Merge pull request #230 from SumoLogic/awso-v2.11-tf-test

akhil-sumologic · web-flow · commit 151e0eb19fcb · 2025-01-24T13:23:02.000+05:30
Updated AWSO Terraform test suite
diff --git a/aws-observability-terraform/examples/appmodule/field.tf b/aws-observability-terraform/examples/appmodule/field.tf
@@ -177,6 +177,59 @@ resource "sumologic_field_extraction_rule" "AwsObservabilityApiGatewayAccessLogs
       enabled = true
 }
 
+# ALB CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityALBCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityALBCloudTrailLogsFER"
+      scope = "account=* eventSource eventName \"elasticloadbalancing.amazonaws.com\" \"2015-12-01\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "apiVersion" as event_source, region, accountid, loadbalancer, loadbalancertype, loadbalancerarn, api_version nodrop 
+              | "" as namespace
+              | where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" 
+              | parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype, loadbalancer, f1 nodrop
+              | if(loadbalancertype matches "network", "aws/nlb", if(balancertype matches "net", "aws/nlb", namespace)) as namespace
+              | if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype matches "app", "aws/applicationelb", namespace)) as namespace
+              | where namespace="aws/applicationelb" or isEmpty(namespace)
+              | toLowerCase(loadbalancer) as loadbalancer  
+              | fields region, namespace, loadbalancer, accountid
+      EOT
+      enabled = true
+}
+
+# CLB CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityCLBCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityCLBCloudTrailLogsFER"
+      scope = "account=* eventSource eventName \"elasticloadbalancing.amazonaws.com\" \"2012-06-01\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.loadBalancerName" as event_source, region, accountid, loadbalancername nodrop  
+              | where event_source = "elasticloadbalancing.amazonaws.com"
+              | toLowerCase(loadbalancername) as loadbalancername 
+              | "aws/elb" as namespace 
+              | fields region, namespace, loadbalancername, accountid
+      EOT
+      enabled = true
+}
+
+# NLB CloudTrail FER
+resource "sumologic_field_extraction_rule" "AwsObservabilityNLBCloudTrailLogsFER" {
+      depends_on = [time_sleep.wait_for_10_seconds]
+      name = "AwsObservabilityNLBCloudTrailLogsFER"
+      scope = "account=* eventSource eventName \"elasticloadbalancing.amazonaws.com\" \"2015-12-01\""
+      parse_expression = <<EOT
+              | json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "apiVersion" as event_source, region, accountid, loadbalancer, loadbalancertype, loadbalancerarn, api_version nodrop 
+              | "" as namespace
+              | where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" 
+              | parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype, loadbalancer, f1 nodrop
+              | if(loadbalancertype matches "network", "aws/nlb", if(balancertype matches "net", "aws/nlb", namespace)) as namespace
+              | if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype matches "app", "aws/applicationelb", namespace)) as namespace
+              | where namespace="aws/applicationelb" or isEmpty(namespace)
+              | toLowerCase(loadbalancer) as loadbalancer  
+              | fields region, namespace, loadbalancer, accountid
+      EOT
+      enabled = true
+}
+
 # DynamoDB CloudTrail FER
 resource "sumologic_field_extraction_rule" "AwsObservabilityDynamoDBCloudTrailLogsFER" {
       depends_on = [time_sleep.wait_for_10_seconds]
diff --git a/aws-observability-terraform/examples/appmodule/output.tf b/aws-observability-terraform/examples/appmodule/output.tf
@@ -101,12 +101,30 @@ output "sumologic_field_extraction_rule_alb" {
   description = "This output contains sumologic ALB field extraction rule id."
 }
 
+# ALB CloudTrail FER id
+output "sumologic_field_extraction_rule_alb_cloudtrail" {
+  value       = sumologic_field_extraction_rule.AwsObservabilityALBCloudTrailLogsFER.id
+  description = "This output contains sumologic ALB CloudTrail field extraction rule id."
+}
+
 # CLB FER id
 output "sumologic_field_extraction_rule_elb" {
   value       = sumologic_field_extraction_rule.AwsObservabilityElbAccessLogsFER.id
   description = "This output contains sumologic CLB field extraction rule id."
 }
 
+# CLB CloudTrail FER id
+output "sumologic_field_extraction_rule_clb_cloudtrail" {
+  value       = sumologic_field_extraction_rule.AwsObservabilityCLBCloudTrailLogsFER.id
+  description = "This output contains sumologic CLB CloudTrail field extraction rule id."
+}
+
+# NLB CloudTrail FER id
+output "sumologic_field_extraction_rule_nlb_cloudtrail" {
+  value       = sumologic_field_extraction_rule.AwsObservabilityNLBCloudTrailLogsFER.id
+  description = "This output contains sumologic NLB CloudTrail field extraction rule id."
+}
+
 # DynamoDB FER id
 output "sumologic_field_extraction_rule_dynamodb" {
   value       = sumologic_field_extraction_rule.AwsObservabilityDynamoDBCloudTrailLogsFER.id
diff --git a/aws-observability-terraform/test/appmodule/validateSumo.go b/aws-observability-terraform/test/appmodule/validateSumo.go
@@ -146,6 +146,16 @@ func validateSumoLogicResources(t *testing.T, workingDir string) {
 	// Validate if the EC2 FER is created successfully
 	ec2FerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_ec2metrics")
 	validateSumoLogicFER(t, terraformOptions, ec2FerID)
+	time.Sleep(2 * time.Second)
+	// Validate if the ALB CloudTrail Logs FER is created successfully
+	albCloudTrailFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_alb_cloudtrail")
+	validateSumoLogicFER(t, terraformOptions, albCloudTrailFerID)
+	// Validate if the CLB CloudTrail Logs FER is created successfully
+	clbCloudTrailFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_clb_cloudtrail")
+	validateSumoLogicFER(t, terraformOptions, clbCloudTrailFerID)
+	// Validate if the NLB CloudTrail Logs FER is created successfully
+	nlbCloudTrailFerID := terraform.Output(t, terraformOptions, "sumologic_field_extraction_rule_nlb_cloudtrail")
+	validateSumoLogicFER(t, terraformOptions, nlbCloudTrailFerID)
 
 	// Fields
 	// Validate if the account Field is created successfully
