def test_generate_cloudtrail_all_options(self):
"""CLI - Terraform Generate Cloudtrail Module - All Options"""
cluster_name = 'advanced'
self.config['clusters']['advanced']['modules']['cloudtrail'] = {
'enabled': True,
'existing_trail': False,
'is_global_trail': False,
'event_pattern': {
'source': ['aws.ec2'],
'account': '12345678910',
'detail': {
'state': ['running']
}
}
}
cloudtrail.generate_cloudtrail(
cluster_name,
self.cluster_dict,
self.config
)
assert_equal('cloudtrail_advanced' in self.cluster_dict['module'], True)
assert_equal(self.cluster_dict['module']['cloudtrail_advanced'], {
'account_id': '12345678910',
'cluster': 'advanced',
'existing_trail': False,
'is_global_trail': False,
'kinesis_arn': '${module.kinesis_advanced.arn}',
'prefix': 'unit-testing',
'enable_logging': True,
'source': 'modules/tf_stream_alert_cloudtrail',
's3_logging_bucket': 'unit-testing.streamalert.s3-logging',
'event_pattern': '{"source": ["aws.ec2"], "account": "12345678910",'
' "detail": {"state": ["running"]}}'
})
def test_generate_cloudtrail_basic(self):
"""CLI - Terraform Generate Cloudtrail Module - Legacy"""
cluster_name = 'advanced'
self.config['clusters']['advanced']['modules']['cloudtrail'] = {
'enabled': True
}
result = cloudtrail.generate_cloudtrail(cluster_name,
self.cluster_dict, self.config)
# Reload the config
self.config.load()
assert_true(result)
assert_equal(
set(self.config['clusters']['advanced']['modules']
['cloudtrail'].keys()), {'enable_logging', 'enable_kinesis'})
assert_equal(
self.cluster_dict['module']['cloudtrail_advanced'], {
'account_ids': ['12345678910'],
'cluster': 'advanced',
'kinesis_arn': '${module.kinesis_advanced.arn}',
'prefix': 'unit-testing',
'enable_logging': True,
'enable_kinesis': True,
'source': 'modules/tf_stream_alert_cloudtrail',
's3_logging_bucket': 'unit-testing.streamalert.s3-logging',
'existing_trail': False,
'is_global_trail': True,
'event_pattern': '{"account": ["12345678910"]}'
})
def generate_cluster(**kwargs):
"""Generate a StreamAlert cluster file.
Keyword Args:
cluster_name (str): The name of the currently generating cluster
config (dict): The loaded config from the 'conf/' directory
Returns:
dict: generated Terraform cluster dictionary
"""
config = kwargs.get('config')
cluster_name = kwargs.get('cluster_name')
modules = config['clusters'][cluster_name]['modules']
cluster_dict = infinitedict()
if not generate_stream_alert(cluster_name, cluster_dict, config):
return
generate_cloudwatch_metric_filters(cluster_name, cluster_dict, config)
generate_cloudwatch_metric_alarms(cluster_name, cluster_dict, config)
if modules.get('cloudwatch_monitoring', {}).get('enabled'):
if not generate_monitoring(cluster_name, cluster_dict, config):
return
if modules.get('kinesis'):
if not generate_kinesis_streams(cluster_name, cluster_dict, config):
return
outputs = config['clusters'][cluster_name].get('outputs')
if outputs:
if not generate_outputs(cluster_name, cluster_dict, config):
return
if modules.get('kinesis_events'):
if not generate_kinesis_events(cluster_name, cluster_dict, config):
return
cloudtrail_info = modules.get('cloudtrail')
if cloudtrail_info:
if not generate_cloudtrail(cluster_name, cluster_dict, config):
return
flow_log_info = modules.get('flow_logs')
if flow_log_info:
if not generate_flow_logs(cluster_name, cluster_dict, config):
return
s3_events_info = modules.get('s3_events')
if s3_events_info:
if not generate_s3_events(cluster_name, cluster_dict, config):
return
generate_app_integrations(cluster_name, cluster_dict, config)
return cluster_dict
def generate_cluster(config, cluster_name):
"""Generate a StreamAlert cluster file.
Args:
config (dict): The loaded config from the 'conf/' directory
cluster_name (str): The name of the currently generating cluster
Returns:
dict: generated Terraform cluster dictionary
"""
modules = config['clusters'][cluster_name]['modules']
cluster_dict = infinitedict()
generate_classifier(cluster_name, cluster_dict, config)
generate_cluster_cloudwatch_metric_filters(cluster_name, cluster_dict,
config)
generate_cluster_cloudwatch_metric_alarms(cluster_name, cluster_dict,
config)
if modules.get('cloudwatch_monitoring', {}).get('enabled'):
if not generate_monitoring(cluster_name, cluster_dict, config):
return
if modules.get('kinesis'):
if not generate_kinesis_streams(cluster_name, cluster_dict, config):
return
outputs = config['clusters'][cluster_name].get('outputs')
if outputs:
if not generate_outputs(cluster_name, cluster_dict, config):
return
if modules.get('kinesis_events'):
if not generate_kinesis_events(cluster_name, cluster_dict, config):
return
if modules.get('cloudtrail'):
if not generate_cloudtrail(cluster_name, cluster_dict, config):
return
if modules.get('cloudwatch'):
if not generate_cloudwatch(cluster_name, cluster_dict, config):
return
if modules.get('flow_logs'):
if not generate_flow_logs(cluster_name, cluster_dict, config):
return
if modules.get('s3_events'):
if not generate_s3_events(cluster_name, cluster_dict, config):
return
generate_apps(cluster_name, cluster_dict, config)
return cluster_dict
def test_generate_cloudtrail_basic(self):
"""CLI - Terraform Generate cloudtrail Module"""
cluster_name = 'advanced'
cloudtrail.generate_cloudtrail(
cluster_name,
self.cluster_dict,
self.config
)
assert_equal('cloudtrail_advanced' in self.cluster_dict['module'], True)
assert_equal(self.cluster_dict['module']['cloudtrail_advanced'], {
'account_id': '12345678910',
'cluster': 'advanced',
'kinesis_arn': '${module.kinesis_advanced.arn}',
'prefix': 'unit-testing',
'enable_logging': True,
'source': 'modules/tf_stream_alert_cloudtrail',
's3_logging_bucket': 'unit-testing.streamalert.s3-logging',
'existing_trail': False,
'is_global_trail': True,
'event_pattern': '{"account": ["12345678910"]}'
})
def test_generate_cloudtrail_invalid_event_pattern(self, mock_logging):
"""CLI - Terraform Generate Cloudtrail Module - Invalid Event Pattern"""
cluster_name = 'advanced'
self.config['clusters']['advanced']['modules']['cloudtrail'] = {
'enable_logging': True,
'enable_kinesis': True,
'existing_trail': False,
'is_global_trail': False,
'event_pattern': json.dumps({'invalid': ['aws.ec2']})
}
result = cloudtrail.generate_cloudtrail(cluster_name,
self.cluster_dict, self.config)
assert_false(result)
assert_true(mock_logging.error.called)