def test_generate_cloudtrail_minimal(self):
"""CLI - Terraform Generate CloudTrail Module, Minimal Settings"""
cluster_name = 'advanced'
self.config['clusters']['advanced']['modules']['cloudtrail'] = {
'send_to_cloudwatch': False,
'enable_s3_events': False,
's3_cross_account_ids': ['456789012345'],
}
cloudtrail.generate_cloudtrail(
cluster_name,
self.cluster_dict,
self.config
)
expected = {
'cloudtrail_advanced': {
'source': './modules/tf_cloudtrail',
's3_cross_account_ids': ['12345678910', '456789012345'],
'primary_account_id': '12345678910',
'cluster': 'advanced',
'prefix': 'unit-test',
'region': 'us-west-1',
's3_bucket_name': 'unit-test-advanced-streamalert-cloudtrail',
's3_logging_bucket': 'unit-test-streamalert-s3-logging',
}
}
assert_equal(expected, self.cluster_dict['module'])
def test_generate_cloudtrail_with_s3_events(self):
"""CLI - Terraform Generate CloudTrail Module, With S3 Events"""
cluster_name = 'advanced'
self.config['clusters']['advanced']['modules']['cloudtrail'] = {
'send_to_cloudwatch': False,
'enable_s3_events': True,
's3_cross_account_ids': ['456789012345'],
's3_bucket_name': 'unit-test-bucket'
}
cloudtrail.generate_cloudtrail(
cluster_name,
self.cluster_dict,
self.config
)
expected = {
'cloudtrail_advanced': {
'source': './modules/tf_cloudtrail',
's3_cross_account_ids': ['12345678910', '456789012345'],
'primary_account_id': '12345678910',
'cluster': 'advanced',
'prefix': 'unit-test',
'region': 'us-west-1',
's3_bucket_name': 'unit-test-bucket',
's3_logging_bucket': 'unit-test-streamalert-s3-logging',
},
'cloudtrail_s3_events_unit-test_advanced_unit-test-bucket': {
'source': './modules/tf_s3_events',
'lambda_role_id': '${module.classifier_advanced_lambda.role_id}',
'lambda_function_alias': '${module.classifier_advanced_lambda.function_alias}',
'lambda_function_alias_arn': (
'${module.classifier_advanced_lambda.function_alias_arn}'
),
'lambda_function_name': '${module.classifier_advanced_lambda.function_name}',
'bucket_name': 'unit-test-bucket',
'filters': [
{
'filter_prefix': 'AWSLogs/12345678910/'
},
{
'filter_prefix': 'AWSLogs/456789012345/'
}
]
}
}
assert_equal(expected, self.cluster_dict['module'])
def generate_cluster(config, cluster_name):
"""Generate a StreamAlert cluster file.
Args:
config (dict): The loaded config from the 'conf/' directory
cluster_name (str): The name of the currently generating cluster
Returns:
dict: generated Terraform cluster dictionary
"""
modules = config['clusters'][cluster_name]['modules']
cluster_dict = infinitedict()
generate_classifier(cluster_name, cluster_dict, config)
generate_cluster_cloudwatch_metric_filters(cluster_name, cluster_dict,
config)
generate_cluster_cloudwatch_metric_alarms(cluster_name, cluster_dict,
config)
if modules.get('cloudwatch_monitoring', {}).get('enabled'):
if not generate_monitoring(cluster_name, cluster_dict, config):
return
if modules.get('kinesis'):
if not generate_kinesis_streams(cluster_name, cluster_dict, config):
return
if modules.get('kinesis_events'):
if not generate_kinesis_events(cluster_name, cluster_dict, config):
return
if modules.get('cloudtrail'):
if not generate_cloudtrail(cluster_name, cluster_dict, config):
return
# purposely not using .get, since no extra settings are required for this module
if 'cloudwatch_events' in modules:
if not generate_cloudwatch_events(cluster_name, cluster_dict, config):
return
if modules.get('cloudwatch_logs_destination'):
if not generate_cloudwatch_destinations(cluster_name, cluster_dict,
config):
return
if modules.get('flow_logs'):
if not generate_flow_logs(cluster_name, cluster_dict, config):
return
if modules.get('s3_events'):
if not generate_s3_events(cluster_name, cluster_dict, config):
return
generate_apps(cluster_name, cluster_dict, config)
return cluster_dict
def test_generate_cloudtrail_cloudwatch_logs_and_s3(self):
"""CLI - Terraform Generate CloudTrail Module, With S3 and CloudWatch Logs"""
cluster_name = 'advanced'
self.config['clusters']['advanced']['modules']['cloudtrail'] = {
'send_to_cloudwatch': True,
's3_cross_account_ids': ['456789012345'],
'enable_s3_events': True,
}
cloudtrail.generate_cloudtrail(
cluster_name,
self.cluster_dict,
self.config
)
expected = {
'cloudwatch_logs_destination_advanced': {
'source': './modules/tf_cloudwatch_logs_destination',
'prefix': 'unit-test',
'cluster': 'advanced',
'regions': [
'us-west-1'
],
'destination_kinesis_stream_arn': '${module.kinesis_advanced.arn}'
},
'cloudwatch_logs_destination_advanced_us-west-1': {
'source': './modules/tf_cloudwatch_logs_destination/modules/destination',
'prefix': 'unit-test',
'cluster': 'advanced',
'account_ids': [
'12345678910'
],
'destination_kinesis_stream_arn': '${module.kinesis_advanced.arn}',
'cloudwatch_logs_subscription_role_arn': (
'${module.cloudwatch_logs_destination_advanced.'
'cloudwatch_logs_subscription_role_arn}'
),
'providers': {
'aws': 'aws.us-west-1'
}
},
'cloudtrail_cloudwatch_advanced': {
'source': './modules/tf_cloudtrail/modules/tf_cloudtrail_cloudwatch',
'cluster': 'advanced',
'prefix': 'unit-test',
'region': 'us-west-1',
'cloudwatch_destination_arn': (
'${module.cloudwatch_logs_destination_advanced_us-west-1.'
'cloudwatch_logs_destination_arn}'
),
},
'cloudtrail_advanced': {
'source': './modules/tf_cloudtrail',
's3_cross_account_ids': ['12345678910', '456789012345'],
'primary_account_id': '12345678910',
'cluster': 'advanced',
'prefix': 'unit-test',
'region': 'us-west-1',
's3_bucket_name': 'unit-test-advanced-streamalert-cloudtrail',
's3_logging_bucket': 'unit-test-streamalert-s3-logging',
'cloudwatch_logs_role_arn': (
'${module.cloudtrail_cloudwatch_advanced.cloudtrail_to_cloudwatch_logs_role}'
),
'cloudwatch_logs_group_arn': (
'${module.cloudtrail_cloudwatch_advanced.cloudwatch_logs_group_arn}'
),
},
'cloudtrail_s3_events_unit-test_advanced_unit-test-advanced-streamalert-cloudtrail': {
'source': './modules/tf_s3_events',
'lambda_role_id': '${module.classifier_advanced_lambda.role_id}',
'lambda_function_alias': '${module.classifier_advanced_lambda.function_alias}',
'lambda_function_alias_arn': (
'${module.classifier_advanced_lambda.function_alias_arn}'
),
'lambda_function_name': '${module.classifier_advanced_lambda.function_name}',
'bucket_name': 'unit-test-advanced-streamalert-cloudtrail',
'filters': [
{
'filter_prefix': 'AWSLogs/456789012345/'
}
]
},
}
assert_equal(expected, self.cluster_dict['module'])
def test_generate_cloudtrail_with_cloudwatch_logs(self):
"""CLI - Terraform Generate CloudTrail Module, With CloudWatch Logs"""
cluster_name = 'advanced'
self.config['clusters']['advanced']['modules']['cloudtrail'] = {
's3_settings': {
'enable_events': False,
},
'send_to_cloudwatch': True,
}
cloudtrail.generate_cloudtrail(cluster_name, self.cluster_dict,
self.config)
expected = {
'cloudwatch_logs_destination_advanced': {
'source': './modules/tf_cloudwatch_logs_destination',
'prefix': 'unit-test',
'cluster': 'advanced',
'regions': ['us-west-1'],
'destination_kinesis_stream_arn':
'${module.kinesis_advanced.arn}'
},
'cloudwatch_logs_destination_advanced_us-west-1': {
'source':
'./modules/tf_cloudwatch_logs_destination/modules/destination',
'prefix':
'unit-test',
'cluster':
'advanced',
'account_ids': ['12345678910'],
'destination_kinesis_stream_arn':
'${module.kinesis_advanced.arn}',
'cloudwatch_logs_subscription_role_arn':
('${module.cloudwatch_logs_destination_advanced.'
'cloudwatch_logs_subscription_role_arn}'),
'providers': {
'aws': 'aws.us-west-1'
}
},
'cloudtrail_cloudwatch_advanced': {
'source':
'./modules/tf_cloudtrail/modules/tf_cloudtrail_cloudwatch',
'cluster':
'advanced',
'prefix':
'unit-test',
'region':
'us-west-1',
'cloudwatch_destination_arn':
('${module.cloudwatch_logs_destination_advanced_us-west-1.'
'cloudwatch_logs_destination_arn}'),
},
'cloudtrail_advanced': {
'source':
'./modules/tf_cloudtrail',
's3_cross_account_ids': ['12345678910'],
'primary_account_id':
'12345678910',
'cluster':
'advanced',
'prefix':
'unit-test',
'region':
'us-west-1',
's3_bucket_name':
'unit-test-advanced-streamalert-cloudtrail',
's3_logging_bucket':
'unit-test-streamalert-s3-logging',
'cloudwatch_logs_role_arn':
('${module.cloudtrail_cloudwatch_advanced.cloudtrail_to_cloudwatch_logs_role}'
),
'cloudwatch_logs_group_arn':
('${module.cloudtrail_cloudwatch_advanced.cloudwatch_logs_group_arn}'
),
},
}
assert_equal(expected, self.cluster_dict['module'])
