-
Notifications
You must be signed in to change notification settings - Fork 23
178 lines (176 loc) · 8.93 KB
/
integration_tests_aws_tier_0_1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
name: Integration tests for AWS - Tier 0 and 1
on:
workflow_dispatch:
inputs:
base_branch:
description: 'Base branch'
required: true
default: 'main'
base_qa_it_fw_branch:
description: 'Base qa-integration-framework branch'
required: true
default: 'main'
jobs:
build:
env:
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
BRANCH_BASE: ${{ github.base_ref || inputs.base_branch }}
QA_IT_FW_BRANCH: ${{ github.base_ref || inputs.base_qa_it_fw_branch }}
AWS_ACCESS_KEY_ID: ${{ secrets.IT_AWS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.IT_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: 'us-east-1'
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version-file: ".github/workflows/.python_version"
architecture: x64
# Download and install integration tests framework.
- name: Download and install integration tests framework
run: |
if [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${BRANCH_BASE}`" != "X" ]; then
QA_BRANCH=${BRANCH_BASE}
elif [ "X`git ls-remote https://github.com/wazuh/qa-integration-framework.git ${QA_IT_FW_BRANCH}`" != "X" ]; then
QA_BRANCH=${QA_IT_FW_BRANCH}
else
QA_BRANCH="main"
fi
git clone -b ${QA_BRANCH} --single-branch https://github.com/wazuh/qa-integration-framework.git
sudo pip install qa-integration-framework/
sudo rm -rf qa-integration-framework/
- name: Set AWS credentials file
run: |
sudo aws configure set aws_access_key_id ${{ secrets.IT_AWS_KEY_ID }} --profile default
sudo aws configure set aws_secret_access_key ${{ secrets.IT_AWS_SECRET_ACCESS_KEY }} --profile default
sudo aws configure set default.region ${AWS_DEFAULT_REGION} --profile default
# Build wazuh server for linux.
- name: Build wazuh server for linux
run: |
make deps -C src TARGET=server -j2
make -C src TARGET=server -j2
# Install wazuh server for linux.
- name: Install wazuh server for linux
run: |
echo 'USER_LANGUAGE="en"' > ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_NO_STOP="y"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_INSTALL_TYPE="server"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo "USER_DIR=/var/ossec" >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_ENABLE_EMAIL="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_ENABLE_SYSCHECK="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_ENABLE_ROOTCHECK="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_ENABLE_SYSCOLLECTOR="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_ENABLE_SCA="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_WHITE_LIST="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_ENABLE_SYSLOG="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_ENABLE_AUTHD="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_ENABLE_UPDATE_CHECK="n"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_AUTO_START="y"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
sudo sh install.sh
rm ./etc/preloaded-vars.conf
# Run AWS integration tests.
- name: Run Parser related tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/aws_s3.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/aws_tools.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 test_aws/test_parser.py
- name: Run every test due to base WazuhIntegration class change or manual dispatch
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/wazuh_integration.py') ||
${{ github.event_name == 'workflow_dispatch' }}
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 test_aws/
# Bucket tests
- name: Run Custom Buckets tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k kms test_aws/
sudo python3 -m pytest --tier 0 --tier 1 -k macie test_aws/
sudo python3 -m pytest --tier 0 --tier 1 -k trusted_advisor test_aws/
- name: Run Config tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/config.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k config test_aws/
- name: Run GuardDuty tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/guardduty.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k guardduty test_aws/
- name: Run CloudTrail tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/cloudtrail.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k cloudtrail test_aws/
- name: Run Load Balancers tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/load_balancers.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k alb test_aws/
sudo python3 -m pytest --tier 0 --tier 1 -k clb test_aws/
sudo python3 -m pytest --tier 0 --tier 1 -k nlb test_aws/
- name: Run Server Access tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/server_access.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k server_access test_aws/
- name: Run Umbrella tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/umbrella.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k cisco test_aws/
- name: Run VPC Flow tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/vpcflow.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k vpc test_aws/
- name: Run WAF tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/waf.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/buckets_s3/aws_bucket.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k waf test_aws/
# Services tests
- name: Run CloudWatch tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/services/cloudwatchlogs.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/services/aws_service.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k cloudwatch test_aws/
- name: Run Inspector tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/services/inspector.py') ||
contains(steps.get_modified_files.outputs.files, 'wodles/aws/services/aws_service.py')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 -k inspector test_aws/
# Custom Logs Buckets tests
- name: Run Inspector tests
if: contains(steps.get_modified_files.outputs.files, 'wodles/aws/subscribers/**')
run: |
cd tests/integration
sudo python3 -m pytest --tier 0 --tier 1 test_aws/test_custom_bucket.py