def test_should_output_an_iam_policy_for_a_set_of_cloudtrail_records_input_from_stdin(
):
runner = CliRunner()
records = open(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json"
)).read()
result = runner.invoke(cli.root_group, args=["generate"], input=records)
assert result.exit_code == 0
assert json.loads(result.output) == json.loads('''\
{
"Statement": [
{
"Action": [
"autoscaling:DescribeLaunchConfigurations"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::111111111111:role/someRole"
]
}
],
"Version": "2012-10-17"
}
''')
def test_parse_records_from_gzipped_file_should_return_empty_for_non_gzipped_files(
):
logfile = LogFile(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json"
))
assert logfile.records() == []
def test_parse_records_from_gzipped_file():
logfile = LogFile(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json.gz"
))
assert logfile.records() == [
Record("autoscaling.amazonaws.com",
"DescribeLaunchConfigurations",
assumed_role_arn="arn:aws:iam::111111111111:role/someRole",
event_time=datetime.datetime(2017,
12,
11,
15,
1,
51,
tzinfo=pytz.utc)),
Record("sts.amazonaws.com",
"AssumeRole",
resource_arns=["arn:aws:iam::111111111111:role/someRole"],
event_time=datetime.datetime(2017,
12,
11,
15,
4,
51,
tzinfo=pytz.utc))
]
def test_should_output_all_cloudtrail_records_in_data_dir():
runner = CliRunner()
result = runner.invoke(cli.root_group,
args=[
"select",
"--log-dir",
cloudtrail_data_dir(),
])
expected_json = json.load(
open(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json"
)))
assert result.exit_code == 0
assert json.loads(result.output) == expected_json
def test_should_output_cloudrail_records_filtered_by_role_arn():
runner = CliRunner()
result = runner.invoke(cli.root_group,
args=[
"select", "--log-dir",
cloudtrail_data_dir(),
"--filter-assumed-role-arn",
"arn:aws:iam::111111111111:role/someRole"
])
expected_json = json.load(
open(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json"
)))
expected_json['Records'].pop(1)
assert result.exit_code == 0
assert json.loads(result.output) == expected_json
def test_should_output_cloudrail_records_filtered_by_timeframe():
runner = CliRunner()
result = runner.invoke(cli.root_group,
args=[
"select", "--log-dir",
cloudtrail_data_dir(), "--from",
"2017-12-11 15:00:00Z", "--to",
"2017-12-11 15:02:00Z"
])
expected_json = json.load(
open(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json"
)))
expected_json['Records'].pop(
1
) # TODO: this test should use a different record to distinguish between filtering arns and timeframes
assert result.exit_code == 0
assert json.loads(result.output) == expected_json