def test_event_save(self): initiator_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) observer_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) target_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) e = event.Event( eventType=cadftype.EVENTTYPE_ACTIVITY, action=cadftaxonomy.ACTION_READ, outcome=cadftaxonomy.OUTCOME_SUCCESS, initiatorId=initiator_id, targetId=target_id, observerId=observer_id, name="test event") pyobj = CADFEventDocType(e) isinstance(pyobj, CADFEventDocType) new_event = event.Event() isinstance(new_event, event.Event) trait_dict = pyobj._get_traits_dict(new_event) isinstance(trait_dict, dict) assert('id' in trait_dict['traits']) assert('eventTime' in trait_dict['traits']) event_saved_flag = pyobj.save(pyobj) assert(event_saved_flag)
def test_event_save(self): initiator_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) observer_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) target_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) e = event.Event( eventType=cadftype.EVENTTYPE_ACTIVITY, action=cadftaxonomy.ACTION_READ, outcome=cadftaxonomy.OUTCOME_SUCCESS, initiatorId=initiator_id, targetId=target_id, observerId=observer_id, name="test event") pyobj = CADFEventDocType(e) isinstance(pyobj, CADFEventDocType) new_event = event.Event() isinstance(new_event, event.Event) trait_dict = pyobj._get_traits_dict(new_event) isinstance(trait_dict, dict) assert('id' in trait_dict['traits']) assert('eventTime' in trait_dict['traits']) event_saved_flag = pyobj.save(pyobj) assert(event_saved_flag)
def test_event_save(self): pyobj = CADFEventDocType() isinstance(pyobj, CADFEventDocType) new_event = event.Event() isinstance(new_event, event.Event) trait_dict = pyobj._get_traits_dict(new_event) isinstance(trait_dict, dict) assert('id' in trait_dict['traits']) assert('eventTime' in trait_dict['traits']) event_saved_flag = pyobj.save(pyobj) assert(event_saved_flag)
def log_event_search(): """Check to see if any SavedSearch objects owned by the event system need to be executed. If so, run them and create events for matching results.""" owner = 'events' indices = 'logstash-*' # TODO need IDs for these things, else pycadf will gen a UUID. event_initiator = resource.Resource(typeURI="service/oss/monitoring", name="log_event_search") event_observer = event_initiator event_target = resource.Resource(typeURI="service/oss/monitoring", name="logging_service") # limit our searches to those owned by us, and concerned with logs saved_searches = SavedSearch.objects.filter( owner=owner, index_prefix=indices) # stub out the event e = event.Event( eventType=cadftype.EVENTTYPE_MONITOR, action='monitor', outcome=cadftaxonomy.OUTCOME_SUCCESS, name="goldstone.events.tasks.log_event_search") e.initiator = event_initiator e.observer = event_observer e.target = event_target for obj in saved_searches: # execute the search, and assuming no error, update the last_ times s, start, end = obj.search_recent() response = s.execute() if response.hits.total > 0: met = metric.Metric(metricId=obj.uuid, unit="count", name=obj.name) meas = measurement.Measurement(result=response.hits.total, metric=met) e.add_measurement(meas) obj.last_start = start obj.last_end = end obj.save() cadf = CADFEventDocType(event=e) return cadf.save()
def test_cadf_event(self): initiator_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) observer_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) target_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) # create a CADF event something like (using .as_dict()): # {'action': 'read', # 'eventTime': '2015-12-21T18:47:50.275715+0000', # 'eventType': 'activity', # 'id': '2f38134e-c880-5a38-8b3e-101554a71e37', # 'initiatorId': '46e4be801e0b4c2ab373b26dceedce1a', # 'name': 'test event', # 'observerId': 'a6b012069d174d4fbf9acee03367f068', # 'outcome': 'success', # 'targetId': '005343040e084c3ba90f7bac1b97e1ae', # 'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event'} e = event.Event( eventType=cadftype.EVENTTYPE_ACTIVITY, action=cadftaxonomy.ACTION_READ, outcome=cadftaxonomy.OUTCOME_SUCCESS, initiatorId=initiator_id, targetId=target_id, observerId=observer_id, name="test event") cadf = CADFEventDocType(event=e) result = cadf.save() self.assertTrue(result) # force flush the index so our test has a chance to succeed. cadf._doc_type.using.indices.flush(cadf.meta.index) ge = CADFEventDocType.get(id=cadf.meta.id, index=cadf.meta.index) self.assertEqual(cadf.traits['initiatorId'], ge.traits['initiatorId']) self.assertEqual(cadf.traits['eventTime'], ge.traits['eventTime']) self.assertIsInstance(ge, CADFEventDocType) s = CADFEventDocType.search() s = s.filter('term', ** {'traits.initiatorId': initiator_id})\ .execute() self.assertIsInstance(s, Response) self.assertEqual(len(s.hits), 1) # let's make sure we can delete an object result = cadf.delete() self.assertIsNone(result) # force flush the index so our test has a chance to succeed. cadf._doc_type.using.indices.flush(cadf.meta.index) # we should not be able to find the record now. s2 = CADFEventDocType.search() # Alternate form of filter/query expression since we have a nested # field. r2 = s2.filter('term', ** {'traits.initiatorId': initiator_id})\ .execute() self.assertEqual(len(r2.hits), 0)
def test_cadf_event(self): initiator_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) observer_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) target_id = ''.join([c for c in str(uuid.uuid4()) if c != '-']) # create a CADF event something like (using .as_dict()): # {'action': 'read', # 'eventTime': '2015-12-21T18:47:50.275715+0000', # 'eventType': 'activity', # 'id': '2f38134e-c880-5a38-8b3e-101554a71e37', # 'initiatorId': '46e4be801e0b4c2ab373b26dceedce1a', # 'name': 'test event', # 'observerId': 'a6b012069d174d4fbf9acee03367f068', # 'outcome': 'success', # 'targetId': '005343040e084c3ba90f7bac1b97e1ae', # 'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event'} e = event.Event( eventType=cadftype.EVENTTYPE_ACTIVITY, action=cadftaxonomy.ACTION_READ, outcome=cadftaxonomy.OUTCOME_SUCCESS, initiatorId=initiator_id, targetId=target_id, observerId=observer_id, name="test event") cadf = CADFEventDocType(event=e) result = cadf.save() self.assertTrue(result) # force flush the index so our test has a chance to succeed. cadf._doc_type.using.indices.flush(cadf.meta.index) ge = CADFEventDocType.get(id=cadf.meta.id, index=cadf.meta.index) self.assertEqual(cadf.traits['initiatorId'], ge.traits['initiatorId']) self.assertEqual(cadf.traits['eventTime'], ge.traits['eventTime']) self.assertIsInstance(ge, CADFEventDocType) s = CADFEventDocType.search() s = s.filter('term', ** {'traits.initiatorId': initiator_id})\ .execute() self.assertIsInstance(s, Response) self.assertEqual(len(s.hits), 1) # let's make sure we can delete an object result = cadf.delete() self.assertIsNone(result) # force flush the index so our test has a chance to succeed. cadf._doc_type.using.indices.flush(cadf.meta.index) # we should not be able to find the record now. s2 = CADFEventDocType.search() # Alternate form of filter/query expression since we have a nested # field. r2 = s2.filter('term', ** {'traits.initiatorId': initiator_id})\ .execute() self.assertEqual(len(r2.hits), 0)