ip set'
Remove the specified IP Set

Type: **correct**
Read only: **False**

The ip_set_id or ip_set_name must be given as input for deleting an IP set, ip_set_id will be used if both ip_set_id and ip_set_name is provided in input.

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**ip_set_id** | optional | IP Set ID | string | `awswaf ip set id`
**ip_set_name** | optional | IP Set Name | string | `awswaf ip set name`
**credentials** | optional | Assumed role credentials | string | `aws credentials`

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.data.\*.ResponseMetadata.RequestId | string | | 0c28d801-b618-49b8-b904-2ff6698bb038
action_result.data.\*.ResponseMetadata.HTTPHeaders.date | string | | Wed, 22 Sep 2021 20:04:47 GMT
action_result.data.\*.ResponseMetadata.HTTPHeaders.content-type | string | | application/x-amz-json-1.1
action_result.data.\*.ResponseMetadata.HTTPHeaders.content-length | string | | 2
action_result.data.\*.ResponseMetadata.HTTPHeaders.x-amzn-requestid | string | | 0c28d801-b618-49b8-b904-2ff6698bb038
action_result.data.\*.ResponseMetadata.RetryAttempts | numeric | | 0
action_result.data.\*.ResponseMetadata.HTTPStatusCode | numeric | | 200
action_result.status | string | | success
action_result.message | string | | Delete status: IP Set deleted successfully
action_result.summary.delete_status | string | | IP Set deleted successfully
action_result.parameter.ip_set_id | string | `awswaf ip set id` | 25b7e872-0645-4229-91d5-28e2369262aa
action_result.parameter.ip_set_name | string | `awswaf ip set name` | new_ip_set_1383662
action_result.parameter.credentials | string | `aws credentials` | {'AccessKeyId': '\*REDACTED\*', 'Expiration': '2021-06-07 22:28:04', 'SecretAccessKey': '\*REDACTED\*', 'SessionToken': '\*REDACTED\*'}
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1

## action: 'list acls'
List all ACLs

Type: **investigate**
Read only: **True**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**limit** | optional | Maximum number of results (default: 100) | numeric |
**credentials** | optional | Assumed role credentials | string | `aws credentials`

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.limit | numeric | | 50
action_result.data.\*.ARN | string | |
action_result.data.\*.LockToken | string | |
action_result.data.\*.Description | string | |
action_result.data.\*.Name | string | | test_acl_2
action_result.data.\*.Id | string | | 1d5f92b0-c376-4095-a939-efd04f62fda1
action_result.summary.number_of_acls | numeric | | 4
action_result.message | string | | Number of acls: 4
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
action_result.parameter.credentials | string | `aws credentials` | {'AccessKeyId': '\*REDACTED\*', 'Expiration': '2021-06-07 22:28:04', 'SecretAccessKey': '\*REDACTED\*', 'SessionToken': '\*REDACTED\*'}

## action: 'list ip sets'
List all IP sets

Type: **investigate**
Read only: **True**

#### Action Parameters
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
--------- | -------- | ----------- | ---- | --------
**limit** | optional | Maximum number of results (default: 100) | numeric |
**credentials** | optional | Assumed role credentials | string | `aws credentials`

#### Action Output
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
--------- | ---- | -------- | --------------
action_result.status | string | | success failed
action_result.parameter.limit | numeric | | 50
action_result.data.\*.Id | string | `awswaf ip set id` | 0778db34-cc96-4795-8c14-d1a146888391
action_result.data.\*.Name | string | `awswaf ip set name` | test_ip
action_result.data.\*.ARN | string | |
action_result.data.\*.LockToken | string | |
action_result.data.\*.Description | string | |
action_result.summary.number_of_ip_sets | numeric | | 56
action_result.message | string | | Number of ip sets: 56
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
action_result.parameter.credentials | string | `aws credentials` | {'AccessKeyId': '\*REDACTED\*', 'Expiration': '2021-06-07 22:28:04', 'SecretAccessKey': '\*REDACTED\*', 'SessionToken': '\*REDACTED\*'}
2 changes: 1 addition & 1 deletion __init__.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# File: __init__.py
#
# Copyright (c) 2021 Splunk Inc.
# Copyright (c) 2021-2024 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down
Loading

0 comments on commit c1861e2

Please sign in to comment.