Skip to content

Commit

Permalink
Merge pull request #92 from aws-ia/devel
Browse files Browse the repository at this point in the history 
Enable scotsuite execution as part of functional tests
  • Loading branch information
@kkvinjam
kkvinjam authored Jan 23, 2024
2 parents 819d6b3 + 038f5dd commit 2c9a368
Show file tree
Hide file tree
Showing 4 changed files with 348 additions and 178 deletions.
69 changes: 38 additions & 31 deletions .project_automation/functional_tests/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,40 +5,47 @@
PROJECT_PATH=${BASE_PATH}/project
PROJECT_TYPE_PATH=${BASE_PATH}/projecttype

cd ${PROJECT_PATH}

regions=(us-east-1 us-east-2 us-west-2 us-west-1)

for region in ${regions[@]}
do
echo "Cleanup running in region: $region"
export AWS_DEFAULT_REGION=$region
python3 scripts/cleanup_config.py -C scripts/cleanup_config.json
done

taskcat test run -t security-hub
export REGION=$(grep -A1 regions: .taskcat.yml | awk '/ - / {print $NF}' |sort | uniq -c |sort -k1| head -1 |awk '{print $NF}')

for region in ${regions[@]}
do
echo "Cleanup running in region: $region"
export AWS_DEFAULT_REGION=$region
python3 scripts/cleanup_config.py -C scripts/cleanup_config.json
done

echo $AWS_DEFAULT_REGION
unset AWS_DEFAULT_REGION
echo $AWS_DEFAULT_REGION

taskcat test run -t ws-ssm-deployment
cd ${PROJECT_PATH}

for region in ${regions[@]}
do
echo "Cleanup running in region: $region"
export AWS_DEFAULT_REGION=$region
# Function to perform cleanup in a specific region
cleanup_region() {
echo "Cleanup running in region: $1"
export AWS_DEFAULT_REGION=$1
python3 scripts/cleanup_config.py -C scripts/cleanup_config.json
done

taskcat test run -t security-hub-no-abi
}

# Function to perform cleanup in all regions
cleanup_all_regions() {
export AWS_DEFAULT_REGION=$REGION
regions=($(aws ec2 describe-regions --query "Regions[*].RegionName" --output text))
for region in ${regions[@]}
do
cleanup_region ${region}
done
}

# Function to run taskcat e2e test
run_test() {
cleanup_all_regions
unset AWS_DEFAULT_REGION
if [ -z "$1" ]; then
echo "Running e2e test: ALL"
taskcat test run -n
.project_automation/functional_tests/scoutsuite/scoutsuite.sh
else
echo "Running e2e test: $1"
taskcat test run -n -t $1
.project_automation/functional_tests/scoutsuite/scoutsuite.sh
fi
}

run_test "security-hub"

run_test "ws-ssm-deployment"

run_test "security-hub-no-abi"

## Executing ash tool

Expand Down
2 changes: 1 addition & 1 deletion .project_automation/functional_tests/scoutsuite/scoutsuite.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ run_scoutsuite() {
# Upload Scoutsuite security scan results to S3 bucket named scoutsuite-results-aws-AWS-ACCOUNT-ID
python3 .project_automation/functional_tests/scoutsuite/process-scoutsuite-report.py
# Delete taskcat e2e test resources
taskcat test clean ALL
taskcat test clean ALL -w -r $REGION
process_scoutsuite_report
}

Expand Down
164 changes: 94 additions & 70 deletions scripts/cleanup_config.json
View file
Original file line number Diff line number Diff line change
@@ -1,72 +1,96 @@
[
{
"Type": "STACK",
"Filter" : "replace-with-stack-name-prefix-to-be-cleaned"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-cfn-abi-trend-cloudone"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-security-hub-"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-ws-ssm-deployment-"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-cloudtrail"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-test1-"
},
{
"Type" : "S3_BUCKET",
"Filter": "replace-with-s3-bucket-prefix-to-be-cleaned",
"Account": "provide-your-account-name"
},
{
"Type" : "SSM_PARAMETER",
"Filter" : "/path/to/parameter-prefix-to-delete"
},
{
"Type" : "LOG_GROUP",
"Filter" : "/aws/lambda/tCaT-"
},
{
"Type": "STACK",
"Filter" : "tCaT-enable-securityhub-ssm-"
},
{
"Type" : "STACK",
"Filter": "tCaT-stage-sh-content-local-"
},
{
"Type" : "STACK",
"Filter": "tCaT-enable-securityhub-in-org-ssm-"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-cfn-abi-aws-securityhub-"
},
{
"Type" : "S3_BUCKET",
"Filter" : "sra-sh-stage-"
},
{
"Type" : "S3_BUCKET",
"Filter" : "sra-sh-staging-"
},
{
"Type" : "SSM_PARAMETER",
"Filter" : "/sra/sh/"
},
{
"Type" : "LOG_GROUP",
"Filter" : "/aws/lambda/sra-gd",
"Account" : "log_account"
}
{
"Type": "STACK",
"Filter" : "tCaT-enable-securityhub-ssm-"
},
{
"Type" : "STACK",
"Filter": "tCaT-stage-sh-content-local-"
},
{
"Type" : "STACK",
"Filter": "tCaT-enable-securityhub-in-org-ssm-"
},
{
"Type" : "SSM_PARAMETER",
"Filter" : "/sra/gd/",
"Account" : "log_account"
},
{
"Type" : "SSM_PARAMETER",
"Filter" : "/sra/control-tower/",
"Account" : "log_account"
},
{
"Type" : "SSM_PARAMETER",
"Filter" : "/sra/regions/",
"Account" : "log_account"
},
{
"Type" : "SSM_PARAMETER",
"Filter" : "/sra/"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-cfn-abi-trend-cloudone"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-security-hub-"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-ws-ssm-deployment-"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-cloudtrail"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-test1-"
},
{
"Type" : "LOG_GROUP",
"Filter" : "/aws/lambda/tCaT-"
},
{
"Type" : "S3_BUCKET",
"Filter": "tcat-cfn-abi-aws-securityhub-"
},
{
"Type" : "S3_BUCKET",
"Filter" : "sra-sh-stage-"
},
{
"Type" : "S3_BUCKET",
"Filter" : "sra-sh-staging-"
},
{
"Type" : "SSM_PARAMETER",
"Filter" : "/sra/sh/"
},
{
"Type" : "LOG_GROUP",
"Filter" : "/aws/lambda/sra-gd",
"Account" : "log_account"
},
{
"Type" : "IAM_ROLE",
"Filter" : "sra-execution",
"Account" : "log_account"
},
{
"Type" : "IAM_ROLE",
"Filter" : "sra-execution"
},
{
"Type" : "IAM_ROLE",
"Filter" : "sra-execution",
"Account" : "audit"
},
{
"Type" : "STACK",
"Filter" : "Lambda-S3-PresignedURL"
}
]
Loading

0 comments on commit 2c9a368

Please sign in to comment.