def test_load_gzipped_files_in_timeframe_from_dir():
records = LocalDirectoryRecordSource(cloudtrail_data_dir()).load_from_dir(
datetime.datetime(2017, 12, 1, tzinfo=pytz.utc),
datetime.datetime(2017, 12, 12, tzinfo=pytz.utc))
assert records == [
Record(
"autoscaling.amazonaws.com",
"DescribeLaunchConfigurations",
assumed_role_arn="arn:aws:iam::111111111111:role/someRole",
# "2017-12-11T15:01:51Z"
event_time=datetime.datetime(2017,
12,
11,
15,
1,
51,
tzinfo=pytz.utc)),
Record("sts.amazonaws.com",
"AssumeRole",
resource_arns=["arn:aws:iam::111111111111:role/someRole"],
event_time=datetime.datetime(2017,
12,
11,
15,
4,
51,
tzinfo=pytz.utc))
]
def test_load_gzipped_files_including_those_that_were_delivered_only_an_hour_after_the_event_time_we_are_looking_for(
):
records = LocalDirectoryRecordSource(cloudtrail_data_dir()).load_from_dir(
datetime.datetime(2017, 12, 11, 0, 0, tzinfo=pytz.utc),
datetime.datetime(2017, 12, 11, 14, 5, tzinfo=pytz.utc))
assert records == [
Record(
"autoscaling.amazonaws.com",
"DescribeLaunchConfigurations",
assumed_role_arn="arn:aws:iam::111111111111:role/someRole",
# "2017-12-11T15:01:51Z"
event_time=datetime.datetime(2017,
12,
11,
15,
1,
51,
tzinfo=pytz.utc)),
Record("sts.amazonaws.com",
"AssumeRole",
resource_arns=["arn:aws:iam::111111111111:role/someRole"],
event_time=datetime.datetime(2017,
12,
11,
15,
4,
51,
tzinfo=pytz.utc))
]
def test_should_output_the_timestamp_of_the_last_event():
runner = CliRunner()
result = runner.invoke(
cli.root_group,
args=["last-event-timestamp", "--log-dir",
cloudtrail_data_dir()])
assert result.exit_code == 0
assert result.output == "2017-12-11 15:04:51+00:00\n"
def test_should_output_all_cloudtrail_records_in_data_dir():
runner = CliRunner()
result = runner.invoke(cli.root_group,
args=[
"select",
"--log-dir",
cloudtrail_data_dir(),
])
expected_json = json.load(
open(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json"
)))
assert result.exit_code == 0
assert json.loads(result.output) == expected_json
def test_should_output_cloudrail_records_filtered_by_role_arn():
runner = CliRunner()
result = runner.invoke(cli.root_group,
args=[
"select", "--log-dir",
cloudtrail_data_dir(),
"--filter-assumed-role-arn",
"arn:aws:iam::111111111111:role/someRole"
])
expected_json = json.load(
open(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json"
)))
expected_json['Records'].pop(1)
assert result.exit_code == 0
assert json.loads(result.output) == expected_json
def test_should_output_cloudrail_records_filtered_by_timeframe():
runner = CliRunner()
result = runner.invoke(cli.root_group,
args=[
"select", "--log-dir",
cloudtrail_data_dir(), "--from",
"2017-12-11 15:00:00Z", "--to",
"2017-12-11 15:02:00Z"
])
expected_json = json.load(
open(
cloudtrail_data(
"111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json"
)))
expected_json['Records'].pop(
1
) # TODO: this test should use a different record to distinguish between filtering arns and timeframes
assert result.exit_code == 0
assert json.loads(result.output) == expected_json
def test_load_no_gzipped_files_outsite_timeframe_from_dir():
records = LocalDirectoryRecordSource(cloudtrail_data_dir()).load_from_dir(
datetime.datetime(2016, 12, 1, tzinfo=pytz.utc),
datetime.datetime(2016, 12, 12, tzinfo=pytz.utc))
assert records == []
def test_load_no_gzipped_files_outsite_timeframe_from_dir():
records = load_from_dir(cloudtrail_data_dir(),
datetime.datetime(2016, 12, 1, tzinfo=pytz.utc),
datetime.datetime(2016, 12, 12, tzinfo=pytz.utc))
assert records == []