def test_follows_trails_when_bucket_changes(self): self.parsed_responses = [ {'LocationConstraint': 'us-east-1'}, {'Body': six.BytesIO(_gz_compress(self._logs[0]['_raw_value']))}, {'LocationConstraint': 'us-west-2'}, {'LocationConstraint': 'eu-west-1'} ] key_provider, digest_provider, validator = create_scenario( ['gap', 'bucket_change', 'link', 'bucket_change', 'link'], [[], [self._logs[0]], [], [], []]) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( ("cloudtrail validate-logs --trail-arn %s --start-time %s " "--region us-east-1 --verbose") % (TEST_TRAIL_ARN, START_TIME_ARG), 0) self.assertIn('Digest file\ts3://3/%s\tvalid' % digest_provider.digests[0], stdout) self.assertIn('Digest file\ts3://2/%s\tvalid' % digest_provider.digests[1], stdout) self.assertIn('Digest file\ts3://2/%s\tvalid' % digest_provider.digests[2], stdout) self.assertIn('Digest file\ts3://1/%s\tvalid' % digest_provider.digests[3], stdout) self.assertIn('Digest file\ts3://1/%s\tvalid' % digest_provider.digests[4], stdout)
def test_warns_when_no_digests_in_gap(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'gap'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time '%s'" % (TEST_TRAIL_ARN, START_TIME_ARG), 0) self.assertIn(('No log files were delivered by CloudTrail between ' '2014-08-10T00:00:00Z and 2014-08-10T01:00:00Z'), stderr)
def test_verbose_output_shows_valid_digests(self): key_provider, digest_provider, validator = create_scenario( ['gap'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time %s --verbose" % (TEST_TRAIL_ARN, START_TIME_ARG), 0) self.assertIn('Digest file\ts3://1/%s\tvalid' % digest_provider.digests[0], stdout)
def test_warns_when_digest_deleted(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'missing', 'link', 'missing'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time %s --verbose" % (TEST_TRAIL_ARN, START_TIME_ARG), 1) self.assertIn('Digest file\ts3://1/%s\tINVALID: not found' % digest_provider.digests[1], stderr) self.assertIn('Digest file\ts3://1/%s\tINVALID: not found' % digest_provider.digests[3], stderr)
def test_warns_when_no_valid_digests_found_in_range(self): key_provider, digest_provider, validator = create_scenario( ['invalid'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( ("cloudtrail validate-logs --trail-arn %s --start-time '%s' " "--end-time '%s'") % (TEST_TRAIL_ARN, START_TIME_ARG, END_TIME_ARG), 1) self.assertIn( 'Results requested for %s to %s\nNo valid digests found in range' % (format_display_date(START_DATE), format_display_date(END_DATE)), stdout)
def test_fails_and_warns_when_log_is_deleted(self): # Override the default request patching because we need to # raise a ClientError exception. key_provider, digest_provider, validator = create_scenario( ['gap'], [[self._logs[0]]]) with patch(RETRIEVER_FUNCTION) as mock_create_digest_traverser: _setup_mock_traverser(mock_create_digest_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time '%s'" % (TEST_TRAIL_ARN, START_TIME_ARG), 1) self.assertIn( 'Log file\ts3://1/key1\tINVALID: not found\n\n', stderr)
def test_warns_when_no_valid_digests_found_in_range(self): key_provider, digest_provider, validator = create_scenario( ['invalid'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( ("cloudtrail validate-logs --trail-arn %s --start-time '%s' " "--end-time '%s'") % (TEST_TRAIL_ARN, START_TIME_ARG, END_TIME_ARG), 1) self.assertIn( 'Results requested for %s to %s\nNo valid digests found in range' % (format_display_date(START_DATE), format_display_date(END_DATE)), stdout)
def test_fails_and_warns_when_log_is_deleted(self): # Override the default request patching because we need to # raise a ClientError exception. key_provider, digest_provider, validator = create_scenario( ['gap'], [[self._logs[0]]]) with patch(RETRIEVER_FUNCTION) as mock_create_digest_traverser: _setup_mock_traverser(mock_create_digest_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time '%s'" % (TEST_TRAIL_ARN, START_TIME_ARG), 1) self.assertIn('Log file\ts3://1/key1\tINVALID: not found\n\n', stderr)
def test_warns_when_digest_deleted(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'missing', 'link', 'missing'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time %s --verbose" % (TEST_TRAIL_ARN, START_TIME_ARG), 1) self.assertIn( 'Digest file\ts3://1/%s\tINVALID: not found' % digest_provider.digests[1], stderr) self.assertIn( 'Digest file\ts3://1/%s\tINVALID: not found' % digest_provider.digests[3], stderr)
def test_warns_when_digest_invalid(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'invalid', 'link'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time %s" % (TEST_TRAIL_ARN, START_TIME_ARG), 1) self.assertIn('invalid error', stderr) self.assertIn( 'Results requested for %s to ' % format_display_date(START_DATE), stdout) self.assertIn('2/3 digest files valid, 1/3 digest files INVALID', stdout)
def test_fails_and_warns_when_log_hash_is_invalid(self): key_provider, digest_provider, validator = create_scenario( ['gap'], [[self._logs[0]]]) self.parsed_responses = [ {'LocationConstraint': ''}, {'Body': six.BytesIO(_gz_compress('does not match'))} ] _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( ("cloudtrail validate-logs --trail-arn %s --start-time " "--region us-east-1 '%s'") % (TEST_TRAIL_ARN, START_TIME_ARG), 1) self.assertIn( 'Log file\ts3://1/key1\tINVALID: hash value doesn\'t match', stderr)
def test_warns_when_digest_invalid(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'invalid', 'link'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time %s" % (TEST_TRAIL_ARN, START_TIME_ARG), 1) self.assertIn('invalid error', stderr) self.assertIn( 'Results requested for %s to ' % format_display_date(START_DATE), stdout) self.assertIn('2/3 digest files valid, 1/3 digest files INVALID', stdout)
def test_fails_and_warns_when_log_hash_is_invalid(self): key_provider, digest_provider, validator = create_scenario( ['gap'], [[self._logs[0]]]) self.parsed_responses = [ {'LocationConstraint': ''}, {'Body': six.BytesIO(_gz_compress('does not match'))} ] _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( ("cloudtrail validate-logs --trail-arn %s --start-time " "--region us-east-1 '%s'") % (TEST_TRAIL_ARN, START_TIME_ARG), 1) self.assertIn( 'Log file\ts3://1/key1\tINVALID: hash value doesn\'t match', stderr)
def test_shows_successful_summary(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'link'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( ("cloudtrail validate-logs --trail-arn %s --start-time %s " "--end-time %s --verbose") % (TEST_TRAIL_ARN, START_TIME_ARG, END_TIME_ARG), 0) self.assertIn(('Results requested for 2014-08-10T00:00:00Z to ' '2015-08-10T00:00:00Z'), stdout) self.assertIn('2/2 digest files valid', stdout) self.assertIn( 'Results found for 2014-08-10T01:00:00Z to 2014-08-10T02:30:00Z', stdout)
def test_shows_successful_summary(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'link'], []) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( ("cloudtrail validate-logs --trail-arn %s --start-time %s " "--end-time %s --verbose") % (TEST_TRAIL_ARN, START_TIME_ARG, END_TIME_ARG), 0) self.assertIn(('Results requested for 2014-08-10T00:00:00Z to ' '2015-08-10T00:00:00Z'), stdout) self.assertIn('2/2 digest files valid', stdout) self.assertIn( 'Results found for 2014-08-10T01:00:00Z to 2014-08-10T02:30:00Z', stdout)
def test_verbose_output_shows_happy_case(self): self.parsed_responses = [ {'LocationConstraint': 'us-east-1'}, {'Body': six.BytesIO(_gz_compress(self._logs[0]['_raw_value']))} ] key_provider, digest_provider, validator = create_scenario( ['gap', 'link'], [[], [self._logs[0]]]) _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( ("cloudtrail validate-logs --trail-arn %s --start-time %s " "--region us-east-1 --verbose") % (TEST_TRAIL_ARN, START_TIME_ARG), 0) self.assertIn('Digest file\ts3://1/%s\tvalid' % digest_provider.digests[0], stdout)
def test_validates_valid_log_files(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'link', 'link'], [[self._logs[2]], [], [self._logs[0], self._logs[1]]]) self.parsed_responses = [ {'LocationConstraint': ''}, {'Body': six.BytesIO(_gz_compress(self._logs[0]['_raw_value']))}, {'Body': six.BytesIO(_gz_compress(self._logs[1]['_raw_value']))}, {'Body': six.BytesIO(_gz_compress(self._logs[2]['_raw_value']))}, ] _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time %s --verbose" % (TEST_TRAIL_ARN, START_TIME_ARG), 0) self.assertIn('s3://1/key1', stdout) self.assertIn('s3://1/key2', stdout) self.assertIn('s3://1/key3', stdout)
def test_validates_valid_log_files(self): key_provider, digest_provider, validator = create_scenario( ['gap', 'link', 'link'], [[self._logs[2]], [], [self._logs[0], self._logs[1]]]) self.parsed_responses = [ {'LocationConstraint': ''}, {'Body': six.BytesIO(_gz_compress(self._logs[0]['_raw_value']))}, {'Body': six.BytesIO(_gz_compress(self._logs[1]['_raw_value']))}, {'Body': six.BytesIO(_gz_compress(self._logs[2]['_raw_value']))}, ] _setup_mock_traverser(self._mock_traverser, key_provider, digest_provider, validator) stdout, stderr, rc = self.run_cmd( "cloudtrail validate-logs --trail-arn %s --start-time %s --verbose" % (TEST_TRAIL_ARN, START_TIME_ARG), 0) self.assertIn('s3://1/key1', stdout) self.assertIn('s3://1/key2', stdout) self.assertIn('s3://1/key3', stdout)