diff --git a/.circleci/config.yml b/.circleci/config.yml index 910efa33..298e8574 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,10 +35,6 @@ jobs: - create_zip_upload_to_s3: lambdaFolder: "webhook-testing/deployment" s3BucketFolder: "webhookTesting" - - create_fedramp_inventory_zip_upload_to_s3: - lambdaFolder: "fedramp-integrated-inventory-workbook/deployment" - lambdaRequirements: "fedramp-integrated-inventory-workbook/requirements.txt" - s3BucketFolder: "fedrampInventory" # Make this a separate job because AWS SAM needs to run in # the container specified in the template.yml @@ -77,14 +73,6 @@ jobs: - checkout - install_container_dependencies - unit_tests - python_tests: - docker: - - image: cimg/python:3.8 - steps: - - checkout - - python_unit_tests: - sourceDirectory: "fedramp-integrated-inventory-workbook/deployment" - dependencies: "fedramp-integrated-inventory-workbook/requirements.txt" commands: sam_package_and_upload_to_s3: @@ -123,31 +111,6 @@ commands: arguments: | --cache-control max-age=0 - create_fedramp_inventory_zip_upload_to_s3: - description: "Create a deployment zip for the fedramp inventory lambda and upload to S3" - parameters: - lambdaFolder: - type: string - lambdaRequirements: - type: string - s3BucketFolder: - type: string - steps: - - run: - name: make temporary directory and copy in source files - command: cd << parameters.lambdaFolder >> && mkdir output && cp -R inventory output - - run: - name: install all requirements into the temporary directory - command: pip install -r << parameters.lambdaRequirements >> -t << parameters.lambdaFolder >>/output -U --no-deps && chmod -R 755 << parameters.lambdaFolder >>/output - - run: - name: zip source files alongside dependencies - command: (cd << parameters.lambdaFolder >>/output && zip -r8 ../function.zip . && cd .. && rm -rf output) - - aws-s3/copy: - from: << parameters.lambdaFolder >>/function.zip - to: 's3://${AWS_BUCKET}/$(echo ${CIRCLE_TAG-$CIRCLE_BRANCH} | sed "s/\//_/g")-$(echo $CIRCLE_SHA1 | cut -c -7)/<< parameters.s3BucketFolder >>/function.zip' - arguments: | - --cache-control max-age=0 - check_git_secrets: description: "Install git-secrets and scan repository to check for secrets" steps: @@ -186,23 +149,6 @@ commands: name: run unit tests command: bash -i -c 'npm run test' - python_unit_tests: - description: "Run unit tests for the fedramp python lambda" - parameters: - sourceDirectory: - type: string - dependencies: - type: string - steps: - - run: - name: setup python test environment - command: pip install -r << parameters.dependencies >> && pip install pytest==6.2.2 callee==0.3.1 - - run: - name: run python unit tests - # The tests require you to have access to the python package, in this case, deployment/inventory/ - # which is why we change directories. - command: cd << parameters.sourceDirectory >> && python -m pytest -v -s ../tests - workflows: version: 2 everything: @@ -217,10 +163,6 @@ workflows: filters: tags: only: /.*/ - - python_tests: - filters: - tags: - only: /.*/ - sam_tests: filters: tags: diff --git a/fedramp-integrated-inventory-workbook/README.md b/fedramp-integrated-inventory-workbook/README.md deleted file mode 100644 index 2415dfb7..00000000 --- a/fedramp-integrated-inventory-workbook/README.md +++ /dev/null @@ -1,128 +0,0 @@ -# FedRAMP Integrated Inventory Workbook Generator - -## License - -Additionally, this project installs the following software for the purposes of deploying and running the labs into the lab environment: - -* [openpyxl](https://openpyxl.readthedocs.io/en/stable/index.html) package. Python open source software is provided under the MIT/Expat License. -* [pytest](https://docs.pytest.org/en/latest/) package. Python open source software is provided under the MIT License. -* [pylint](https://pylint.readthedocs.io/en/latest/) package. Python open source software is provided under the GNU General Public License. -* [mypy](http://mypy-lang.org/) package. Python open source software is provided under the MIT License. -* [autopep8](https://github.com/hhatto/autopep8) package. Python open source software is provided under the MIT License. -* [callee](https://callee.readthedocs.io/en/latest/reference/general.html) package. Python open source software is provided under the BSD 3-Clause "New" or "Revised" License. - -## Overview - -This sample shows how you can create a Lambda function to retrieve inventory information to create the integrated inventory spreadsheet which can be used as a separate attachment to the FedRAMP System Security Plan (SSP) and is the repository associated to the [Automating creation of a FedRAMP Integrated Inventory Workbook](https://aws.amazon.com/blogs/publicsector/automating-creation-fedramp-integrated-inventory-workbook/) blog post. The spreadsheet template can be found [here](https://www.fedramp.gov/new-integrated-inventory-template/). - -This sample populates the inventory spreadsheet with a point in time view of a subset of all AWS resources spanning multiple AWS accounts. The following resource types are currently supported AWS::EC2::Instance, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::ElasticLoadBalancing::LoadBalancer, AWS::DynamoDB::Table, AWS::RDS::DBInstance. - -There are other assets that must be tracked in the spreadsheet (e.g. software running on EC2 instances/containers) which this sample does not gather. The design does lend itself to be extended to gather inventory information from multiple sources for various resource types. - -## Contents - -This project follows the [src project structure](https://blog.ionelmc.ro/2014/05/25/python-packaging/). In other words, this: -``` -├─ src -│ └─ packagename -│ ├─ __init__.py -│ └─ ... -├─ tests -│ └─ ... -``` - -Additionally, here are notes of other key files/folders not typically found in a Python project: - -* **package.sh** - This script bundles the package so that it can be uploaded to Lambda. However, a Lambda package .zip file is already included with the repository. This requires the setup of a virtual environment using pyenv. [AWS Serverless Application Model](https://aws.amazon.com/serverless/sam/) was not used in an effort to minimize the number of concepts introduced. - -## Running the Code -The code was developed using Python 3.8, pyenv, and pipenv. After cloning the repository locally, create a virtualenv however you prefer. Both a requirements.txt file and Pipfile have been provided, for example if you have Python 3.8 installed and set at the current version, you can run the following commands in the project directory: - -``` bash -python -m venv . -source ./bin/activate -``` - -Install the package, its dependencies and dev dependencies. Dev dependencies are not included in the requirements.txt as pipenv is used for dependency management, and requirements.txt was created without including dev dependencies. For ease of getting up an running though, you can execute the following commands: - -``` bash -python -m pip install -r requirements.txt -python -m pip install pytest -python -m pip install callee -cd src -python -m pytest -v -s ../tests -``` - -If you've got everything installed correctly, you should see output similar to: - -![Unit Test Results](./docs/TestResults.png) - -### Development -The project was developed using Visual Studio Code and the .vscode directory with three launch configuration is included. Among them is "Run All Tests" configuration which can be used to run all unit tests in the project. Unit tests mock out calls to AWS services so you do not need to worry about tests using the services when executed. A .env.sample file is included which you can use to set the environment variables used by Visual Studio Code. If the .env file is not recognized by Visual Studio Code, ensure that the "python.envFile" setting is set to "${workspaceFolder}/.env". - -### Environment Variables - -* **AWS_REGION** - AWS region from which the AWS Config resources will be queried -* **ACCOUNT_LIST** - JSON document containing the list of accounts that need to be queried for inventory with the following structure -``` json -[ { "name": , "id": } ] -``` -* **CROSS_ACCOUNT_ROLE_NAME** - Name of the role that will be assumed on the accounts where inventory needs to be retrieved -* **REPORT_TARGET_BUCKET_PATH** - Prefix of the S3 object key for the report. Similar to foler path to where the report will be uploaded -* **REPORT_TARGET_BUCKET_NAME** - Name of the S3 bucket where report will be uploaded (without "s3://") -* **LOG_LEVEL (Optional)** - Default of INFO. The package uses the STL's logger module and any of the [log levels](https://docs.python.org/3/library/logging.html#levels) available there can be used. -* **REPORT_WORKSHEET_NAME (Optional)** - Default of "Inventory". Name of the worksheet in the "SSP-A13-FedRAMP-Integrated-Inventory-Workbook-Template" spreadsheet where inventory data will be populated. -* **REPORT_WORKSHEET_FIRST_WRITEABLE_ROW_NUMBER** (Optional) - Default of 6. Row number (not index) of where inventory data will start to be populated. - -## Design -This section contains the design details of this package. - -### Items In Scope -* Gather inventory information from AWS Config and deliver to S3 - -### Items Out-of-Scope / Possible Next Steps -* Errors while retrieving inventory from AWS accounts are logged as errors but processing continues. Raising a CloudWatch event for these errors so that alerts can be created could be a next step. -* Account list is provided via an Environment Variable, using either AWS Organizations to gather the list of member accounts or using a centralized store where this list is maintained could be a next step. -* Publishing metrics is out of scope -* Software/Container inventory is out of scope -* Use of structured logging is out of scope -* Access to the report is out of scope. This project merely drops the file in S3 -* Code Coverage, and CI/CD pipeline are out of scope -* Using [AWS Serverless Application Model](https://aws.amazon.com/serverless/sam/) is out of scope - -### Conceptual Design -![Conceptual Design](./docs/ConceptualDesign.png) - -The above diagram depics the conceptual design. As you can see, the Lambda function can be triggered by a CloudWatch event, gathers inventory information from AWS Config and persists the Workbook into a S3 bucket. - -### Static Relationships -![Class Diagram](./docs/StaticClassDiagram.png) - -The above diagram shows the modules that make up the inventory package and relationships between them. - -Classes in the Readers and Reports modules implement the [Command Handler pattern](https://blogs.cuttingedge.it/steven/posts/2011/meanwhile-on-the-command-side-of-my-architecture/). To keep things simple and given that dependency injection is not used, method arguments are not represented as Command classes. - -The Handler module contains the Lambda entry point that acts as the coordinator of the AwsConfigInventoryReader which is responsible for retrieving inventory information, CreateReportCommandHandler which is responsible for creating the inventory report spreadsheet, and the DeliverReportCommandHandler which is responsible for uploading the spreadsheet to S3. - -The Mappers module is composed of a class hierarchy that implements the [Data Mapper pattern](https://martinfowler.com/eaaCatalog/dataMapper.html), providing a well known extensibility point for adding additional classes to map new resource types. The result of data mapping is a list of InventoryData instances. The goal is to normalize the various data structures retrieved from AWS Config into a single type which can then be used by the CreateReportCommandHandler to populate the inventory spreadsheet. - -### Dynamic Behavior -The following section details this package's runtime behavior of the major components - -#### Report Generation -![Report Generation Sequence Diagram](./docs/SequenceOverview.png) - -Before we get into the details, lets look at sequence of steps and the classes that the Lambda Handler module uses to create the inventory report. As you can see, the Handler needs to directly interact with only three classes, AwsConfiInventoryReader, CreateReportCommandHandler and DeliverReportCommandHandler, whose names imply their responsibility. Now let's take a bit of a more detailed look at the call sequence. - -![Report Generation Sequence Diagram](./docs/ReportGenerationSequenceDiagram.png) - -The above sequence diagram depicts the report generation process in its entirety. Most of the complexity is centered around the retrieval and mapping the AWS Config data into a normalized structure. It is the AwsConfigInventoryReader's resposibility to return this normalized structure. As AwsConfigInventoryReader iterates through each AWS Config resource, it queries the list of DataMappers to determine which can handle the item. Once all AWS Config resources have been mapped into an InventoryData instance, the list is returned to the Handler. - -The Handler subsequently calls the CreateReportCommandHandler and DeliverReportCommandHandler to create the inventory spreadsheet and upload it to S3 respectively. - -#### Error Handling -![Error Handling Sequence Diagram](./docs/ErrorHandlingSequenceDiagram.png) - -As depicted above, errors encountered during the retrieval of inventory information from AWS Config, are logged; however, processing continues. Below is a screenshot from CloudWatch showing the log entry with specific sections of the log entry highlighted. - -![Error Log Entry](docs/ErrorLogEntry.png) \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/deployment/inventory/SSP-A13-FedRAMP-Integrated-Inventory-Workbook-Template.xlsx b/fedramp-integrated-inventory-workbook/deployment/inventory/SSP-A13-FedRAMP-Integrated-Inventory-Workbook-Template.xlsx deleted file mode 100644 index 9cdb8589..00000000 Binary files a/fedramp-integrated-inventory-workbook/deployment/inventory/SSP-A13-FedRAMP-Integrated-Inventory-Workbook-Template.xlsx and /dev/null differ diff --git a/fedramp-integrated-inventory-workbook/deployment/inventory/__init__.py b/fedramp-integrated-inventory-workbook/deployment/inventory/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/fedramp-integrated-inventory-workbook/deployment/inventory/handler.py b/fedramp-integrated-inventory-workbook/deployment/inventory/handler.py deleted file mode 100644 index bd336941..00000000 --- a/fedramp-integrated-inventory-workbook/deployment/inventory/handler.py +++ /dev/null @@ -1,14 +0,0 @@ -from .readers import AwsConfigInventoryReader -from .reports import CreateReportCommandHandler, DeliverReportCommandHandler - -def lambda_handler(event, context): - inventory = AwsConfigInventoryReader(lambda_context=context).get_resources_from_all_accounts() - - report_path = CreateReportCommandHandler().execute(inventory) - report_url = DeliverReportCommandHandler().execute(report_path) - - return {'statusCode': 200, - 'body': { - 'report': { 'url': report_url } - } - } diff --git a/fedramp-integrated-inventory-workbook/deployment/inventory/mappers.py b/fedramp-integrated-inventory-workbook/deployment/inventory/mappers.py deleted file mode 100644 index 64a7d5e4..00000000 --- a/fedramp-integrated-inventory-workbook/deployment/inventory/mappers.py +++ /dev/null @@ -1,282 +0,0 @@ -import copy -import logging -import os -from typing import List -from abc import ABC, abstractmethod - -_logger = logging.getLogger("inventory.mappers") -_logger.setLevel(os.environ.get("LOG_LEVEL", logging.INFO)) - - -def _get_tag_value(tags: dict, tag_name: str) -> str: - return next((tag["value"] for tag in tags if "key" in tag and tag["key"].casefold() == tag_name.casefold()), '') - - -class InventoryData: - def __init__(self, *, asset_type=None, unique_id=None, ip_address=None, location=None, is_virtual=None, - authenticated_scan_planned=None, dns_name=None, mac_address=None, baseline_config=None, hardware_model=None, - is_public=None, network_id=None, owner=None, software_product_name=None, software_vendor=None, comments=None, - in_latest_scan=None, purpose=None, asset_tag=None): - self.asset_type = asset_type - self.unique_id = unique_id - self.ip_address = ip_address - self.location = location - self.is_virtual = is_virtual - self.authenticated_scan_planned = authenticated_scan_planned - self.dns_name = dns_name - self.mac_address = mac_address - self.baseline_config = baseline_config - self.hardware_model = hardware_model - self.is_public = is_public - self.network_id = network_id - self.owner = owner - self.software_product_name = software_product_name - self.software_vendor = software_vendor - self.comments = comments - self.in_latest_scan = in_latest_scan - self.purpose = purpose - self.asset_tag = asset_tag - - -class DataMapper(ABC): - REQUIRES_MANUAL_INPUT = "TODO" - - @abstractmethod - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - pass - - @abstractmethod - def _get_supported_resource_type(self) -> List[str]: - pass - - def can_map(self, resource_type: str) -> bool: - return resource_type in self._get_supported_resource_type() - - def map(self, config_resource: dict) -> List[InventoryData]: - if not self.can_map(config_resource["resourceType"]): - return [] - - mapped_data = [] - - _logger.debug(f"mapping {config_resource['resourceType']}") - _logger.debug(config_resource) - mapped_data.extend(self._do_mapping(config_resource)) - - _logger.debug(f"mapping resulted in a total of {len(mapped_data)} rows") - - return mapped_data - - -class EC2DataMapper(DataMapper): - def _get_supported_resource_type(self) -> List[str]: - return ["AWS::EC2::Instance"] - - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - ec2_data_list: List[InventoryData] = [] - - for nic in config_resource["configuration"]["networkInterfaces"]: - for ipAddress in nic["privateIpAddresses"]: - ec2_data = {"asset_type": "EC2", - "unique_id": config_resource["configuration"]["instanceId"], - "ip_address": ipAddress["privateIpAddress"], - "is_virtual": "Yes", - "authenticated_scan_planned": "Yes", - "in_latest_scan": self.REQUIRES_MANUAL_INPUT, - "software_vendor": "AWS", - "mac_address": nic["macAddress"], - "baseline_config": config_resource["configuration"]["imageId"], - "hardware_model": config_resource["configuration"]["instanceType"], - "network_id": config_resource["configuration"]["vpcId"], - "asset_tag": config_resource["resourceName"] if "resourceName" in config_resource else config_resource["resourceId"], - "owner": _get_tag_value(config_resource["tags"], "owner")} - - if (public_dns_name := config_resource["configuration"].get("publicDnsName")): - ec2_data["dns_name"] = public_dns_name - ec2_data["is_public"] = "Yes" - else: - ec2_data["dns_name"] = config_resource["configuration"]["privateDnsName"] - ec2_data["is_public"] = "No" - - if "association" in ipAddress: - # Add a publicIp address it the ip_address field if necessary - ec2_data["ip_address"] += "," + ipAddress["association"]["publicIp"] - - ec2_data_list.append(InventoryData(**ec2_data)) - - return ec2_data_list - - -class ElbDataMapper(DataMapper): - def _get_supported_resource_type(self) -> List[str]: - return ["AWS::ElasticLoadBalancing::LoadBalancer", "AWS::ElasticLoadBalancingV2::LoadBalancer"] - - def _get_asset_type_name(self, config_resource: dict) -> str: - if config_resource["resourceType"] == "AWS::ElasticLoadBalancing::LoadBalancer": - return "Load Balancer-Classic" - else: - return f"Load Balancer-{config_resource['configuration']['type']}" - - def _get_ip_addresses(self, availabilityZones: dict) -> List[str]: - ip_addresses: List[str] = [] - - for availabilityZone in availabilityZones: - if load_balancer_addresses := availabilityZone.get("loadBalancerAddresses"): - for load_balancer_address in (load_balancer_address for load_balancer_address in load_balancer_addresses if - "ipAddress" in load_balancer_address): - ip_addresses.append(load_balancer_address["ipAddress"]) - - return ip_addresses - - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - data_list: List[InventoryData] = [] - - data = {"asset_type": self._get_asset_type_name(config_resource), - "unique_id": config_resource["arn"], - "is_virtual": "Yes", - "software_vendor": "AWS", - "is_public": "Yes" if config_resource["configuration"]["scheme"] == "internet-facing" else "No", - # Classic ELBs have key of "vpcid" while V2 ELBs have key of "vpcId" - "network_id": config_resource["configuration"]["vpcId"] if "vpcId" in config_resource["configuration"] else - config_resource["configuration"]["vpcid"], - "asset_tag": config_resource["resourceName"] if "resourceName" in config_resource else config_resource["resourceId"], - "owner": _get_tag_value(config_resource["tags"], "owner")} - - if len(ip_addresses := self._get_ip_addresses(config_resource["configuration"]["availabilityZones"])) > 0: - for ip_address in ip_addresses: - data = copy.deepcopy(data) - - data["ip_address"] = ip_address - - data_list.append(InventoryData(**data)) - else: - data_list.append(InventoryData(**data)) - - return data_list - - -class RdsDataMapper(DataMapper): - def _get_supported_resource_type(self) -> List[str]: - return ["AWS::RDS::DBInstance"] - - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - data = {"asset_type": "RDS", - "unique_id": config_resource["arn"], - "is_virtual": "Yes", - "software_vendor": "AWS", - "authenticated_scan_planned": "No", - "purpose": self.REQUIRES_MANUAL_INPUT, - "is_public": "Yes" if config_resource["configuration"]["publiclyAccessible"] else "No", - "hardware_model": config_resource["configuration"]["dBInstanceClass"], - "software_product_name": f"{config_resource['configuration']['engine']}-{config_resource['configuration']['engineVersion']}", - "network_id": config_resource['configuration']['dBSubnetGroup']['vpcId'] if "dBSubnetGroup" in config_resource[ - 'configuration'] else '', - "asset_tag": config_resource["resourceName"] if "resourceName" in config_resource else config_resource["resourceId"], - "owner": _get_tag_value(config_resource["tags"], "owner"), - "location": config_resource["awsRegion"]} - - return [InventoryData(**data)] - - -class DynamoDbTableDataMapper(DataMapper): - def _get_supported_resource_type(self) -> List[str]: - return ["AWS::DynamoDB::Table"] - - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - data = {"asset_type": "DynamoDB", - "unique_id": config_resource["arn"], - "is_virtual": "Yes", - "is_public": "No", - "software_vendor": "AWS", - "software_product_name": "DynamoDB", - "asset_tag": config_resource["resourceName"] if "resourceName" in config_resource else config_resource["resourceId"], - "owner": _get_tag_value(config_resource["tags"], "owner")} - - return [InventoryData(**data)] - - -class S3DataMapper(DataMapper): - def _get_supported_resource_type(self) -> List[str]: - return ["AWS::S3::Bucket"] - - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - - if "supplementaryConfiguration" in config_resource and "PublicAccessBlockConfiguration" in config_resource["supplementaryConfiguration"]: - # check if each of the block access config values are true, if so, then the bucket is not public - public_access_config = config_resource["supplementaryConfiguration"]["PublicAccessBlockConfiguration"] - is_public = "No" if all(public_access_config[key] for key in public_access_config) else "Yes" - else: - # if there is no PublicAccessBlockConfiguration then this bucket is public - is_public = "Yes" - - data = {"asset_type": "S3", - "unique_id": config_resource["arn"], - "is_virtual": "Yes", - "is_public": is_public, - "software_vendor": "AWS", - "asset_tag": config_resource["resourceName"] if "resourceName" in config_resource else config_resource["resourceId"], - "owner": _get_tag_value(config_resource["tags"], "owner"), - "comments": "Encrypted" if "ServerSideEncryptionConfiguration" in config_resource["supplementaryConfiguration"] else "Not encrypted", - "location": config_resource["awsRegion"] - } - - return [InventoryData(**data)] - - -class VPCDataMapper(DataMapper): - def _get_supported_resource_type(self) -> List[str]: - return ["AWS::EC2::VPC"] - - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - data = {"asset_type": "VPC", - "unique_id": config_resource["arn"], - "ip_address": config_resource["configuration"]["cidrBlock"], - "is_virtual": "Yes", - "is_public": "Yes", - "software_vendor": "AWS", - "asset_tag": config_resource["resourceName"] if "resourceName" in config_resource else config_resource["resourceId"], - "baseline_config": config_resource["configurationStateId"], - "network_id": config_resource["configuration"]["vpcId"], - "owner": _get_tag_value(config_resource["tags"], "owner"), - "location": config_resource["awsRegion"] - } - - return [InventoryData(**data)] - - -class LambdaDataMapper(DataMapper): - def _get_supported_resource_type(self) -> List[str]: - return ["AWS::Lambda::Function"] - - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - data = {"asset_type": "Lambda Function", - "unique_id": config_resource["arn"], - "is_virtual": "Yes", - "is_public": "No", - "baseline_config": config_resource["configuration"]["runtime"], - "software_vendor": "Dockstore", - "software_product_name": "sha256: " + config_resource["configuration"]["codeSha256"], - "asset_tag": config_resource["resourceName"] if "resourceName" in config_resource else config_resource["resourceId"], - "purpose": self.REQUIRES_MANUAL_INPUT, - "owner": _get_tag_value(config_resource["tags"], "owner"), - "location": config_resource["awsRegion"] - } - - return [InventoryData(**data)] - - -class ElasticSearchDataMapper(DataMapper): - def _get_supported_resource_type(self) -> List[str]: - return ["AWS::Elasticsearch::Domain"] - - def _do_mapping(self, config_resource: dict) -> List[InventoryData]: - data = {"asset_type": "Elastic Search", - "unique_id": config_resource["arn"], - "is_virtual": "Yes", - "is_public": "No", - "baseline_config": config_resource["configuration"]["elasticsearchVersion"], - "software_vendor": "AWS", - "software_product_name": "Elastic Search", - "asset_tag": config_resource["resourceName"] if "resourceName" in config_resource else config_resource["resourceId"], - "owner": _get_tag_value(config_resource["tags"], "owner"), - "location": config_resource["awsRegion"]} - return [InventoryData(**data)] diff --git a/fedramp-integrated-inventory-workbook/deployment/inventory/readers.py b/fedramp-integrated-inventory-workbook/deployment/inventory/readers.py deleted file mode 100644 index e2bd8afc..00000000 --- a/fedramp-integrated-inventory-workbook/deployment/inventory/readers.py +++ /dev/null @@ -1,114 +0,0 @@ -import json -import logging -import os -from typing import Iterator, List, Optional -import boto3 -from botocore.exceptions import ClientError -from .mappers import DataMapper, EC2DataMapper, ElbDataMapper, DynamoDbTableDataMapper, InventoryData, RdsDataMapper, S3DataMapper, \ - VPCDataMapper, LambdaDataMapper, ElasticSearchDataMapper - -_logger = logging.getLogger("inventory.readers") -_logger.setLevel(os.environ.get("LOG_LEVEL", logging.INFO)) - - -class AwsConfigInventoryReader(): - def __init__(self, lambda_context, mappers=None): - if mappers is None: - mappers = [EC2DataMapper(), ElbDataMapper(), DynamoDbTableDataMapper(), RdsDataMapper(), S3DataMapper(), VPCDataMapper(), - LambdaDataMapper(), ElasticSearchDataMapper()] - self._lambda_context = lambda_context - self._mappers: List[DataMapper] = mappers - - # Moved into it's own method to make it easier to mock boto3 client - def _get_config_client(self, sts_response, region: str) -> boto3.client: - return boto3.client('config', - aws_access_key_id=sts_response.access_key, - aws_secret_access_key=sts_response.secret_key, - aws_session_token=sts_response.token, - region_name=region) - - def _get_resources_from_account(self, account_id: str, region_list: List[str]) -> Iterator[List[str]]: - try: - _logger.info(f"assuming role on account {account_id}") - - for region in region_list: - sts_response = boto3.Session().get_credentials() - config_client = self._get_config_client(sts_response, region) - - _logger.info(f"Querying resources on account {account_id} for region {region}") - - next_token: str = '' - while True: - resources_result = config_client.select_resource_config( - Expression="SELECT arn, resourceName, resourceId, resourceType, configuration, supplementaryConfiguration, configurationStateId, tags, awsRegion " - "WHERE resourceType IN ('AWS::EC2::Instance', 'AWS::ElasticLoadBalancingV2::LoadBalancer', " - "'AWS::ElasticLoadBalancing::LoadBalancer', 'AWS::RDS::DBInstance', " - "'AWS::Lambda::Function', 'AWS::EC2::VPC', 'AWS::S3::Bucket', 'AWS::Elasticsearch::Domain')", - NextToken=next_token) - - next_token = resources_result.get('NextToken', '') - results: List[str] = resources_result.get('Results', []) - - _logger.debug(f"Region {region} page returned {len(results)} and next token of '{next_token}'") - - yield results - - if not next_token: - break - - except ClientError as ex: - _logger.error("Received error: %s while retrieving resources from account %s, moving onto next account.", ex, account_id, - exc_info=True) - - yield [] - - def _get_aws_partition(self): - arn_parts = self._lambda_context.invoked_function_arn.split(":") - - return arn_parts[1] if len(arn_parts) >= 1 else '' - - def get_resources_from_all_accounts(self) -> List[InventoryData]: - _logger.info("starting retrieval of inventory from AWS Config") - - all_inventory: List[InventoryData] = [] - accounts = json.loads(os.environ["ACCOUNT_LIST"]) - - for account in accounts: - region_list = account["regions"] - _logger.info(f"retrieving inventory for account {account['id']} in regions {region_list}") - - for resource_list_page in self._get_resources_from_account(account["id"], region_list): - _logger.debug(f"current page of inventory contained {len(resource_list_page)} items from AWS Config") - - for raw_resource in resource_list_page: - resource: dict = json.loads(raw_resource) - - # One line item returned from AWS Config can result in multiple inventory line items (e.g. multiple IPs) - # Mappers that do not support the resource type will return False - _logger.debug(f"Searching for mapper for resource type: {resource['resourceType']}") - mapper: Optional[DataMapper] = next((mapper for mapper in self._mappers if mapper.can_map(resource["resourceType"])), - None) - - if not mapper: - _logger.warning(f"skipping mapping, unable to find mapper for resource type of {resource['resourceType']}") - continue - - if len(inventory_items := mapper.map(resource)) > 0: - all_inventory.extend(inventory_items) - - _logger.info(f"completed querying AWS config, found {len(all_inventory)} resources") - - # Add the manual items listed as an environment variable - manual_entry_items = json.loads(os.environ["MANUAL_ENTRY_ITEMS"]) - - _logger.info(f"Adding {len(manual_entry_items)} manual entries") - - for item in manual_entry_items: - manual_inventory_item = InventoryData() - for key in item: - setattr(manual_inventory_item, key, item[key]) - all_inventory.append(manual_inventory_item) - - _logger.info(f"completed getting inventory, with a total of {len(all_inventory)}") - - return all_inventory diff --git a/fedramp-integrated-inventory-workbook/deployment/inventory/reports.py b/fedramp-integrated-inventory-workbook/deployment/inventory/reports.py deleted file mode 100644 index 52278472..00000000 --- a/fedramp-integrated-inventory-workbook/deployment/inventory/reports.py +++ /dev/null @@ -1,84 +0,0 @@ -from datetime import datetime -import logging -from pathlib import PurePath -import os, os.path -from typing import List -import boto3 -from openpyxl import load_workbook -from openpyxl.worksheet.worksheet import Worksheet -from openpyxl.utils import get_column_letter -from .mappers import InventoryData - -_logger = logging.getLogger("inventory.reports") -_logger.setLevel(os.environ.get("LOG_LEVEL", logging.INFO)) -_current_dir_name = os.path.dirname(__file__) -_workbook_template_file_name = os.path.join(_current_dir_name, "SSP-A13-FedRAMP-Integrated-Inventory-Workbook-Template.xlsx") -_workbook_output_file_path = PurePath("/tmp/SSP-A13-FedRAMP-Integrated-Inventory.xlsx") -DEFAULT_REPORT_WORKSHEET_FIRST_WRITEABLE_ROW_NUMBER = 6 -DEFAULT_COL_WIDTH = 10 - -class CreateReportCommandHandler(): - def _write_cell_if_value_provided(self, worksheet: Worksheet, column:int, row: int, value: str): - if value: - # Scale the size of the column with the input value if necessary. By default width is None. - if worksheet.column_dimensions[get_column_letter(column)].width is not None: - worksheet.column_dimensions[get_column_letter(column)].width = max(worksheet.column_dimensions[get_column_letter(column)].width, len(value)) - else: - worksheet.column_dimensions[get_column_letter(column)].width = DEFAULT_COL_WIDTH - - worksheet.cell(column=column, row=row, value=value) - - def execute(self, inventory: List[InventoryData]) -> str: - workbook = load_workbook(_workbook_template_file_name) - reportWorksheetName = os.environ.get("REPORT_WORKSHEET_NAME", "Inventory") - reportWorksheet = workbook[reportWorksheetName] - rowNumber: int = int(os.environ.get("REPORT_WORKSHEET_FIRST_WRITEABLE_ROW_NUMBER", DEFAULT_REPORT_WORKSHEET_FIRST_WRITEABLE_ROW_NUMBER)) - _logger.info(f"writing {len(inventory)} rows into worksheet {reportWorksheetName} starting at row {rowNumber}") - - for inventory_row in inventory: - self._write_cell_if_value_provided(reportWorksheet, 1, rowNumber, inventory_row.unique_id) - self._write_cell_if_value_provided(reportWorksheet, 2, rowNumber, inventory_row.ip_address) - self._write_cell_if_value_provided(reportWorksheet, 3, rowNumber, inventory_row.is_virtual) - self._write_cell_if_value_provided(reportWorksheet, 4, rowNumber, inventory_row.is_public) - self._write_cell_if_value_provided(reportWorksheet, 5, rowNumber, inventory_row.dns_name) - self._write_cell_if_value_provided(reportWorksheet, 7, rowNumber, inventory_row.mac_address) - self._write_cell_if_value_provided(reportWorksheet, 8, rowNumber, inventory_row.authenticated_scan_planned) - self._write_cell_if_value_provided(reportWorksheet, 9, rowNumber, inventory_row.baseline_config) - self._write_cell_if_value_provided(reportWorksheet, 12, rowNumber, inventory_row.asset_type) - self._write_cell_if_value_provided(reportWorksheet, 13, rowNumber, inventory_row.hardware_model) - self._write_cell_if_value_provided(reportWorksheet, 14, rowNumber, inventory_row.in_latest_scan) - self._write_cell_if_value_provided(reportWorksheet, 15, rowNumber, inventory_row.software_vendor) - self._write_cell_if_value_provided(reportWorksheet, 16, rowNumber, inventory_row.software_product_name) - self._write_cell_if_value_provided(reportWorksheet, 18, rowNumber, inventory_row.purpose) - self._write_cell_if_value_provided(reportWorksheet, 19, rowNumber, inventory_row.comments) - self._write_cell_if_value_provided(reportWorksheet, 20, rowNumber, inventory_row.asset_tag) - self._write_cell_if_value_provided(reportWorksheet, 21, rowNumber, inventory_row.network_id) - self._write_cell_if_value_provided(reportWorksheet, 22, rowNumber, inventory_row.owner) - self._write_cell_if_value_provided(reportWorksheet, 23, rowNumber, inventory_row.owner) - - rowNumber += 1 - - workbook.save(_workbook_output_file_path) - - _logger.info(f"completed saving inventory into {_workbook_output_file_path}") - - return str(_workbook_output_file_path) - -class DeliverReportCommandHandler(): - def __init__(self, s3_client=boto3.client('s3')): - self._s3_client = s3_client - - def execute(self, report_file_name: str) -> str: - target_path = os.environ["REPORT_TARGET_BUCKET_PATH"] - target_bucket = os.environ["REPORT_TARGET_BUCKET_NAME"] - report_s3_key = os.path.join(target_path, f"{_workbook_output_file_path.stem}-{datetime.now().strftime('%Y-%m-%d-%H-%M-%S')}.xlsx") - - _logger.info(f"uploading file '{report_file_name}' to bucket '{target_bucket}' with key '{report_s3_key}'") - - object_data = open(report_file_name, "rb") - - self._s3_client.put_object(Bucket=target_bucket, Key=report_s3_key, Body=object_data) - - _logger.info(f"completed file upload") - - return f"https://{target_bucket}.s3.amazonaws.com/{report_s3_key}" diff --git a/fedramp-integrated-inventory-workbook/package.sh b/fedramp-integrated-inventory-workbook/package.sh deleted file mode 100755 index a5a4c7f8..00000000 --- a/fedramp-integrated-inventory-workbook/package.sh +++ /dev/null @@ -1,8 +0,0 @@ -rm -fr output -mkdir output -cp -R deployment/inventory output -pip install -r requirements.txt -t output -U --no-deps -chmod -R 755 output -rm -f fedramp-inventory-lambda.zip -(cd output && zip -r8 ../fedramp-inventory-lambda.zip .) -rm -fr output diff --git a/fedramp-integrated-inventory-workbook/requirements.txt b/fedramp-integrated-inventory-workbook/requirements.txt deleted file mode 100644 index f151000b..00000000 --- a/fedramp-integrated-inventory-workbook/requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -boto3==1.17.10 -botocore==1.20.10; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' -et-xmlfile==1.0.1 -jdcal==1.4.1 -jmespath==0.10.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -openpyxl==3.0.6 -python-dateutil==2.8.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -s3transfer==0.3.4 -six==1.15.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -urllib3==1.26.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4' diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample.json deleted file mode 100644 index 0b87ceee..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample.json +++ /dev/null @@ -1,294 +0,0 @@ -[ - { - "configuration": { - "allocatedStorage": 1.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.aurora5.6", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1b", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "5.6.10a", - "masterUsername": "admin", - "dBInstanceClass": "db.t2.small", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "creating", - "backupRetentionPeriod": 1.0, - "promotionTier": 1.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:aurora-5-6", - "status": "in-sync" - } - ], - "kmsKeyId": "arn:aws-us-gov:kms:us-gov-east-1:123456789012:key/c123f12f-12c1-1234-af01-1e1afdafcc12", - "dBClusterIdentifier": "mydbinstance-priv-cluster", - "dbInstancePort": 0.0, - "preferredBackupWindow": "21:42-22:12", - "dbiResourceId": "db-afdasfd234fasdfasdf", - "deletionProtection": false, - "dBInstanceIdentifier": "mydbinstance-priv-us-gov-east-1b", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv-us-gov-east-1b", - "engine": "aurora", - "publiclyAccessible": false, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "multiAZ": false, - "domainMemberships": [], - "storageEncrypted": true, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-f714e69f", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [] - }, - "licenseModel": "general-public-license", - "preferredMaintenanceWindow": "fri:22:45-fri:23:15", - "storageType": "aurora", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": false - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv-us-gov-east-1b", - "tags": [], - "resourceType": "AWS::RDS::DBInstance" - }, - { - "configuration": { - "allocatedStorage": 20.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.sqlserver-ex-14.0", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1c", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "14.00.3223.3.v1", - "masterUsername": "amin", - "dBInstanceClass": "db.t2.micro", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "creating", - "backupRetentionPeriod": 0.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:sqlserver-ex-14-00", - "status": "in-sync" - } - ], - "dbInstancePort": 0.0, - "preferredBackupWindow": "17:30-18:00", - "dbiResourceId": "db-asdfa234rfasdfasdfasf", - "deletionProtection": false, - "dBInstanceIdentifier": "mysqldbinstance-priv", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mysqldbinstance-priv", - "engine": "sqlserver-ex", - "maxAllocatedStorage": 1000.0, - "publiclyAccessible": false, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "multiAZ": false, - "characterSetName": "SQL_Latin1_General_CP1_CI_AS", - "domainMemberships": [], - "storageEncrypted": false, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-0d598ad8e2bf21967", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [], - "masterUserPassword": "****" - }, - "licenseModel": "license-included", - "preferredMaintenanceWindow": "thu:22:00-thu:22:30", - "storageType": "gp2", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": false - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mysqldbinstance-priv", - "tags": [], - "resourceType": "AWS::RDS::DBInstance" - }, - { - "configuration": { - "allocatedStorage": 1.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.aurora5.6", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1a", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "5.6.10a", - "masterUsername": "admin", - "instanceCreateTime": "2019-11-20T21:54:16.205Z", - "dBInstanceClass": "db.t2.small", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "available", - "backupRetentionPeriod": 1.0, - "promotionTier": 1.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:aurora-5-6", - "status": "in-sync" - } - ], - "kmsKeyId": "arn:aws-us-gov:kms:us-gov-east-1:123456789012:key/c123f12f-12c1-1234-af01-1e1afdafcc12", - "dBClusterIdentifier": "mydbinstance-priv-cluster", - "cACertificateIdentifier": "rds-ca-2017", - "dbInstancePort": 0.0, - "preferredBackupWindow": "21:42-22:12", - "dbiResourceId": "db-asdf234rfasdfasdfasdfas", - "deletionProtection": false, - "dBInstanceIdentifier": "mydbinstance-priv", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv", - "endpoint": { - "hostedZoneId": "Z1OCXXRO09ICTP", - "address": "mydbinstance-priv.23fasdf23dfads.us-gov-east-1.rds.amazonaws.com", - "port": 3306.0 - }, - "engine": "aurora", - "publiclyAccessible": false, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "multiAZ": false, - "domainMemberships": [], - "storageEncrypted": true, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-f714e69f", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [] - }, - "licenseModel": "general-public-license", - "preferredMaintenanceWindow": "tue:21:53-tue:22:23", - "storageType": "aurora", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": false - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv", - "tags": [ - { - "tag": "workload-type\\u003dother", - "value": "other", - "key": "workload-type" - } - ], - "resourceType": "AWS::RDS::DBInstance" - }, -] \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample2.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample2.json deleted file mode 100644 index 4de2cbc0..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample2.json +++ /dev/null @@ -1,492 +0,0 @@ -[ - { - "configuration": { - "allocatedStorage": 1.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.aurora5.6", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1b", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "5.6.10a", - "masterUsername": "admin", - "dBInstanceClass": "db.t2.small", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "creating", - "backupRetentionPeriod": 1.0, - "promotionTier": 1.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:aurora-5-6", - "status": "in-sync" - } - ], - "kmsKeyId": "arn:aws-us-gov:kms:us-gov-east-1:123456789012:key/c123f12f-12c1-1234-af01-1e1afdafcc12", - "dBClusterIdentifier": "mydbinstance-priv-cluster", - "dbInstancePort": 0.0, - "preferredBackupWindow": "21:42-22:12", - "dbiResourceId": "db-dfassadf23fdfas", - "deletionProtection": false, - "dBInstanceIdentifier": "mydbinstance-priv-us-gov-east-1b", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv-us-gov-east-1b", - "engine": "aurora", - "publiclyAccessible": false, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "multiAZ": false, - "domainMemberships": [], - "storageEncrypted": true, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-f714e69f", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [] - }, - "licenseModel": "general-public-license", - "preferredMaintenanceWindow": "fri:22:45-fri:23:15", - "storageType": "aurora", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": false - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv-us-gov-east-1b", - "tags": [], - "resourceType": "AWS::RDS::DBInstance" - }, - { - "configuration": { - "allocatedStorage": 20.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.mysql5.7", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1c", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "5.7.24", - "masterUsername": "admin", - "instanceCreateTime": "2019-11-20T21:59:38.781Z", - "dBInstanceClass": "db.t2.micro", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "available", - "backupRetentionPeriod": 0.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:mysql-5-7", - "status": "in-sync" - } - ], - "cACertificateIdentifier": "rds-ca-2017", - "dbInstancePort": 0.0, - "preferredBackupWindow": "21:06-21:36", - "dbiResourceId": "db-32dfasdfsf23e4234", - "deletionProtection": false, - "dBInstanceIdentifier": "mymysqldbinstance-pub", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mymysqldbinstance-pub", - "endpoint": { - "hostedZoneId": "Z1OCXXRO09ICTP", - "address": "mymysqldbinstance-pub.32r1adsfasdfa.us-gov-east-1.rds.amazonaws.com", - "port": 3306.0 - }, - "engine": "mysql", - "maxAllocatedStorage": 1000.0, - "publiclyAccessible": true, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "dBName": "mydbname", - "multiAZ": false, - "domainMemberships": [], - "storageEncrypted": false, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-015d198dd14f4f1ed", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [] - }, - "licenseModel": "general-public-license", - "preferredMaintenanceWindow": "sat:22:16-sat:22:46", - "storageType": "gp2", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": true - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mymysqldbinstance-pub", - "tags": [ - { - "tag": "workload-type\\u003dother", - "value": "other", - "key": "workload-type" - } - ], - "resourceType": "AWS::RDS::DBInstance" - }, - { - "configuration": { - "allocatedStorage": 20.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.sqlserver-ex-14.0", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1c", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "14.00.3223.3.v1", - "masterUsername": "amin", - "dBInstanceClass": "db.t2.micro", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "creating", - "backupRetentionPeriod": 0.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:sqlserver-ex-14-00", - "status": "in-sync" - } - ], - "dbInstancePort": 0.0, - "preferredBackupWindow": "17:30-18:00", - "dbiResourceId": "db-fasdfa234234dafasfas", - "deletionProtection": false, - "dBInstanceIdentifier": "mysqldbinstance-priv", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mysqldbinstance-priv", - "engine": "sqlserver-ex", - "maxAllocatedStorage": 1000.0, - "publiclyAccessible": false, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "multiAZ": false, - "characterSetName": "SQL_Latin1_General_CP1_CI_AS", - "domainMemberships": [], - "storageEncrypted": false, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-0d598ad8e2bf21967", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [], - "masterUserPassword": "****" - }, - "licenseModel": "license-included", - "preferredMaintenanceWindow": "thu:22:00-thu:22:30", - "storageType": "gp2", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": false - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mysqldbinstance-priv", - "tags": [], - "resourceType": "AWS::RDS::DBInstance" - }, - { - "configuration": { - "allocatedStorage": 1.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.aurora5.6", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1a", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "5.6.10a", - "masterUsername": "admin", - "instanceCreateTime": "2019-11-20T21:54:16.205Z", - "dBInstanceClass": "db.t2.small", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "available", - "backupRetentionPeriod": 1.0, - "promotionTier": 1.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:aurora-5-6", - "status": "in-sync" - } - ], - "kmsKeyId": "arn:aws-us-gov:kms:us-gov-east-1:123456789012:key/c123f12f-12c1-1234-af01-1e1afdafcc12", - "dBClusterIdentifier": "mydbinstance-priv-cluster", - "cACertificateIdentifier": "rds-ca-2017", - "dbInstancePort": 0.0, - "preferredBackupWindow": "21:42-22:12", - "dbiResourceId": "db-dfasf23rasdfasdfasdf", - "deletionProtection": false, - "dBInstanceIdentifier": "mydbinstance-priv", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv", - "endpoint": { - "hostedZoneId": "Z1OCXXRO09ICTP", - "address": "mydbinstance-priv.ckt8fknykow5.us-gov-east-1.rds.amazonaws.com", - "port": 3306.0 - }, - "engine": "aurora", - "publiclyAccessible": false, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "multiAZ": false, - "domainMemberships": [], - "storageEncrypted": true, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-f714e69f", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [] - }, - "licenseModel": "general-public-license", - "preferredMaintenanceWindow": "tue:21:53-tue:22:23", - "storageType": "aurora", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": false - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv", - "tags": [ - { - "tag": "workload-type\\u003dother", - "value": "other", - "key": "workload-type" - } - ], - "resourceType": "AWS::RDS::DBInstance" - }, - { - "configuration": { - "allocatedStorage": 20.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.sqlserver-ex-14.0", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1b", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "14.00.3223.3.v1", - "masterUsername": "admin", - "dBInstanceClass": "db.t2.micro", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "creating", - "backupRetentionPeriod": 0.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:sqlserver-ex-14-00", - "status": "in-sync" - } - ], - "dbInstancePort": 0.0, - "preferredBackupWindow": "23:29-23:59", - "dbiResourceId": "db-fasdf23r4fasdfasfasdf", - "deletionProtection": false, - "dBInstanceIdentifier": "mysqldbinstance-pub", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mysqldbinstance-pub", - "engine": "sqlserver-ex", - "maxAllocatedStorage": 1000.0, - "publiclyAccessible": false, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "multiAZ": false, - "characterSetName": "SQL_Latin1_General_CP1_CI_AS", - "domainMemberships": [], - "storageEncrypted": false, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-04f5ba8ece99c42e0", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [], - "masterUserPassword": "****" - }, - "licenseModel": "license-included", - "preferredMaintenanceWindow": "sat:20:56-sat:21:26", - "storageType": "gp2", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": true - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mysqldbinstance-pub", - "tags": [], - "resourceType": "AWS::RDS::DBInstance" - } -] \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_classic_elb.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_classic_elb.json deleted file mode 100644 index 996f8e7e..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_classic_elb.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "resourceName": "sampleClassicELB", - "arn": "arn:aws-us-gov:elasticloadbalancing:us-gov-east-1:123456789012:loadbalancer/my-test-loadbalancer", - "configuration": { - "canonicalHostedZoneNameID": "Z166TLBEWOO7G0", - "scheme": "internet-facing", - "policies": { - "lbcookieStickinessPolicies": [], - "appCookieStickinessPolicies": [], - "otherPolicies": [] - }, - "availabilityZones": [ - { - "value": "us-gov-east-1b" - }, - { - "value": "us-gov-east-1a" - }, - { - "value": "us-gov-east-1c" - } - ], - "backendServerDescriptions": [], - "sourceSecurityGroup": { - "ownerAlias": "123456789012", - "groupName": "default" - }, - "loadBalancerName": "my-test-loadbalancer", - "listenerDescriptions": [ - { - "listener": { - "instancePort": 80, - "instanceProtocol": "HTTP", - "protocol": "HTTP", - "loadBalancerPort": 80 - }, - "policyNames": [] - } - ], - "vpcid": "vpc-88e50ee1", - "dnsname": "my-test-loadbalancer-123415.us-gov-east-1.elb.amazonaws.com", - "createdTime": 1574121317790, - "subnets": [ - { - "value": "subnet-83cf26ea" - }, - { - "value": "subnet-917b51db" - }, - { - "value": "subnet-d95a51a1" - } - ], - "securityGroups": [ - { - "value": "sg-f714e69f" - } - ], - "canonicalHostedZoneName": "my-test-loadbalancer-1795943216.us-gov-east-1.elb.amazonaws.com" - }, - "tags": [ - { - "tag": "MyLB=IsClassic", - "value": "IsClassic", - "key": "MyLB" - } - ], - "resourceType": "AWS::ElasticLoadBalancing::LoadBalancer" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_dynamo_table.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_dynamo_table.json deleted file mode 100644 index dfc86292..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_dynamo_table.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "resourceName": "sampleDynamoDB", - "configuration": { - "attributeDefinitions": [ - { - "attributeType": "S", - "attributeName": "record-type" - } - ], - "keySchema": [ - { - "attributeName": "record-type", - "keyType": "HASH" - } - ], - "tableId": "c123f12f-12c1-1234-af01-1e1afdafcc12", - "provisionedThroughput": { - "numberOfDecreasesToday": 0.0, - "writeCapacityUnits": 5.0, - "readCapacityUnits": 5.0 - }, - "tableStatus": "ACTIVE", - "tableName": "my-temp-table", - "creationDateTime": "2019-11-20T16:36:54.455Z", - "tableArn": "arn:aws-us-gov:dynamodb:us-gov-east-1:123456789012:table/my-temp-table" - }, - "arn": "arn:aws-us-gov:dynamodb:us-gov-east-1:123456789012:table/my-temp-table", - "tags": [ - { - "tag": "mytag\\u003dvalue", - "value": "value", - "key": "mytag" - } - ], - "resourceType": "AWS::DynamoDB::Table" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_ec2.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_ec2.json deleted file mode 100644 index dc0213ac..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_ec2.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "resourceName": "sampleEC2", - "configuration": { - "subnetId": "subnet-83cf26ea", - "virtualizationType": "hvm", - "capacityReservationSpecification": { - "capacityReservationPreference": "open" - }, - "amiLaunchIndex": 0, - "enaSupport": true, - "elasticInferenceAcceleratorAssociations": [], - "sourceDestCheck": true, - "hibernationOptions": { - "configured": false - }, - "instanceId": "i-03cbdcb2bb8425d47", - "vpcId": "vpc-88e50ee1", - "hypervisor": "xen", - "rootDeviceName": "/dev/xvda", - "productCodes": [], - "state": { - "code": "16", - "name": "running" - }, - "architecture": "x86_64", - "ebsOptimized": true, - "imageId": "ami-6e92711f", - "blockDeviceMappings": [ - { - "ebs": { - "volumeId": "vol-083ba735bb011e5c8", - "deleteOnTermination": true, - "attachTime": "2019-11-19T16:20:24.000Z", - "status": "attached" - }, - "deviceName": "/dev/xvda" - } - ], - "publicIpAddress": "11.111.111.111", - "stateTransitionReason": "", - "clientToken": "", - "instanceType": "t3.micro", - "cpuOptions": { - "threadsPerCore": 2, - "coreCount": 1 - }, - "monitoring": { - "state": "disabled" - }, - "publicDnsName": "ec2-11-111-111-111.us-gov-east-1.compute.amazonaws.com", - "iamInstanceProfile": { - "id": "AIPAXGYJARCHP3CJJFWOF", - "arn": "arn:aws-us-gov:iam::123456789012:instance-profile/SsmManagedInstance" - }, - "privateIpAddress": "172.31.0.188", - "rootDeviceType": "ebs", - "tags": [ - { - "value": "True", - "key": "IsIsolated" - } - ], - "launchTime": "2019-11-19T16:20:24.000Z", - "elasticGpuAssociations": [], - "licenses": [], - "networkInterfaces": [ - { - "networkInterfaceId": "eni-09ca92d35e333fa1b", - "privateIpAddresses": [ - { - "association": { - "ipOwnerId": "amazon", - "publicIp": "11.111.111.111", - "publicDnsName": "ec2-11-111-111-111.us-gov-east-1.compute.amazonaws.com" - }, - "privateDnsName": "ip-172-31-0-188.us-gov-east-1.compute.internal", - "privateIpAddress": "172.31.0.188", - "primary": true - } - ], - "subnetId": "subnet-83cf26ea", - "association": { - "ipOwnerId": "amazon", - "publicIp": "11.111.111.111", - "publicDnsName": "ec2-11-111-111-111.us-gov-east-1.compute.amazonaws.com" - }, - "description": "", - "groups": [ - { - "groupName": "default", - "groupId": "sg-f714e69f" - } - ], - "ipv6Addresses": [], - "ownerId": "123456789012", - "sourceDestCheck": true, - "privateIpAddress": "172.31.0.188", - "interfaceType": "interface", - "macAddress": "06:d1:af:2f:a4:46", - "attachment": { - "attachmentId": "eni-attach-015730ee59e442f05", - "deleteOnTermination": true, - "deviceIndex": 0, - "attachTime": "2019-11-19T16:20:24.000Z", - "status": "attached" - }, - "vpcId": "vpc-88e50ee1", - "privateDnsName": "ip-172-31-0-188.us-gov-east-1.compute.internal", - "status": "in-use" - } - ], - "privateDnsName": "ip-172-31-0-188.us-gov-east-1.compute.internal", - "securityGroups": [ - { - "groupName": "default", - "groupId": "sg-f714e69f" - } - ], - "placement": { - "groupName": "", - "tenancy": "default", - "availabilityZone": "us-gov-east-1a" - } - }, - "tags": [ - { - "tag": "IsIsolated=True", - "value": "True", - "key": "IsIsolated" - } - ], - "resourceType": "AWS::EC2::Instance" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_es.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_es.json deleted file mode 100644 index 03b72a0e..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_es.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "version": "1.3", - "accountId": "123456789", - "configurationItemCaptureTime": "2021-07-08T20:42:22.993Z", - "configurationItemStatus": "OK", - "configurationStateId": "0987654321", - "configurationItemMD5Hash": "", - "arn": "arn:aws:es:us-west-2:123456789:domain/my-elasticsearch", - "resourceType": "AWS::Elasticsearch::Domain", - "resourceId": "123456789/my-elasticsearch", - "resourceName": "my-elasticsearch", - "awsRegion": "us-west-2", - "availabilityZone": "Multiple Availability Zones", - "tags": { - "Environment": "custom" - }, - "relatedEvents": [], - "relationships": [], - "configuration": { - "domainId": "123456789/my-elasticsearch", - "domainName": "my-elasticsearch", - "created": true, - "deleted": false, - "endpoints": { - "vpc": "vpc-my-elasticsearch-vpcid.us-west-2.es.amazonaws.com" - }, - "processing": false, - "upgradeProcessing": false, - "elasticsearchVersion": "7.10", - "elasticsearchClusterConfig": { - "instanceType": "t3.medium.elasticsearch", - "instanceCount": 1, - "dedicatedMasterEnabled": false, - "zoneAwarenessEnabled": false, - "warmEnabled": false, - "coldStorageOptions": { - "enabled": false - } - }, - "accessPolicies": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"*\",\"Resource\":\"*\"}]}", - "snapshotOptions": { - "automatedSnapshotStartHour": 0 - }, - "cognitoOptions": { - "enabled": false - }, - "encryptionAtRestOptions": { - "enabled": false - }, - "nodeToNodeEncryptionOptions": { - "enabled": true - }, - "advancedOptions": { - "rest.action.multi.allow_explicit_index": "true" - }, - "logPublishingOptions": { - "ES_APPLICATION_LOGS": { - "cloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-2:123456789:log-group:/logs:*", - "enabled": true - } - }, - "serviceSoftwareOptions": { - "currentVersion": "R20210426", - "newVersion": "R20210426-P2", - "updateAvailable": true, - "cancellable": false, - "updateStatus": "ELIGIBLE", - "description": "A new software release R20210426-P2 is available. This release will be automatically deployed if no action is taken.", - "automatedUpdateDate": 1625731585000, - "optionalDeployment": false - }, - "domainEndpointOptions": { - "enforceHTTPS": false, - "customEndpointEnabled": false, - "tlssecurityPolicy": "Policy-Min-TLS-1-0-2019-07" - }, - "advancedSecurityOptions": { - "enabled": false, - "internalUserDatabaseEnabled": false - }, - "autoTuneOptions": { - "state": "ENABLE_IN_PROGRESS" - }, - "arn": "arn:aws:es:us-west-2:123456789:domain/my-elasticsearch", - "ebsoptions": { - "volumeType": "gp2", - "volumeSize": 50, - "ebsenabled": true - }, - "vpcoptions": { - "subnetIds": [ - "subnet-abcdefghijklmnop" - ], - "availabilityZones": [ - "us-west-2b" - ], - "securityGroupIds": [ - "sg-abcdefghijklmnop" - ], - "vpcid": "vpc-abcdefghijklmnop" - } - }, - "supplementaryConfiguration": { - "Tags": [ - ] - }, - "resourceTransitionStatus": "None" -} diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_lambda_function.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_lambda_function.json deleted file mode 100644 index ba56694d..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_lambda_function.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "version": "1.3", - "accountId": "123456789", - "configurationItemCaptureTime": "2021-02-18T23:22:10.603Z", - "configurationItemStatus": "ResourceDiscovered", - "configurationStateId": "12345", - "configurationItemMD5Hash": "", - "arn": "arn:aws:lambda:us-west-2:123456789:function:InventoryCollector", - "resourceType": "AWS::Lambda::Function", - "resourceId": "InventoryCollector", - "resourceName": "InventoryCollector", - "awsRegion": "us-west-2", - "availabilityZone": "Not Applicable", - "tags": { - "aws:cloudformation:stack-name": "fedramp-stack", - "aws:cloudformation:stack-id": "arn:aws:cloudformation:us-west-2:123456789:stack/fedramp-stack/62db7360-723e-11eb-a7ab-06b1b80a4e11", - "aws:cloudformation:logical-id": "InventoryCollectorLambda" - }, - "relatedEvents": [], - "relationships": [ - { - "resourceType": "AWS::IAM::Role", - "resourceName": "InventoryCollectorLambdaExecuteRole", - "relationshipName": "Is associated with " - } - ], - "configuration": { - "functionName": "InventoryCollector", - "functionArn": "arn:aws:lambda:us-west-2:123456789:function:InventoryCollector", - "runtime": "python3.8", - "role": "arn:aws:iam::123456789:role/InventoryCollectorLambdaExecuteRole", - "handler": "inventory.handler.lambda_handler", - "codeSize": 9542306, - "description": "", - "timeout": 900, - "memorySize": 128, - "lastModified": "2021-02-18T23:11:18.936+0000", - "codeSha256": "9USjof7eQeundTr3NmcXcIq/8XaGk+kAzJKib0mHRbs=", - "version": "$LATEST", - "tracingConfig": { - "mode": "PassThrough" - }, - "revisionId": "a73f18f8-55d1-4e22-a277-f7905be039b4", - "layers": [], - "state": "Active", - "lastUpdateStatus": "Successful", - "fileSystemConfigs": [], - "packageType": "Zip" - }, - "supplementaryConfiguration": { - "Policy": "{\"Version\":\"2012-10-17\",\"Id\":\"default\",\"Statement\":[{\"Sid\":\"fedramp-stack-PermissionForEventsToInvokeLambda-Y17BYAE61UZ6\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"events.amazonaws.com\"},\"Action\":\"lambda:InvokeFunction\",\"Resource\":\"arn:aws:lambda:us-west-2:123456789:function:InventoryCollector\",\"Condition\":{\"ArnLike\":{\"AWS:SourceArn\":\"arn:aws:events:us-west-2:123456789:rule/InventoryCollector-ScheduleExpression\"}}}]}", - "Tags": { - "aws:cloudformation:stack-name": "fedramp-stack", - "aws:cloudformation:stack-id": "arn:aws:cloudformation:us-west-2:123456789:stack/fedramp-stack/62db7360-723e-11eb-a7ab-06b1b80a4e11", - "aws:cloudformation:logical-id": "InventoryCollectorLambda" - } - }, - "resourceTransitionStatus": "None" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_rds_db.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_rds_db.json deleted file mode 100644 index 5c144de5..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_rds_db.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "resourceName": "samplevrdsDB", - "configuration": { - "allocatedStorage": 1.0, - "enabledCloudwatchLogsExports": [], - "readReplicaDBClusterIdentifiers": [], - "associatedRoles": [], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.aurora5.6", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-gov-east-1b", - "dBSecurityGroups": [], - "statusInfos": [], - "engineVersion": "5.6.10a", - "masterUsername": "admin", - "dBInstanceClass": "db.t2.small", - "processorFeatures": [], - "readReplicaDBInstanceIdentifiers": [], - "monitoringInterval": 0.0, - "dBInstanceStatus": "creating", - "backupRetentionPeriod": 1.0, - "promotionTier": 1.0, - "optionGroupMemberships": [ - { - "optionGroupName": "default:aurora-5-6", - "status": "in-sync" - } - ], - "kmsKeyId": "arn:aws-us-gov:kms:us-gov-east-1:123456789012:key/c123f12f-12c1-1234-af01-1e1afdafcc12", - "dBClusterIdentifier": "mydbinstance-priv-cluster", - "dbInstancePort": 0.0, - "preferredBackupWindow": "21:42-22:12", - "dbiResourceId": "db-fasfda23r4fasdfasdfasdf", - "deletionProtection": false, - "dBInstanceIdentifier": "mydbinstance-priv-us-gov-east-1b", - "dBInstanceArn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv-us-gov-east-1b", - "engine": "aurora", - "publiclyAccessible": false, - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": false, - "multiAZ": false, - "domainMemberships": [], - "storageEncrypted": true, - "dBSubnetGroup": { - "vpcId": "vpc-88e50ee1", - "subnets": [ - { - "subnetIdentifier": "subnet-d95a51a1", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1b" - } - }, - { - "subnetIdentifier": "subnet-83cf26ea", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1a" - } - }, - { - "subnetIdentifier": "subnet-917b51db", - "subnetStatus": "Active", - "subnetAvailabilityZone": { - "name": "us-gov-east-1c" - } - } - ], - "subnetGroupStatus": "Complete", - "dBSubnetGroupName": "default", - "dBSubnetGroupDescription": "default" - }, - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-f714e69f", - "status": "active" - } - ], - "pendingModifiedValues": { - "processorFeatures": [] - }, - "licenseModel": "general-public-license", - "preferredMaintenanceWindow": "fri:22:45-fri:23:15", - "storageType": "aurora", - "autoMinorVersionUpgrade": true, - "copyTagsToSnapshot": false - }, - "arn": "arn:aws-us-gov:rds:us-gov-east-1:123456789012:db:mydbinstance-priv-us-gov-east-1b", - "tags": [], - "resourceType": "AWS::RDS::DBInstance" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_rds_instance.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_rds_instance.json deleted file mode 100644 index adf355ab..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_rds_instance.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "version": "1.3", - "accountId": "123456789", - "configurationItemCaptureTime": "2021-02-23T16:22:06.705Z", - "configurationItemStatus": "ResourceDiscovered", - "configurationStateId": "123456789", - "configurationItemMD5Hash": "", - "arn": "arn:aws:rds:us-west-2:123456789:db:database-1-instance-1", - "resourceType": "AWS::RDS::DBInstance", - "resourceId": "db-ABCDEFGHIJKLMNOPQRSTUVWXYZ", - "resourceName": "database-1-instance-1", - "awsRegion": "us-west-2", - "availabilityZone": "us-west-2a", - "resourceCreationTime": "2021-02-23T16:17:07.900Z", - "tags": {}, - "relatedEvents": [], - "relationships": [ - { - "resourceType": "AWS::RDS::DBSubnetGroup", - "resourceId": "default-vpc-123456789", - "relationshipName": "Is associated with DBSubnetGroup" - }, - { - "resourceType": "AWS::EC2::SecurityGroup", - "resourceId": "sg-123456789", - "relationshipName": "Is associated with SecurityGroup" - } - ], - "configuration": { - "dBInstanceIdentifier": "database-1-instance-1", - "dBInstanceClass": "db.r5.large", - "engine": "aurora-mysql", - "dBInstanceStatus": "available", - "masterUsername": "admin", - "endpoint": { - "address": "database-1-instance-1.abcdefg.us-west-2.rds.amazonaws.com", - "port": 3306, - "hostedZoneId": "ASDJSJKSDNBAJKSD" - }, - "allocatedStorage": 1, - "instanceCreateTime": "2021-02-23T16:17:07.900Z", - "preferredBackupWindow": "11:22-11:52", - "backupRetentionPeriod": 1, - "dBSecurityGroups": [], - "vpcSecurityGroups": [ - { - "vpcSecurityGroupId": "sg-123456789", - "status": "active" - } - ], - "dBParameterGroups": [ - { - "dBParameterGroupName": "default.aurora-mysql5.7", - "parameterApplyStatus": "in-sync" - } - ], - "availabilityZone": "us-west-2a", - "dBSubnetGroup": { - "dBSubnetGroupName": "default-vpc-123456789", - "dBSubnetGroupDescription": "Created from the RDS Management Console", - "vpcId": "vpc-123456789", - "subnetGroupStatus": "Complete", - "subnets": [ - { - "subnetIdentifier": "subnet-123456789", - "subnetAvailabilityZone": { - "name": "us-west-2c" - }, - "subnetOutpost": {}, - "subnetStatus": "Active" - }, - { - "subnetIdentifier": "subnet-123456789", - "subnetAvailabilityZone": { - "name": "us-west-2a" - }, - "subnetOutpost": {}, - "subnetStatus": "Active" - }, - { - "subnetIdentifier": "subnet-123456789", - "subnetAvailabilityZone": { - "name": "us-west-2b" - }, - "subnetOutpost": {}, - "subnetStatus": "Active" - }, - { - "subnetIdentifier": "subnet-123456789", - "subnetAvailabilityZone": { - "name": "us-west-2d" - }, - "subnetOutpost": {}, - "subnetStatus": "Active" - } - ] - }, - "preferredMaintenanceWindow": "tue:07:47-tue:08:17", - "pendingModifiedValues": { - "processorFeatures": [] - }, - "multiAZ": false, - "engineVersion": "5.7.mysql_aurora.2.07.2", - "autoMinorVersionUpgrade": true, - "readReplicaDBInstanceIdentifiers": [], - "readReplicaDBClusterIdentifiers": [], - "licenseModel": "general-public-license", - "optionGroupMemberships": [ - { - "optionGroupName": "default:aurora-mysql-5-7", - "status": "in-sync" - } - ], - "publiclyAccessible": false, - "statusInfos": [], - "storageType": "aurora", - "dbInstancePort": 0, - "dBClusterIdentifier": "database-1", - "storageEncrypted": true, - "kmsKeyId": "arn:aws:kms:us-west-2:123456789:key/abc-def-ghi-jkl", - "dbiResourceId": "db-123456789", - "cACertificateIdentifier": "rds-ca-123456789", - "domainMemberships": [], - "copyTagsToSnapshot": false, - "monitoringInterval": 60, - "enhancedMonitoringResourceArn": "arn:aws:logs:us-west-2:123456789:log-group:RDSOSMetrics:log-stream:db-123456789", - "monitoringRoleArn": "arn:aws:iam::123456789:role/rds-monitoring-role", - "promotionTier": 1, - "dBInstanceArn": "arn:aws:rds:us-west-2:123456789:db:database-1-instance-1", - "iAMDatabaseAuthenticationEnabled": false, - "performanceInsightsEnabled": true, - "performanceInsightsKMSKeyId": "arn:aws:kms:us-west-2:123456789:key/abc-def-ghi-jkl", - "performanceInsightsRetentionPeriod": 7, - "enabledCloudwatchLogsExports": [], - "processorFeatures": [], - "deletionProtection": false, - "associatedRoles": [], - "tagList": [] - }, - "supplementaryConfiguration": { - "Tags": [] - }, - "resourceTransitionStatus": "None" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_route_table.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_route_table.json deleted file mode 100644 index 40175b80..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_route_table.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "version": "1.3", - "accountId": "123456789", - "configurationItemCaptureTime": "2021-02-19T16:13:14.033Z", - "configurationItemStatus": "OK", - "configurationStateId": "123456789", - "configurationItemMD5Hash": "", - "arn": "arn:aws:ec2:us-west-2:123456789:route-table/rtb-123456789", - "resourceType": "AWS::EC2::RouteTable", - "resourceId": "rtb-123456789", - "awsRegion": "us-west-2", - "availabilityZone": "Not Applicable", - "tags": {}, - "relatedEvents": [], - "relationships": [ - { - "resourceType": "AWS::EC2::VPC", - "resourceId": "vpc-12345678", - "relationshipName": "Is contained in Vpc" - }, - { - "resourceType": "AWS::EC2::Subnet", - "resourceId": "subnet-12345678", - "relationshipName": "Contains Subnet" - } - ], - "configuration": { - "associations": [ - { - "main": false, - "routeTableAssociationId": "rtbassoc-123456789", - "routeTableId": "rtb-123456789", - "subnetId": "subnet-123456789", - "associationState": { - "state": "associated" - } - }, - { - "main": true, - "routeTableAssociationId": "rtbassoc-12345678", - "routeTableId": "rtb-123456789", - "associationState": { - "state": "associated" - } - } - ], - "propagatingVgws": [], - "routeTableId": "rtb-123456789", - "routes": [ - { - "destinationCidrBlock": "111.11.11.11/11", - "gatewayId": "local", - "origin": "CreateRouteTable", - "state": "active" - }, - { - "destinationCidrBlock": "0.0.0.0/0", - "gatewayId": "igw-123456789", - "origin": "CreateRoute", - "state": "active" - } - ], - "tags": [], - "vpcId": "vpc-12345678", - "ownerId": "123456789" - }, - "supplementaryConfiguration": {}, - "resourceTransitionStatus": "None" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_s3.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_s3.json deleted file mode 100644 index d81fc750..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_s3.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "version": "1.3", - "accountId": "123456789", - "configurationItemCaptureTime": "2021-02-16T19:42:38.705Z", - "configurationItemStatus": "ResourceDiscovered", - "configurationStateId": "123456789", - "configurationItemMD5Hash": "", - "arn": "arn:aws:s3:::fedramp-bucket", - "resourceType": "AWS::S3::Bucket", - "resourceId": "fedramp-bucket", - "resourceName": "fedramp-bucket", - "awsRegion": "us-west-2", - "availabilityZone": "Regional", - "resourceCreationTime": "2021-02-16T19:29:10.000Z", - "tags": {}, - "relatedEvents": [], - "relationships": [], - "configuration": { - "name": "fedramp-bucket", - "owner": { - "id": "abcdefghijklmnopqrstuvwxyz" - }, - "creationDate": "2021-02-16T19:29:10.000Z" - }, - "supplementaryConfiguration": { - "AccessControlList": "{\"grantSet\":null,\"grantList\":[{\"grantee\":{\"id\":\"abcdefghijklmnopqrstuvwxyz2\",\"displayName\":null},\"permission\":\"FullControl\"}],\"owner\":{\"displayName\":null,\"id\":\"abcdefghijklmnopqrstuvwxyz3\"},\"isRequesterCharged\":false}", - "PublicAccessBlockConfiguration": { - "blockPublicAcls": true, - "ignorePublicAcls": true, - "blockPublicPolicy": true, - "restrictPublicBuckets": true - }, - "BucketLoggingConfiguration": { - "destinationBucketName": null, - "logFilePrefix": null - }, - "BucketPolicy": { - "policyText": null - }, - "BucketAccelerateConfiguration": { - "status": null - }, - "IsRequesterPaysEnabled": false, - "BucketVersioningConfiguration": { - "status": "Off", - "isMfaDeleteEnabled": null - }, - "BucketNotificationConfiguration": { - "configurations": {} - } - }, - "resourceTransitionStatus": "None" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_v2elb.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_v2elb.json deleted file mode 100644 index d1bda9ab..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_v2elb.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "resourceName": "samplev2elb", - "configuration": { - "loadBalancerArn": "arn:aws-us-gov:elasticloadbalancing:us-gov-east-1:123456789012:loadbalancer/net/nlb/f9ad7b767f625655", - "scheme": "internet-facing", - "loadBalancerName": "nlb", - "canonicalHostedZoneId": "Z1ZSMQQ6Q24QQ8", - "vpcId": "vpc-12341234", - "createdTime": "2019-11-20T11:23:16.516Z", - "availabilityZones": [ - { - "subnetId": "subnet-83cf26ea", - "zoneName": "us-gov-east-1a", - "loadBalancerAddresses": [ - {} - ] - }, - { - "subnetId": "subnet-d95a51a1", - "zoneName": "us-gov-east-1b", - "loadBalancerAddresses": [ - { "ipAddress": "11.111.111.111"} - ] - } - ], - "securityGroups": [], - "dNSName": "nlb-f9ad7b767f625655.elb.us-gov-east-1.amazonaws.com", - "state": { - "code": "active" - }, - "type": "network", - "ipAddressType": "ipv4" - }, - "arn": "arn:aws-us-gov:elasticloadbalancing:us-gov-east-1:123456789012:loadbalancer/net/nlb/f9ad7b767f625655", - "tags": [], - "resourceType": "AWS::ElasticLoadBalancingV2::LoadBalancer" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_vpc.json b/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_vpc.json deleted file mode 100644 index e3a47ac3..00000000 --- a/fedramp-integrated-inventory-workbook/tests/sample_config_query_results/sample_vpc.json +++ /dev/null @@ -1,89 +0,0 @@ -{ - "version": "1.3", - "accountId": "123456789", - "configurationItemCaptureTime": "2021-02-17T22:13:00.257Z", - "configurationItemStatus": "OK", - "configurationStateId": "123456", - "configurationItemMD5Hash": "", - "arn": "arn:aws:ec2:us-west-2:123456789:vpc/vpc-12345", - "resourceType": "AWS::EC2::VPC", - "resourceId": "vpc-12345", - "awsRegion": "us-west-2", - "availabilityZone": "Multiple Availability Zones", - "tags": {}, - "relatedEvents": [], - "relationships": [ - { - "resourceType": "AWS::EC2::Instance", - "resourceId": "i-12345", - "relationshipName": "Contains Instance" - }, - { - "resourceType": "AWS::EC2::RouteTable", - "resourceId": "rtb-12345", - "relationshipName": "Contains RouteTable" - }, - { - "resourceType": "AWS::EC2::Subnet", - "resourceId": "subnet-12345", - "relationshipName": "Contains Subnet" - }, - { - "resourceType": "AWS::EC2::Subnet", - "resourceId": "subnet-12345", - "relationshipName": "Contains Subnet" - }, - { - "resourceType": "AWS::EC2::Subnet", - "resourceId": "subnet-12345", - "relationshipName": "Contains Subnet" - }, - { - "resourceType": "AWS::EC2::NetworkAcl", - "resourceId": "acl-12345", - "relationshipName": "Contains NetworkAcl" - }, - { - "resourceType": "AWS::EC2::InternetGateway", - "resourceId": "igw-12345", - "relationshipName": "Is attached to InternetGateway" - }, - { - "resourceType": "AWS::EC2::NetworkInterface", - "resourceId": "eni-1234", - "relationshipName": "Contains NetworkInterface" - }, - { - "resourceType": "AWS::EC2::Subnet", - "resourceId": "subnet-1234", - "relationshipName": "Contains Subnet" - }, - { - "resourceType": "AWS::EC2::SecurityGroup", - "resourceId": "sg-1234", - "relationshipName": "Contains SecurityGroup" - } - ], - "configuration": { - "cidrBlock": "111.11.11.11", - "dhcpOptionsId": "dopt-1234", - "state": "available", - "vpcId": "vpc-12345", - "ownerId": "123456789", - "instanceTenancy": "default", - "ipv6CidrBlockAssociationSet": [], - "cidrBlockAssociationSet": [ - { - "associationId": "vpc-cidr-assoc-12345", - "cidrBlock": "111.11.11.11", - "cidrBlockState": { - "state": "associated" - } - } - ], - "isDefault": true, - "tags": [] - }, - "supplementaryConfiguration": {}, - "resourceTransitionStatus": "None" -} \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/test_dynamo_table_mapper.py b/fedramp-integrated-inventory-workbook/tests/test_dynamo_table_mapper.py deleted file mode 100644 index 5c7f8a13..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_dynamo_table_mapper.py +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env python -# AWS DISCLAMER -# --- - -# The following files are provided by AWS Professional Services describe the process to create a IAM Policy with description. - -# These are non-production ready and are to be used for testing purposes. - -# These files is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES -# OR CONDITIONS OF ANY KIND, either express or implied. See the License -# for the specific language governing permissions and limitations under the License. - -# (c) 2019 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. -# This AWS Content is provided subject to the terms of the AWS Customer Agreement available at -# http://aws.amazon.com/agreement or other written agreement between Customer and Amazon Web Services, Inc.​ -import json -import os -import pytest -from inventory.mappers import DynamoDbTableDataMapper - -@pytest.fixture() -def full_dynamo_config(): - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_dynamo_table.json")) as file_data: - file_contents = file_data.read() - - return json.loads(file_contents) - -def test_given_dynamo_table_then_base_attributes_mapped(full_dynamo_config): - mapper = DynamoDbTableDataMapper() - - mapped_result = mapper.map(full_dynamo_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].unique_id == full_dynamo_config["arn"], "ARN should be mapped to unique id" diff --git a/fedramp-integrated-inventory-workbook/tests/test_ec2_mapper.py b/fedramp-integrated-inventory-workbook/tests/test_ec2_mapper.py deleted file mode 100644 index d67a4816..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_ec2_mapper.py +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/env python -# AWS DISCLAMER -# --- - -# The following files are provided by AWS Professional Services describe the process to create a IAM Policy with description. - -# These are non-production ready and are to be used for testing purposes. - -# These files is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES -# OR CONDITIONS OF ANY KIND, either express or implied. See the License -# for the specific language governing permissions and limitations under the License. - -# (c) 2019 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. -# This AWS Content is provided subject to the terms of the AWS Customer Agreement available at -# http://aws.amazon.com/agreement or other written agreement between Customer and Amazon Web Services, Inc.​ -import json -import os -import pytest -from inventory.mappers import EC2DataMapper - -@pytest.fixture() -def full_ec2_config(): - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_ec2.json")) as file_data: - file_contents = file_data.read() - - return json.loads(file_contents) - -def test_given_resource_type_is_not_ec2_then_empty_array_is_returned(full_ec2_config): - full_ec2_config["resourceType"] = "NOT EC2" - - mapper = EC2DataMapper() - - assert mapper.map(full_ec2_config) == [] - -def test_given_isntance_has_no_public_dns_ec2_then_dns_private_dns_is_used(full_ec2_config): - del(full_ec2_config["configuration"]["publicDnsName"]) - del(full_ec2_config["configuration"]["networkInterfaces"][0]["privateIpAddresses"][0]["association"]) - - mapper = EC2DataMapper() - - mapped_result = mapper.map(full_ec2_config) - - assert len(mapped_result) == 1, "One row was expected" - assert mapped_result[0].dns_name == full_ec2_config["configuration"]["privateDnsName"], "Private DNS should be used if public DNS is not available" - -def test_given_isntance_has_blank_public_dns_ec2_then_dns_private_dns_is_used(full_ec2_config): - full_ec2_config["configuration"]["publicDnsName"] = "" - del(full_ec2_config["configuration"]["networkInterfaces"][0]["privateIpAddresses"][0]["association"]) - - mapper = EC2DataMapper() - - mapped_result = mapper.map(full_ec2_config) - - assert len(mapped_result) == 1, "One row was expected" - assert mapped_result[0].dns_name == full_ec2_config["configuration"]["privateDnsName"], "Private DNS should be used if public DNS is not available" - -def test_given_isntance_has_with_public_dns_ec2_then_dns_public_dns_is_used(full_ec2_config): - full_ec2_config["configuration"]["publicDnsName"] = "example.com" - - mapper = EC2DataMapper() - - mapped_result = mapper.map(full_ec2_config) - - assert len(mapped_result) == 1, "One row is expected. Two IP addresses are expected, one for the public IP and one for the private IP" - assert mapped_result[0].dns_name == full_ec2_config["configuration"]["publicDnsName"], "Public DNS should be used if public DNS is available" - -def test_given_ec2_instance_with_no_public_ip_then_one_item_returned(full_ec2_config): - del(full_ec2_config["configuration"]["networkInterfaces"][0]["privateIpAddresses"][0]["association"]) - - mapper = EC2DataMapper() - - mapped_result = mapper.map(full_ec2_config) - - assert len(mapped_result) == 1, "One row was expected since instance only has one private IP" - assert mapped_result[0].ip_address == full_ec2_config["configuration"]["networkInterfaces"][0]["privateIpAddresses"][0]["privateIpAddress"], "IP Address should match what was returned from config" - -def test_given_ec2_instance_with_public_ip_then_two_items_returned(full_ec2_config): - mapper = EC2DataMapper() - - mapped_result = mapper.map(full_ec2_config) - - assert len(mapped_result) == 1, "One row is expected. Two IP addresses are expected, one for the public IP and one for the private IP" - - # Make sure both ip addresses are in the mapping - privateIp, publicIp = mapped_result[0].ip_address.split(',') - assert full_ec2_config["configuration"]["networkInterfaces"][0]["privateIpAddresses"][0]["privateIpAddress"] == privateIp - assert full_ec2_config["configuration"]["networkInterfaces"][0]["privateIpAddresses"][0]["association"]["publicIp"] == publicIp - -def test_given_ec2_instance_with_public_dns_name_then_asset_is_marked_as_public(full_ec2_config): - mapper = EC2DataMapper() - - mapped_result = mapper.map(full_ec2_config) - - assert len(mapped_result) == 1, "One row is expected. Two IP addresses are expected, one for the public IP and one for the private IP" - assert mapped_result[0].is_public == "Yes", "Instance should have been marked public since it has a public DNS name" diff --git a/fedramp-integrated-inventory-workbook/tests/test_elastic_search_mapper.py b/fedramp-integrated-inventory-workbook/tests/test_elastic_search_mapper.py deleted file mode 100644 index 87c87b22..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_elastic_search_mapper.py +++ /dev/null @@ -1,36 +0,0 @@ -import json -import os -import pytest -from inventory.mappers import ElasticSearchDataMapper - -@pytest.fixture() -def full_es_config(): - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_es.json")) as file_data: - file_contents = file_data.read() - - return json.loads(file_contents) - -def test_given_elastic_search_then_base_attributes_mapped(full_es_config): - mapper = ElasticSearchDataMapper() - - mapped_result = mapper.map(full_es_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].unique_id == full_es_config["arn"], "ARN should be mapped to unique id" - -def test_given_elastic_search_then_configuration_noted(full_es_config): - mapper = ElasticSearchDataMapper() - - mapped_result = mapper.map(full_es_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].baseline_config == full_es_config["configuration"]["elasticsearchVersion"], "ElasticSearch version should be noted" - -def test_given_elastic_search_then_user_friendly_name_recorded(full_es_config): - mapper = ElasticSearchDataMapper() - - mapped_result = mapper.map(full_es_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].asset_tag == full_es_config["resourceName"], "ElasticSearch resource name should be noted" - diff --git a/fedramp-integrated-inventory-workbook/tests/test_elb_mapper.py b/fedramp-integrated-inventory-workbook/tests/test_elb_mapper.py deleted file mode 100644 index e60d02b0..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_elb_mapper.py +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/env python -# AWS DISCLAMER -# --- - -# The following files are provided by AWS Professional Services describe the process to create a IAM Policy with description. - -# These are non-production ready and are to be used for testing purposes. - -# These files is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES -# OR CONDITIONS OF ANY KIND, either express or implied. See the License -# for the specific language governing permissions and limitations under the License. - -# (c) 2019 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. -# This AWS Content is provided subject to the terms of the AWS Customer Agreement available at -# http://aws.amazon.com/agreement or other written agreement between Customer and Amazon Web Services, Inc.​ -import json -import os -import pytest -from inventory.mappers import ElbDataMapper - -@pytest.fixture() -def full_classic_elb_config(): - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_classic_elb.json")) as file_data: - file_contents = file_data.read() - - return json.loads(file_contents) - -def test_given_classic_elb_then_base_attributes_mapped(full_classic_elb_config): - mapper = ElbDataMapper() - - mapped_result = mapper.map(full_classic_elb_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].unique_id == full_classic_elb_config["arn"], "ARN should be mapped to unique id" - assert mapped_result[0].network_id == full_classic_elb_config["configuration"]["vpcid"], "VPC ID should be mapped to network id" - -def test_given_resource_type_is_not_classic_elb_then_empty_array_is_returned(full_classic_elb_config): - full_classic_elb_config["resourceType"] = "NOT ELB" - - mapper = ElbDataMapper() - - assert mapper.map(full_classic_elb_config) == [] - -def test_given_internet_facing_classic_elb_then_it_is_mapped_as_public(full_classic_elb_config): - mapper = ElbDataMapper() - - mapped_result = mapper.map(full_classic_elb_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].is_public == "Yes", "ELB should have been marked as public given internet facing scheme" - -def test_given_internal_classic_elb_then_it_is_not_mapped_as_public(full_classic_elb_config): - full_classic_elb_config["configuration"]["scheme"] = "internal" - - mapper = ElbDataMapper() - - mapped_result = mapper.map(full_classic_elb_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].is_public == "No", "ELB should have been marked as private" - -_sample_v2elb_file_contents = None - -@pytest.fixture -def full_v2elb_config(): - global _sample_v2elb_file_contents - - if not _sample_v2elb_file_contents: - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_v2elb.json")) as file_data: - _sample_v2elb_file_contents = file_data.read() - - return json.loads(_sample_v2elb_file_contents) - -def test_given_v2elb_then_base_attributes_mapped(full_v2elb_config): - mapper = ElbDataMapper() - - mapped_result = mapper.map(full_v2elb_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].unique_id == full_v2elb_config["arn"], "ARN should be mapped to unique id" - assert mapped_result[0].network_id == full_v2elb_config["configuration"]["vpcId"], "VPC ID should be mapped to network id" - -def test_given_internet_facing_v2elb_then_it_is_mapped_as_public(full_v2elb_config): - mapper = ElbDataMapper() - - mapped_result = mapper.map(full_v2elb_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].is_public == "Yes", "ELB should have been marked as public given internet facing scheme" - -def test_given_internal_v2elb_then_it_is_not_mapped_as_public(full_v2elb_config): - full_v2elb_config["configuration"]["scheme"] = "internal" - - mapper = ElbDataMapper() - - mapped_result = mapper.map(full_v2elb_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].is_public == "No", "ELB should have been marked as private" - diff --git a/fedramp-integrated-inventory-workbook/tests/test_inventory_reader.py b/fedramp-integrated-inventory-workbook/tests/test_inventory_reader.py deleted file mode 100644 index 5f77e5b7..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_inventory_reader.py +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/env python -# AWS DISCLAMER -# --- - -# The following files are provided by AWS Professional Services describe the process to create a IAM Policy with description. - -# These are non-production ready and are to be used for testing purposes. - -# These files is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES -# OR CONDITIONS OF ANY KIND, either express or implied. See the License -# for the specific language governing permissions and limitations under the License. - -# (c) 2019 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. -# This AWS Content is provided subject to the terms of the AWS Customer Agreement available at -# http://aws.amazon.com/agreement or other written agreement between Customer and Amazon Web Services, Inc.​ -from botocore.exceptions import ClientError -from callee import String, Contains -import json -import os -from unittest.mock import MagicMock, Mock, patch, ANY -import pytest -from inventory.mappers import DataMapper -import inventory.readers -from inventory.readers import AwsConfigInventoryReader - -def setup_function(): - os.environ["ACCOUNT_LIST"] = '[ { "name": "foo", "id": "210987654321", "regions": ["us-east-2"]} ]' - os.environ["MANUAL_ENTRY_ITEMS"] = '[]' - os.environ["CROSS_ACCOUNT_ROLE_NAME"] = "foobar" - -def test_given_valid_arn_then_aws_partition_determined(): - mock_lambda_context = Mock() - mock_lambda_context.invoked_function_arn = "arn:aws:lambda:us-east-1:123456789012:function:testing" - - reader = AwsConfigInventoryReader(lambda_context=mock_lambda_context) - - aws_partition = reader._get_aws_partition() - - assert aws_partition == "aws", "Partition of ARN in context is aws" - -@patch("inventory.readers._logger", autospec=True) -def test_given_unsupported_resource_type_then_warning_is_logged(mock_logger): - mock_mapper = Mock(spec=DataMapper) - mock_mapper.can_map.return_value = False - mock_config_client_factory = Mock() - mock_config_client_factory.return_value \ - .select_resource_config \ - .return_value = { "NextToken": None, - "Results": [ json.dumps({ "resourceType": "foobar" }) ] } - - reader = AwsConfigInventoryReader(lambda_context=MagicMock(), mappers=[mock_mapper]) - reader._get_config_client = mock_config_client_factory - - all_inventory = reader.get_resources_from_all_accounts() - - assert len(all_inventory) == 0, "no inventory should be returned since there was nothing to map" - mock_logger.warning.assert_called_with(String() & Contains("skipping mapping")) - -@patch("inventory.readers._logger", autospec=True) -def test_given_error_from_boto_then_account_is_skipped_but_others_still_processed(mock_logger): - os.environ["ACCOUNT_LIST"] = '[ { "name": "foo", "id": "210987654321", "regions": ["us-east-2"] }, { "name": "bar", "id": "123456789012","regions": ["us-east-2"] }]' - mock_mapper = Mock(spec=DataMapper) - mock_mapper.can_map.return_value = True - mock_mapper.map.return_value = [ { "test": True }] - mock_select_resource_config = Mock(side_effect=[ ClientError(error_response={'Error': {'Code': 'ResourceInUseException'}}, operation_name="select_resource_config"), - { "NextToken": None, - "Results": [ json.dumps({ "resourceType": "foobar" }) ] }]) - mock_config_client_factory = Mock() - mock_config_client_factory.return_value \ - .select_resource_config = mock_select_resource_config - - reader = AwsConfigInventoryReader(lambda_context=MagicMock(), mappers=[mock_mapper]) - reader._get_config_client = mock_config_client_factory - - all_inventory = reader.get_resources_from_all_accounts() - - assert len(all_inventory) == 1, "inventory from the successful call should be returned" - assert len(mock_select_resource_config.mock_calls) == 2, "boto should have been called twice to page through results" - mock_logger.error.assert_called_with(String() & Contains("moving onto next account"), ANY, ANY, exc_info=True) - -def test_given_multiple_resource_pages_from_boto_then_reader_loops_through_all_pages(): - mock_mapper = Mock(spec=DataMapper) - mock_mapper.can_map.return_value = False - mock_select_resource_config = Mock(side_effect=[{ "NextToken": "nextpage", - "Results": [ json.dumps({ "resourceType": "foobar" }) ] }, - { "NextToken": None, - "Results": [ json.dumps({ "resourceType": "foobar" }) ] }]) - mock_config_client_factory = Mock() - mock_config_client_factory.return_value \ - .select_resource_config = mock_select_resource_config - - readerx = AwsConfigInventoryReader(lambda_context=MagicMock(), mappers=[mock_mapper]) - readerx._get_config_client = mock_config_client_factory - - all_inventory = readerx.get_resources_from_all_accounts() - - assert len(all_inventory) == 0, "no inventory should be returned since there was nothing to map" - assert len(mock_select_resource_config.mock_calls) == 2, "boto should have been called twice to page through results" - assert mock_select_resource_config.call_args.kwargs["NextToken"] == "nextpage", "NextToken must use value from previous select_resource_config call" diff --git a/fedramp-integrated-inventory-workbook/tests/test_lambda_mapper.py b/fedramp-integrated-inventory-workbook/tests/test_lambda_mapper.py deleted file mode 100644 index 15039408..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_lambda_mapper.py +++ /dev/null @@ -1,35 +0,0 @@ -import json -import os -import pytest -from inventory.mappers import LambdaDataMapper - - -@pytest.fixture() -def full_lambda_config(): - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_lambda_function.json")) as file_data: - file_contents = file_data.read() - - return json.loads(file_contents) - - -def test_given_resource_type_is_not_lambda_then_empty_array_is_returned(full_lambda_config): - full_lambda_config["resourceType"] = "NOT Lambda" - - mapper = LambdaDataMapper() - - assert mapper.map(full_lambda_config) == [] - - full_lambda_config["resourceType"] = "AWS::Lambda::Function" - assert len(mapper.map(full_lambda_config)) > 0, "Resource should have been mapped" - - -def test_given_lambda_version_contains_sha(full_lambda_config): - mapper = LambdaDataMapper() - - assert full_lambda_config["configuration"]['codeSha256'] in mapper.map(full_lambda_config)[0].software_product_name - - -def test_given_resource_is_mapped_to_unique_id(full_lambda_config): - mapper = LambdaDataMapper() - - assert mapper.map(full_lambda_config)[0].unique_id == "arn:aws:lambda:us-west-2:123456789:function:InventoryCollector" diff --git a/fedramp-integrated-inventory-workbook/tests/test_rds_mapper.py b/fedramp-integrated-inventory-workbook/tests/test_rds_mapper.py deleted file mode 100644 index 07e86879..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_rds_mapper.py +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env python -# AWS DISCLAMER -# --- - -# The following files are provided by AWS Professional Services describe the process to create a IAM Policy with description. - -# These are non-production ready and are to be used for testing purposes. - -# These files is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES -# OR CONDITIONS OF ANY KIND, either express or implied. See the License -# for the specific language governing permissions and limitations under the License. - -# (c) 2019 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. -# This AWS Content is provided subject to the terms of the AWS Customer Agreement available at -# http://aws.amazon.com/agreement or other written agreement between Customer and Amazon Web Services, Inc.​ -import json -import os -import pytest -from inventory.mappers import RdsDataMapper - -@pytest.fixture() -def full_rds_db_instance_config(): - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_rds_instance.json")) as file_data: - file_contents = file_data.read() - - return json.loads(file_contents) - -def test_given_fully_configured_rds_instance_then_base_attributes_are_mapped(full_rds_db_instance_config): - mapper = RdsDataMapper() - - mapped_result = mapper.map(full_rds_db_instance_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].network_id == full_rds_db_instance_config['configuration']['dBSubnetGroup']['vpcId'], "NetworkId must be mapped if the VPC ID exists in the configuration" - assert mapped_result[0].hardware_model == full_rds_db_instance_config['configuration']['dBInstanceClass'] - assert mapped_result[0].software_product_name == f"{full_rds_db_instance_config['configuration']['engine']}-{full_rds_db_instance_config['configuration']['engineVersion']}" - -def test_given_rds_instance_marked_as_private_then_is_mapped_as_not_public(full_rds_db_instance_config): - full_rds_db_instance_config["configuration"]["publiclyAccessible"] = False - - mapper = RdsDataMapper() - - mapped_result = mapper.map(full_rds_db_instance_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].is_public == "No", "Instance must be marked as not public if publiclyAccessible is set to False" - -def test_given_rds_instance_marked_as_public_then_is_mapped_as_public(full_rds_db_instance_config): - full_rds_db_instance_config["configuration"]["publiclyAccessible"] = True - - mapper = RdsDataMapper() - - mapped_result = mapper.map(full_rds_db_instance_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].is_public == "Yes", "Instance must be marked as public if publiclyAccessible is set to True" - -def test_given_rds_instance_with_no_subnet_group_then_networkid_is_left_blank(full_rds_db_instance_config): - del(full_rds_db_instance_config["configuration"]["dBSubnetGroup"]) - - mapper = RdsDataMapper() - - mapped_result = mapper.map(full_rds_db_instance_config) - - assert len(mapped_result) == 1, "Expected one row to be mapped" - assert mapped_result[0].network_id == "", "Instance must be marked as public if publiclyAccessible is set to True" - -def test_given_resource_is_mapped_to_region(full_rds_db_instance_config): - mapper = RdsDataMapper() - - mapped_result = mapper.map(full_rds_db_instance_config) - assert mapped_result[0].location == "us-west-2", "Resource should be contained in us-west-2" - - -def test_given_resource_configuration_contains_resource_specifications(full_rds_db_instance_config): - mapper = RdsDataMapper() - - mapped_result = mapper.map(full_rds_db_instance_config) - assert mapped_result[0].hardware_model == "db.r5.large", "Resource should contain a hardware model" - assert mapped_result[0].software_product_name == "aurora-mysql-5.7.mysql_aurora.2.07.2", "Resource should contain database software type" diff --git a/fedramp-integrated-inventory-workbook/tests/test_reports.py b/fedramp-integrated-inventory-workbook/tests/test_reports.py deleted file mode 100644 index 32c11407..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_reports.py +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env python -# AWS DISCLAMER -# --- - -# The following files are provided by AWS Professional Services describe the process to create a IAM Policy with description. - -# These are non-production ready and are to be used for testing purposes. - -# These files is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES -# OR CONDITIONS OF ANY KIND, either express or implied. See the License -# for the specific language governing permissions and limitations under the License. - -# (c) 2019 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. -# This AWS Content is provided subject to the terms of the AWS Customer Agreement available at -# http://aws.amazon.com/agreement or other written agreement between Customer and Amazon Web Services, Inc.​ -import os -from unittest.mock import Mock, mock_open, patch, ANY -from callee import String, Contains -import pytest -import inventory.reports -from inventory.reports import CreateReportCommandHandler, DeliverReportCommandHandler - -@patch('inventory.reports.load_workbook') -def test_given_empty_inventory_list_then_report_is_still_written(mock_load_workbook): - report_handler = CreateReportCommandHandler() - - report_handler.execute([]) - - mock_load_workbook.return_value.save.assert_called() - -@patch('builtins.open') -@patch('inventory.reports.datetime') -def test_given_report_file_exists_then_delivery_to_s3_uses_correct_file_naming_convention(mock_datetime, mock_open): - test_bucket_name = "bucket" - os.environ["REPORT_TARGET_BUCKET_NAME"] = test_bucket_name - os.environ["REPORT_TARGET_BUCKET_PATH"] = "test/path" - mock_s3_client = Mock() - - report_handler = DeliverReportCommandHandler(s3_client=mock_s3_client) - report_url = report_handler.execute("somereport") - - # Only verifying that we try to format the datetime correctly as that's the most import part of the report file name - mock_datetime.now.return_value.strftime.assert_called_with("%Y-%m-%d-%H-%M-%S") - mock_s3_client.put_object.assert_called_with(Key=ANY, Bucket=test_bucket_name, Body=ANY) - assert report_url is not None and len(report_url) > 0, "report URL should be returned" \ No newline at end of file diff --git a/fedramp-integrated-inventory-workbook/tests/test_s3_mapper.py b/fedramp-integrated-inventory-workbook/tests/test_s3_mapper.py deleted file mode 100644 index c9d83ace..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_s3_mapper.py +++ /dev/null @@ -1,48 +0,0 @@ -import json -import os -import pytest -from inventory.mappers import S3DataMapper - -@pytest.fixture() -def full_s3_config(): - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_s3.json")) as file_data: - file_contents = file_data.read() - - return json.loads(file_contents) - -def test_given_resource_type_is_not_s3_then_empty_array_is_returned(full_s3_config): - full_s3_config["resourceType"] = "NOT S3" - - mapper = S3DataMapper() - - assert mapper.map(full_s3_config) == [] - - full_s3_config["resourceType"] = "AWS::S3::Bucket" - assert len(mapper.map(full_s3_config)) > 0, "Resource should have been mapped" - -def test_given_resource_type_is_private_when_all_public_access_blocked(full_s3_config): - mapper = S3DataMapper() - - mapped_result = mapper.map(full_s3_config) - assert mapped_result[0].is_public == "No", "Bucket has no public access enabled" - - full_s3_config["supplementaryConfiguration"]["PublicAccessBlockConfiguration"]["blockPublicAcls"] = False - mapped_result = mapper.map(full_s3_config) - assert mapped_result[0].is_public == "Yes", "After changing the sample json, the bucket is no longer blocking all public access" - - # PublicAccessBlockConfiguration may not be present, verify that mapping still works if the key doesn't exist in the dictionary - full_s3_config["supplementaryConfiguration"].pop("PublicAccessBlockConfiguration", None) - mapped_result = mapper.map(full_s3_config) - assert mapped_result[0].is_public == "Yes", "Without PublicAccessBlockConfiguration, the bucket is public " - -def test_given_resource_type_is_specified_in_region(full_s3_config): - mapper = S3DataMapper() - - mapped_result = mapper.map(full_s3_config) - assert mapped_result[0].location == "us-west-2" - -def test_given_resource_type_is_commented_based_on_encryption_status(full_s3_config): - mapper = S3DataMapper() - - mapped_result = mapper.map(full_s3_config) - assert mapped_result[0].comments == "Not encrypted", "Bucket has no encryption settings" diff --git a/fedramp-integrated-inventory-workbook/tests/test_vpc_mapper.py b/fedramp-integrated-inventory-workbook/tests/test_vpc_mapper.py deleted file mode 100644 index a0fb5c9c..00000000 --- a/fedramp-integrated-inventory-workbook/tests/test_vpc_mapper.py +++ /dev/null @@ -1,27 +0,0 @@ -import json -import os -import pytest -from inventory.mappers import VPCDataMapper - -@pytest.fixture() -def full_vpc_config(): - with open(os.path.join(os.path.dirname(__file__), "sample_config_query_results/sample_vpc.json")) as file_data: - file_contents = file_data.read() - - return json.loads(file_contents) - -def test_given_resource_type_is_not_vpc_then_empty_array_is_returned(full_vpc_config): - full_vpc_config["resourceType"] = "NOT VPC" - - mapper = VPCDataMapper() - - assert mapper.map(full_vpc_config) == [] - - full_vpc_config["resourceType"] = "AWS::EC2::VPC" - - assert len(mapper.map(full_vpc_config)) > 0, "Resource should have been mapped" - -def test_given_resource_is_mapped_to_unique_id(full_vpc_config): - mapper = VPCDataMapper() - - assert mapper.map(full_vpc_config)[0].unique_id == "arn:aws:ec2:us-west-2:123456789:vpc/vpc-12345"