Make list targets work again

[chunyong-lin]

to: @airbnb/streamalert-maintainers
related to:
resolves:

Background

Deploy a fresh copy of release-3-1-0 branch to staging environment, for, fun 🤷‍♀ and found couple minor bugs.

Changes

• python manage.py list-targets command is broken due to recent change of terraform files path.
• Add use test cases to test the code change.
• Add a space when print out WARNING messing to remind user to update file_format setting.
• Add a Note in getting_started doc to remind user to update file_format setting.
  

Testing

• Fresh checkout release-3-1-0 branch
• python manage.py configure aws_account_id 111111111111
• python manage.py configure prefix cylinrelease31
• python manage.py init
• A ConfigError warming to set "file_format" to "parquet" in "athena_partition_refresh_config" raised.
• Update "file_format" to "parquet" and re-init
• python manage.py init and StreamAlert initialization was successful.
• Create a kinesis stream in cluster "prod"

  "modules": {
    "cloudwatch_monitoring": {
      "enabled": true,
      "kinesis_alarms_enabled": false,
      "lambda_alarms_enabled": true
    },
    "kinesis": {
      "streams": {
        "create_user": true,
        "retention": 24,
        "shards": 1,
        "terraform_outputs": [
          "arn",
          "access_key_id",
          "secret_key"
        ]
      }
    },
    "kinesis_events": {
      "batch_size": 100,
      "enabled": true
    }
  }

• Add new kinesis name to the "data_sources" filed in conf/clusters/prod.json

  "data_sources": {
    "kinesis": {
      "prefix_cluster1_streamalert": [
        "cloudwatch",
        "ghe",
        "osquery"
      ],
      "cylinrelease31_prod_streamalert": [
        "cloudwatch",
        "osquery"
      ]
    },

• Run build and deploy "prod" classifier

python manage.py build --target kinesis_events_prod kinesis_prod
python manage.py deploy --function classifier

• Send testing cloudwatch events to the kinesis to trigger classifier, rules engine, alert processor, alert merger.
• Enable firehose and run build to create firehose and athena tables for cloudwatch events. in conf/global.json

  "infrastructure": {
    "alerts_table": {
      "read_capacity": 5,
      "write_capacity": 5
    },
    "firehose": {
      "use_prefix": true,
      "buffer_interval": 900,
      "buffer_size": 128,
      "enabled": true,
      "enabled_logs": {
        "cloudwatch": {},
        "osquery": {}
      }
    },

• python manage.py build
• python manage.py deploy --function classifier
• python manage.py deploy --function athena
• Send testing cloudwatch events to the kinesis to trigger classifier, rules engine, alert processor, alert merger and athena partition lambda function.
• Alerts and cloudWatch events are searchable in Athena table/

[coveralls]

Coverage remained the same at 95.424% when pulling 4972858 on make_list_targets_work_again into 530a154 on release-3-1-0.

[ryandeivert]

update to:

Update the file_format value in conf/lambda.json. Valid options are parquet or json. The default value will be parquet in a future release, but this must be manually configured at this time.

[ryandeivert]

this is redundant.. For more information .... for more information

Please update to:

More information can be found on the :ref:historical_search page

[ryandeivert]

actually -- can we stop using ref items so much. they're ugly an unnecessary most of the time

[ryandeivert]

can you update this to:

More information can be found on the `historical search <historical-search.html>`_ page.

see example here: https://raw.githubusercontent.com/airbnb/streamalert/530a154fd446a133868a49997bfbb47deb598c82/docs/source/datasources.rst:

To configure datasources, read `datasource configuration <conf-datasources.html>`_

[ryandeivert]

please remove this

[ryandeivert]

good find thank youuu!

[ryandeivert]

some comments, please address - lgtm otherwise. thank you so much for adding tests!!

[ryandeivert]

why the trailing space here?

[chunyong-lin]

Need a space between ....issues/1143 and In the future release. The message is in one line.