def test_generate_cloudtrail_all_options(self): """CLI - Terraform Generate Cloudtrail Module - All Options""" cluster_name = 'advanced' self.config['clusters']['advanced']['modules']['cloudtrail'] = { 'enabled': True, 'existing_trail': False, 'is_global_trail': False, 'event_pattern': { 'source': ['aws.ec2'], 'account': '12345678910', 'detail': { 'state': ['running'] } } } cloudtrail.generate_cloudtrail( cluster_name, self.cluster_dict, self.config ) assert_equal('cloudtrail_advanced' in self.cluster_dict['module'], True) assert_equal(self.cluster_dict['module']['cloudtrail_advanced'], { 'account_id': '12345678910', 'cluster': 'advanced', 'existing_trail': False, 'is_global_trail': False, 'kinesis_arn': '${module.kinesis_advanced.arn}', 'prefix': 'unit-testing', 'enable_logging': True, 'source': 'modules/tf_stream_alert_cloudtrail', 's3_logging_bucket': 'unit-testing.streamalert.s3-logging', 'event_pattern': '{"source": ["aws.ec2"], "account": "12345678910",' ' "detail": {"state": ["running"]}}' })
def test_generate_cloudtrail_basic(self): """CLI - Terraform Generate Cloudtrail Module - Legacy""" cluster_name = 'advanced' self.config['clusters']['advanced']['modules']['cloudtrail'] = { 'enabled': True } result = cloudtrail.generate_cloudtrail(cluster_name, self.cluster_dict, self.config) # Reload the config self.config.load() assert_true(result) assert_equal( set(self.config['clusters']['advanced']['modules'] ['cloudtrail'].keys()), {'enable_logging', 'enable_kinesis'}) assert_equal( self.cluster_dict['module']['cloudtrail_advanced'], { 'account_ids': ['12345678910'], 'cluster': 'advanced', 'kinesis_arn': '${module.kinesis_advanced.arn}', 'prefix': 'unit-testing', 'enable_logging': True, 'enable_kinesis': True, 'source': 'modules/tf_stream_alert_cloudtrail', 's3_logging_bucket': 'unit-testing.streamalert.s3-logging', 'existing_trail': False, 'is_global_trail': True, 'event_pattern': '{"account": ["12345678910"]}' })
def generate_cluster(**kwargs): """Generate a StreamAlert cluster file. Keyword Args: cluster_name (str): The name of the currently generating cluster config (dict): The loaded config from the 'conf/' directory Returns: dict: generated Terraform cluster dictionary """ config = kwargs.get('config') cluster_name = kwargs.get('cluster_name') modules = config['clusters'][cluster_name]['modules'] cluster_dict = infinitedict() if not generate_stream_alert(cluster_name, cluster_dict, config): return generate_cloudwatch_metric_filters(cluster_name, cluster_dict, config) generate_cloudwatch_metric_alarms(cluster_name, cluster_dict, config) if modules.get('cloudwatch_monitoring', {}).get('enabled'): if not generate_monitoring(cluster_name, cluster_dict, config): return if modules.get('kinesis'): if not generate_kinesis_streams(cluster_name, cluster_dict, config): return outputs = config['clusters'][cluster_name].get('outputs') if outputs: if not generate_outputs(cluster_name, cluster_dict, config): return if modules.get('kinesis_events'): if not generate_kinesis_events(cluster_name, cluster_dict, config): return cloudtrail_info = modules.get('cloudtrail') if cloudtrail_info: if not generate_cloudtrail(cluster_name, cluster_dict, config): return flow_log_info = modules.get('flow_logs') if flow_log_info: if not generate_flow_logs(cluster_name, cluster_dict, config): return s3_events_info = modules.get('s3_events') if s3_events_info: if not generate_s3_events(cluster_name, cluster_dict, config): return generate_app_integrations(cluster_name, cluster_dict, config) return cluster_dict
def generate_cluster(config, cluster_name): """Generate a StreamAlert cluster file. Args: config (dict): The loaded config from the 'conf/' directory cluster_name (str): The name of the currently generating cluster Returns: dict: generated Terraform cluster dictionary """ modules = config['clusters'][cluster_name]['modules'] cluster_dict = infinitedict() generate_classifier(cluster_name, cluster_dict, config) generate_cluster_cloudwatch_metric_filters(cluster_name, cluster_dict, config) generate_cluster_cloudwatch_metric_alarms(cluster_name, cluster_dict, config) if modules.get('cloudwatch_monitoring', {}).get('enabled'): if not generate_monitoring(cluster_name, cluster_dict, config): return if modules.get('kinesis'): if not generate_kinesis_streams(cluster_name, cluster_dict, config): return outputs = config['clusters'][cluster_name].get('outputs') if outputs: if not generate_outputs(cluster_name, cluster_dict, config): return if modules.get('kinesis_events'): if not generate_kinesis_events(cluster_name, cluster_dict, config): return if modules.get('cloudtrail'): if not generate_cloudtrail(cluster_name, cluster_dict, config): return if modules.get('cloudwatch'): if not generate_cloudwatch(cluster_name, cluster_dict, config): return if modules.get('flow_logs'): if not generate_flow_logs(cluster_name, cluster_dict, config): return if modules.get('s3_events'): if not generate_s3_events(cluster_name, cluster_dict, config): return generate_apps(cluster_name, cluster_dict, config) return cluster_dict
def test_generate_cloudtrail_basic(self): """CLI - Terraform Generate cloudtrail Module""" cluster_name = 'advanced' cloudtrail.generate_cloudtrail( cluster_name, self.cluster_dict, self.config ) assert_equal('cloudtrail_advanced' in self.cluster_dict['module'], True) assert_equal(self.cluster_dict['module']['cloudtrail_advanced'], { 'account_id': '12345678910', 'cluster': 'advanced', 'kinesis_arn': '${module.kinesis_advanced.arn}', 'prefix': 'unit-testing', 'enable_logging': True, 'source': 'modules/tf_stream_alert_cloudtrail', 's3_logging_bucket': 'unit-testing.streamalert.s3-logging', 'existing_trail': False, 'is_global_trail': True, 'event_pattern': '{"account": ["12345678910"]}' })
def test_generate_cloudtrail_invalid_event_pattern(self, mock_logging): """CLI - Terraform Generate Cloudtrail Module - Invalid Event Pattern""" cluster_name = 'advanced' self.config['clusters']['advanced']['modules']['cloudtrail'] = { 'enable_logging': True, 'enable_kinesis': True, 'existing_trail': False, 'is_global_trail': False, 'event_pattern': json.dumps({'invalid': ['aws.ec2']}) } result = cloudtrail.generate_cloudtrail(cluster_name, self.cluster_dict, self.config) assert_false(result) assert_true(mock_logging.error.called)