New tests for rule + exception, macro with unknown source

Add new test cases for a rule with an unknown source *and* an
exception, and a macro with an unknown source.

The first results in a rule warning (and no error), and the second
prints an error and skips.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>

test/falco_tests_plugins.yaml

@@ -103,4 +103,20 @@ trace_files: !mux
       - Cloudtrail Create Instance
     stderr_contains: "Rule Cloudtrail Create Instance: warning .unknown-source.: unknown source aws_cloudtrail, skipping"
 
+  no_plugins_unknown_source_macro:
+    detect: False
+    rules_file:
+      - rules/plugins/cloudtrail_macro.yaml
+    trace_file: trace_files/empty.scap
+    stderr_contains: "Macro Some Cloudtrail Macro: warning .unknown-source.: unknown source aws_cloudtrail, skipping"
+
+  no_plugins_unknown_source_rule_exception:
+    detect: False
+    rules_file:
+      - rules/plugins/cloudtrail_create_instances_exceptions.yaml
+    trace_file: trace_files/empty.scap
+    rules_warning:
+      - Cloudtrail Create Instance
+    stderr_contains: "Rule Cloudtrail Create Instance: warning .unknown-source.: unknown source aws_cloudtrail, skipping"
+
 

test/rules/plugins/cloudtrail_create_instances_exceptions.yaml

@@ -0,0 +1,9 @@
+- rule: Cloudtrail Create Instance
+  desc: Detect Creating an EC2 Instance
+  condition: evt.num > 0 and ct.name="StartInstances"
+  output: EC2 Instance Created (evtnum=%evt.num info=%evt.plugininfo id=%ct.id user name=%json.value[/userIdentity/userName])
+  exceptions:
+  - name: user_secreid
+    fields: [aws.user, aws.region]
+  priority: INFO
+  source: aws_cloudtrail

test/rules/plugins/cloudtrail_macro.yaml

@@ -0,0 +1,4 @@
+- macro: Some Cloudtrail Macro
+  condition: aws.user=bob
+  source: aws_cloudtrail
+