def test_gets_trail_by_arn(self):
cloudtrail_client = Mock()
cloudtrail_client.describe_trails.return_value = {'trailList': [
{'TrailARN': 'a', 'Foo': 'Baz'},
{'TrailARN': 'b', 'Foo': 'Bar'}
]}
result = utils.get_trail_by_arn(cloudtrail_client, 'b')
self.assertEqual('Bar', result['Foo'])
def create_digest_traverser(cloudtrail_client, s3_client_provider, trail_arn,
trail_source_region=None, on_invalid=None,
on_gap=None, on_missing=None, bucket=None,
prefix=None):
"""Creates a CloudTrail DigestTraverser and its object graph.
:type cloudtrail_client: botocore.client.CloudTrail
:param cloudtrail_client: Client used to connect to CloudTrail
:type s3_client_provider: S3ClientProvider
:param s3_client_provider: Used to create Amazon S3 client per/region.
:param trail_arn: CloudTrail trail ARN
:param trail_source_region: The scanned region of a trail.
:param on_invalid: Callback that is invoked when validating a digest fails.
:param on_gap: Callback that is invoked when a digest has no link to the
previous digest, but there are more digests to validate. This can
happen when a trail is disabled for a period of time.
:param on_missing: Callback that is invoked when a digest file has been
deleted from Amazon S3 but is supposed to be present.
:param bucket: Amazon S3 bucket of the trail if it is different than the
bucket that is currently associated with the trail.
:param prefix: bucket: Key prefix prepended to each digest and log placed
in the Amazon S3 bucket if it is different than the prefix that is
currently associated with the trail.
``on_gap``, ``on_invalid``, and ``on_missing`` callbacks are invoked with
the following named arguments:
- ``bucket`: The next S3 bucket.
- ``next_key``: (optional) Next digest key that was found in the bucket.
- ``next_end_date``: (optional) End date of the next found digest.
- ``last_key``: The last digest key that was found.
- ``last_start_date``: (optional) Start date of last found digest.
- ``message``: (optional) Message string about the notification.
"""
assert_cloudtrail_arn_is_valid(trail_arn)
account_id = get_account_id_from_arn(trail_arn)
if bucket is None:
# Determine the bucket and prefix based on the trail arn.
trail_info = get_trail_by_arn(cloudtrail_client, trail_arn)
LOG.debug('Loaded trail info: %s', trail_info)
bucket = trail_info['S3BucketName']
prefix = trail_info.get('S3KeyPrefix', None)
# Determine the region from the ARN (e.g., arn:aws:cloudtrail:REGION:...)
trail_region = trail_arn.split(':')[3]
# Determine the name from the ARN (the last part after "/")
trail_name = trail_arn.split('/')[-1]
digest_provider = DigestProvider(
account_id=account_id, trail_name=trail_name,
s3_client_provider=s3_client_provider,
trail_source_region=trail_source_region,
trail_home_region=trail_region)
return DigestTraverser(
digest_provider=digest_provider, starting_bucket=bucket,
starting_prefix=prefix, on_invalid=on_invalid, on_gap=on_gap,
on_missing=on_missing,
public_key_provider=PublicKeyProvider(cloudtrail_client))
def create_digest_traverser(cloudtrail_client, s3_client_provider, trail_arn,
trail_source_region=None, on_invalid=None,
on_gap=None, on_missing=None, bucket=None,
prefix=None):
"""Creates a CloudTrail DigestTraverser and its object graph.
:type cloudtrail_client: botocore.client.CloudTrail
:param cloudtrail_client: Client used to connect to CloudTrail
:type s3_client_provider: S3ClientProvider
:param s3_client_provider: Used to create Amazon S3 client per/region.
:param trail_arn: CloudTrail trail ARN
:param trail_source_region: The scanned region of a trail.
:param on_invalid: Callback that is invoked when validating a digest fails.
:param on_gap: Callback that is invoked when a digest has no link to the
previous digest, but there are more digests to validate. This can
happen when a trail is disabled for a period of time.
:param on_missing: Callback that is invoked when a digest file has been
deleted from Amazon S3 but is supposed to be present.
:param bucket: Amazon S3 bucket of the trail if it is different than the
bucket that is currently associated with the trail.
:param prefix: bucket: Key prefix prepended to each digest and log placed
in the Amazon S3 bucket if it is different than the prefix that is
currently associated with the trail.
``on_gap``, ``on_invalid``, and ``on_missing`` callbacks are invoked with
the following named arguments:
- ``bucket`: The next S3 bucket.
- ``next_key``: (optional) Next digest key that was found in the bucket.
- ``next_end_date``: (optional) End date of the next found digest.
- ``last_key``: The last digest key that was found.
- ``last_start_date``: (optional) Start date of last found digest.
- ``message``: (optional) Message string about the notification.
"""
assert_cloudtrail_arn_is_valid(trail_arn)
account_id = get_account_id_from_arn(trail_arn)
if bucket is None:
# Determine the bucket and prefix based on the trail arn.
trail_info = get_trail_by_arn(cloudtrail_client, trail_arn)
LOG.debug('Loaded trail info: %s', trail_info)
bucket = trail_info['S3BucketName']
prefix = trail_info.get('S3KeyPrefix', None)
# Determine the region from the ARN (e.g., arn:aws:cloudtrail:REGION:...)
trail_region = trail_arn.split(':')[3]
# Determine the name from the ARN (the last part after "/")
trail_name = trail_arn.split('/')[-1]
digest_provider = DigestProvider(
account_id=account_id, trail_name=trail_name,
s3_client_provider=s3_client_provider,
trail_source_region=trail_source_region,
trail_home_region=trail_region)
return DigestTraverser(
digest_provider=digest_provider, starting_bucket=bucket,
starting_prefix=prefix, on_invalid=on_invalid, on_gap=on_gap,
on_missing=on_missing,
public_key_provider=PublicKeyProvider(cloudtrail_client))
