def test_generate_main_with_firehose(self):
"""CLI - Terraform Generate Main with Firehose Enabled"""
self.config['global']['infrastructure']['firehose'] = {
'enabled': True,
's3_bucket_suffix': 'my-data',
'buffer_size': 10,
'buffer_interval': 650,
'enabled_logs': ['cloudwatch']
}
tf_main = generate.generate_main(config=self.config, init=False)
generated_modules = tf_main['module']
expected_kinesis_modules = {
'kinesis_firehose_setup',
'kinesis_firehose_cloudwatch_test_match_types',
'kinesis_firehose_cloudwatch_test_match_types_2'
}
assert_true(
all([
expected_module in generated_modules
for expected_module in expected_kinesis_modules
]))
assert_equal(generated_modules['kinesis_firehose_cloudwatch_test_match_types']\
['s3_bucket_name'], 'unit-testing.my-data')
assert_equal(generated_modules['kinesis_firehose_cloudwatch_test_match_types']\
['buffer_size'], 10)
assert_equal(generated_modules['kinesis_firehose_cloudwatch_test_match_types']\
['buffer_interval'], 650)
def test_generate_main_with_sqs_url_false(self):
"""CLI - Terraform Generate Main with classifier_sqs.use_prefix = False"""
self.config['global']['infrastructure']['classifier_sqs'][
'use_prefix'] = False
result = generate.generate_main(config=self.config, init=False)
assert_equal(result['module']['globals']['source'],
'modules/tf_stream_alert_globals')
assert_false(result['module']['globals']['sqs_use_prefix'])
def test_generate_main_with_firehose(self):
"""CLI - Terraform Generate Main with Firehose Enabled"""
self.config['global']['infrastructure']['firehose'] = {
'enabled': True,
's3_bucket_suffix': 'my-data',
'buffer_size': 10,
'buffer_interval': 650
}
tf_main = generate.generate_main(config=self.config, init=False)
generated_firehose = tf_main['module']['kinesis_firehose']
assert_equal(generated_firehose['s3_bucket_name'],
'unit-testing.my-data')
assert_equal(generated_firehose['buffer_size'], 10)
assert_equal(generated_firehose['buffer_interval'], 650)
def test_generate_main(self):
"""CLI - Terraform Generate Main"""
tf_main = generate.generate_main(config=self.config, init=False)
tf_main_expected = {
'provider': {
'aws': {
'version': generate.TERRAFORM_VERSIONS['provider']['aws']
}
},
'terraform': {
'required_version': generate.TERRAFORM_VERSIONS['application'],
'backend': {
's3': {
'bucket': 'unit-testing.streamalert.terraform.state',
'key': 'stream_alert_state/terraform.tfstate',
'region': 'us-west-1',
'encrypt': True,
'acl': 'private',
'kms_key_id': 'alias/unit-testing'
}
}
},
'resource': {
'aws_kms_key': {
'stream_alert_secrets': {
'enable_key_rotation': True,
'description': 'StreamAlert secret management'
}
},
'aws_kms_alias': {
'stream_alert_secrets': {
'name':
'alias/unit-testing',
'target_key_id':
'${aws_kms_key.stream_alert_secrets.key_id}'
}
},
'aws_s3_bucket': {
'lambda_source': {
'bucket': 'unit.testing.source.bucket',
'acl': 'private',
'force_destroy': True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix': 'unit.testing.source.bucket/'
}
},
'stream_alert_secrets': {
'bucket': 'unit-testing.streamalert.secrets',
'acl': 'private',
'force_destroy': True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix':
'unit-testing.streamalert.secrets/'
}
},
'terraform_remote_state': {
'bucket': 'unit-testing.terraform.tfstate',
'acl': 'private',
'force_destroy': True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix': 'unit-testing.terraform.tfstate/'
}
},
'logging_bucket': {
'bucket': 'unit-testing.streamalert.s3-logging',
'acl': 'log-delivery-write',
'force_destroy': True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix':
'unit-testing.streamalert.s3-logging/'
},
'lifecycle_rule': {
'prefix': '/',
'enabled': True,
'transition': {
'days': 30,
'storage_class': 'GLACIER'
}
}
},
'streamalerts': {
'bucket': 'unit-testing.streamalerts',
'acl': 'private',
'force_destroy': True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix': 'unit-testing.streamalerts/'
}
}
},
'aws_sns_topic': {
'stream_alert_monitoring': {
'name': 'stream_alert_monitoring'
}
}
}
}
assert_equal(tf_main['provider'], tf_main_expected['provider'])
assert_equal(tf_main['terraform'], tf_main_expected['terraform'])
assert_equal(tf_main['resource'], tf_main_expected['resource'])
def test_generate_main(self):
"""CLI - Terraform Generate Main"""
tf_main = generate.generate_main(config=self.config, init=False)
tf_main_expected = {
'provider': {
'aws': {
'version': generate.TERRAFORM_VERSIONS['provider']['aws'],
'region': 'us-west-1'
}
},
'terraform': {
'required_version': generate.TERRAFORM_VERSIONS['application'],
'backend': {
's3': {
'bucket': 'unit-testing.streamalert.terraform.state',
'key': 'stream_alert_state/terraform.tfstate',
'region': 'us-west-1',
'encrypt': True,
'acl': 'private',
'kms_key_id': 'alias/unit-testing'
}
}
},
'resource': {
'aws_kms_key': {
'server_side_encryption': {
'enable_key_rotation': True,
'description': 'StreamAlert S3 Server-Side Encryption',
'policy': ANY
},
'stream_alert_secrets': {
'enable_key_rotation': True,
'description': 'StreamAlert secret management'
}
},
'aws_kms_alias': {
'server_side_encryption': {
'name':
'alias/unit-testing_server-side-encryption',
'target_key_id':
'${aws_kms_key.server_side_encryption.key_id}'
},
'stream_alert_secrets': {
'name':
'alias/unit-testing',
'target_key_id':
'${aws_kms_key.stream_alert_secrets.key_id}'
}
},
'aws_s3_bucket': {
'stream_alert_secrets': {
'bucket':
'unit-testing.streamalert.secrets',
'acl':
'private',
'force_destroy':
True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix':
'unit-testing.streamalert.secrets/'
},
'server_side_encryption_configuration': {
'rule': {
'apply_server_side_encryption_by_default': {
'sse_algorithm':
'aws:kms',
'kms_master_key_id':
('${aws_kms_key.server_side_encryption.key_id}'
)
}
}
},
'policy':
('{"Version": "2012-10-17", "Statement": [{"Resource": '
'["arn:aws:s3:::unit-testing.streamalert.secrets/*", '
'"arn:aws:s3:::unit-testing.streamalert.secrets"], "Effect": '
'"Deny", "Sid": "ForceSSLOnlyAccess", "Action": "s3:*", '
'"Condition": {"Bool": {"aws:SecureTransport": "false"}}, '
'"Principal": "*"}]}')
},
'terraform_remote_state': {
'bucket':
'unit-testing.streamalert.terraform.state',
'acl':
'private',
'force_destroy':
True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix':
'unit-testing.streamalert.terraform.state/'
},
'server_side_encryption_configuration': {
'rule': {
'apply_server_side_encryption_by_default': {
'sse_algorithm':
'aws:kms',
'kms_master_key_id':
('${aws_kms_key.server_side_encryption.key_id}'
)
}
}
},
'policy':
('{"Version": "2012-10-17", "Statement": [{"Resource": '
'["arn:aws:s3:::unit-testing.streamalert.terraform.state/*", '
'"arn:aws:s3:::unit-testing.streamalert.terraform.state"], "Effect": '
'"Deny", "Sid": "ForceSSLOnlyAccess", "Action": "s3:*", '
'"Condition": {"Bool": {"aws:SecureTransport": "false"}}, '
'"Principal": "*"}]}')
},
'logging_bucket': {
'bucket':
'unit-testing.streamalert.s3-logging',
'acl':
'log-delivery-write',
'force_destroy':
True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix':
'unit-testing.streamalert.s3-logging/'
},
'lifecycle_rule': {
'prefix': '/',
'enabled': True,
'transition': {
'days': 365,
'storage_class': 'GLACIER'
}
},
'server_side_encryption_configuration': {
'rule': {
'apply_server_side_encryption_by_default': {
'sse_algorithm': 'AES256'
}
}
},
'policy':
('{"Version": "2012-10-17", "Statement": [{"Resource": '
'["arn:aws:s3:::unit-testing.streamalert.s3-logging/*", '
'"arn:aws:s3:::unit-testing.streamalert.s3-logging"], "Effect": '
'"Deny", "Sid": "ForceSSLOnlyAccess", "Action": "s3:*", '
'"Condition": {"Bool": {"aws:SecureTransport": "false"}}, '
'"Principal": "*"}]}')
},
'streamalerts': {
'bucket':
'unit-testing.streamalerts',
'acl':
'private',
'force_destroy':
True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket':
'unit-testing.streamalert.s3-logging',
'target_prefix': 'unit-testing.streamalerts/'
},
'server_side_encryption_configuration': {
'rule': {
'apply_server_side_encryption_by_default': {
'sse_algorithm':
'aws:kms',
'kms_master_key_id':
('${aws_kms_key.server_side_encryption.key_id}'
)
}
}
},
'policy':
('{"Version": "2012-10-17", "Statement": [{"Resource": '
'["arn:aws:s3:::unit-testing.streamalerts/*", '
'"arn:aws:s3:::unit-testing.streamalerts"], "Effect": '
'"Deny", "Sid": "ForceSSLOnlyAccess", "Action": "s3:*", '
'"Condition": {"Bool": {"aws:SecureTransport": "false"}}, '
'"Principal": "*"}]}')
}
},
'aws_sns_topic': {
'stream_alert_monitoring': {
'name': 'stream_alert_monitoring'
}
}
}
}
assert_equal(tf_main['provider'], tf_main_expected['provider'])
assert_equal(tf_main['terraform'], tf_main_expected['terraform'])
assert_equal(tf_main['resource'], tf_main_expected['resource'])
