From fd5318437ef8cf6c36b0ee5471d280e5264bb2c6 Mon Sep 17 00:00:00 2001
From: Robert Gottlieb <robert.gottlieb@gsa.gov>
Date: Tue, 3 Dec 2024 14:54:25 -0500
Subject: [PATCH] adding in the needed rules and cleaning up the debug info
 from the code

---
 bosh/opsfiles/rules.yml                  | 29 ++++++++++++++++++++----
 ci/aws-iam-check-keys/find_stale_keys.py |  7 +-----
 2 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/bosh/opsfiles/rules.yml b/bosh/opsfiles/rules.yml
index 4356a59..fb5dfbb 100644
--- a/bosh/opsfiles/rules.yml
+++ b/bosh/opsfiles/rules.yml
@@ -42,14 +42,35 @@
   value:
     name: aws-iam-check-keys
     rules:
-    - alert: AWSIAMCheckKeys
-      expr: stale_key_num > 0
+    - alert: OperatorsStaleKeyWarning
+      expr: last_rotated_days{user_type="Operator"} >= 75 and last_rotated_days{user_type="Operator"} < 90
       labels:
         service: aws-iam
         severity: warning
       annotations:
-        summary: AWS IAM user {{$labels.user}} has stale IAM Key(s)
-        description: Look up the procedures for rotating the access keys
+        summary: IAM key for {$labels.user} will be expired within the next 15 days
+        description: "For Operators if the expiration is within 15 days\n"
+    - alert: PlatformApplicationStaleKeyWarning
+      expr: last_rotated_days{user_type="Platform"} >= 80 and last_rotated_days{user_type="Platform"} < 165 or last_rotated_days{user_type="Application"} >= 80 and last_rotated_days{user_type="Application"} < 165
+      labels:
+        severity: warning
+      annotations:
+        summary: IAM key for Platform or Application {$labels.user} will be expired within the next 15 days
+        description: "For Platform or Applications if the expiration is within 85 days\n"
+    - alert: OperatorsStaleKeyViolation
+      expr: last_rotated_days{user_type="Operator"} >= 90
+      labels:
+        severity: critical
+      annotations:
+        summary: IAM key for {$labels.user} is now expired
+        description: "For Operators if the key is expired\n"
+    - alert: PlatformApplicationStaleKeyViolation
+      expr: last_rotated_days{user_type="Platform"} >= 165 or last_rotated_days{user_type="Application"} >= 165
+      labels:
+        severity: critical
+      annotations:
+        summary: IAM key for {$labels.user} is now expired
+        description: "For Platform or Applications if the key is expired\n"
 
 # CloudWatch logs alerts
 - type: replace
diff --git a/ci/aws-iam-check-keys/find_stale_keys.py b/ci/aws-iam-check-keys/find_stale_keys.py
index 22aa028..6d66c74 100644
--- a/ci/aws-iam-check-keys/find_stale_keys.py
+++ b/ci/aws-iam-check-keys/find_stale_keys.py
@@ -289,7 +289,6 @@ def del_key(key_dict: dict):
     are stale
     """
     gateway = f'{env.str("GATEWAY_HOST")}:{env.int("GATEWAY_PORT", 9091)}'
-    print(f'gateway in del_key is: {gateway}')
     del key_dict["days_since_rotation"]
     del key_dict["last_rotated"]
     del key_dict["key_num"]
@@ -304,13 +303,9 @@ def send_key(key_dict: dict, severity: str):
     Send the key(s) to the pushgateway client to let it determine if they
     are stale
     """
-    gateway = f"{env.str('GATEWAY_HOST')}:9091"
-    #print(gateway_test)
-    #gateway = f"{env.str('GATEWAY_HOST')}:{env.int('GATEWAY_PORT', 9091)}"
-    print(f"gateway in send_key: {gateway}")
+    gateway = f"{env.str('GATEWAY_HOST')}:{env.int('GATEWAY_PORT', 9091)}"
     registry = CollectorRegistry()
     days_since_rotation = key_dict["days_since_rotation"]
-    # user_type = key_dict["user_type"]
     del key_dict["days_since_rotation"]
 
     key_info = Gauge(