class BaseNormalization(Document): """Base class for a normalization configuration.""" domain_name = None class TimestampInfo(Document): field = StringField(required=True) format = StringField(required=True) class Fields(Document): scope = StringField() mapping = DictField() name = StringField(required=True) filter_query = BooleanField(default=False) os_types = ArrayField(StringField(), required=False) domain = StringField(required=True) strict = BooleanField(required=True) timestamp = DocumentField(TimestampInfo(), required=True) fields = DocumentField(Fields(), required=True) events = DictField(additional_properties=DictField( { 'enum': DictField(additional_properties=DictField( additional_properties=StringField())), 'mapping': DictField(), 'filter': StringField(required=True) }, required=True))
def test_dict_field(): s_f = StringField() _ = lambda value: Var({'role_1': value}) field = DictField(properties=Var( role_1={'name': Var(role_1=s_f)}, role_2={'name': Var(role_2=s_f)}, roles_to_pass_down=['role_1'] ), pattern_properties=Var( role_1={'.*': Var(role_1=s_f)}, role_2={'.*': Var(role_2=s_f)}, roles_to_pass_down=['role_1'] ), additional_properties=_(s_f), min_properties=_(1), max_properties=_(2)) assert field.get_schema() == { 'type': 'object' } assert field.get_schema(role='role_1') == { 'type': 'object', 'properties': { 'name': s_f.get_schema(), }, 'patternProperties': { '.*': s_f.get_schema(), }, 'additionalProperties': s_f.get_schema(), 'minProperties': 1, 'maxProperties': 2, } assert field.get_schema(role='role_2') == { 'type': 'object', 'properties': {}, 'patternProperties': {}, }
class InputsPage(DocumentWithoutAddProp): title = StringField(required=True, max_length=60) description = StringField(max_length=200) table = DocumentField(InputsTable, as_ref=True, required=True) services = ArrayField(DictField( properties={ "name": StringField(required=True, pattern="^[0-9a-zA-Z][0-9a-zA-Z_-]*$", max_length=50), "title": StringField(required=True, max_length=100), "entity": ArrayField(DocumentField(InputsEntity, as_ref=True), required=True), "options": DocumentField(Hooks, as_ref=True), "groups": ArrayField(DictField( properties={ "options": DictField( properties={ "isExpandable": BooleanField(), "expand": BooleanField() } ), "label": StringField(required=True, max_length=100), "field": ArrayField(StringField(required=True, pattern="^\w+$")) } ), required=False), "style": StringField(required=False, enum=["page", "dialog"]), "hook": DictField(required=False), "conf": StringField(required=False, max_length=100), "restHandlerName": StringField(required=False, max_length=100) } ), required=True) menu = DictField(required=False)
def test_dict_field(): s_f = StringField() _ = lambda value: Var({'role_1': value}) field = DictField(properties=Var( { 'role_1': { 'name': Var({'role_1': s_f}) }, 'role_2': { 'name': Var({'role_2': s_f}) }, }, propagate='role_1'), pattern_properties=Var( { 'role_1': { '.*': Var({'role_1': s_f}) }, 'role_2': { '.*': Var({'role_2': s_f}) }, }, propagate='role_1'), additional_properties=_(s_f), min_properties=_(1), max_properties=_(2)) assert s(field.get_schema()) == s({'type': 'object'}) assert s(field.get_schema(role='role_1')) == s({ 'type': 'object', 'properties': { 'name': s_f.get_schema(), }, 'patternProperties': { '.*': s_f.get_schema(), }, 'additionalProperties': s_f.get_schema(), 'minProperties': 1, 'maxProperties': 2, }) assert s(field.get_schema(role='role_2')) == s({ 'type': 'object', 'properties': {}, 'patternProperties': {}, })
class Normalization(BaseNormalization): """Normalization schema for a specific domain.""" domain_name = domain_schema['name'] domain = StringField(enum=[domain_name], required=True) class Fields(BaseNormalization.Fields): mapping = StrictDict( {k: StringField() for k in domain_schema['fields']}) fields = DocumentField(Fields()) events = DictField({ event_name: StrictDict({ 'enum': StrictDict({ enum_name: StrictDict({ enum_option: StringField() for enum_option in enum_options }) for enum_name, enum_options in event_info.get('enum', {}).items() }), 'mapping': StrictDict( {k: StringField() for k in event_info.get('fields', [])}), 'filter': StringField(required=True) }) for event_name, event_info in domain_schema['events'].items() })
class Alerts(DocumentWithoutAddProp): name = StringField(required=True, pattern="^[a-zA-Z0-9_]+$", max_length=100) label = StringField(required=True, max_length=100) description = StringField(required=True) activeResponse = DictField(properties={ "task": ArrayField(StringField(required=True), required=True, min_items=1), "supportsAdhoc": BooleanField(required=True), "subject": ArrayField(StringField(required=True), required=True, min_items=1), "category": ArrayField(StringField(required=True), required=True, min_items=1), "technology": ArrayField(DocumentField(Technology, as_ref=True), required=True, min_items=1), "drilldownUri": StringField(required=False), "sourcetype": StringField(required=False, pattern="^[a-zA-Z0-9:-_]+$", max_length=50) }, required=False) entity = ArrayField(DocumentField(AlertEntity, as_ref=True))
class Domain(Document): """Meta schema for defining a query domain.""" class EventInfo(Document): enum = DictField( additional_properties=ArrayField(StringField(eql_name))) fields = ArrayField(StringField(eql_name)) name = StringField(required=True) fields = ArrayField(StringField(), required=True) events = DictField(additional_properties=DocumentField(EventInfo()))
class Response(Document): data = DictField( { 'name': StringField(min_length=2, required=True), 'url': UriField(), 'main': BooleanField(default=False), }, required=True) data_id = IntField() system = StringField(default='dev')
def test_dict_field(): field = DictField(properties=Var({ 'role_1': { 'a': Var({ 'role_a': a, 'role_none': None, }), 'b': b, 'role_none': None, }, 'role_2': { 'c': c }, 'role_none': None, }), pattern_properties=Var({ 'role_3': { 'x*': Var({ 'role_b': d, 'role_none': None, }), }, 'role_4': { 'y*': e }, 'role_none': None, }), additional_properties=Var({ 'role_5': f, 'role_6': g, 'role_none': None, })) assert set(field.iter_all_fields()) == set([a, b, c, d, e, f, g]) field = DictField(properties={'a': a}, pattern_properties={'b': b}, additional_properties=c) assert set(field.iter_all_fields()) == set([a, b, c]) field = DictField() assert set(field.iter_all_fields()) == set([])
def test_dict_field(): s_f = StringField() _ = lambda value: Var({'role_1': value}) field = DictField(properties=Var( { 'role_1': {'name': Var({'role_1': s_f})}, 'role_2': {'name': Var({'role_2': s_f})}, }, propagate='role_1' ), pattern_properties=Var( { 'role_1': {'.*': Var({'role_1': s_f})}, 'role_2': {'.*': Var({'role_2': s_f})}, }, propagate='role_1' ), additional_properties=_(s_f), min_properties=_(1), max_properties=_(2)) assert s(field.get_schema()) == s({ 'type': 'object' }) assert s(field.get_schema(role='role_1')) == s({ 'type': 'object', 'properties': { 'name': s_f.get_schema(), }, 'patternProperties': { '.*': s_f.get_schema(), }, 'additionalProperties': s_f.get_schema(), 'minProperties': 1, 'maxProperties': 2, }) assert s(field.get_schema(role='role_2')) == s({ 'type': 'object', 'properties': {}, 'patternProperties': {}, })
class AlertEntity(DocumentWithoutAddProp): field = StringField(required=True, pattern="^\w+$") label = StringField(required=True, max_length=30) type = StringField(required=True, enum=["text", "singleSelect", "checkbox", "radio", "singleSelectSplunkSearch"]) help = StringField(max_length=200) defaultValue = OneOfField([ NumberField(), StringField(max_length=250), BooleanField() ]) required = BooleanField() search = StringField(max_length=200) valueField = StringField(max_length=200) labelField = StringField(max_length=200) options = DictField( properties={ "items": ArrayField(DocumentField(ValueLabelPair, as_ref=True)) } )
class Table(DocumentWithoutAddProp): moreInfo = ArrayField(DictField( properties={ "field": StringField(required=True, pattern="^\w+$"), "label": StringField(required=True, max_length=30), "mapping": DictField(required=False) } )) # Header field names needs to be display on UI header = ArrayField(DictField( properties={ "field": StringField(required=True, pattern="^\w+$"), "label": StringField(required=True, max_length=30), "mapping": DictField(required=False), "customCell": DictField(required=False) } ), required=True) # custom Row implementation if required for special cases customRow = DictField(required=False)
def test_dict_field(): field = DictField(properties=Var({ 'role_1': { 'a': Var({ 'role_a': a, 'role_none': None, }), 'b': b, 'role_none': None, }, 'role_2': {'c': c}, 'role_none': None, }), pattern_properties=Var({ 'role_3': { 'x*': Var({ 'role_b': d, 'role_none': None, }), }, 'role_4': {'y*': e}, 'role_none': None, }), additional_properties=Var({ 'role_5': f, 'role_6': g, 'role_none': None, })) assert set(field.iter_all_fields()) == set([a, b, c, d, e, f, g]) field = DictField( properties={'a': a}, pattern_properties={'b': b}, additional_properties=c ) assert set(field.iter_all_fields()) == set([a, b, c]) field = DictField() assert set(field.iter_all_fields()) == set([])
class Fields(Document): scope = StringField() mapping = DictField()
class EventInfo(Document): enum = DictField( additional_properties=ArrayField(StringField(eql_name))) fields = ArrayField(StringField(eql_name))
class Entity(DocumentWithoutAddProp): field = StringField(required=True, pattern="^\w+$") label = StringField(required=True, max_length=30) type = StringField(required=True, enum=["custom", "text", "singleSelect", "checkbox", "multipleSelect", "radio", "placeholder", "oauth", "helpLink"]) help = StringField(max_length=200) tooltip = StringField(max_length=250) defaultValue = OneOfField([ NumberField(), StringField(max_length=250), BooleanField() ]) options = DictField( properties={ "disableSearch": BooleanField(), "autoCompleteFields": OneOfField([ ArrayField(DictField( properties={ "label": StringField(required=True, max_length=150), "children": ArrayField(DocumentField(ValueLabelPair, as_ref=True), required=True) } )), ArrayField(DocumentField(ValueLabelPair, as_ref=True)) ]), "endpointUrl": StringField(max_length=350), "denyList": StringField(max_length=350), "allowList": StringField(max_length=350), "delimiter": StringField(max_length=1), "items": ArrayField(DocumentField(ValueLabelPair, as_ref=True)), "referenceName": StringField(max_length=250), "enable": BooleanField(), "placeholder": StringField(max_length=250), "display": BooleanField(), "labelField": StringField(max_length=250), "src": StringField(max_length=250), "defaultValue": StringField(max_length=250), "disableonEdit": BooleanField(), "basic": ArrayField(DocumentField(OAuthFields, as_ref=True)), "oauth": ArrayField(DocumentField(OAuthFields, as_ref=True)), "auth_type": ArrayField(StringField(max_length=100)), "auth_label": StringField(max_length=250), "oauth_popup_width": NumberField(), "oauth_popup_height": NumberField(), "oauth_timeout": NumberField(), "auth_code_endpoint": StringField(max_length=350), "access_token_endpoint": StringField(max_length=350), "text": StringField(max_length=50), "link": StringField() } ) required = BooleanField() encrypted = BooleanField() # List of inbuilt field validator validators = ArrayField(AnyOfField([ DocumentField(StringValidator, as_ref=True), DocumentField(NumberValidator, as_ref=True), DocumentField(RegexValidator, as_ref=True), DocumentField(EmailValidator, as_ref=True), DocumentField(Ipv4Validator, as_ref=True), DocumentField(UrlValidator, as_ref=True), DocumentField(DateValidator, as_ref=True) ]))