def test_follows_trails_when_bucket_changes(self):
self.parsed_responses = [
{'LocationConstraint': 'us-east-1'},
{'Body': six.BytesIO(_gz_compress(self._logs[0]['_raw_value']))},
{'LocationConstraint': 'us-west-2'},
{'LocationConstraint': 'eu-west-1'}
]
key_provider, digest_provider, validator = create_scenario(
['gap', 'bucket_change', 'link', 'bucket_change', 'link'],
[[], [self._logs[0]], [], [], []])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
("cloudtrail validate-logs --trail-arn %s --start-time %s "
"--region us-east-1 --verbose")
% (TEST_TRAIL_ARN, START_TIME_ARG), 0)
self.assertIn('Digest file\ts3://3/%s\tvalid'
% digest_provider.digests[0], stdout)
self.assertIn('Digest file\ts3://2/%s\tvalid'
% digest_provider.digests[1], stdout)
self.assertIn('Digest file\ts3://2/%s\tvalid'
% digest_provider.digests[2], stdout)
self.assertIn('Digest file\ts3://1/%s\tvalid'
% digest_provider.digests[3], stdout)
self.assertIn('Digest file\ts3://1/%s\tvalid'
% digest_provider.digests[4], stdout)
def test_warns_when_no_digests_in_gap(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'gap'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time '%s'"
% (TEST_TRAIL_ARN, START_TIME_ARG), 0)
self.assertIn(('No log files were delivered by CloudTrail between '
'2014-08-10T00:00:00Z and 2014-08-10T01:00:00Z'), stderr)
def test_verbose_output_shows_valid_digests(self):
key_provider, digest_provider, validator = create_scenario(
['gap'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time %s --verbose"
% (TEST_TRAIL_ARN, START_TIME_ARG), 0)
self.assertIn('Digest file\ts3://1/%s\tvalid'
% digest_provider.digests[0], stdout)
def test_warns_when_digest_deleted(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'missing', 'link', 'missing'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time %s --verbose"
% (TEST_TRAIL_ARN, START_TIME_ARG), 1)
self.assertIn('Digest file\ts3://1/%s\tINVALID: not found'
% digest_provider.digests[1], stderr)
self.assertIn('Digest file\ts3://1/%s\tINVALID: not found'
% digest_provider.digests[3], stderr)
def test_warns_when_no_valid_digests_found_in_range(self):
key_provider, digest_provider, validator = create_scenario(
['invalid'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
("cloudtrail validate-logs --trail-arn %s --start-time '%s' "
"--end-time '%s'")
% (TEST_TRAIL_ARN, START_TIME_ARG, END_TIME_ARG), 1)
self.assertIn(
'Results requested for %s to %s\nNo valid digests found in range'
% (format_display_date(START_DATE),
format_display_date(END_DATE)), stdout)
def test_fails_and_warns_when_log_is_deleted(self):
# Override the default request patching because we need to
# raise a ClientError exception.
key_provider, digest_provider, validator = create_scenario(
['gap'], [[self._logs[0]]])
with patch(RETRIEVER_FUNCTION) as mock_create_digest_traverser:
_setup_mock_traverser(mock_create_digest_traverser,
key_provider, digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time '%s'"
% (TEST_TRAIL_ARN, START_TIME_ARG), 1)
self.assertIn(
'Log file\ts3://1/key1\tINVALID: not found\n\n', stderr)
def test_warns_when_no_valid_digests_found_in_range(self):
key_provider, digest_provider, validator = create_scenario(
['invalid'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
("cloudtrail validate-logs --trail-arn %s --start-time '%s' "
"--end-time '%s'")
% (TEST_TRAIL_ARN, START_TIME_ARG, END_TIME_ARG), 1)
self.assertIn(
'Results requested for %s to %s\nNo valid digests found in range'
% (format_display_date(START_DATE),
format_display_date(END_DATE)), stdout)
def test_fails_and_warns_when_log_is_deleted(self):
# Override the default request patching because we need to
# raise a ClientError exception.
key_provider, digest_provider, validator = create_scenario(
['gap'], [[self._logs[0]]])
with patch(RETRIEVER_FUNCTION) as mock_create_digest_traverser:
_setup_mock_traverser(mock_create_digest_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time '%s'" %
(TEST_TRAIL_ARN, START_TIME_ARG), 1)
self.assertIn('Log file\ts3://1/key1\tINVALID: not found\n\n',
stderr)
def test_warns_when_digest_deleted(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'missing', 'link', 'missing'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time %s --verbose"
% (TEST_TRAIL_ARN, START_TIME_ARG), 1)
self.assertIn(
'Digest file\ts3://1/%s\tINVALID: not found' %
digest_provider.digests[1], stderr)
self.assertIn(
'Digest file\ts3://1/%s\tINVALID: not found' %
digest_provider.digests[3], stderr)
def test_warns_when_digest_invalid(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'invalid', 'link'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time %s"
% (TEST_TRAIL_ARN, START_TIME_ARG), 1)
self.assertIn('invalid error', stderr)
self.assertIn(
'Results requested for %s to ' % format_display_date(START_DATE),
stdout)
self.assertIn('2/3 digest files valid, 1/3 digest files INVALID',
stdout)
def test_fails_and_warns_when_log_hash_is_invalid(self):
key_provider, digest_provider, validator = create_scenario(
['gap'], [[self._logs[0]]])
self.parsed_responses = [
{'LocationConstraint': ''},
{'Body': six.BytesIO(_gz_compress('does not match'))}
]
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
("cloudtrail validate-logs --trail-arn %s --start-time "
"--region us-east-1 '%s'") % (TEST_TRAIL_ARN, START_TIME_ARG), 1)
self.assertIn(
'Log file\ts3://1/key1\tINVALID: hash value doesn\'t match', stderr)
def test_warns_when_digest_invalid(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'invalid', 'link'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time %s"
% (TEST_TRAIL_ARN, START_TIME_ARG), 1)
self.assertIn('invalid error', stderr)
self.assertIn(
'Results requested for %s to ' % format_display_date(START_DATE),
stdout)
self.assertIn('2/3 digest files valid, 1/3 digest files INVALID',
stdout)
def test_fails_and_warns_when_log_hash_is_invalid(self):
key_provider, digest_provider, validator = create_scenario(
['gap'], [[self._logs[0]]])
self.parsed_responses = [
{'LocationConstraint': ''},
{'Body': six.BytesIO(_gz_compress('does not match'))}
]
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
("cloudtrail validate-logs --trail-arn %s --start-time "
"--region us-east-1 '%s'") % (TEST_TRAIL_ARN, START_TIME_ARG), 1)
self.assertIn(
'Log file\ts3://1/key1\tINVALID: hash value doesn\'t match', stderr)
def test_shows_successful_summary(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'link'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
("cloudtrail validate-logs --trail-arn %s --start-time %s "
"--end-time %s --verbose")
% (TEST_TRAIL_ARN, START_TIME_ARG, END_TIME_ARG), 0)
self.assertIn(('Results requested for 2014-08-10T00:00:00Z to '
'2015-08-10T00:00:00Z'), stdout)
self.assertIn('2/2 digest files valid', stdout)
self.assertIn(
'Results found for 2014-08-10T01:00:00Z to 2014-08-10T02:30:00Z',
stdout)
def test_shows_successful_summary(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'link'], [])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
("cloudtrail validate-logs --trail-arn %s --start-time %s "
"--end-time %s --verbose")
% (TEST_TRAIL_ARN, START_TIME_ARG, END_TIME_ARG), 0)
self.assertIn(('Results requested for 2014-08-10T00:00:00Z to '
'2015-08-10T00:00:00Z'), stdout)
self.assertIn('2/2 digest files valid', stdout)
self.assertIn(
'Results found for 2014-08-10T01:00:00Z to 2014-08-10T02:30:00Z',
stdout)
def test_verbose_output_shows_happy_case(self):
self.parsed_responses = [
{'LocationConstraint': 'us-east-1'},
{'Body': six.BytesIO(_gz_compress(self._logs[0]['_raw_value']))}
]
key_provider, digest_provider, validator = create_scenario(
['gap', 'link'], [[], [self._logs[0]]])
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
("cloudtrail validate-logs --trail-arn %s --start-time %s "
"--region us-east-1 --verbose")
% (TEST_TRAIL_ARN, START_TIME_ARG), 0)
self.assertIn('Digest file\ts3://1/%s\tvalid'
% digest_provider.digests[0], stdout)
def test_validates_valid_log_files(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'link', 'link'],
[[self._logs[2]], [], [self._logs[0], self._logs[1]]])
self.parsed_responses = [
{'LocationConstraint': ''},
{'Body': six.BytesIO(_gz_compress(self._logs[0]['_raw_value']))},
{'Body': six.BytesIO(_gz_compress(self._logs[1]['_raw_value']))},
{'Body': six.BytesIO(_gz_compress(self._logs[2]['_raw_value']))},
]
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time %s --verbose"
% (TEST_TRAIL_ARN, START_TIME_ARG), 0)
self.assertIn('s3://1/key1', stdout)
self.assertIn('s3://1/key2', stdout)
self.assertIn('s3://1/key3', stdout)
def test_validates_valid_log_files(self):
key_provider, digest_provider, validator = create_scenario(
['gap', 'link', 'link'],
[[self._logs[2]], [], [self._logs[0], self._logs[1]]])
self.parsed_responses = [
{'LocationConstraint': ''},
{'Body': six.BytesIO(_gz_compress(self._logs[0]['_raw_value']))},
{'Body': six.BytesIO(_gz_compress(self._logs[1]['_raw_value']))},
{'Body': six.BytesIO(_gz_compress(self._logs[2]['_raw_value']))},
]
_setup_mock_traverser(self._mock_traverser, key_provider,
digest_provider, validator)
stdout, stderr, rc = self.run_cmd(
"cloudtrail validate-logs --trail-arn %s --start-time %s --verbose"
% (TEST_TRAIL_ARN, START_TIME_ARG), 0)
self.assertIn('s3://1/key1', stdout)
self.assertIn('s3://1/key2', stdout)
self.assertIn('s3://1/key3', stdout)
