def test_generate_cloudtrail_minimal(self): """CLI - Terraform Generate CloudTrail Module, Minimal Settings""" cluster_name = 'advanced' self.config['clusters']['advanced']['modules']['cloudtrail'] = { 'send_to_cloudwatch': False, 'enable_s3_events': False, 's3_cross_account_ids': ['456789012345'], } cloudtrail.generate_cloudtrail( cluster_name, self.cluster_dict, self.config ) expected = { 'cloudtrail_advanced': { 'source': './modules/tf_cloudtrail', 's3_cross_account_ids': ['12345678910', '456789012345'], 'primary_account_id': '12345678910', 'cluster': 'advanced', 'prefix': 'unit-test', 'region': 'us-west-1', 's3_bucket_name': 'unit-test-advanced-streamalert-cloudtrail', 's3_logging_bucket': 'unit-test-streamalert-s3-logging', } } assert_equal(expected, self.cluster_dict['module'])
def test_generate_cloudtrail_with_s3_events(self): """CLI - Terraform Generate CloudTrail Module, With S3 Events""" cluster_name = 'advanced' self.config['clusters']['advanced']['modules']['cloudtrail'] = { 'send_to_cloudwatch': False, 'enable_s3_events': True, 's3_cross_account_ids': ['456789012345'], 's3_bucket_name': 'unit-test-bucket' } cloudtrail.generate_cloudtrail( cluster_name, self.cluster_dict, self.config ) expected = { 'cloudtrail_advanced': { 'source': './modules/tf_cloudtrail', 's3_cross_account_ids': ['12345678910', '456789012345'], 'primary_account_id': '12345678910', 'cluster': 'advanced', 'prefix': 'unit-test', 'region': 'us-west-1', 's3_bucket_name': 'unit-test-bucket', 's3_logging_bucket': 'unit-test-streamalert-s3-logging', }, 'cloudtrail_s3_events_unit-test_advanced_unit-test-bucket': { 'source': './modules/tf_s3_events', 'lambda_role_id': '${module.classifier_advanced_lambda.role_id}', 'lambda_function_alias': '${module.classifier_advanced_lambda.function_alias}', 'lambda_function_alias_arn': ( '${module.classifier_advanced_lambda.function_alias_arn}' ), 'lambda_function_name': '${module.classifier_advanced_lambda.function_name}', 'bucket_name': 'unit-test-bucket', 'filters': [ { 'filter_prefix': 'AWSLogs/12345678910/' }, { 'filter_prefix': 'AWSLogs/456789012345/' } ] } } assert_equal(expected, self.cluster_dict['module'])
def generate_cluster(config, cluster_name): """Generate a StreamAlert cluster file. Args: config (dict): The loaded config from the 'conf/' directory cluster_name (str): The name of the currently generating cluster Returns: dict: generated Terraform cluster dictionary """ modules = config['clusters'][cluster_name]['modules'] cluster_dict = infinitedict() generate_classifier(cluster_name, cluster_dict, config) generate_cluster_cloudwatch_metric_filters(cluster_name, cluster_dict, config) generate_cluster_cloudwatch_metric_alarms(cluster_name, cluster_dict, config) if modules.get('cloudwatch_monitoring', {}).get('enabled'): if not generate_monitoring(cluster_name, cluster_dict, config): return if modules.get('kinesis'): if not generate_kinesis_streams(cluster_name, cluster_dict, config): return if modules.get('kinesis_events'): if not generate_kinesis_events(cluster_name, cluster_dict, config): return if modules.get('cloudtrail'): if not generate_cloudtrail(cluster_name, cluster_dict, config): return # purposely not using .get, since no extra settings are required for this module if 'cloudwatch_events' in modules: if not generate_cloudwatch_events(cluster_name, cluster_dict, config): return if modules.get('cloudwatch_logs_destination'): if not generate_cloudwatch_destinations(cluster_name, cluster_dict, config): return if modules.get('flow_logs'): if not generate_flow_logs(cluster_name, cluster_dict, config): return if modules.get('s3_events'): if not generate_s3_events(cluster_name, cluster_dict, config): return generate_apps(cluster_name, cluster_dict, config) return cluster_dict
def test_generate_cloudtrail_cloudwatch_logs_and_s3(self): """CLI - Terraform Generate CloudTrail Module, With S3 and CloudWatch Logs""" cluster_name = 'advanced' self.config['clusters']['advanced']['modules']['cloudtrail'] = { 'send_to_cloudwatch': True, 's3_cross_account_ids': ['456789012345'], 'enable_s3_events': True, } cloudtrail.generate_cloudtrail( cluster_name, self.cluster_dict, self.config ) expected = { 'cloudwatch_logs_destination_advanced': { 'source': './modules/tf_cloudwatch_logs_destination', 'prefix': 'unit-test', 'cluster': 'advanced', 'regions': [ 'us-west-1' ], 'destination_kinesis_stream_arn': '${module.kinesis_advanced.arn}' }, 'cloudwatch_logs_destination_advanced_us-west-1': { 'source': './modules/tf_cloudwatch_logs_destination/modules/destination', 'prefix': 'unit-test', 'cluster': 'advanced', 'account_ids': [ '12345678910' ], 'destination_kinesis_stream_arn': '${module.kinesis_advanced.arn}', 'cloudwatch_logs_subscription_role_arn': ( '${module.cloudwatch_logs_destination_advanced.' 'cloudwatch_logs_subscription_role_arn}' ), 'providers': { 'aws': 'aws.us-west-1' } }, 'cloudtrail_cloudwatch_advanced': { 'source': './modules/tf_cloudtrail/modules/tf_cloudtrail_cloudwatch', 'cluster': 'advanced', 'prefix': 'unit-test', 'region': 'us-west-1', 'cloudwatch_destination_arn': ( '${module.cloudwatch_logs_destination_advanced_us-west-1.' 'cloudwatch_logs_destination_arn}' ), }, 'cloudtrail_advanced': { 'source': './modules/tf_cloudtrail', 's3_cross_account_ids': ['12345678910', '456789012345'], 'primary_account_id': '12345678910', 'cluster': 'advanced', 'prefix': 'unit-test', 'region': 'us-west-1', 's3_bucket_name': 'unit-test-advanced-streamalert-cloudtrail', 's3_logging_bucket': 'unit-test-streamalert-s3-logging', 'cloudwatch_logs_role_arn': ( '${module.cloudtrail_cloudwatch_advanced.cloudtrail_to_cloudwatch_logs_role}' ), 'cloudwatch_logs_group_arn': ( '${module.cloudtrail_cloudwatch_advanced.cloudwatch_logs_group_arn}' ), }, 'cloudtrail_s3_events_unit-test_advanced_unit-test-advanced-streamalert-cloudtrail': { 'source': './modules/tf_s3_events', 'lambda_role_id': '${module.classifier_advanced_lambda.role_id}', 'lambda_function_alias': '${module.classifier_advanced_lambda.function_alias}', 'lambda_function_alias_arn': ( '${module.classifier_advanced_lambda.function_alias_arn}' ), 'lambda_function_name': '${module.classifier_advanced_lambda.function_name}', 'bucket_name': 'unit-test-advanced-streamalert-cloudtrail', 'filters': [ { 'filter_prefix': 'AWSLogs/456789012345/' } ] }, } assert_equal(expected, self.cluster_dict['module'])
def test_generate_cloudtrail_with_cloudwatch_logs(self): """CLI - Terraform Generate CloudTrail Module, With CloudWatch Logs""" cluster_name = 'advanced' self.config['clusters']['advanced']['modules']['cloudtrail'] = { 's3_settings': { 'enable_events': False, }, 'send_to_cloudwatch': True, } cloudtrail.generate_cloudtrail(cluster_name, self.cluster_dict, self.config) expected = { 'cloudwatch_logs_destination_advanced': { 'source': './modules/tf_cloudwatch_logs_destination', 'prefix': 'unit-test', 'cluster': 'advanced', 'regions': ['us-west-1'], 'destination_kinesis_stream_arn': '${module.kinesis_advanced.arn}' }, 'cloudwatch_logs_destination_advanced_us-west-1': { 'source': './modules/tf_cloudwatch_logs_destination/modules/destination', 'prefix': 'unit-test', 'cluster': 'advanced', 'account_ids': ['12345678910'], 'destination_kinesis_stream_arn': '${module.kinesis_advanced.arn}', 'cloudwatch_logs_subscription_role_arn': ('${module.cloudwatch_logs_destination_advanced.' 'cloudwatch_logs_subscription_role_arn}'), 'providers': { 'aws': 'aws.us-west-1' } }, 'cloudtrail_cloudwatch_advanced': { 'source': './modules/tf_cloudtrail/modules/tf_cloudtrail_cloudwatch', 'cluster': 'advanced', 'prefix': 'unit-test', 'region': 'us-west-1', 'cloudwatch_destination_arn': ('${module.cloudwatch_logs_destination_advanced_us-west-1.' 'cloudwatch_logs_destination_arn}'), }, 'cloudtrail_advanced': { 'source': './modules/tf_cloudtrail', 's3_cross_account_ids': ['12345678910'], 'primary_account_id': '12345678910', 'cluster': 'advanced', 'prefix': 'unit-test', 'region': 'us-west-1', 's3_bucket_name': 'unit-test-advanced-streamalert-cloudtrail', 's3_logging_bucket': 'unit-test-streamalert-s3-logging', 'cloudwatch_logs_role_arn': ('${module.cloudtrail_cloudwatch_advanced.cloudtrail_to_cloudwatch_logs_role}' ), 'cloudwatch_logs_group_arn': ('${module.cloudtrail_cloudwatch_advanced.cloudwatch_logs_group_arn}' ), }, } assert_equal(expected, self.cluster_dict['module'])