aws_cloudtrail_trail feature: test how many days ago logs were delivered (#2887)

* * Adds new property to test how many days ago the CloudTrail delivered logs to the CloudWatch Logs.

* * Changes query for selected cloud trail in unit test
* Changes uses Time.now explicitly instead of making a variable in the unit test

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
This commit is contained in:
Matthew Dromazos 2018-04-06 14:04:57 -04:00 committed by Jared Quick
parent 8fa93587c0
commit b5a0007851
4 changed files with 42 additions and 0 deletions

View file

@ -109,6 +109,15 @@ Specifies the region in which the trail was created.
its('home_region') { should include "us-east-1" }
end
### delivered\_logs\_days\_ago
Specifies the number of days ago the CloudTrail delivered logs to CloudWatch Logs.
# Ensure the latest delivery time was recent
describe aws_cloudtrail_trail('trail-name') do
its('delivered_logs_days_ago') { should eq 0 }
end
<br>
## Matchers

View file

@ -29,6 +29,18 @@ class AwsCloudTrailTrail < Inspec.resource(1)
!kms_key_id.nil?
end
def delivered_logs_days_ago
query = { name: @trail_name }
catch_aws_errors do
begin
resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
((Time.now - resp[:latest_cloud_watch_logs_delivery_time])/(24*60*60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
rescue Aws::CloudTrail::Errors::TrailNotFoundException
nil
end
end
end
private
def validate_params(raw_params)
@ -72,6 +84,10 @@ class AwsCloudTrailTrail < Inspec.resource(1)
def describe_trails(query)
aws_service_client.describe_trails(query)
end
def get_trail_status(query)
aws_service_client.get_trail_status(query)
end
end
end
end

View file

@ -38,6 +38,7 @@ control "aws_cloudtrail_trail properties" do
its('cloud_watch_logs_role_arn') { should eq fixtures['cloudtrail_trail_1_cloud_watch_logs_role_arn'] }
its('cloud_watch_logs_log_group_arn') { should eq fixtures['cloudtrail_trail_1_cloud_watch_logs_group_arn']}
its('kms_key_id') { should eq fixtures['cloudtrail_trail_1_key_arn'] }
its('delivered_logs_days_ago') { should eq 0 }
end
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_2_name']) do
its('s3_bucket_name') { should eq fixtures['cloudtrail_trail_2_s3_bucket_name'] }

View file

@ -90,6 +90,11 @@ class AwsCloudTrailTrailPropertiesTest < Minitest::Test
assert_equal("us-east-1", AwsCloudTrailTrail.new('test-trail-1').home_region)
assert_nil(AwsCloudTrailTrail.new(trail_name: 'non-existant').home_region)
end
def test_property_delivered_logs_days_ago
assert_equal(0, AwsCloudTrailTrail.new('test-trail-1').delivered_logs_days_ago)
assert_nil(AwsCloudTrailTrail.new(trail_name: 'non-existant').delivered_logs_days_ago)
end
end
@ -166,5 +171,16 @@ module MACTTSB
end
OpenStruct.new({ trail_list: [selected] })
end
def get_trail_status(query)
fixtures = [
OpenStruct.new({
name: "test-trail-1",
latest_cloud_watch_logs_delivery_time: Time.now
})
]
fixtures.detect { |f| f.name == query[:name] }
end
end
end