[bug] Lambda rollback missing for scheduled queries and rule promotion function

Background

This rollback feature does not have support for rolling back a few functions:

streamalert/streamalert_cli/manage_lambda/rollback.py

Lines 86 to 151 in 41da6b5

    
               def handler(cls, options, config): 
        
                   """Rollback the current production Lambda version(s) by 1. 
        
                   Args: 
        
                       options: Argparse parsed options 
        
                       config (dict): Parsed configuration from conf/ 
        
                   Returns: 
        
                       bool: False if errors occurred, True otherwise 
        
                   """ 
        
                   # Make sure the Terraform code is up to date 
        
                   if not terraform_generate_handler(config=config): 
        
                       return False 
        
                   LOGGER.info('Rolling back: %s', ' '.join(options.function)) 
        
                   rollback_all = 'all' in options.function 
        
                   prefix = config['global']['account']['prefix'] 
        
                   clusters = sorted(options.clusters or config.clusters()) 
        
                   client = boto3.client('lambda') 
        
                   # Track the success of rolling back the functions 
        
                   success = True 
        
                   if rollback_all or 'alert' in options.function: 
        
                       success = success and _rollback_production( 
        
                           client, 
        
                           '{}_streamalert_alert_processor'.format(prefix) 
        
                       ) 
        
                   if rollback_all or 'alert_merger' in options.function: 
        
                       success = success and _rollback_production( 
        
                           client, 
        
                           '{}_streamalert_alert_merger'.format(prefix) 
        
                       ) 
        
                   if rollback_all or 'apps' in options.function: 
        
                       for cluster in clusters: 
        
                           apps_config = config['clusters'][cluster]['modules'].get('streamalert_apps', {}) 
        
                           for lambda_name in sorted(apps_config): 
        
                               success = success and _rollback_production(client, lambda_name) 
        
                   if rollback_all or 'athena' in options.function: 
        
                       success = success and _rollback_production( 
        
                           client, 
        
                           '{}_streamalert_athena_partition_refresh'.format(prefix) 
        
                       ) 
        
                   if rollback_all or 'classifier' in options.function: 
        
                       for cluster in clusters: 
        
                           success = success and _rollback_production( 
        
                               client, 
        
                               '{}_{}_streamalert_classifier'.format(prefix, cluster) 
        
                           ) 
        
                   if rollback_all or 'rule' in options.function: 
        
                       success = success and _rollback_production( 
        
                           client, '{}_streamalert_rules_engine'.format(prefix) 
        
                       ) 
        
                   if rollback_all or 'threat_intel_downloader' in options.function: 
        
                       success = success and _rollback_production( 
        
                           client, 
        
                           '{}_streamalert_threat_intel_downloader'.format(prefix) 
        
                       ) 
        
                   return success

Desired Change

Add rollback support for scheduled queries and rule promotion functions

fixed in #1222

	def handler(cls, options, config):
	"""Rollback the current production Lambda version(s) by 1.

	Args:
	options: Argparse parsed options
	config (dict): Parsed configuration from conf/

	Returns:
	bool: False if errors occurred, True otherwise
	"""
	# Make sure the Terraform code is up to date
	if not terraform_generate_handler(config=config):
	return False

	LOGGER.info('Rolling back: %s', ' '.join(options.function))

	rollback_all = 'all' in options.function
	prefix = config['global']['account']['prefix']
	clusters = sorted(options.clusters or config.clusters())
	client = boto3.client('lambda')

	# Track the success of rolling back the functions
	success = True
	if rollback_all or 'alert' in options.function:
	success = success and _rollback_production(
	client,
	'{}_streamalert_alert_processor'.format(prefix)
	)

	if rollback_all or 'alert_merger' in options.function:
	success = success and _rollback_production(
	client,
	'{}_streamalert_alert_merger'.format(prefix)
	)

	if rollback_all or 'apps' in options.function:
	for cluster in clusters:
	apps_config = config['clusters'][cluster]['modules'].get('streamalert_apps', {})
	for lambda_name in sorted(apps_config):
	success = success and _rollback_production(client, lambda_name)

	if rollback_all or 'athena' in options.function:
	success = success and _rollback_production(
	client,
	'{}_streamalert_athena_partition_refresh'.format(prefix)
	)

	if rollback_all or 'classifier' in options.function:
	for cluster in clusters:
	success = success and _rollback_production(
	client,
	'{}_{}_streamalert_classifier'.format(prefix, cluster)
	)

	if rollback_all or 'rule' in options.function:
	success = success and _rollback_production(
	client, '{}_streamalert_rules_engine'.format(prefix)
	)

	if rollback_all or 'threat_intel_downloader' in options.function:
	success = success and _rollback_production(
	client,
	'{}_streamalert_threat_intel_downloader'.format(prefix)
	)

	return success