Merge pull request #98 from remind101/logs_filters

Blueprint for creating cloudwatch logs filters
remind101 · May 1, 2017 · 1ff02e3 · 1ff02e3
2 parents 9ff285e + 801730f
commit 1ff02e3
Show file tree

Hide file tree

Showing 5 changed files with 154 additions and 19 deletions.
diff --git a/stacker_blueprints/cloudwatch_logs.py b/stacker_blueprints/cloudwatch_logs.py
@@ -0,0 +1,45 @@
+from stacker.blueprints.base import Blueprint
+from stacker.blueprints.variables.types import TroposphereType
+
+from troposphere import logs, Output, Ref
+
+
+LOG_RETENTION_VALUES = [
+    0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827,
+    3653
+]
+LOG_RETENTION_STRINGS = [str(x) for x in LOG_RETENTION_VALUES]
+
+
+def validate_cloudwatch_log_retention(value):
+    if value not in LOG_RETENTION_VALUES:
+        raise ValueError(
+            "%d is not a valid retention period. Must be one of: %s" % (
+                value,
+                ', '.join(LOG_RETENTION_STRINGS)
+            )
+        )
+    return value
+
+
+class SubscriptionFilters(Blueprint):
+
+    VARIABLES = {
+        "SubscriptionFilters": {
+            "type": TroposphereType(logs.SubscriptionFilter, many=True),
+            "description": "Subscription filters to create.",
+        }
+    }
+
+    def create_template(self):
+        t = self.template
+        variables = self.get_variables()
+
+        for _filter in variables["SubscriptionFilters"]:
+            t.add_resource(_filter)
+            t.add_output(
+                Output(
+                    "%sName" % _filter.title,
+                    Value=Ref(_filter)
+                )
+            )
diff --git a/stacker_blueprints/firehose/base.py b/stacker_blueprints/firehose/base.py
@@ -30,19 +30,18 @@
     write_to_cloudwatch_logs_stream_statements,
 )
 
+from ..cloudwatch_logs import (
+    LOG_RETENTION_STRINGS,
+    validate_cloudwatch_log_retention,
+)
+
 LOG_GROUP = "LogGroup"
 S3_LOG_STREAM = "S3LogStream"
 ROLE = "Role"
 
 REGION = Ref("AWS::Region")
 NOVALUE = Ref("AWS::NoValue")
 
-LOG_RETENTION_VALUES = [
-    0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827,
-    3653
-]
-LOG_RETENTION_STRINGS = [str(x) for x in LOG_RETENTION_VALUES]
-
 
 def make_simple_assume_policy(*principals):
     return Policy(
@@ -52,16 +51,6 @@ def make_simple_assume_policy(*principals):
     )
 
 
-def validate_cloudwatch_log_retention(value):
-    if value not in LOG_RETENTION_VALUES:
-        raise ValueError(
-            "%d is not a valid retention period. Must be one of: %s" % (
-                value,
-                ', '.join(LOG_RETENTION_STRINGS)
-            )
-        )
-
-
 def s3_write_statements(bucket_name):
     return [
         Statement(
@@ -151,7 +140,8 @@ class BaseDeliveryStream(Blueprint):
                            "values: %s. Default 0 - retain forever." % (
                                ', '.join(LOG_RETENTION_STRINGS)),
             "default": 0,
-            }
+            "validator": validate_cloudwatch_log_retention,
+        }
     }
 
     def buffering_hints(self):

diff --git a/stacker_blueprints/vpc_flow_logs.py b/stacker_blueprints/vpc_flow_logs.py
@@ -21,10 +21,14 @@
 import awacs.logs
 
 from .policies import flowlogs_assumerole_policy
+from .cloudwatch_logs import (
+    LOG_RETENTION_STRINGS,
+    validate_cloudwatch_log_retention
+)
 
 ALLOWED_TRAFFIC_TYPES = ["ACCEPT", "REJECT", "ALL"]
 JOINED_TRAFFIC_TYPES = '/'.join(ALLOWED_TRAFFIC_TYPES)
-LOG_RETENTION_DEFAULT = 1
+LOG_RETENTION_DEFAULT = 0
 CLOUDWATCH_ROLE_NAME = "Role"
 FLOW_LOG_GROUP_NAME = "LogGroup"
 FLOW_LOG_STREAM_NAME = "LogStream"
@@ -70,8 +74,12 @@ class FlowLogs(Blueprint):
     VARIABLES = {
         "Retention": {
             "type": int,
-            "description": "Log group retention time in days.",
+            "description": "Time in days to retain Cloudwatch Logs. Accepted "
+                           "values: %s. Default 0 - retain forever." % (
+                               ', '.join(LOG_RETENTION_STRINGS)),
             "default": LOG_RETENTION_DEFAULT,
+            "validator": validate_cloudwatch_log_retention,
+
         },
         "VpcId": {
             "type": str,

diff --git a/tests/fixtures/blueprints/test_cloudwatch_logs_subscription_filters.json b/tests/fixtures/blueprints/test_cloudwatch_logs_subscription_filters.json
@@ -0,0 +1,46 @@
+{
+    "Outputs": {
+        "Filter1Name": {
+            "Value": {
+                "Ref": "Filter1"
+            }
+        },
+        "Filter2Name": {
+            "Value": {
+                "Ref": "Filter2"
+            }
+        }
+    },
+    "Resources": {
+        "Filter1": {
+            "Properties": {
+                "DestinationArn": {
+                    "Fn::GetAtt": [
+                        "KinesisStream1",
+                        "Arn"
+                    ]
+                },
+                "FilterPattern": "{$.userIdentity.type = Root}",
+                "LogGroupName": {
+                    "Ref": "LogGroup1"
+                }
+            },
+            "Type": "AWS::Logs::SubscriptionFilter"
+        },
+        "Filter2": {
+            "Properties": {
+                "DestinationArn": {
+                    "Fn::GetAtt": [
+                        "KinesisStream2",
+                        "Arn"
+                    ]
+                },
+                "FilterPattern": "{$.userIdentity.type = Root}",
+                "LogGroupName": {
+                    "Ref": "LogGroup2"
+                }
+            },
+            "Type": "AWS::Logs::SubscriptionFilter"
+        }
+    }
+}
diff --git a/tests/test_cloudwatch_logs.py b/tests/test_cloudwatch_logs.py
@@ -0,0 +1,46 @@
+import unittest
+
+from stacker.blueprints.testutil import BlueprintTestCase
+from stacker.context import Context
+from stacker.variables import Variable
+
+from stacker_blueprints.cloudwatch_logs import SubscriptionFilters
+
+from troposphere import GetAtt, Ref
+
+
+class TestSubscriptionFilters(BlueprintTestCase):
+    def setUp(self):
+        self.ctx = Context({'namespace': 'test'})
+
+    def test_create_template(self):
+        blueprint = SubscriptionFilters(
+            'test_cloudwatch_logs_subscription_filters',
+            self.ctx
+        )
+
+        blueprint.resolve_variables(
+            [
+                Variable(
+                    "SubscriptionFilters",
+                    {
+                        "Filter1": {
+                            "DestinationArn": GetAtt("KinesisStream1", "Arn"),
+                            "FilterPattern": "{$.userIdentity.type = Root}",
+                            "LogGroupName": Ref("LogGroup1"),
+                        },
+                        "Filter2": {
+                            "DestinationArn": GetAtt("KinesisStream2", "Arn"),
+                            "FilterPattern": "{$.userIdentity.type = Root}",
+                            "LogGroupName": Ref("LogGroup2"),
+                        },
+                    }
+                )
+            ]
+        )
+        blueprint.create_template()
+        self.assertRenderedBlueprint(blueprint)
+
+
+if __name__ == '__main__':
+    unittest.main()