def download(bucket, prefix, org_id, account_id, region, log_dir, from_s, to_s,
wait, parallelism):
"""Downloads CloudTrail Logs from S3."""
log_dir = os.path.expanduser(log_dir)
from_date = time_utils.parse_human_readable_time(from_s)
to_date = time_utils.parse_human_readable_time(to_s)
download_cloudtrail_logs(log_dir, bucket, prefix, org_id, account_id,
region, from_date, to_date, parallelism)
if wait:
last_timestamp = last_event_timestamp_in_dir(log_dir)
while last_timestamp <= to_date:
click.echo("CloudTrail logs haven't caught up to " + str(to_date) +
" yet. " + "Most recent timestamp: " +
str(last_timestamp.astimezone(to_date.tzinfo)) + ". " +
"Trying again in 60sec.")
time.sleep(60 * 1)
download_cloudtrail_logs(log_dir, bucket, prefix, org_id,
account_id, region, from_date, to_date,
parallelism)
last_timestamp = last_event_timestamp_in_dir(log_dir)
def test_should_parse_human_readable_relative_times():
assert parse_human_readable_time("one hour ago").astimezone(pytz.utc) == \
datetime.datetime(2010,11,12,12,14,15,tzinfo=pytz.utc)
assert parse_human_readable_time("in 10 minutes").astimezone(pytz.utc) == \
datetime.datetime(2010,11,12,13,24,15,tzinfo=pytz.utc)
assert parse_human_readable_time("-1 hour").astimezone(pytz.utc) == \
datetime.datetime(2010,11,12,12,14,15,tzinfo=pytz.utc)
assert parse_human_readable_time("-1 day").astimezone(pytz.utc) == \
datetime.datetime(2010,11,11,13,14,15,tzinfo=pytz.utc)
assert parse_human_readable_time("-10 minutes").astimezone(pytz.utc) == \
datetime.datetime(2010,11,12,13,4,15,tzinfo=pytz.utc)
def select(log_dir, filter_assumed_role_arn, use_cloudtrail_api, from_s, to_s):
"""Finds all CloudTrail records matching the given filters and prints them."""
log_dir = os.path.expanduser(log_dir)
from_date = time_utils.parse_human_readable_time(from_s)
to_date = time_utils.parse_human_readable_time(to_s)
if use_cloudtrail_api:
records = load_from_api(from_date, to_date)
else:
records = load_from_dir(log_dir, from_date, to_date)
filtered_records = filter_records(records, filter_assumed_role_arn, from_date, to_date)
filtered_records_as_json = [record.raw_source for record in filtered_records]
click.echo(json.dumps({"Records": filtered_records_as_json}))
def test_shoud_parse_into_datetime_with_timezone_information():
assert parse_human_readable_time("now").tzinfo is not None
def test_should_parse_human_readable_current_time():
assert parse_human_readable_time("now").astimezone(pytz.utc) == \
datetime.datetime(2010,11,12,13,14,15,tzinfo=pytz.utc)
def test_should_parse_full_datetimes():
assert parse_human_readable_time("2017-12-22 10:11:12").replace(tzinfo=None) == \
datetime.datetime(2017, 12, 22, 10, 11, 12)