176 lines
5.2 KiB
Python
176 lines
5.2 KiB
Python
# Copyright 2022 Google LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
|
|
import os
|
|
import pytest
|
|
|
|
from collections import Counter
|
|
|
|
FIXTURES_DIR = os.path.join(os.path.dirname(__file__), "fixture")
|
|
|
|
|
|
def test_sinks(plan_runner):
|
|
"Test folder-level sinks."
|
|
logging_sinks = """ {
|
|
warning = {
|
|
type = "storage"
|
|
destination = "mybucket"
|
|
filter = "severity=WARNING"
|
|
iam = true
|
|
include_children = true
|
|
bq_partitioned_table = null
|
|
exclusions = {}
|
|
}
|
|
info = {
|
|
type = "bigquery"
|
|
destination = "projects/myproject/datasets/mydataset"
|
|
filter = "severity=INFO"
|
|
iam = true
|
|
include_children = true
|
|
bq_partitioned_table = false
|
|
exclusions = {}
|
|
}
|
|
notice = {
|
|
type = "pubsub"
|
|
destination = "projects/myproject/topics/mytopic"
|
|
filter = "severity=NOTICE"
|
|
iam = true
|
|
include_children = false
|
|
bq_partitioned_table = null
|
|
exclusions = {}
|
|
}
|
|
debug = {
|
|
type = "logging"
|
|
destination = "projects/myproject/locations/global/buckets/mybucket"
|
|
filter = "severity=DEBUG"
|
|
iam = true
|
|
include_children = false
|
|
bq_partitioned_table = null
|
|
exclusions = {
|
|
no-compute = "logName:compute"
|
|
no-container = "logName:container"
|
|
}
|
|
}
|
|
}
|
|
"""
|
|
_, resources = plan_runner(FIXTURES_DIR, logging_sinks=logging_sinks)
|
|
assert len(resources) == 8
|
|
|
|
resource_types = Counter([r["type"] for r in resources])
|
|
assert resource_types == {
|
|
"google_logging_organization_sink": 4,
|
|
"google_bigquery_dataset_iam_member": 1,
|
|
"google_project_iam_member": 1,
|
|
"google_pubsub_topic_iam_member": 1,
|
|
"google_storage_bucket_iam_member": 1,
|
|
}
|
|
|
|
sinks = [r for r in resources if r["type"]
|
|
== "google_logging_organization_sink"]
|
|
assert sorted([r["index"] for r in sinks]) == [
|
|
"debug",
|
|
"info",
|
|
"notice",
|
|
"warning",
|
|
]
|
|
values = [
|
|
(
|
|
r["index"],
|
|
r["values"]["filter"],
|
|
r["values"]["destination"],
|
|
r["values"]["include_children"],
|
|
)
|
|
for r in sinks
|
|
]
|
|
assert sorted(values) == [
|
|
(
|
|
"debug",
|
|
"severity=DEBUG",
|
|
"logging.googleapis.com/projects/myproject/locations/global/buckets/mybucket",
|
|
False,
|
|
),
|
|
(
|
|
"info",
|
|
"severity=INFO",
|
|
"bigquery.googleapis.com/projects/myproject/datasets/mydataset",
|
|
True,
|
|
),
|
|
(
|
|
"notice",
|
|
"severity=NOTICE",
|
|
"pubsub.googleapis.com/projects/myproject/topics/mytopic",
|
|
False,
|
|
),
|
|
("warning", "severity=WARNING", "storage.googleapis.com/mybucket", True),
|
|
]
|
|
|
|
bindings = [r for r in resources if "member" in r["type"]]
|
|
values = [(r["index"], r["type"], r["values"]["role"]) for r in bindings]
|
|
assert sorted(values) == [
|
|
("debug", "google_project_iam_member", "roles/logging.bucketWriter"),
|
|
("info", "google_bigquery_dataset_iam_member", "roles/bigquery.dataEditor"),
|
|
("notice", "google_pubsub_topic_iam_member", "roles/pubsub.publisher"),
|
|
("warning", "google_storage_bucket_iam_member", "roles/storage.objectCreator"),
|
|
]
|
|
|
|
exclusions = [(r["index"], r["values"]["exclusions"]) for r in sinks]
|
|
assert sorted(exclusions) == [
|
|
(
|
|
"debug",
|
|
[
|
|
{
|
|
"description": None,
|
|
"disabled": False,
|
|
"filter": "logName:compute",
|
|
"name": "no-compute",
|
|
},
|
|
{
|
|
"description": None,
|
|
"disabled": False,
|
|
"filter": "logName:container",
|
|
"name": "no-container",
|
|
},
|
|
],
|
|
),
|
|
("info", []),
|
|
("notice", []),
|
|
("warning", []),
|
|
]
|
|
|
|
|
|
def test_exclusions(plan_runner):
|
|
"Test folder-level logging exclusions."
|
|
logging_exclusions = (
|
|
"{"
|
|
'exclusion1 = "resource.type=gce_instance", '
|
|
'exclusion2 = "severity=NOTICE", '
|
|
"}"
|
|
)
|
|
_, resources = plan_runner(
|
|
FIXTURES_DIR, logging_exclusions=logging_exclusions)
|
|
assert len(resources) == 2
|
|
exclusions = [
|
|
r for r in resources if r["type"] == "google_logging_organization_exclusion"
|
|
]
|
|
assert sorted([r["index"] for r in exclusions]) == [
|
|
"exclusion1",
|
|
"exclusion2",
|
|
]
|
|
values = [(r["index"], r["values"]["filter"]) for r in exclusions]
|
|
assert sorted(values) == [
|
|
("exclusion1", "resource.type=gce_instance"),
|
|
("exclusion2", "severity=NOTICE"),
|
|
]
|