def test_generate_main_with_sqs_url_false(self): """CLI - Terraform Generate Main with classifier_sqs.use_prefix = False""" self.config['global']['infrastructure']['classifier_sqs']['use_prefix'] = False result = generate.generate_main(config=self.config, init=False) assert_equal(result['module']['globals']['source'], './modules/tf_globals') assert_false(result['module']['globals']['sqs_use_prefix'])
def test_generate_main_s3_access_logging(self): """CLI - Terraform Generate Main with Alternate S3 Access Logging Bucket""" alt_bucket_name = 'alternative-bucket-name' self.config['global']['infrastructure']['s3_access_logging'] = { 'bucket_name': alt_bucket_name } tf_main = generate.generate_main(config=self.config, init=False) # Should not "create" the logging bucket assert_true('logging_bucket' not in tf_main['resource']['aws_s3_bucket'])
def test_generate_main_alerts_firehose(self): """CLI - Terraform Generate Main with Alerts Firehose Config""" self.config['global']['infrastructure']['alerts_firehose'] = { 'bucket_name': 'test-bucket-name', 'buffer_interval': 600 } tf_main = generate.generate_main(config=self.config, init=False) assert_equal( tf_main['module']['globals']['alerts_firehose_bucket_name'], 'test-bucket-name') assert_equal( tf_main['module']['globals']['alerts_firehose_buffer_interval'], 600)
def test_generate_main_with_firehose(self): """CLI - Terraform Generate Main with Firehose Enabled""" self.config['global']['infrastructure']['firehose'] = { 'enabled': True, 'bucket_name': 'my-data', 'buffer_size': 10, 'buffer_interval': 650, 'enabled_logs': { 'cloudwatch': { 'enable_alarm': False } } } tf_main = generate.generate_main(config=self.config, init=False) generated_modules = tf_main['module'] expected_kinesis_modules = { 'kinesis_firehose_setup', 'kinesis_firehose_cloudwatch_test_match_types', 'kinesis_firehose_cloudwatch_test_match_types_2' } assert_true( all([ expected_module in generated_modules for expected_module in expected_kinesis_modules ]) ) assert_equal( generated_modules['kinesis_firehose_cloudwatch_test_match_types']['s3_bucket_name'], 'my-data' ) assert_equal( generated_modules['kinesis_firehose_cloudwatch_test_match_types']['buffer_size'], 10 ) assert_equal( generated_modules['kinesis_firehose_cloudwatch_test_match_types']['buffer_interval'], 650 )
def test_generate_main(self): """CLI - Terraform Generate Main""" tf_main = generate.generate_main(config=self.config, init=False) tf_main_expected = { 'provider': { 'aws': { 'version': '~> 2.28.1', # Changes to this should require unit test update 'region': 'us-west-1' } }, 'terraform': { 'required_version': '~> 0.12.9', # Changes to this should require unit test update 'backend': { 's3': { 'bucket': 'unit-test-streamalert-terraform-state', 'key': 'streamalert_state/terraform.tfstate', 'region': 'us-west-1', 'dynamodb_table': 'unit-test_streamalert_terraform_state_lock', 'encrypt': True, 'acl': 'private', 'kms_key_id': 'alias/alternate-alias' } } }, 'resource': { 'aws_kms_key': { 'server_side_encryption': { 'enable_key_rotation': True, 'description': 'StreamAlert S3 Server-Side Encryption', 'policy': ANY }, 'streamalert_secrets': { 'enable_key_rotation': True, 'description': 'StreamAlert secret management' } }, 'aws_kms_alias': { 'server_side_encryption': { 'name': 'alias/unit-test_server-side-encryption', 'target_key_id': '${aws_kms_key.server_side_encryption.key_id}' }, 'streamalert_secrets': { 'name': 'alias/alternate-alias', 'target_key_id': '${aws_kms_key.streamalert_secrets.key_id}' } }, 'aws_dynamodb_table': { 'terraform_remote_state_lock': { 'name': 'unit-test_streamalert_terraform_state_lock', 'billing_mode': 'PAY_PER_REQUEST', 'hash_key': 'LockID', 'attribute': { 'name': 'LockID', 'type': 'S' }, 'tags': { 'Name': 'StreamAlert' } } }, 'aws_s3_bucket': { 'terraform_remote_state': { 'bucket': 'unit-test-streamalert-terraform-state', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-test-streamalert-s3-logging', 'target_prefix': 'unit-test-streamalert-terraform-state/' }, 'server_side_encryption_configuration': { 'rule': { 'apply_server_side_encryption_by_default': { 'sse_algorithm': 'aws:kms', 'kms_master_key_id': ( '${aws_kms_key.server_side_encryption.key_id}') } } }, 'policy': ANY }, 'logging_bucket': { 'bucket': 'unit-test-streamalert-s3-logging', 'acl': 'log-delivery-write', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-test-streamalert-s3-logging', 'target_prefix': 'unit-test-streamalert-s3-logging/' }, 'lifecycle_rule': { 'prefix': '/', 'enabled': True, 'transition': { 'days': 365, 'storage_class': 'GLACIER' } }, 'server_side_encryption_configuration': { 'rule': { 'apply_server_side_encryption_by_default': { 'sse_algorithm': 'AES256' } } }, 'policy': ANY }, 'streamalerts': { 'bucket': 'unit-test-streamalerts', 'acl': 'private', 'force_destroy': True, 'versioning': { 'enabled': True }, 'logging': { 'target_bucket': 'unit-test-streamalert-s3-logging', 'target_prefix': 'unit-test-streamalerts/' }, 'server_side_encryption_configuration': { 'rule': { 'apply_server_side_encryption_by_default': { 'sse_algorithm': 'aws:kms', 'kms_master_key_id': ( '${aws_kms_key.server_side_encryption.key_id}') } } }, 'policy': ANY } }, 'aws_sns_topic': { 'monitoring': { 'name': 'unit-test_streamalert_monitoring' } } } } assert_dict_equal(tf_main['provider'], tf_main_expected['provider']) assert_dict_equal(tf_main['terraform'], tf_main_expected['terraform']) assert_dict_equal(tf_main['resource'], tf_main_expected['resource'])