diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml deleted file mode 100644 index 168011c4..00000000 --- a/.github/workflows/pr-title.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: 'Validate PR title' - -on: - pull_request_target: - types: - - opened - - edited - - synchronize - -jobs: - main: - name: Validate PR title - runs-on: ubuntu-latest - steps: - # Please look up the latest version from - # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v3.4.6 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - # Configure which types are allowed. - # Default: https://github.com/commitizen/conventional-commit-types - types: | - fix - feat - docs - ci - chore - # Configure that a scope must always be provided. - requireScope: false - # Configure additional validation for the subject based on a regex. - # This example ensures the subject starts with an uppercase character. - subjectPattern: ^[A-Z].+$ - # If `subjectPattern` is configured, you can use this property to override - # the default error message that is shown when the pattern doesn't match. - # The variables `subject` and `title` can be used within the message. - subjectPatternError: | - The subject "{subject}" found in the pull request title "{title}" - didn't match the configured pattern. Please ensure that the subject - starts with an uppercase character. - # For work-in-progress PRs you can typically use draft pull requests - # from Github. However, private repositories on the free plan don't have - # this option and therefore this action allows you to opt-in to using the - # special "[WIP]" prefix to indicate this state. This will avoid the - # validation of the PR title and the pull request checks remain pending. - # Note that a second check will be reported if this is enabled. - wip: true - # When using "Squash and merge" on a PR with only one commit, GitHub - # will suggest using that commit message instead of the PR title for the - # merge commit, and it's easy to commit this by mistake. Enable this option - # to also validate the commit message for one commit PRs. - validateSingleCommit: false diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 450b8a00..e300cca5 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -20,12 +20,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - - name: Set up Python 3.8 - uses: actions/setup-python@v2 + - name: Set up Python 3.11 + uses: actions/setup-python@v5 with: - python-version: 3.8 + python-version: 3.11 - name: Install pipenv run: | diff --git a/CHANGELOG.md b/CHANGELOG.md index 01b1140e..ba778c82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ All notable changes to this project will be documented in this file. +## (2024-05-01) + +* Update Python lambda runtime from `3.8` to `3.11` + + ## [5.3.0](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v5.2.0...v5.3.0) (2022-06-17) diff --git a/README.md b/README.md index bb2dbf9b..1a8c11ec 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Doing serverless with Terraform? Check out [serverless.tf framework](https://ser ## Supported Features -- AWS Lambda runtime Python 3.8 +- AWS Lambda runtime Python 3.11 - Create new SNS topic or use existing one - Support plaintext and encrypted version of Slack webhook URL - Most of Slack message options are customizable diff --git a/functions/.pyproject.toml b/functions/.pyproject.toml index c0374cea..1b28df83 100644 --- a/functions/.pyproject.toml +++ b/functions/.pyproject.toml @@ -1,6 +1,6 @@ [tool.black] line-length = 120 -target-version = ['py38'] +target-version = ['py311'] include = '\.pyi?$' verbose = true exclude = ''' diff --git a/functions/Pipfile b/functions/Pipfile index af8ac944..7c2a6f9a 100644 --- a/functions/Pipfile +++ b/functions/Pipfile @@ -6,8 +6,8 @@ name = "pypi" [packages] [dev-packages] -boto3 = "~=1.20" -botocore = "~=1.23" +boto3 = "~=1.34" +botocore = "~=1.34" black = "*" flake8 = "*" isort = "*" @@ -18,7 +18,7 @@ radon = "*" snapshottest = "~=0.6" [requires] -python_version = "3.8" +python_version = "3.11" [scripts] test = "python3 -m pytest --cov --cov-report=term" diff --git a/functions/events/guardduty_finding_high.json b/functions/events/guardduty_finding_high.json index df3fad9d..37d6c05f 100644 --- a/functions/events/guardduty_finding_high.json +++ b/functions/events/guardduty_finding_high.json @@ -2,7 +2,7 @@ "detail-type": "GuardDuty Finding", "region": "us-east-1", "detail": { - "id": "sample-id-2", + "accountId": "sample-id-2", "title": "SAMPLE Unprotected port on EC2 instance i-123123123 is being probed", "severity": 9, "description": "EC2 instance has an unprotected port which is being probed by a known malicious host.", diff --git a/functions/events/guardduty_finding_low.json b/functions/events/guardduty_finding_low.json index c19c8f40..8a390158 100644 --- a/functions/events/guardduty_finding_low.json +++ b/functions/events/guardduty_finding_low.json @@ -2,7 +2,7 @@ "detail-type": "GuardDuty Finding", "region": "us-east-1", "detail": { - "id": "sample-id-2", + "accountId": "sample-id-2", "title": "SAMPLE Unprotected port on EC2 instance i-123123123 is being probed", "severity": 2, "description": "EC2 instance has an unprotected port which is being probed by a known malicious host.", diff --git a/functions/events/guardduty_finding_medium.json b/functions/events/guardduty_finding_medium.json index 0c163446..9204c441 100644 --- a/functions/events/guardduty_finding_medium.json +++ b/functions/events/guardduty_finding_medium.json @@ -2,7 +2,7 @@ "detail-type": "GuardDuty Finding", "region": "us-east-1", "detail": { - "id": "sample-id-2", + "accountId": "sample-id-2", "title": "SAMPLE Unprotected port on EC2 instance i-123123123 is being probed", "severity": 5, "description": "EC2 instance has an unprotected port which is being probed by a known malicious host.", diff --git a/functions/notify_slack.py b/functions/notify_slack.py index aad042c9..0250cc3d 100644 --- a/functions/notify_slack.py +++ b/functions/notify_slack.py @@ -204,6 +204,7 @@ def format_guardduty_finding(message: Dict[str, Any], region: str) -> Dict[str, "text": f"AWS GuardDuty Finding - {detail.get('title')}", } + def format_security_announcements(message: Dict[str, Any]) -> Dict[str, Any]: """ Format GuardDuty & SecurityHub announcements into Slack message format @@ -284,7 +285,8 @@ def format_security_announcements(message: Dict[str, Any]) -> Dict[str, Any]: } else: - return False + return {} + class AwsHealthCategory(Enum): """Maps AWS Health eventTypeCategory to Slack message format color diff --git a/main.tf b/main.tf index 6d03d7a4..54149a8a 100644 --- a/main.tf +++ b/main.tf @@ -82,7 +82,7 @@ module "lambda" { handler = "${local.lambda_handler}.lambda_handler" source_path = var.lambda_source_path != null ? "${path.root}/${var.lambda_source_path}" : "${path.module}/functions/notify_slack.py" recreate_missing_package = var.recreate_missing_package - runtime = "python3.8" + runtime = "python3.11" timeout = 30 kms_key_arn = var.kms_key_arn reserved_concurrent_executions = var.reserved_concurrent_executions