def test_generate_main_with_sqs_url_false(self):
"""CLI - Terraform Generate Main with classifier_sqs.use_prefix = False"""
self.config['global']['infrastructure']['classifier_sqs']['use_prefix'] = False
result = generate.generate_main(config=self.config, init=False)
assert_equal(result['module']['globals']['source'], './modules/tf_globals')
assert_false(result['module']['globals']['sqs_use_prefix'])
def test_generate_main_s3_access_logging(self):
"""CLI - Terraform Generate Main with Alternate S3 Access Logging Bucket"""
alt_bucket_name = 'alternative-bucket-name'
self.config['global']['infrastructure']['s3_access_logging'] = {
'bucket_name': alt_bucket_name
}
tf_main = generate.generate_main(config=self.config, init=False)
# Should not "create" the logging bucket
assert_true('logging_bucket' not in tf_main['resource']['aws_s3_bucket'])
def test_generate_main_alerts_firehose(self):
"""CLI - Terraform Generate Main with Alerts Firehose Config"""
self.config['global']['infrastructure']['alerts_firehose'] = {
'bucket_name': 'test-bucket-name',
'buffer_interval': 600
}
tf_main = generate.generate_main(config=self.config, init=False)
assert_equal(
tf_main['module']['globals']['alerts_firehose_bucket_name'],
'test-bucket-name')
assert_equal(
tf_main['module']['globals']['alerts_firehose_buffer_interval'],
600)
def test_generate_main_with_firehose(self):
"""CLI - Terraform Generate Main with Firehose Enabled"""
self.config['global']['infrastructure']['firehose'] = {
'enabled': True,
'bucket_name': 'my-data',
'buffer_size': 10,
'buffer_interval': 650,
'enabled_logs': {
'cloudwatch': {
'enable_alarm': False
}
}
}
tf_main = generate.generate_main(config=self.config, init=False)
generated_modules = tf_main['module']
expected_kinesis_modules = {
'kinesis_firehose_setup',
'kinesis_firehose_cloudwatch_test_match_types',
'kinesis_firehose_cloudwatch_test_match_types_2'
}
assert_true(
all([
expected_module in generated_modules
for expected_module in expected_kinesis_modules
])
)
assert_equal(
generated_modules['kinesis_firehose_cloudwatch_test_match_types']['s3_bucket_name'],
'my-data'
)
assert_equal(
generated_modules['kinesis_firehose_cloudwatch_test_match_types']['buffer_size'],
10
)
assert_equal(
generated_modules['kinesis_firehose_cloudwatch_test_match_types']['buffer_interval'],
650
)
def test_generate_main(self):
"""CLI - Terraform Generate Main"""
tf_main = generate.generate_main(config=self.config, init=False)
tf_main_expected = {
'provider': {
'aws': {
'version': '~> 2.28.1', # Changes to this should require unit test update
'region': 'us-west-1'
}
},
'terraform': {
'required_version': '~> 0.12.9', # Changes to this should require unit test update
'backend': {
's3': {
'bucket': 'unit-test-streamalert-terraform-state',
'key': 'streamalert_state/terraform.tfstate',
'region': 'us-west-1',
'dynamodb_table': 'unit-test_streamalert_terraform_state_lock',
'encrypt': True,
'acl': 'private',
'kms_key_id': 'alias/alternate-alias'
}
}
},
'resource': {
'aws_kms_key': {
'server_side_encryption': {
'enable_key_rotation': True,
'description': 'StreamAlert S3 Server-Side Encryption',
'policy': ANY
},
'streamalert_secrets': {
'enable_key_rotation': True,
'description': 'StreamAlert secret management'
}
},
'aws_kms_alias': {
'server_side_encryption': {
'name': 'alias/unit-test_server-side-encryption',
'target_key_id': '${aws_kms_key.server_side_encryption.key_id}'
},
'streamalert_secrets': {
'name': 'alias/alternate-alias',
'target_key_id': '${aws_kms_key.streamalert_secrets.key_id}'
}
},
'aws_dynamodb_table': {
'terraform_remote_state_lock': {
'name': 'unit-test_streamalert_terraform_state_lock',
'billing_mode': 'PAY_PER_REQUEST',
'hash_key': 'LockID',
'attribute': {
'name': 'LockID',
'type': 'S'
},
'tags': {
'Name': 'StreamAlert'
}
}
},
'aws_s3_bucket': {
'terraform_remote_state': {
'bucket': 'unit-test-streamalert-terraform-state',
'acl': 'private',
'force_destroy': True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket': 'unit-test-streamalert-s3-logging',
'target_prefix': 'unit-test-streamalert-terraform-state/'
},
'server_side_encryption_configuration': {
'rule': {
'apply_server_side_encryption_by_default': {
'sse_algorithm': 'aws:kms',
'kms_master_key_id': (
'${aws_kms_key.server_side_encryption.key_id}')
}
}
},
'policy': ANY
},
'logging_bucket': {
'bucket': 'unit-test-streamalert-s3-logging',
'acl': 'log-delivery-write',
'force_destroy': True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket': 'unit-test-streamalert-s3-logging',
'target_prefix': 'unit-test-streamalert-s3-logging/'
},
'lifecycle_rule': {
'prefix': '/',
'enabled': True,
'transition': {
'days': 365,
'storage_class': 'GLACIER'
}
},
'server_side_encryption_configuration': {
'rule': {
'apply_server_side_encryption_by_default': {
'sse_algorithm': 'AES256'
}
}
},
'policy': ANY
},
'streamalerts': {
'bucket': 'unit-test-streamalerts',
'acl': 'private',
'force_destroy': True,
'versioning': {
'enabled': True
},
'logging': {
'target_bucket': 'unit-test-streamalert-s3-logging',
'target_prefix': 'unit-test-streamalerts/'
},
'server_side_encryption_configuration': {
'rule': {
'apply_server_side_encryption_by_default': {
'sse_algorithm': 'aws:kms',
'kms_master_key_id': (
'${aws_kms_key.server_side_encryption.key_id}')
}
}
},
'policy': ANY
}
},
'aws_sns_topic': {
'monitoring': {
'name': 'unit-test_streamalert_monitoring'
}
}
}
}
assert_dict_equal(tf_main['provider'], tf_main_expected['provider'])
assert_dict_equal(tf_main['terraform'], tf_main_expected['terraform'])
assert_dict_equal(tf_main['resource'], tf_main_expected['resource'])
