def test_event_save(self):
initiator_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
observer_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
target_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
e = event.Event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
action=cadftaxonomy.ACTION_READ,
outcome=cadftaxonomy.OUTCOME_SUCCESS,
initiatorId=initiator_id,
targetId=target_id,
observerId=observer_id,
name="test event")
pyobj = CADFEventDocType(e)
isinstance(pyobj, CADFEventDocType)
new_event = event.Event()
isinstance(new_event, event.Event)
trait_dict = pyobj._get_traits_dict(new_event)
isinstance(trait_dict, dict)
assert('id' in trait_dict['traits'])
assert('eventTime' in trait_dict['traits'])
event_saved_flag = pyobj.save(pyobj)
assert(event_saved_flag)
def test_event_save(self):
initiator_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
observer_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
target_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
e = event.Event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
action=cadftaxonomy.ACTION_READ,
outcome=cadftaxonomy.OUTCOME_SUCCESS,
initiatorId=initiator_id,
targetId=target_id,
observerId=observer_id,
name="test event")
pyobj = CADFEventDocType(e)
isinstance(pyobj, CADFEventDocType)
new_event = event.Event()
isinstance(new_event, event.Event)
trait_dict = pyobj._get_traits_dict(new_event)
isinstance(trait_dict, dict)
assert('id' in trait_dict['traits'])
assert('eventTime' in trait_dict['traits'])
event_saved_flag = pyobj.save(pyobj)
assert(event_saved_flag)
def test_event_save(self):
pyobj = CADFEventDocType()
isinstance(pyobj, CADFEventDocType)
new_event = event.Event()
isinstance(new_event, event.Event)
trait_dict = pyobj._get_traits_dict(new_event)
isinstance(trait_dict, dict)
assert('id' in trait_dict['traits'])
assert('eventTime' in trait_dict['traits'])
event_saved_flag = pyobj.save(pyobj)
assert(event_saved_flag)
def log_event_search():
"""Check to see if any SavedSearch objects owned by the event system need
to be executed. If so, run them and create events for matching
results."""
owner = 'events'
indices = 'logstash-*'
# TODO need IDs for these things, else pycadf will gen a UUID.
event_initiator = resource.Resource(typeURI="service/oss/monitoring",
name="log_event_search")
event_observer = event_initiator
event_target = resource.Resource(typeURI="service/oss/monitoring",
name="logging_service")
# limit our searches to those owned by us, and concerned with logs
saved_searches = SavedSearch.objects.filter(
owner=owner, index_prefix=indices)
# stub out the event
e = event.Event(
eventType=cadftype.EVENTTYPE_MONITOR,
action='monitor',
outcome=cadftaxonomy.OUTCOME_SUCCESS,
name="goldstone.events.tasks.log_event_search")
e.initiator = event_initiator
e.observer = event_observer
e.target = event_target
for obj in saved_searches:
# execute the search, and assuming no error, update the last_ times
s, start, end = obj.search_recent()
response = s.execute()
if response.hits.total > 0:
met = metric.Metric(metricId=obj.uuid, unit="count", name=obj.name)
meas = measurement.Measurement(result=response.hits.total,
metric=met)
e.add_measurement(meas)
obj.last_start = start
obj.last_end = end
obj.save()
cadf = CADFEventDocType(event=e)
return cadf.save()
def test_cadf_event(self):
initiator_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
observer_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
target_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
# create a CADF event something like (using .as_dict()):
# {'action': 'read',
# 'eventTime': '2015-12-21T18:47:50.275715+0000',
# 'eventType': 'activity',
# 'id': '2f38134e-c880-5a38-8b3e-101554a71e37',
# 'initiatorId': '46e4be801e0b4c2ab373b26dceedce1a',
# 'name': 'test event',
# 'observerId': 'a6b012069d174d4fbf9acee03367f068',
# 'outcome': 'success',
# 'targetId': '005343040e084c3ba90f7bac1b97e1ae',
# 'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event'}
e = event.Event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
action=cadftaxonomy.ACTION_READ,
outcome=cadftaxonomy.OUTCOME_SUCCESS,
initiatorId=initiator_id,
targetId=target_id,
observerId=observer_id,
name="test event")
cadf = CADFEventDocType(event=e)
result = cadf.save()
self.assertTrue(result)
# force flush the index so our test has a chance to succeed.
cadf._doc_type.using.indices.flush(cadf.meta.index)
ge = CADFEventDocType.get(id=cadf.meta.id, index=cadf.meta.index)
self.assertEqual(cadf.traits['initiatorId'], ge.traits['initiatorId'])
self.assertEqual(cadf.traits['eventTime'], ge.traits['eventTime'])
self.assertIsInstance(ge, CADFEventDocType)
s = CADFEventDocType.search()
s = s.filter('term', ** {'traits.initiatorId': initiator_id})\
.execute()
self.assertIsInstance(s, Response)
self.assertEqual(len(s.hits), 1)
# let's make sure we can delete an object
result = cadf.delete()
self.assertIsNone(result)
# force flush the index so our test has a chance to succeed.
cadf._doc_type.using.indices.flush(cadf.meta.index)
# we should not be able to find the record now.
s2 = CADFEventDocType.search()
# Alternate form of filter/query expression since we have a nested
# field.
r2 = s2.filter('term', ** {'traits.initiatorId': initiator_id})\
.execute()
self.assertEqual(len(r2.hits), 0)
def test_cadf_event(self):
initiator_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
observer_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
target_id = ''.join([c for c in str(uuid.uuid4()) if c != '-'])
# create a CADF event something like (using .as_dict()):
# {'action': 'read',
# 'eventTime': '2015-12-21T18:47:50.275715+0000',
# 'eventType': 'activity',
# 'id': '2f38134e-c880-5a38-8b3e-101554a71e37',
# 'initiatorId': '46e4be801e0b4c2ab373b26dceedce1a',
# 'name': 'test event',
# 'observerId': 'a6b012069d174d4fbf9acee03367f068',
# 'outcome': 'success',
# 'targetId': '005343040e084c3ba90f7bac1b97e1ae',
# 'typeURI': 'http://schemas.dmtf.org/cloud/audit/1.0/event'}
e = event.Event(
eventType=cadftype.EVENTTYPE_ACTIVITY,
action=cadftaxonomy.ACTION_READ,
outcome=cadftaxonomy.OUTCOME_SUCCESS,
initiatorId=initiator_id,
targetId=target_id,
observerId=observer_id,
name="test event")
cadf = CADFEventDocType(event=e)
result = cadf.save()
self.assertTrue(result)
# force flush the index so our test has a chance to succeed.
cadf._doc_type.using.indices.flush(cadf.meta.index)
ge = CADFEventDocType.get(id=cadf.meta.id, index=cadf.meta.index)
self.assertEqual(cadf.traits['initiatorId'], ge.traits['initiatorId'])
self.assertEqual(cadf.traits['eventTime'], ge.traits['eventTime'])
self.assertIsInstance(ge, CADFEventDocType)
s = CADFEventDocType.search()
s = s.filter('term', ** {'traits.initiatorId': initiator_id})\
.execute()
self.assertIsInstance(s, Response)
self.assertEqual(len(s.hits), 1)
# let's make sure we can delete an object
result = cadf.delete()
self.assertIsNone(result)
# force flush the index so our test has a chance to succeed.
cadf._doc_type.using.indices.flush(cadf.meta.index)
# we should not be able to find the record now.
s2 = CADFEventDocType.search()
# Alternate form of filter/query expression since we have a nested
# field.
r2 = s2.filter('term', ** {'traits.initiatorId': initiator_id})\
.execute()
self.assertEqual(len(r2.hits), 0)
