def test_generate_main_with_firehose(self): """CLI - Terraform Generate Main with Firehose Enabled""" self.config['global']['infrastructure']['firehose'] = { 'enabled': True, 's3_bucket_suffix': 'my-data', 'buffer_size': 10, 'buffer_interval': 650, 'enabled_logs': ['cloudwatch'] } tf_main = generate.generate_main(config=self.config, init=False) generated_modules = tf_main['module'] expected_kinesis_modules = { 'kinesis_firehose_setup', 'kinesis_firehose_cloudwatch_test_match_types', 'kinesis_firehose_cloudwatch_test_match_types_2' } assert_true( all([ expected_module in generated_modules for expected_module in expected_kinesis_modules ])) assert_equal(generated_modules['kinesis_firehose_cloudwatch_test_match_types']\ ['s3_bucket_name'], 'unit-testing.my-data') assert_equal(generated_modules['kinesis_firehose_cloudwatch_test_match_types']\ ['buffer_size'], 10) assert_equal(generated_modules['kinesis_firehose_cloudwatch_test_match_types']\ ['buffer_interval'], 650)
def test_generate_main_with_sqs_url_false(self): """CLI - Terraform Generate Main with classifier_sqs.use_prefix = False""" self.config['global']['infrastructure']['classifier_sqs'][ 'use_prefix'] = False result = generate.generate_main(config=self.config, init=False) assert_equal(result['module']['globals']['source'], 'modules/tf_stream_alert_globals') assert_false(result['module']['globals']['sqs_use_prefix'])
def test_generate_main_with_firehose(self): """CLI - Terraform Generate Main with Firehose Enabled""" self.config['global']['infrastructure']['firehose'] = { 'enabled': True, 's3_bucket_suffix': 'my-data', 'buffer_size': 10, 'buffer_interval': 650 } tf_main = generate.generate_main(config=self.config, init=False) generated_firehose = tf_main['module']['kinesis_firehose'] assert_equal(generated_firehose['s3_bucket_name'], 'unit-testing.my-data') assert_equal(generated_firehose['buffer_size'], 10) assert_equal(generated_firehose['buffer_interval'], 650)
def test_generate_main(self): """CLI - Terraform Generate Main""" tf_main = generate.generate_main(config=self.config, init=False) tf_main_expected = { 'provider': { 'aws': { 'version': generate.TERRAFORM_VERSIONS['provider']['aws'] } }, 'terraform': { 'required_version': generate.TERRAFORM_VERSIONS['application'], 'backend': { 's3': { 'bucket': 'unit-testing.streamalert.terraform.state', 'key': 'stream_alert_state/terraform.tfstate', 'region': 'us-west-1', 'encrypt': True, 'acl': 'private', 'kms_key_id': 'alias/unit-testing' } } }, 'resource': { 'aws_kms_key': { 'stream_alert_secrets': { 'enable_key_rotation': True, 'description': 'StreamAlert secret management' } }, 'aws_kms_alias': { 'stream_alert_secrets': { 'name': 'alias/unit-testing', 'target_key_id': '${aws_kms_key.stream_alert_secrets.key_id}' } }, 'aws_s3_bucket': { 'lambda_source': { 'bucket': 'unit.testing.source.bucket', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit.testing.source.bucket/' } }, 'stream_alert_secrets': { 'bucket': 'unit-testing.streamalert.secrets', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit-testing.streamalert.secrets/' } }, 'terraform_remote_state': { 'bucket': 'unit-testing.terraform.tfstate', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit-testing.terraform.tfstate/' } }, 'logging_bucket': { 'bucket': 'unit-testing.streamalert.s3-logging', 'acl': 'log-delivery-write', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit-testing.streamalert.s3-logging/' }, 'lifecycle_rule': { 'prefix': '/', 'enabled': True, 'transition': { 'days': 30, 'storage_class': 'GLACIER' } } }, 'streamalerts': { 'bucket': 'unit-testing.streamalerts', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit-testing.streamalerts/' } } }, 'aws_sns_topic': { 'stream_alert_monitoring': { 'name': 'stream_alert_monitoring' } } } } assert_equal(tf_main['provider'], tf_main_expected['provider']) assert_equal(tf_main['terraform'], tf_main_expected['terraform']) assert_equal(tf_main['resource'], tf_main_expected['resource'])
def test_generate_main(self): """CLI - Terraform Generate Main""" tf_main = generate.generate_main(config=self.config, init=False) tf_main_expected = { 'provider': { 'aws': { 'version': generate.TERRAFORM_VERSIONS['provider']['aws'], 'region': 'us-west-1' } }, 'terraform': { 'required_version': generate.TERRAFORM_VERSIONS['application'], 'backend': { 's3': { 'bucket': 'unit-testing.streamalert.terraform.state', 'key': 'stream_alert_state/terraform.tfstate', 'region': 'us-west-1', 'encrypt': True, 'acl': 'private', 'kms_key_id': 'alias/unit-testing' } } }, 'resource': { 'aws_kms_key': { 'server_side_encryption': { 'enable_key_rotation': True, 'description': 'StreamAlert S3 Server-Side Encryption', 'policy': ANY }, 'stream_alert_secrets': { 'enable_key_rotation': True, 'description': 'StreamAlert secret management' } }, 'aws_kms_alias': { 'server_side_encryption': { 'name': 'alias/unit-testing_server-side-encryption', 'target_key_id': '${aws_kms_key.server_side_encryption.key_id}' }, 'stream_alert_secrets': { 'name': 'alias/unit-testing', 'target_key_id': '${aws_kms_key.stream_alert_secrets.key_id}' } }, 'aws_s3_bucket': { 'stream_alert_secrets': { 'bucket': 'unit-testing.streamalert.secrets', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit-testing.streamalert.secrets/' }, 'server_side_encryption_configuration': { 'rule': { 'apply_server_side_encryption_by_default': { 'sse_algorithm': 'aws:kms', 'kms_master_key_id': ('${aws_kms_key.server_side_encryption.key_id}' ) } } }, 'policy': ('{"Version": "2012-10-17", "Statement": [{"Resource": ' '["arn:aws:s3:::unit-testing.streamalert.secrets/*", ' '"arn:aws:s3:::unit-testing.streamalert.secrets"], "Effect": ' '"Deny", "Sid": "ForceSSLOnlyAccess", "Action": "s3:*", ' '"Condition": {"Bool": {"aws:SecureTransport": "false"}}, ' '"Principal": "*"}]}') }, 'terraform_remote_state': { 'bucket': 'unit-testing.streamalert.terraform.state', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit-testing.streamalert.terraform.state/' }, 'server_side_encryption_configuration': { 'rule': { 'apply_server_side_encryption_by_default': { 'sse_algorithm': 'aws:kms', 'kms_master_key_id': ('${aws_kms_key.server_side_encryption.key_id}' ) } } }, 'policy': ('{"Version": "2012-10-17", "Statement": [{"Resource": ' '["arn:aws:s3:::unit-testing.streamalert.terraform.state/*", ' '"arn:aws:s3:::unit-testing.streamalert.terraform.state"], "Effect": ' '"Deny", "Sid": "ForceSSLOnlyAccess", "Action": "s3:*", ' '"Condition": {"Bool": {"aws:SecureTransport": "false"}}, ' '"Principal": "*"}]}') }, 'logging_bucket': { 'bucket': 'unit-testing.streamalert.s3-logging', 'acl': 'log-delivery-write', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit-testing.streamalert.s3-logging/' }, 'lifecycle_rule': { 'prefix': '/', 'enabled': True, 'transition': { 'days': 365, 'storage_class': 'GLACIER' } }, 'server_side_encryption_configuration': { 'rule': { 'apply_server_side_encryption_by_default': { 'sse_algorithm': 'AES256' } } }, 'policy': ('{"Version": "2012-10-17", "Statement": [{"Resource": ' '["arn:aws:s3:::unit-testing.streamalert.s3-logging/*", ' '"arn:aws:s3:::unit-testing.streamalert.s3-logging"], "Effect": ' '"Deny", "Sid": "ForceSSLOnlyAccess", "Action": "s3:*", ' '"Condition": {"Bool": {"aws:SecureTransport": "false"}}, ' '"Principal": "*"}]}') }, 'streamalerts': { 'bucket': 'unit-testing.streamalerts', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-testing.streamalert.s3-logging', 'target_prefix': 'unit-testing.streamalerts/' }, 'server_side_encryption_configuration': { 'rule': { 'apply_server_side_encryption_by_default': { 'sse_algorithm': 'aws:kms', 'kms_master_key_id': ('${aws_kms_key.server_side_encryption.key_id}' ) } } }, 'policy': ('{"Version": "2012-10-17", "Statement": [{"Resource": ' '["arn:aws:s3:::unit-testing.streamalerts/*", ' '"arn:aws:s3:::unit-testing.streamalerts"], "Effect": ' '"Deny", "Sid": "ForceSSLOnlyAccess", "Action": "s3:*", ' '"Condition": {"Bool": {"aws:SecureTransport": "false"}}, ' '"Principal": "*"}]}') } }, 'aws_sns_topic': { 'stream_alert_monitoring': { 'name': 'stream_alert_monitoring' } } } } assert_equal(tf_main['provider'], tf_main_expected['provider']) assert_equal(tf_main['terraform'], tf_main_expected['terraform']) assert_equal(tf_main['resource'], tf_main_expected['resource'])