diff --git a/tests/robot/cloud/aws/cloudtrail/cloud-aws-cloudtrail.json b/tests/robot/cloud/aws/cloudtrail/cloud-aws-cloudtrail.json new file mode 100644 index 0000000000..fc680bb463 --- /dev/null +++ b/tests/robot/cloud/aws/cloudtrail/cloud-aws-cloudtrail.json @@ -0,0 +1,133 @@ +{ + "uuid": "e59ad81e-2050-480d-bbae-0e71c607c927", + "lastMigration": 32, + "name": "Aws cloudtrail", + "endpointPrefix": "", + "latency": 0, + "port": 3000, + "hostname": "", + "folders": [], + "routes": [ + { + "uuid": "b5e25f3a-a8e3-4128-9e45-f2654c5a599d", + "type": "http", + "documentation": "", + "method": "post", + "endpoint": "cloudtrail/gettrailstatus/:islogging", + "responses": [ + { + "uuid": "76483999-2022-4610-8e8c-9c0bd535e4c5", + "body": "{\r\n \"IsLogging\": {{ urlParam 'islogging' 'true' }},\r\n \"LatestCloudWatchLogsDeliveryError\": \"error\",\r\n \"LatestCloudWatchLogsDeliveryTime\": 1683298944.125,\r\n \"LatestDeliveryAttemptSucceeded\": \"2023-05-05T15:02:24Z\",\r\n \"LatestDeliveryAttemptTime\": \"2023-05-05T15:02:24Z\",\r\n \"LatestDeliveryError\": \"error\",\r\n \"LatestDeliveryTime\": 1683298944.125,\r\n \"LatestDigestDeliveryError\": \"error\",\r\n \"LatestDigestDeliveryTime\": 1683298944.125,\r\n \"LatestNotificationAttemptSucceeded\": \"2023-05-05T15:02:24Z\",\r\n \"LatestNotificationAttemptTime\": \"2023-05-05T15:02:24Z\",\r\n \"LatestNotificationError\": \"error\",\r\n \"LatestNotificationTime\": 1683298944.125,\r\n \"StartLoggingTime\": 1683298944.125,\r\n \"StopLoggingTime\": 1683298477.918,\r\n \"TimeLoggingStarted\": \"2023-05-05T15:02:24Z\",\r\n \"TimeLoggingStopped\": \"2023-05-05T14:54:37Z\"\r\n}", + "latency": 0, + "statusCode": 200, + "label": "", + "headers": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "bodyType": "INLINE", + "filePath": "", + "databucketID": "", + "sendFileAsBody": false, + "rules": [], + "rulesOperator": "OR", + "disableTemplating": false, + "fallbackTo404": false, + "default": true, + "crudKey": "id", + "callbacks": [] + } + ], + "responseMode": null + }, + { + "uuid": "77f82f1c-b06e-478a-8366-ab325830f00e", + "type": "http", + "documentation": "", + "method": "post", + "endpoint": "cloudtrail/events/AwsApiCall/:AwsApiCall/AwsServiceEvent/:AwsServiceEvent/AwsConsoleAction/:AwsConsoleAction/AwsConsoleSignIn/:AwsConsoleSignIn/NextToken/:NextToken", + "responses": [ + { + "uuid": "7dd41177-8d63-458a-abcc-b3af3ea8c9cd", + "body": "{\r\n\t\"Events\": [\r\n\t\t{{#each (dataRaw 'EventsData')}}\r\n\t\t {{#if (gt @index 0)}}\r\n\t\t ,\r\n\t\t {{/if}}\r\n \t\t{\r\n \t\t\t\"AccessKeyId\": \"{{AccessKeyId}}\",\r\n \t\t\t\"CloudTrailEvent\": \"{\\\"awsRegion\\\": \\\"eu-west-1\\\", {{#if Error}}\\\"errorCode\\\": \\\"{{ErrorCode}}\\\", \\\"errorMessage\\\": \\\"{{ErrorMessage}}\\\",{{/if}} \\\"eventCategory\\\": \\\"Management\\\", \\\"eventID\\\": \\\"{{EventId}}\\\", \\\"eventName\\\": \\\"{{EventName}}\\\", \\\"eventSource\\\": \\\"{{EventSource}}\\\", \\\"eventTime\\\": \\\"{{EventTime}}\\\", \\\"eventType\\\": \\\"{{EventType}}\\\", \\\"eventVersion\\\": \\\"1.08\\\", \\\"managementEvent\\\": true, \\\"readOnly\\\": true, \\\"recipientAccountId\\\": \\\"{{AccountId}}\\\", \\\"requestID\\\": \\\"{{ faker 'string.uuid' }}\\\", \\\"requestParameters\\\": null, \\\"responseElements\\\": null, \\\"sourceIPAddress\\\": \\\"{{ faker 'internet.ip' }}\\\", \\\"tlsDetails\\\": {\\\"cipherSuite\\\": \\\"ECDHE-RSA-AES128-GCM-SHA256\\\", \\\"clientProvidedHostHeader\\\": \\\"cloudtrail.eu-west-1.amazonaws.com\\\", \\\"tlsVersion\\\": \\\"TLSv1.2\\\"}, \\\"userAgent\\\": \\\"aws-cli/2.11.0 Python/3.11.2 Darwin/22.2.0 source/x86_64 prompt/off command/cloudtrail.lookup-events\\\", \\\"userIdentity\\\": {\\\"accessKeyId\\\": \\\"{{AccessKeyId}}\\\", \\\"accountId\\\": \\\"{{AccountId}}\\\", \\\"arn\\\": \\\"arn:aws:sts::{{AccountId}}:assumed-role/{{UserRole}}/{{UserName}}\\\", \\\"principalId\\\": \\\"{{PrincipalId}}:{{UserName}}\\\", \\\"sessionContext\\\": {\\\"attributes\\\": {\\\"creationDate\\\": \\\"{{ faker 'date.past' EventTime }}\\\", \\\"mfaAuthenticated\\\": \\\"false\\\"}, \\\"sessionIssuer\\\": {\\\"accountId\\\": \\\"{{AccountId}}\\\", \\\"arn\\\": \\\"arn:aws:iam::{{AccountId}}:role/{{UserRole}}\\\", \\\"principalId\\\": \\\"{{PrincipalId}}\\\", \\\"type\\\": \\\"Role\\\", \\\"userName\\\": \\\"{{UserRole}}\\\"}, \\\"webIdFederationData\\\": {}}, \\\"type\\\": \\\"{{ faker 'person.jobArea' }}\\\"}}\",\r\n \t\t\t\"EventId\": \"{{EventId}}\",\r\n \t\t\t\"EventName\": \"{{EventName}}\",\r\n \t\t\t\"EventSource\": \"{{EventSource}}\",\r\n \t\t\t\"EventTime\": \"{{EventTime}}\",\r\n \t\t\t\"ReadOnly\": \"true\",\r\n \t\t\t\"Resources\": [\r\n \t\t\t],\r\n \t\t\t\"Username\": \"{{UserName}}\"\r\n \t\t}\r\n\t\t{{/each}}\r\n\t]\r\n\t{{#if (gte (indexOf (urlParam 'NextToken') 'true' 0) 0)}}\r\n\t {{#unless (includes (stringify (body)) 'NextToken')}}\r\n\t\t ,\"NextToken\": \"{{ faker 'string.alphanumeric' 64 casing='upper' }}\"\r\n\t\t{{/unless}}\r\n\t{{/if}}\r\n}", + "latency": 0, + "statusCode": 200, + "label": "", + "headers": [], + "bodyType": "INLINE", + "filePath": "", + "databucketID": "c5kh", + "sendFileAsBody": false, + "rules": [], + "rulesOperator": "OR", + "disableTemplating": false, + "fallbackTo404": false, + "default": true, + "crudKey": "id", + "callbacks": [] + } + ], + "responseMode": null + } + ], + "rootChildren": [ + { + "type": "route", + "uuid": "b5e25f3a-a8e3-4128-9e45-f2654c5a599d" + }, + { + "type": "route", + "uuid": "77f82f1c-b06e-478a-8366-ab325830f00e" + } + ], + "proxyMode": false, + "proxyHost": "", + "proxyRemovePrefix": false, + "tlsOptions": { + "enabled": false, + "type": "CERT", + "pfxPath": "", + "certPath": "", + "keyPath": "", + "caPath": "", + "passphrase": "" + }, + "cors": true, + "headers": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "proxyReqHeaders": [ + { + "key": "", + "value": "" + } + ], + "proxyResHeaders": [ + { + "key": "", + "value": "" + } + ], + "data": [ + { + "uuid": "5dce6340-bade-4336-8041-50fd22570055", + "id": "nu28", + "name": "EventsTypeData", + "documentation": "", + "value": "[\n {\n \"name\": \"AwsApiCall\",\n \"error\": false\n },\n {\n \"name\": \"AwsServiceEvent\",\n \"error\": false\n },\n {\n \"name\": \"AwsConsoleAction\",\n \"error\": true,\n \t\"errorCode\": \"ThrottlingException\",\n \t\"errorMessage\": \"Rate exceeded error\"\n },\n {\n \"name\": \"AwsConsoleSignIn\",\n \"error\": true,\n \"errorCode\": \"LoginErrorException\",\n \"errorMessage\": \"Login error\"\n }\n]" + }, + { + "uuid": "76dec2a5-ff63-4e81-9611-94b900ab16e1", + "id": "c5kh", + "name": "EventsData", + "documentation": "", + "value": "[\n {{#each (dataRaw 'EventsTypeData')}}\n {{#if (gte @isEvent 1)}}\n ,\n {{/if}}\n {{setVar 'isEvent' (add (urlParam name) @isEvent)}}\n {{#repeat (urlParam name comma=true)}}\n {\n \"AccessKeyId\": \"{{ faker 'string.alphanumeric' 20 casing='upper' }}\",\n \"AccountId\": \"{{ faker 'string.numeric' 12 }}\",\n \"Error\": {{error}},\n {{#if error}}\n \"ErrorCode\": \"{{errorCode}}\",\n\t \"ErrorMessage\": \"{{errorMessage}}\",\n {{/if}}\n \"EventId\": \"{{ faker 'string.uuid' }}\",\n \"EventName\": \"{{oneOf (array 'LookupEvents' 'ListInstanceAssociations' 'AssumeRoleWithWebIdentity')}}\",\n \"EventSource\": \"{{oneOf (array 'cloudtrail.amazonaws.com' 'ssm.amazonaws.com' 'sts.amazonaws.com')}}\",\n \"EventTime\": \"{{ faker 'date.recent' }}\",\n \"EventType\": \"{{name}}\",\n \"PrincipalId\": \"{{ faker 'string.alphanumeric' 20 casing='upper' }}\",\n \"UserName\": \"{{ faker 'internet.userName' }}\",\n \"UserRole\": \"{{ faker 'person.jobType' }}\"\n }\n {{/repeat}}\n {{/each}}\n]" + } + ], + "callbacks": [] +} \ No newline at end of file diff --git a/tests/robot/cloud/aws/cloudtrail/cloud-aws-cloudtrail.robot b/tests/robot/cloud/aws/cloudtrail/cloud-aws-cloudtrail.robot new file mode 100644 index 0000000000..97bdea7ea1 --- /dev/null +++ b/tests/robot/cloud/aws/cloudtrail/cloud-aws-cloudtrail.robot @@ -0,0 +1,194 @@ +*** Settings *** +Documentation AWS CloudTrail plugin + +Resource ${CURDIR}${/}..${/}..${/}..${/}..${/}resources/import.resource + +Suite Setup Start Mockoon ${MOCKOON_JSON} +Suite Teardown Stop Mockoon +Test Timeout 120s + + +*** Variables *** +${MOCKOON_JSON} ${CURDIR}${/}cloud-aws-cloudtrail.json + +${CMD} ${CENTREON_PLUGINS} --plugin=cloud::aws::cloudtrail::plugin --custommode=paws --region=eu-west --aws-secret-key=secret --aws-access-key=key + +&{checktrailstatus_value1} +... trailstatus=true +... trailname=TrailName +... result=OK: Trail is logging: 1 | 'trail_is_logging'=1;;;0; +&{checktrailstatus_value2} +... trailstatus=false +... trailname=TrailName +... result=CRITICAL: Trail is logging: 0 | 'trail_is_logging'=0;;;0; +@{checktrailstatus_values} &{checktrailstatus_value1} &{checktrailstatus_value2} + +&{countevents_value1} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=false +... eventtype= +... delta= +... errormessage= +... warningcount= +... criticalcount= +... result=OK: Number of events: 10.00 | 'events_count'=10.00;;;0; +&{countevents_value2} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=true +... eventtype= +... delta= +... errormessage= +... warningcount= +... criticalcount= +... result=OK: Number of events: 20.00 | 'events_count'=20.00;;;0; +&{countevents_value3} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=false +... eventtype=AwsApiCall +... delta= +... errormessage= +... warningcount= +... criticalcount= +... result=OK: Number of events: 4.00 | 'events_count'=4.00;;;0; +&{countevents_value4} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=true +... eventtype=AwsServiceEvent +... delta= +... errormessage= +... warningcount= +... criticalcount= +... result=OK: Number of events: 4.00 | 'events_count'=4.00;;;0; +&{countevents_value5} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=false +... eventtype=AwsApiCall +... delta=10 +... errormessage= +... warningcount= +... criticalcount= +... result=OK: Number of events: 4.00 | 'events_count'=4.00;;;0; +&{countevents_value6} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=false +... eventtype= +... delta= +... errormessage='Login error' +... warningcount= +... criticalcount= +... result=OK: Number of events: 3.00 | 'events_count'=3.00;;;0; +&{countevents_value7} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=false +... eventtype= +... delta= +... errormessage='.*error' +... warningcount= +... criticalcount= +... result=OK: Number of events: 4.00 | 'events_count'=4.00;;;0; +&{countevents_value8} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=false +... eventtype= +... delta= +... errormessage= +... warningcount=3 +... criticalcount= +... result=WARNING: Number of events: 10.00 | 'events_count'=10.00;;;0; +&{countevents_value9} +... AwsApiCall=4 +... AwsServiceEvent=2 +... AwsConsoleAction=1 +... AwsConsoleSignIn=3 +... NextToken=false +... eventtype= +... delta= +... errormessage= +... warningcount= +... criticalcount=5 +... result=CRITICAL: Number of events: 10.00 | 'events_count'=10.00;;;0; +@{countevents_values} +... &{countevents_value1} +... &{countevents_value2} +... &{countevents_value3} +... &{countevents_value4} +... &{countevents_value5} +... &{countevents_value6} +... &{countevents_value7} +... &{countevents_value8} +... &{countevents_value9} + + +*** Test Cases *** +AWS CloudTrail check trail status + [Documentation] Check AWS CloudTrail trail status + [Tags] cloud aws cloudtrail + FOR ${checktrailstatus_value} IN @{checktrailstatus_values} + ${output} Run + ... ${CMD} --mode=checktrailstatus --endpoint=http://localhost:3000/cloudtrail/gettrailstatus/${checktrailstatus_value.trailstatus} --trail-name=${checktrailstatus_value.trailname} + ${output} Strip String ${output} + Should Be Equal As Strings + ... ${output} + ... ${checktrailstatus_value.result} + ... Wrong output result for check trail status of ${checktrailstatus_value}.{\n}Command output:{\n}${output} + END + +AWS CloudTrail count events + [Documentation] Check AWS CloudTrail count events + [Tags] cloud aws cloudtrail + FOR ${countevents_value} IN @{countevents_values} + ${command} Catenate + ... ${CMD} + ... --mode=countevents + ... --endpoint=http://localhost:3000/cloudtrail/events/AwsApiCall/${countevents_value.AwsApiCall}/AwsServiceEvent/${countevents_value.AwsServiceEvent}/AwsConsoleAction/${countevents_value.AwsConsoleAction}/AwsConsoleSignIn/${countevents_value.AwsConsoleSignIn}/NextToken/${countevents_value.NextToken} + ${length} Get Length ${countevents_value.eventtype} + IF ${length} > 0 + ${command} Catenate ${command} --event-type=${countevents_value.eventtype} + END + ${length} Get Length ${countevents_value.delta} + IF ${length} > 0 + ${command} Catenate ${command} --delta=${countevents_value.delta} + END + ${length} Get Length ${countevents_value.errormessage} + IF ${length} > 0 + ${command} Catenate ${command} --error-message=${countevents_value.errormessage} + END + ${length} Get Length ${countevents_value.warningcount} + IF ${length} > 0 + ${command} Catenate ${command} --warning-count=${countevents_value.warningcount} + END + ${length} Get Length ${countevents_value.criticalcount} + IF ${length} > 0 + ${command} Catenate ${command} --critical-count=${countevents_value.criticalcount} + END + ${output} Run ${command} + ${output} Strip String ${output} + Should Be Equal As Strings + ... ${output} + ... ${countevents_value.result} + ... Wrong output result for count events of ${countevents_value}.{\n}Command output:{\n}${output} + END