mirror of
https://github.com/inspec/inspec
synced 2024-11-26 22:50:36 +00:00
aws_cloudtrail_trail feature: test how many days ago logs were delivered (#2887)
* * Adds new property to test how many days ago the CloudTrail delivered logs to the CloudWatch Logs. * * Changes query for selected cloud trail in unit test * Changes uses Time.now explicitly instead of making a variable in the unit test Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
This commit is contained in:
parent
8fa93587c0
commit
b5a0007851
4 changed files with 42 additions and 0 deletions
|
@ -109,6 +109,15 @@ Specifies the region in which the trail was created.
|
|||
its('home_region') { should include "us-east-1" }
|
||||
end
|
||||
|
||||
### delivered\_logs\_days\_ago
|
||||
|
||||
Specifies the number of days ago the CloudTrail delivered logs to CloudWatch Logs.
|
||||
|
||||
# Ensure the latest delivery time was recent
|
||||
describe aws_cloudtrail_trail('trail-name') do
|
||||
its('delivered_logs_days_ago') { should eq 0 }
|
||||
end
|
||||
|
||||
<br>
|
||||
|
||||
## Matchers
|
||||
|
|
|
@ -29,6 +29,18 @@ class AwsCloudTrailTrail < Inspec.resource(1)
|
|||
!kms_key_id.nil?
|
||||
end
|
||||
|
||||
def delivered_logs_days_ago
|
||||
query = { name: @trail_name }
|
||||
catch_aws_errors do
|
||||
begin
|
||||
resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
|
||||
((Time.now - resp[:latest_cloud_watch_logs_delivery_time])/(24*60*60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
|
||||
rescue Aws::CloudTrail::Errors::TrailNotFoundException
|
||||
nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def validate_params(raw_params)
|
||||
|
@ -72,6 +84,10 @@ class AwsCloudTrailTrail < Inspec.resource(1)
|
|||
def describe_trails(query)
|
||||
aws_service_client.describe_trails(query)
|
||||
end
|
||||
|
||||
def get_trail_status(query)
|
||||
aws_service_client.get_trail_status(query)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -38,6 +38,7 @@ control "aws_cloudtrail_trail properties" do
|
|||
its('cloud_watch_logs_role_arn') { should eq fixtures['cloudtrail_trail_1_cloud_watch_logs_role_arn'] }
|
||||
its('cloud_watch_logs_log_group_arn') { should eq fixtures['cloudtrail_trail_1_cloud_watch_logs_group_arn']}
|
||||
its('kms_key_id') { should eq fixtures['cloudtrail_trail_1_key_arn'] }
|
||||
its('delivered_logs_days_ago') { should eq 0 }
|
||||
end
|
||||
describe aws_cloudtrail_trail(fixtures['cloudtrail_trail_2_name']) do
|
||||
its('s3_bucket_name') { should eq fixtures['cloudtrail_trail_2_s3_bucket_name'] }
|
||||
|
|
|
@ -90,6 +90,11 @@ class AwsCloudTrailTrailPropertiesTest < Minitest::Test
|
|||
assert_equal("us-east-1", AwsCloudTrailTrail.new('test-trail-1').home_region)
|
||||
assert_nil(AwsCloudTrailTrail.new(trail_name: 'non-existant').home_region)
|
||||
end
|
||||
|
||||
def test_property_delivered_logs_days_ago
|
||||
assert_equal(0, AwsCloudTrailTrail.new('test-trail-1').delivered_logs_days_ago)
|
||||
assert_nil(AwsCloudTrailTrail.new(trail_name: 'non-existant').delivered_logs_days_ago)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
@ -166,5 +171,16 @@ module MACTTSB
|
|||
end
|
||||
OpenStruct.new({ trail_list: [selected] })
|
||||
end
|
||||
|
||||
def get_trail_status(query)
|
||||
fixtures = [
|
||||
OpenStruct.new({
|
||||
name: "test-trail-1",
|
||||
latest_cloud_watch_logs_delivery_time: Time.now
|
||||
})
|
||||
]
|
||||
|
||||
fixtures.detect { |f| f.name == query[:name] }
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue