def handler(cls, options, config):
"""Initialize infrastructure using Terraform
Args:
config (CLIConfig): Loaded StreamAlert config
Returns:
bool: False if errors occurred, True otherwise
"""
# Stop here if only initializing the backend
if options.backend:
return cls._terraform_init_backend(config)
LOGGER.info('Initializing StreamAlert')
# generate init Terraform files
if not terraform_generate_handler(config=config, init=True):
return False
LOGGER.info('Initializing Terraform')
if not run_command(['terraform', 'init']):
return False
# build init infrastructure
LOGGER.info('Building initial infrastructure')
init_targets = [
'aws_s3_bucket.lambda_source', 'aws_s3_bucket.logging_bucket',
'aws_s3_bucket.streamalert_secrets', 'aws_s3_bucket.terraform_remote_state',
'aws_s3_bucket.streamalerts',
'aws_kms_key.server_side_encryption', 'aws_kms_alias.server_side_encryption',
'aws_kms_key.streamalert_secrets', 'aws_kms_alias.streamalert_secrets',
'aws_dynamodb_table.terraform_remote_state_lock'
]
if not tf_runner(targets=init_targets):
LOGGER.error('An error occurred while running StreamAlert init')
return False
# generate the main.tf with remote state enabled
LOGGER.info('Configuring Terraform Remote State')
if not terraform_generate_handler(config=config, check_tf=False, check_creds=False):
return False
if not run_command(['terraform', 'init']):
return False
LOGGER.info('Deploying Lambda Functions')
functions = ['rule', 'alert', 'alert_merger', 'athena', 'classifier']
deploy(functions, config)
# we need to manually create the streamalerts table since terraform does not support this
# See: https://github.com/terraform-providers/terraform-provider-aws/issues/1486
alerts_bucket = firehose_alerts_bucket(config)
create_table('alerts', alerts_bucket, config)
LOGGER.info('Building remainding infrastructure')
return tf_runner(refresh=False)
def handler(cls, options, config):
"""Use Terraform to destroy any existing infrastructure
Args:
options (argparse.Namespace): Parsed arguments from manage.py
config (CLIConfig): Loaded StreamAlert config
Returns:
bool: False if errors occurred, True otherwise
"""
# Check for valid credentials
if not check_credentials():
return False
# Verify terraform is installed
if not terraform_check():
return False
# Ask for approval here since multiple Terraform commands may be necessary
if not continue_prompt(message='Are you sure you want to destroy?'):
return False
if options.target:
target_modules, valid = _get_valid_tf_targets(config, options.target)
if not valid:
return False
return tf_runner(
action='destroy',
auto_approve=True,
targets=target_modules if target_modules else None
)
# Migrate back to local state so Terraform can successfully
# destroy the S3 bucket used by the backend.
# Do not check for terraform or aws creds again since these were checked above
if not terraform_generate_handler(config=config, init=True, check_tf=False,
check_creds=False):
return False
if not run_command(['terraform', 'init']):
return False
# Destroy all of the infrastructure
if not tf_runner(action='destroy', auto_approve=True):
return False
# Remove old Terraform files
return TerraformCleanCommand.handler(options, config)
def handler(cls, options, config):
"""Main handler for the Kinesis parser
Args:
options (argparse.Namespace): Parsed arguments
config (CLIConfig): Loaded StreamAlert config
Returns:
bool: False if errors occurred, True otherwise
"""
enable = options.action == 'enable-events'
LOGGER.info('%s Kinesis Events', 'Enabling' if enable else 'Disabling')
for cluster in options.clusters or config.clusters():
if 'kinesis_events' in config['clusters'][cluster]['modules']:
config['clusters'][cluster]['modules']['kinesis_events'][
'enabled'] = enable
config.write()
if options.skip_terraform:
return True # not an error
if not terraform_generate_handler(config):
return False
return tf_runner(action='apply',
targets=[
'module.{}_{}'.format('kinesis_events', cluster)
for cluster in config.clusters()
])
def deploy(functions, config, clusters=None):
"""Deploy the functions
Args:
functions (set): Set of functions being deployed
config (CLIConfig): Loaded StreamAlert config
clusters (set=None): Optional clusters to target for this deploy
Returns:
bool: False if errors occurred, True otherwise
"""
LOGGER.info('Deploying: %s', ' '.join(sorted(functions)))
# Terraform apply only to the module which contains our lambda functions
deploy_targets = set()
packages = []
for function in functions:
package, targets = _create(function, config, clusters)
# Continue if the package isn't enabled
if not all([package, targets]):
continue
packages.append(package)
deploy_targets.update(targets)
# Terraform applies the new package and publishes a new version
return helpers.tf_runner(targets=deploy_targets)
def deploy(config, functions, clusters=None):
"""Deploy the functions
Args:
functions (set): Set of functions being deployed
config (CLIConfig): Loaded StreamAlert config
clusters (set=None): Optional clusters to target for this deploy
Returns:
bool: False if errors occurred, True otherwise
"""
LOGGER.info('Deploying: %s', ', '.join(sorted(functions)))
deployment_package = package.LambdaPackage(config)
package_path = deployment_package.create()
if not package_path:
return False
# Terraform apply only to the module which contains our lambda functions
clusters = clusters or config.clusters()
deploy_targets = _lambda_terraform_targets(config, functions, clusters)
LOGGER.debug('Applying terraform targets: %s', ', '.join(sorted(deploy_targets)))
# Terraform applies the new package and publishes a new version
return helpers.tf_runner(targets=deploy_targets)
def handler(cls, options, config):
"""Run Terraform with an optional set of targets and clusters
Args:
options (argparse.Namespace): Parsed arguments from manage.py
config (CLIConfig): Loaded StreamAlert config
Returns:
bool: False if errors occurred, True otherwise
"""
if not terraform_generate_handler(config=config):
return False
target_modules, valid = _get_valid_tf_targets(config, options.target)
if not valid:
return False
return tf_runner(targets=target_modules if target_modules else None)