def get_user_defined_properties(self):
"""Get properties that must be asssigned by the user when configuring a new PagerDuty
output. This should be sensitive or unique information for this use-case that needs
to come from the user.
Every output should return a dict that contains a 'descriptor' with a description of the
integration being configured.
PagerDuty also requires a service_key that represnts this integration. This
value should be masked during input and is a credential requirement.
Returns:
[OrderedDict] Contains various OutputProperty items
"""
return OrderedDict([
('descriptor',
OutputProperty(
description='a short and unique descriptor for this '
'PagerDuty integration')),
('service_key',
OutputProperty(
description='the service key for this PagerDuty integration',
mask_input=True,
cred_requirement=True))
])
def get_user_defined_properties(self):
"""Get properties that must be asssigned by the user when configuring a new S3
output. This should be sensitive or unique information for this use-case that needs
to come from the user.
Every output should return a dict that contains a 'descriptor' with a description of the
integration being configured.
S3 also requires a user provided bucket name to be used for this service output. This
value should not be masked during input and is not a credential requirement
that needs encrypted.
Returns:
[OrderedDict] Contains various OutputProperty items
"""
return OrderedDict([
('descriptor',
OutputProperty(
description=
'a short and unique descriptor for this S3 bucket (ie: bucket name)'
)),
('aws_value',
OutputProperty(
description=
'the AWS S3 bucket name to use for this S3 configuration'))
])
def get_user_defined_properties(self):
"""Get properties that must be asssigned by the user when configuring a new Lambda
output. This should be sensitive or unique information for this use-case that needs
to come from the user.
Every output should return a dict that contains a 'descriptor' with a description of the
integration being configured.
Sending to Lambda also requires a user provided Lambda function name and optional qualifier
(if applicabale for the user's use case). A fully-qualified AWS ARN is also acceptable for
this value. This value should not be masked during input and is not a credential requirement
that needs encrypted.
Returns:
[OrderedDict] Contains various OutputProperty items
"""
return OrderedDict([
('descriptor',
OutputProperty(
description=
'a short and unique descriptor for this Lambda function '
'configuration (ie: abbreviated name)')),
('aws_value',
OutputProperty(
description='the AWS arn, with the optional qualifier, that '
'represents the Lambda function to use for this '
'configuration (ie: arn:aws:lambda:aws-region:acct-id:'
'function:output_function:qualifier)',
input_restrictions={' '})),
])
def get_user_defined_properties(self):
"""Get properties that must be asssigned by the user when configuring a new Phantom
output. This should be sensitive or unique information for this use-case that needs
to come from the user.
Every output should return a dict that contains a 'descriptor' with a description of the
integration being configured.
Phantom also requires a ph_auth_token that represnts an authorization token for this
integration and a user provided url to use for alert dispatching. These values should be
masked during input and are credential requirements.
Returns:
[OrderedDict] Contains various OutputProperty items
"""
return OrderedDict([
('descriptor',
OutputProperty(
description='a short and unique descriptor for this '
'Phantom integration')),
('ph_auth_token',
OutputProperty(
description='the auth token for this Phantom integration',
mask_input=True,
cred_requirement=True)),
('url',
OutputProperty(
description='the endpoint url for this Phantom integration',
mask_input=True,
cred_requirement=True))
])
def get_user_defined_properties(self):
"""Get properties that must be asssigned by the user when configuring a new Slack
output. This should be sensitive or unique information for this use-case that needs
to come from the user.
Every output should return a dict that contains a 'descriptor' with a description of the
integration being configured.
Slack also requires a user provided 'webhook' url that is comprised of the slack api url
and the unique integration key for this output. This value should be should be masked
during input and is a credential requirement.
Returns:
[OrderedDict] Contains various OutputProperty items
"""
return OrderedDict([
('descriptor',
OutputProperty(
description=
'a short and unique descriptor for this Slack integration '
'(ie: channel, group, etc)')),
('url',
OutputProperty(
description='the full Slack webhook url, including the secret',
mask_input=True,
cred_requirement=True))
])
def test_encrypt_and_push_creds_to_s3(cli_mock):
"""Encrypt and push creds to s3"""
props = {
'non-secret':
OutputProperty(description='short description of info needed',
value='http://this.url.value')
}
return_value = encrypt_and_push_creds_to_s3('us-east-1', 'bucket', 'key',
props, 'test_alias')
assert_true(return_value)
cli_mock.assert_not_called()
props['secret'] = OutputProperty(
description='short description of secret needed',
value='1908AGSG98A8908AG',
cred_requirement=True)
# Create the bucket to hold the mock object being put
boto3.client('s3', region_name='us-east-1').create_bucket(Bucket='bucket')
return_value = encrypt_and_push_creds_to_s3('us-east-1', 'bucket', 'key',
props, 'test_alias')
assert_true(return_value)
def test_aws_format_output_config(self):
"""AWSOutput format output config"""
props = {
'descriptor': OutputProperty(
'short_descriptor',
'descriptor_value'),
'aws_value': OutputProperty(
'unique arn value, bucket, etc',
'bucket.value')}
formatted_config = self.__dispatcher.format_output_config(CONFIG, props)
assert_equal(len(formatted_config), 2)
assert_is_not_none(formatted_config.get('descriptor_value'))
assert_is_not_none(formatted_config.get('unit_test_bucket'))
def test_load_config():
"""Load config - check for existing output"""
props = {
'descriptor': OutputProperty('short description', 'sample_lambda')
}
loaded = load_config(props, 'aws-lambda')
assert_false(loaded)
def test_output_property_default():
"""OutputProperty defaults"""
prop = OutputProperty()
assert_equal(prop.description, '')
assert_equal(prop.value, '')
assert_equal(prop.input_restrictions, {' ', ':'})
assert_equal(prop.mask_input, False)
assert_equal(prop.cred_requirement, False)
def test_load_config(method_mock):
"""Load config - check for existing output"""
# Patch the return value of the load_outputs_config method to return
# the unit testing outputs configuration
method_mock.return_value = load_outputs_config(conf_dir="tests/unit/conf")
props = {
'descriptor': OutputProperty('short description', 'unit_test_lambda')
}
loaded = load_config(props, 'aws-lambda')
assert_false(loaded)
def test_format_output_config():
"""Format Output Config"""
props = {'descriptor': OutputProperty('test_desc', 'test_channel')}
formatted = StreamOutputBase(REGION, FUNCTION_NAME,
CONFIG).format_output_config(
CONFIG, props)
assert_equal(len(formatted), 2)
assert_equal(formatted[0], 'unit_test_channel')
assert_equal(formatted[1], 'test_channel')
def test_encrypt_and_push_creds_to_s3_kms_failure(log_mock, boto_mock):
"""Encrypt and push creds to s3 - kms failure"""
props = {
'secret': OutputProperty(
description='short description of secret needed',
value='1908AGSG98A8908AG',
cred_requirement=True)}
err_response = {
'Error':
{
'Code': 100,
'Message': 'BAAAD',
'BucketName': 'bucket'
}
}
# Add ClientError side_effect to mock
boto_mock.side_effect = ClientError(err_response, 'operation')
encrypt_and_push_creds_to_s3('us-east-1', 'bucket', 'key', props, 'test_alias')
log_mock.assert_called_with('An error occurred during credential encryption')
