def test_generate_s3_events():
"""CLI - Terraform S3 Events with Valid Buckets"""
cluster_dict = _common.infinitedict()
result = s3_events.generate_s3_events('advanced', cluster_dict, CONFIG)
expected_config = {
'module': {
's3_events_unit-test-bucket_data': {
'source': 'modules/tf_stream_alert_s3_events',
'lambda_function_arn':
'${module.stream_alert_advanced.lambda_arn}',
'bucket_id': 'unit-test-bucket.data',
'enable_events': True,
'lambda_role_id':
'${module.stream_alert_advanced.lambda_role_id}',
},
's3_events_unit-test_cloudtrail_data': {
'source': 'modules/tf_stream_alert_s3_events',
'lambda_function_arn':
'${module.stream_alert_advanced.lambda_arn}',
'bucket_id': 'unit-test.cloudtrail.data',
'enable_events': False,
'lambda_role_id':
'${module.stream_alert_advanced.lambda_role_id}',
}
}
}
assert_true(result)
assert_equal(cluster_dict, expected_config)
def test_generate_s3_events():
"""CLI - Terraform S3 Events with Valid Bucket"""
cluster_dict = _common.infinitedict()
CONFIG['clusters']['advanced']['modules']['s3_events'] = {
's3_bucket_id': 'unit-test-bucket.data'
}
result = s3_events.generate_s3_events('advanced', cluster_dict, CONFIG)
expected_config = {
'module': {
's3_events_advanced': {
'source':
'modules/tf_stream_alert_s3_events',
'lambda_function_arn':
'${module.stream_alert_advanced.lambda_arn}',
'lambda_function_name':
'unit-testing_advanced_stream_alert_processor',
's3_bucket_id':
'unit-test-bucket.data',
's3_bucket_arn':
'arn:aws:s3:::unit-test-bucket.data',
'lambda_role_id':
'${module.stream_alert_advanced.lambda_role_id}',
'lambda_role_arn':
'${module.stream_alert_advanced.lambda_role_arn}'
}
}
}
assert_true(result)
assert_equal(cluster_dict, expected_config)
def test_generate_s3_events():
"""CLI - Terraform - S3 Events with Valid Buckets"""
cluster_dict = common.infinitedict()
result = s3_events.generate_s3_events('advanced', cluster_dict, CONFIG)
expected_config = {
'module': {
's3_events_unit-testing_advanced_0': {
'source': 'modules/tf_stream_alert_s3_events',
'lambda_function_arn': '${module.stream_alert_advanced.lambda_arn}',
'bucket_id': 'unit-test-bucket.data',
'notification_id': 'advanced_0',
'enable_events': True,
'lambda_role_id': '${module.stream_alert_advanced.lambda_role_id}',
'filter_suffix': '.log',
'filter_prefix': 'AWSLogs/123456789/CloudTrail/us-east-1/'
},
's3_events_unit-testing_advanced_1': {
'source': 'modules/tf_stream_alert_s3_events',
'lambda_function_arn': '${module.stream_alert_advanced.lambda_arn}',
'bucket_id': 'unit-test.cloudtrail.data',
'enable_events': False,
'notification_id': 'advanced_1',
'lambda_role_id': '${module.stream_alert_advanced.lambda_role_id}',
'filter_suffix': '',
'filter_prefix': ''
}
}
}
assert_true(result)
assert_equal(cluster_dict, expected_config)
def test_generate_s3_events_invalid_bucket(mock_logging):
"""CLI - Terraform - S3 Events with Missing Bucket Key"""
cluster_dict = common.infinitedict()
CONFIG['clusters']['advanced']['modules']['s3_events'] = [{'wrong_key': 'my-bucket!!!'}]
result = s3_events.generate_s3_events('advanced', cluster_dict, CONFIG)
assert_true(mock_logging.error.called)
assert_false(result)
def generate_cluster(**kwargs):
"""Generate a StreamAlert cluster file.
Keyword Args:
cluster_name (str): The name of the currently generating cluster
config (dict): The loaded config from the 'conf/' directory
Returns:
dict: generated Terraform cluster dictionary
"""
config = kwargs.get('config')
cluster_name = kwargs.get('cluster_name')
modules = config['clusters'][cluster_name]['modules']
cluster_dict = infinitedict()
if not generate_stream_alert(cluster_name, cluster_dict, config):
return
generate_cloudwatch_metric_filters(cluster_name, cluster_dict, config)
generate_cloudwatch_metric_alarms(cluster_name, cluster_dict, config)
if modules.get('cloudwatch_monitoring', {}).get('enabled'):
if not generate_monitoring(cluster_name, cluster_dict, config):
return
if modules.get('kinesis'):
if not generate_kinesis_streams(cluster_name, cluster_dict, config):
return
outputs = config['clusters'][cluster_name].get('outputs')
if outputs:
if not generate_outputs(cluster_name, cluster_dict, config):
return
if modules.get('kinesis_events'):
if not generate_kinesis_events(cluster_name, cluster_dict, config):
return
cloudtrail_info = modules.get('cloudtrail')
if cloudtrail_info:
if not generate_cloudtrail(cluster_name, cluster_dict, config):
return
flow_log_info = modules.get('flow_logs')
if flow_log_info:
if not generate_flow_logs(cluster_name, cluster_dict, config):
return
s3_events_info = modules.get('s3_events')
if s3_events_info:
if not generate_s3_events(cluster_name, cluster_dict, config):
return
generate_app_integrations(cluster_name, cluster_dict, config)
return cluster_dict
def generate_cluster(config, cluster_name):
"""Generate a StreamAlert cluster file.
Args:
config (dict): The loaded config from the 'conf/' directory
cluster_name (str): The name of the currently generating cluster
Returns:
dict: generated Terraform cluster dictionary
"""
modules = config['clusters'][cluster_name]['modules']
cluster_dict = infinitedict()
generate_classifier(cluster_name, cluster_dict, config)
generate_cluster_cloudwatch_metric_filters(cluster_name, cluster_dict,
config)
generate_cluster_cloudwatch_metric_alarms(cluster_name, cluster_dict,
config)
if modules.get('cloudwatch_monitoring', {}).get('enabled'):
if not generate_monitoring(cluster_name, cluster_dict, config):
return
if modules.get('kinesis'):
if not generate_kinesis_streams(cluster_name, cluster_dict, config):
return
outputs = config['clusters'][cluster_name].get('outputs')
if outputs:
if not generate_outputs(cluster_name, cluster_dict, config):
return
if modules.get('kinesis_events'):
if not generate_kinesis_events(cluster_name, cluster_dict, config):
return
if modules.get('cloudtrail'):
if not generate_cloudtrail(cluster_name, cluster_dict, config):
return
if modules.get('cloudwatch'):
if not generate_cloudwatch(cluster_name, cluster_dict, config):
return
if modules.get('flow_logs'):
if not generate_flow_logs(cluster_name, cluster_dict, config):
return
if modules.get('s3_events'):
if not generate_s3_events(cluster_name, cluster_dict, config):
return
generate_apps(cluster_name, cluster_dict, config)
return cluster_dict
def test_generate_s3_events_legacy():
"""CLI - Terraform - S3 Events - Legacy"""
cluster_dict = common.infinitedict()
CONFIG['clusters']['test']['modules']['s3_events'] = {
's3_bucket_id': 'unit-test-bucket.legacy.data'
}
result = s3_events.generate_s3_events('test', cluster_dict, CONFIG)
assert_true(result)
assert_equal(CONFIG['clusters']['test']['modules']['s3_events'],
[{
'bucket_id': 'unit-test-bucket.legacy.data'
}])
