Refactor tests to new unixified structure, remove old generate-policy…

… command and clean up #38
flosell · May 1, 2018 · c7982d9 · c7982d9
1 parent f03ad5a
commit c7982d9
Show file tree

Hide file tree

Showing 13 changed files with 191 additions and 243 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,22 @@ This changelog contains a loose collection of changes in every release including
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 
+## 0.5.0
+
+**Breaking CLI changes**: split up `generate-policy` into `select` and `generate` (#38)
+
+### Added
+
+* New command `select` to print all CloudTrail records matching a filter to stdout
+* New command `generate` to take CloudTrail records from stdin and generate a policy for it
+
+### Removed
+
+* Removed command `generate-policy`, replaced with `select` and `generate`. Use pipes to produce the same behavior: 
+  ```bash
+  $ trailscraper select | trailscraper generate
+  ```
+
 ## 0.4.4
 
 ### Fixed

diff --git a/README.md b/README.md
@@ -13,15 +13,18 @@ $ pip install trailscraper
 
 ## Usage
 
-```bash
-# Download some logs (including us-east-1 for global aws services)
+### Download some logs (including us-east-1 for global aws services)
+```
 $ trailscraper download --bucket some-bucket \
                         --account-id some-account-id \
                         --region some-other-region \ 
                         --region us-east-1 \
                         --from 'two days ago' \
                         --to 'now' \
-# Generate an IAM Policy  
+```
+
+# Find CloudTrail events and generate an IAM Policy (<0.5.0)
+```
 $ trailscraper generate-policy
 {
     "Statement": [
@@ -52,6 +55,72 @@ $ trailscraper generate-policy
 } 
 ```
 
+### Find CloudTrail events matching a filter (>=0.5.0) (unreleased)
+
+```
+$ trailscraper select --filter-assumed-role-arn some-arn \ 
+                      --from 'one hour ago' \ 
+                      --to 'now'
+{
+  "Records": [
+    {
+      "eventTime": "2017-12-11T15:01:51Z",
+      "eventSource": "autoscaling.amazonaws.com",
+      "eventName": "DescribeLaunchConfigurations",
+```
+
+### Generate Policy from some CloudTrail records (>=0.5.0) (unreleased)
+
+```
+$ gzcat some-records.json.gz | trailscraper generate
+{
+    "Statement": [
+        {
+            "Action": [
+                "ec2:DescribeInstances"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "*"
+            ]
+        }
+    ],
+    "Version": "2012-10-17"
+} 
+```
+
+### Find CloudTrail events and generate an IAM Policy (>=0.5.0) (unreleased)
+```
+$ trailscraper select | trailscraper generate
+{
+    "Statement": [
+        {
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeVolumes",
+                "ec2:DescribeVpcs",
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "*"
+            ]
+        },
+        {
+            "Action": [
+                "sts:AssumeRole"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "arn:aws:iam::1111111111:role/someRole"
+            ]
+        }
+    ],
+    "Version": "2012-10-17"
+} 
+```
+
 ## Development
 
 ```bash

diff --git a/setup.cfg b/setup.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.4.5
+current_version = 0.5.0
 commit = True
 tag = False
 

diff --git a/setup.py b/setup.py
@@ -29,7 +29,7 @@ def read_file(filename):
 
 setup(
     name='trailscraper',
-    version='0.4.5',
+    version='0.5.0',
     description='A command-line tool to get valuable information out of AWS CloudTrail',
     long_description=readme + '\n\n' + changelog,
     url='http://github.com/flosell/trailscraper',

diff --git a/tests/cloudtrail/filter_test.py b/tests/cloudtrail/filter_test.py
@@ -0,0 +1,35 @@
+import datetime
+import logging
+
+from trailscraper import cloudtrail
+from trailscraper.cloudtrail import Record, filter_records
+
+
+def test_should_filter_for_event_time():
+    records = [
+        Record("autoscaling.amazonaws.com", "DescribeLaunchConfigurations", event_time=datetime.datetime(2017, 1, 1)),
+        Record("sts.amazonaws.com", "AssumeRole", event_time=datetime.datetime(2017, 6, 6))
+    ]
+
+    assert filter_records(records,
+                                        from_date=datetime.datetime(2017, 1, 1),
+                                        to_date=datetime.datetime(2017, 3, 1)) == \
+           [
+               Record("autoscaling.amazonaws.com", "DescribeLaunchConfigurations",
+                      event_time=datetime.datetime(2017, 1, 1)),
+           ]
+
+
+def test_should_warn_if_records_passed_but_filtered_away(caplog):
+    records = [
+        Record("autoscaling.amazonaws.com", "DescribeLaunchConfigurations", event_time=datetime.datetime(2017, 1, 1)),
+        Record("sts.amazonaws.com", "AssumeRole", event_time=datetime.datetime(2017, 6, 6))
+    ]
+
+    assert filter_records(records,
+                                        from_date=datetime.datetime(2010, 1, 1),
+                                        to_date=datetime.datetime(2010, 1, 2)) == []
+
+    assert caplog.record_tuples == [
+        ('root', logging.WARNING, cloudtrail.ALL_RECORDS_FILTERED),
+    ]
diff --git a/tests/integration/cli_download_s3_test.py b/tests/integration/cli_download_s3_test.py
@@ -1,5 +1,4 @@
 import datetime
-
 import sys
 
 import pytz
@@ -13,7 +12,6 @@
 from moto import mock_s3
 
 from tests.test_utils_s3 import file_content, given_a_bucket, given_an_object, given_a_file
-from tests.test_utils_testdata import cloudtrail_data_dir
 from trailscraper import cli
 from trailscraper.s3_download import download_cloudtrail_logs
 

diff --git a/tests/integration/cli_generate_policy_test.py b/tests/integration/cli_generate_policy_test.py
diff --git a/tests/integration/cli_select_events_test.py b/tests/integration/cli_select_events_test.py
@@ -17,3 +17,31 @@ def test_should_output_all_cloudtrail_records_in_data_dir():
 
     assert result.exit_code == 0
     assert json.loads(result.output) == expected_json
+
+
+def test_should_output_cloudrail_records_filtered_by_role_arn():
+    runner = CliRunner()
+    result = runner.invoke(cli.root_group, args=["select",
+                                                 "--log-dir", cloudtrail_data_dir(),
+                                                 # TODO: ideally, the default should be no filtering at all
+                                                 "--from", "2016-12-10",
+                                                 "--to", "2017-12-20",
+                                                 "--filter-assumed-role-arn", "arn:aws:iam::111111111111:role/someRole"
+                                                 ])
+    expected_json = json.load(open(cloudtrail_data("111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json")))
+    expected_json['Records'].pop(1)
+    assert result.exit_code == 0
+    assert json.loads(result.output) == expected_json
+
+
+def test_should_output_cloudrail_records_filtered_by_timeframe():
+    runner = CliRunner()
+    result = runner.invoke(cli.root_group, args=["select",
+                                                 "--log-dir", cloudtrail_data_dir(),
+                                                 # TODO: ideally, the default should be no filtering at all
+                                                 "--from", "2017-12-11 15:00:00Z",
+                                                 "--to", "2017-12-11 15:02:00Z"])
+    expected_json = json.load(open(cloudtrail_data("111111111111_CloudTrail_eu-central-1_20171211T1505Z_A6kvhMoVeCsc7v8U.json")))
+    expected_json['Records'].pop(1) # TODO: this test should use a different record to distinguish between filtering arns and timeframes
+    assert result.exit_code == 0
+    assert json.loads(result.output) == expected_json