diff --git a/cfn/auth0-collector.template b/cfn/auth0-collector.template new file mode 100644 index 00000000..437aeed4 --- /dev/null +++ b/cfn/auth0-collector.template @@ -0,0 +1,808 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Alert Logic template for creating a Auth0 Logs collector", + "Parameters": { + "AlertlogicAccessKeyId": { + "Description": "Alert Logic Access Key Id obtained from AIMS", + "Type": "String" + }, + "AlertlogicSecretKey": { + "Description": "Alert Logic Secret Key returned from AIMS for the Access Key Id", + "Type": "String", + "NoEcho": true + }, + "AlApiEndpoint": { + "Description": "Alert Logic API endpoint", + "Type": "String", + "Default": "api.global-services.global.alertlogic.com", + "AllowedValues": [ + "api.global-services.global.alertlogic.com", + "api.global-integration.product.dev.alertlogic.com" + ] + }, + "AlDataResidency": { + "Description": "Alert Logic Data Residency", + "Type": "String", + "Default": "default", + "AllowedValues": ["default"] + }, + "PackagesBucketPrefix": { + "Description": "S3 bucket name prefix where collector packages are located.", + "Type": "String", + "Default": "rcs-alertlogic-collectors" + }, + + "AlertlogicCustomerId": { + "Description": "Optional, Alert Logic customer ID which collected data should be reported for. If not set customer ID is derived from AIMs tokens", + "Type": "String", + "Default": "" + }, + "CollectorId": { + "Description": "Optional, a collector UUID if known.", + "Type": "String", + "Default": "none" + }, + "PollingInterval": { + "Description": "Interval in seconds between two consecutive poll requests.", + "Type": "Number", + "Default": 60 + }, + "Auth0Domain": { + "Description": "Auth0 domain", + "Type": "String", + "Default": "alertlogic.auth0.com" + }, + "Auth0ClientId": { + "Description": "Client ID for Auth0 authentication", + "Type": "String", + "NoEcho": true + }, + "Auth0ClientSecret": { + "Description": "Client secret for Auth0 authentication", + "Type": "String", + "NoEcho": true + }, + "CollectionStartTs": { + "Description": "Timestamp when log collection starts", + "Type": "String", + "Default" : "2019-11-21T16:00:00Z", + "AllowedPattern" : "^\\d{4}(-\\d{2}){2}T(\\d{2}:){2}\\d{2}Z$" + } + }, + "Resources":{ + "CollectLambdaRole":{ + "Type":"AWS::IAM::Role", + "Properties":{ + "Path":"/", + "AssumeRolePolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Principal":{ + "Service":[ + "lambda.amazonaws.com" + ] + }, + "Action":[ + "sts:AssumeRole" + ] + } + ] + } + } + }, + "LambdaKmsKey": { + "Type": "AWS::KMS::Key", + "DependsOn":[ + "CollectLambdaRole", + "EncryptLambdaRole" + ], + "Properties": { + "Description": "kms key used to encrypt credentials for lambda", + "KeyPolicy": { + "Version": "2012-10-17", + "Id": "al-kms-policy", + "Statement": [ + { + "Sid": "Enable IAM User Permissions", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + ":", + [ + "arn:aws:iam", + "", + { + "Ref": "AWS::AccountId" + }, + "root" + ] + ] + } + }, + "Action": "kms:*", + "Resource": "*" + }, + { + "Sid": "Allow use of the key for lambda", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CollectLambdaRole", + "Arn" + ] + } + }, + "Action": [ + "kms:Decrypt", + "kms:Encrypt" + ], + "Resource": "*" + }, + { + "Sid": "Allow use of the key for lambda encryption", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "EncryptLambdaRole", + "Arn" + ] + } + }, + "Action": [ + "kms:Encrypt" + ], + "Resource": "*" + } + ] + }, + "Tags": [ + { + "Key": "AlertLogic", + "Value": "Collect" + } + ] + } + }, + "BasicLambdaRole":{ + "Type":"AWS::IAM::Role", + "Properties":{ + "Path":"/", + "AssumeRolePolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Principal":{ + "Service":[ + "lambda.amazonaws.com" + ] + }, + "Action": [ + "sts:AssumeRole" + ] + } + ] + } + } + }, + "EncryptLambdaRole":{ + "Type":"AWS::IAM::Role", + "Properties":{ + "Path":"/", + "AssumeRolePolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Principal":{ + "Service":[ + "lambda.amazonaws.com" + ] + }, + "Action": [ + "sts:AssumeRole" + ] + } + ] + } + } + }, + "EncryptLambdaPolicy":{ + "Type":"AWS::IAM::Policy", + "DependsOn":[ + "EncryptLambdaRole", + "EncryptLambdaFunction" + ], + "Properties":{ + "Roles":[ + { + "Ref":"EncryptLambdaRole" + } + ], + "PolicyName":"alertlogic-encrypt-lambda-policy", + "PolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Action":"logs:CreateLogGroup", + "Resource":[ + { + "Fn::Join":[ + "", + [ + "arn:aws:logs:", + { + "Ref":"AWS::Region" + }, + ":", + { + "Ref":"AWS::AccountId" + }, + ":log-group:/aws/lambda/", + { + "Ref":"EncryptLambdaFunction" + }, + ":*" + ] + ] + } + ] + }, + { + "Effect":"Allow", + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource":[ + { + "Fn::Join":[ + "", + [ + "arn:aws:logs:", + { + "Ref":"AWS::Region" + }, + ":", + { + "Ref":"AWS::AccountId" + }, + ":log-group:/aws/lambda/", + { + "Ref":"EncryptLambdaFunction" + }, + ":log-stream:*" + ] + ] + } + ] + } + ] + } + } + }, + "EncryptLambdaFunction":{ + "Type":"AWS::Lambda::Function", + "DependsOn":[ + "EncryptLambdaRole" + ], + "Properties":{ + "Description":"Alert Logic Lambda Encrypt function", + "Role":{ + "Fn::GetAtt":[ + "EncryptLambdaRole", + "Arn" + ] + }, + "Code":{ + "ZipFile": { + "Fn::Join": [ + "", + [ + "const AWS = require('aws-sdk');\n", + "const response = require('./cfn-response');\n", + "\n", + "\n", + "function encrypt(event, context) {\n", + " const params = {\n", + " KeyId: event.ResourceProperties.KeyId,\n", + " Plaintext: event.ResourceProperties.Plaintext\n", + " };\n", + " const kms = new AWS.KMS();\n", + " kms.encrypt(params, function(err, data) {\n", + " if (err) {\n", + " console.log(err, err.stack); // an error occurred\n", + " return response.send(event, context, response.FAILED);\n", + " }\n", + " var base64 = new Buffer(data.CiphertextBlob).toString('base64');\n", + " var responseData = {\n", + " EncryptedText : base64\n", + " };\n", + " return response.send(event, context, response.SUCCESS, responseData);\n", + " });\n", + "}\n", + "\n", + "\n", + "exports.handler = (event, context, callback) => {\n", + " if (event.ResourceType == 'AWS::CloudFormation::CustomResource' &&\n", + " event.RequestType == 'Create') {\n", + " return encrypt(event, context);\n", + " }\n", + " return response.send(event, context, response.SUCCESS);\n", + "}" + ] + ] + } + }, + "Handler":"index.handler", + "Runtime":"nodejs10.x", + "MemorySize":128, + "Timeout": 5, + "Tags": [ + { + "Key": "AlertLogic", + "Value": "Collect" + } + ] + } + }, + "EncryptSecretKeyCustomResource": { + "Type": "AWS::CloudFormation::CustomResource", + "DependsOn": [ + "LambdaKmsKey", + "EncryptLambdaFunction", + "EncryptLambdaPolicy" + ], + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "EncryptLambdaFunction", + "Arn" + ] + }, + "KeyId": { + "Fn::GetAtt": [ + "LambdaKmsKey", + "Arn" + ] + }, + "Plaintext": { + "Ref": "AlertlogicSecretKey" + } + } + }, + "PawsPollStateQueue":{ + "Type":"AWS::SQS::Queue", + "DependsOn":[ + ], + "Properties":{ + "QueueName" : { + "Fn::Join": [ + "-", + [ + { + "Ref": "AWS::StackName" + }, + "paws-collection-state" + ] + ] + }, + "VisibilityTimeout": 900 + } + }, + "CollectLambdaFunction":{ + "Type":"AWS::Lambda::Function", + "DependsOn":[ + "CollectLambdaRole", + "LambdaKmsKey", + "EncryptSecretKeyCustomResource", + "PawsPollStateQueue" + ], + "Properties":{ + "Description":"Alert Logic Poll based collector", + "FunctionName":{ "Ref":"AWS::StackName" }, + "Role":{ + "Fn::GetAtt":[ + "CollectLambdaRole", + "Arn" + ] + }, + "KmsKeyArn": { + "Fn::GetAtt": [ + "LambdaKmsKey", + "Arn" + ] + }, + "Code":{ + "S3Bucket":{"Fn::Join" : ["", [ + {"Ref":"PackagesBucketPrefix"}, "-", + { "Ref" : "AWS::Region" } + ]]}, + "S3Key": "packages/lambda/al-auth0-collector.zip" + }, + "Handler":"index.handler", + "Runtime":"nodejs10.x", + "MemorySize":256, + "Timeout": 300, + "Environment":{ + "Variables":{ + "aims_access_key_id": { + "Ref":"AlertlogicAccessKeyId" + }, + "aims_secret_key":{ + "Fn::GetAtt": ["EncryptSecretKeyCustomResource", "EncryptedText"] + }, + "aws_lambda_s3_bucket":{"Fn::Join" : ["", [ + {"Ref":"PackagesBucketPrefix"}, "-", + {"Ref":"AWS::Region"} + ]]}, + "aws_lambda_zipfile_name": "packages/lambda/al-auth0-collector.zip", + "aws_lambda_update_config_name": "configs/lambda/al-auth0-collector.json", + "al_api":{ + "Ref":"AlApiEndpoint" + }, + "al_data_residency":{ + "Ref":"AlDataResidency" + }, + "customer_id": { + "Ref":"AlertlogicCustomerId" + }, + "collector_id": { + "Ref":"CollectorId" + }, + "paws_state_queue_arn":{ + "Fn::GetAtt" : ["PawsPollStateQueue", "Arn"] + }, + "paws_state_queue_url":{ + "Ref" : "PawsPollStateQueue" + }, + "paws_poll_interval": { + "Ref":"PollingInterval" + }, + "paws_domain":{ + "Ref":"Auth0Domain" + }, + "paws_client_id":{ + "Ref":"Auth0ClientId" + }, + "paws_api_secret":{ + "Ref":"Auth0ClientSecret" + }, + "paws_collection_start_ts":{ + "Ref":"CollectionStartTs" + }, + "paws_extension": "auth0" + } + }, + "Tags": [ + { + "Key": "AlertLogic", + "Value": "Collect" + } + ] + } + }, + "CollectLambdaEventSourceMapping":{ + "Type":"AWS::Lambda::EventSourceMapping", + "DependsOn":[ + "CollectLambdaFunction", + "CollectLambdaRole", + "CollectLambdaPolicy", + "PawsPollStateQueue" + ], + "Properties":{ + "EventSourceArn" : { "Fn::GetAtt" : ["PawsPollStateQueue", "Arn"] }, + "FunctionName" : { "Ref":"CollectLambdaFunction" } + } + }, + "CollectLambdaPolicy":{ + "Type":"AWS::IAM::Policy", + "DependsOn":[ + "CollectLambdaFunction", + "CollectLambdaRole" + ], + "Properties":{ + "Roles":[ + { + "Ref":"CollectLambdaRole" + } + ], + "PolicyName":"alertlogic-paws-lambda-policy", + "PolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Action":"logs:CreateLogGroup", + "Resource":[{ + "Fn::Join":[ "", + [ + "arn:aws:logs:", { "Ref":"AWS::Region" }, + ":", { "Ref":"AWS::AccountId" }, + ":log-group:/aws/lambda/", { "Ref":"CollectLambdaFunction" }, + ":*" + ] + ] + }] + }, + { + "Effect":"Allow", + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource":[ { + "Fn::Join":["", + [ + "arn:aws:logs:", { "Ref":"AWS::Region" }, + ":", { "Ref":"AWS::AccountId" }, + ":log-group:/aws/lambda/", { "Ref":"CollectLambdaFunction" }, + ":log-stream:*" + ] + ] + }] + }, + { + "Effect":"Allow", + "Action":[ + "lambda:*" + ], + "Resource":[{ + "Fn::GetAtt":[ + "CollectLambdaFunction", + "Arn" + ] + }] + }, + { + "Effect":"Allow", + "Action":[ + "s3:Get*" + ], + "Resource":[{ + "Fn::Join":["", + [ + "arn:aws:s3:::", + { + "Fn::Join" : ["", [ + { "Ref" : "PackagesBucketPrefix" }, "-", + { "Ref" : "AWS::Region" } + ]] + }, + "/*" + ] + ] + }] + }, + { + "Effect":"Allow", + "Action":[ + "sqs:*" + ], + "Resource":[{ + "Fn::GetAtt":[ + "PawsPollStateQueue", + "Arn" + ] + }] + } + ] + } + } + }, + "HealthCheckLambdaPolicy":{ + "Type":"AWS::IAM::Policy", + "DependsOn":[ + "CollectLambdaRole" + ], + "Properties":{ + "Roles":[ + { + "Ref":"CollectLambdaRole" + } + ], + "PolicyName":"alertlogic-health-check-lambda-policy", + "PolicyDocument":{ + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Action":[ + "cloudformation:DescribeStacks" + ], + "Resource":[{ + "Fn::Join":[ "", + [ + "arn:aws:cloudformation:", { "Ref":"AWS::Region" }, + ":",{ "Ref":"AWS::AccountId" }, + ":stack/", { "Ref":"AWS::StackName" }, + "/*" + ] + ] + }] + }, + { + "Effect":"Allow", + "Action":[ + "lambda:ListEventSourceMappings" + ], + "Resource": "*" + }, + { + "Effect":"Allow", + "Action":[ + "cloudwatch:Get*", + "cloudwatch:Describe*", + "cloudwatch:List*" + ], + "Resource": "*" + } + ] + } + } + }, + "UpdaterScheduledRule": { + "Type": "AWS::Events::Rule", + "DependsOn": [ + "CollectLambdaPolicy", + "CollectLambdaFunction" + ], + "Properties": { + "Description": "Scheduled rule for updater function", + "ScheduleExpression": "rate(12 hours)", + "State": "ENABLED", + "Targets":[ + { + "Id":"1", + "Arn":{ + "Fn::GetAtt":[ + "CollectLambdaFunction", + "Arn" + ] + }, + "Input": "{\"RequestType\": \"ScheduledEvent\", \"Type\": \"SelfUpdate\"}" + } + ] + } + }, + "UpdaterScheduledRuleLambdaInvokePermission": { + "Type": "AWS::Lambda::Permission", + "DependsOn": [ + "CollectLambdaFunction", + "CollectLambdaPolicy", + "UpdaterScheduledRule" + ], + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "CollectLambdaFunction" + }, + "Principal": "events.amazonaws.com", + "SourceArn":{ + "Fn::GetAtt": [ + "UpdaterScheduledRule", + "Arn" + ] + } + } + }, + "CloudWatchEventsRole":{ + "Type": "AWS::IAM::Role", + "DependsOn":[ + "CollectLambdaFunction", + "CollectLambdaPolicy" + ], + "Properties": { + "AssumeRolePolicyDocument": { + "Version" : "2012-10-17", + "Statement": [ { + "Effect": "Allow", + "Principal": { + "Service": [ "events.amazonaws.com" ] + }, + "Action": [ "sts:AssumeRole" ] + } ] + }, + "Path": "/", + "Policies": [ { + "PolicyName": "root", + "PolicyDocument": { + "Version" : "2012-10-17", + "Statement": [ + { + "Effect":"Allow", + "Action":[ + "lambda:*" + ], + "Resource":[{ + "Fn::GetAtt":[ + "CollectLambdaFunction", + "Arn" + ] + }] + } + ] + } + }] + } + }, + "CheckinScheduledRule": { + "Type": "AWS::Events::Rule", + "DependsOn": [ + "CollectLambdaFunction", + "CollectLambdaPolicy", + "HealthCheckLambdaPolicy" + ], + "Properties": { + "Description": "Scheduled rule for checkin function", + "ScheduleExpression": "rate(15 minutes)", + "State": "ENABLED", + "Targets":[ + { + "Id":"1", + "Arn":{ + "Fn::GetAtt":[ + "CollectLambdaFunction", + "Arn" + ] + }, + "Input": { + "Fn::Join":[ + "", + [ + "{\"RequestType\": \"ScheduledEvent\", \"Type\": \"Checkin\", \"AwsAccountId\": \"", + { "Ref":"AWS::AccountId" }, + "\", \"Region\": \"", + { "Ref": "AWS::Region" }, + "\", \"StackName\": \"", + { "Ref":"AWS::StackName" }, + "\"}" + ] + ] + } + } + ] + } + }, + "CheckinScheduledRuleLambdaInvokePermission": { + "Type": "AWS::Lambda::Permission", + "DependsOn": [ + "CollectLambdaFunction", + "CollectLambdaPolicy", + "HealthCheckLambdaPolicy", + "CheckinScheduledRule" + ], + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "CollectLambdaFunction" + }, + "Principal": "events.amazonaws.com", + "SourceArn":{ + "Fn::GetAtt": [ + "CheckinScheduledRule", + "Arn" + ] + } + } + }, + "RegistrationResource": { + "Type": "Custom::RegistrationResource", + "DependsOn": [ + "CollectLambdaFunction", + "CollectLambdaPolicy" + ], + "Properties": { + "ServiceToken": { "Fn::GetAtt" : ["CollectLambdaFunction", "Arn"] }, + "StackName": { "Ref" : "AWS::StackName" }, + "AwsAccountId": { "Ref": "AWS::AccountId"} + } + } + } +} diff --git a/collectors/auth0/LICENSE b/collectors/auth0/LICENSE new file mode 100644 index 00000000..6eac43de --- /dev/null +++ b/collectors/auth0/LICENSE @@ -0,0 +1,8 @@ +Copyright 2019 ALERT LOGIC + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/collectors/auth0/Makefile b/collectors/auth0/Makefile new file mode 100644 index 00000000..6869042e --- /dev/null +++ b/collectors/auth0/Makefile @@ -0,0 +1,40 @@ +AWS_LAMBDA_FUNCTION_NAME ?= alertlogic-auth0-collector +AWS_LAMBDA_PACKAGE_NAME ?= al-auth0-collector.zip +AWS_LAMBDA_S3_BUCKET ?= alertlogic-collectors + +.PHONY: test + +all: test package package.zip + +deps: node_modules + +node_modules: + npm install + +compile: deps + npm run lint + +test: compile + npm run test + +package: test package.zip + +package.zip: node_modules/ *.js package.json + zip -r $(AWS_LAMBDA_PACKAGE_NAME) $^ + +deploy: + aws lambda update-function-code --function-name $(AWS_LAMBDA_FUNCTION_NAME) --zip-file fileb://$(AWS_LAMBDA_PACKAGE_NAME) + +upload: + aws s3 cp ./$(AWS_LAMBDA_PACKAGE_NAME) s3://$(AWS_LAMBDA_S3_BUCKET) + +sam-local: + @echo "Invoking ${AWS_LAMBDA_FUNCTION_NAME} locally." + @./local/run-sam.sh + +clean: + rm -rf node_modules + rm -f $(AWS_LAMBDA_PACKAGE_NAME) + rm -f package-lock.json + rm -f test/report.xml + rm -rf ./coverage/ diff --git a/collectors/auth0/auth0_collector.js b/collectors/auth0/auth0_collector.js new file mode 100644 index 00000000..a550ac53 --- /dev/null +++ b/collectors/auth0/auth0_collector.js @@ -0,0 +1,105 @@ +/* ----------------------------------------------------------------------------- + * @copyright (C) 2019, Alert Logic, Inc + * @doc + * + * Auth0 collector class. + * + * @end + * ----------------------------------------------------------------------------- + */ +'use strict'; + +const moment = require('moment'); +const request = require('request'); +const parse = require('@alertlogic/al-collector-js').Parse; +const ManagementClient = require('auth0').ManagementClient; +const PawsCollector = require('@alertlogic/paws-collector').PawsCollector; + + +const typeIdPaths = [ + { path: ['type'] } +]; + +const tsPaths = [ + { path: ['date'] } +]; + + +class Auth0Collector extends PawsCollector { + constructor(context, creds) { + super(context, creds, 'auth0'); + } + + pawsInitCollectionState(event, callback) { + const initialState = { + since: process.env.paws_collection_start_ts ? process.env.paws_collection_start_ts : moment().subtract(5, 'minutes').toISOString(), + poll_interval_sec: 1 + }; + return callback(null, initialState, 1); + } + + pawsGetLogs(state, callback) { + let collector = this; + const auth0Client = new ManagementClient({ + domain: process.env.paws_domain, + clientId: process.env.paws_client_id, + clientSecret: process.env.paws_api_secret, + scope: 'read:logs' + }); + let params = state.last_log_id ? {from: state.last_log_id} : {q: "date=[" + state.since + " TO *]"}; + const collection = auth0Client.getLogs(params); + let logAcc = []; + collection.each(log => { + logAcc.push(log); + }) + .then(() => { + const nextLogId = (logAcc.length > 0) ? logAcc[logAcc.length-1].log_id : state.last_log_id; + const lastLogTs = (logAcc.length > 0) ? logAcc[logAcc.length-1].date : null, + const newState = collector._getNextCollectionState(state, nextLogId, lastLogTs); + console.info(`AUTZ000002 Next collection in ${newState.poll_interval_sec} seconds`); + return callback(null, logAcc, newState, newState.poll_interval_sec); + }) + .catch((error) => { + return callback(error); + }); + } + + _getNextCollectionState(curState, nextLogId, lastLogTs) { + const nowMoment = moment(); + const lastLogMoment = moment(lastLogTs); + + // Check if we're behind collection schedule and need to catch up. + const nextPollInterval = nowMoment.diff(lastLogMoment, 'seconds') > this.pollInterval ? + 1 : this.pollInterval; + + return { + last_log_id: nextLogId, + poll_interval_sec: nextPollInterval + }; + } + + pawsFormatLog(msg) { + const ts = parse.getMsgTs(msg, tsPaths); + const typeId = parse.getMsgTypeId(msg, typeIdPaths); + + let formattedMsg = { + messageTs: ts.sec, + priority: 11, + progName: 'Auth0Collector', + message: JSON.stringify(msg), + messageType: 'json/auth0' + }; + + if (typeId !== null && typeId !== undefined) { + formattedMsg.messageTypeId = `${typeId}`; + } + if (ts.usec) { + formattedMsg.messageTsUs = ts.usec; + } + return formattedMsg; + } +} + +module.exports = { + Auth0Collector: Auth0Collector +} diff --git a/collectors/auth0/index.js b/collectors/auth0/index.js new file mode 100644 index 00000000..bc200a4b --- /dev/null +++ b/collectors/auth0/index.js @@ -0,0 +1,21 @@ +/* ----------------------------------------------------------------------------- + * @copyright (C) 2019, Alert Logic, Inc + * @doc + * + * Auth0 System logs collector. + * + * @end + * ----------------------------------------------------------------------------- + */ + +const debug = require('debug') ('index'); + +const Auth0Collector = require('./auth0_collector').Auth0Collector; + +exports.handler = function(event, context) { + debug('input event: ', event); + Auth0Collector.load().then(function(creds) { + var auth0c = new Auth0Collector(context, creds); + auth0c.handleEvent(event); + }); +}; diff --git a/collectors/auth0/package.json b/collectors/auth0/package.json new file mode 100644 index 00000000..7d18c1f1 --- /dev/null +++ b/collectors/auth0/package.json @@ -0,0 +1,28 @@ +{ + "name": "auth0-collector", + "version": "0.1.0", + "description": "Alert Logic AWS based Auth0 Log Collector extension", + "repository": {}, + "private": true, + "scripts": { + "lint": "jshint --exclude \"./node_modules/*\" **/*.js", + "test": "JUNIT_REPORT_PATH=./test/report.xml nyc --reporter=cobertura mocha --colors --reporter mocha-jenkins-reporter" + }, + "devDependencies": { + "jshint": "^2.9.5", + "mocha": "^6.2.2", + "mocha-jenkins-reporter": "^0.4.2", + "nyc": "^14.1.1", + "rewire": "^4.0.1", + "sinon": "^7.5.0" + }, + "dependencies": { + "auth0": "2.20.0", + "@alertlogic/al-collector-js": "1.3.4", + "@alertlogic/paws-collector": "1.0.3", + "async": "3.1.0", + "debug": "4.1.1", + "moment": "2.24.0" + }, + "author": "Alert Logic Inc." +}