Example #1
0
def test_fetch_incidents__last_run(mocker):
    """
    Given:
        - An Okta IAM client object and fetch-relevant instance parameters
        - Last run object contains three incidents.
    When:
        - Calling function fetch_incidents
        - Fetch Limit is 2.
    Then:
        - Ensure only the first two incidents from the last run are retrieved.
        - Ensure that the next_run object returned contains the third incident.
        - Ensure 'last_run_time' key exists and holds a datetime string in the correct format.
    """
    from datetime import datetime

    last_run = {
        'incidents': [{'mock_log1': 'mock_value1'}, {'mock_log2': 'mock_value2'}, {'mock_log3': 'mock_value3'}]
    }
    mocker.patch('Okta_IAM.get_all_user_profiles', return_value={})

    events, next_run = fetch_incidents(
        client=mock_client(),
        last_run=last_run,
        query_filter='mock_query_filter',
        first_fetch_str='7 days',
        fetch_limit=2
    )

    last_run_time = datetime.strptime(next_run.get('last_run_time'), '%Y-%m-%dT%H:%M:%SZ')

    assert len(events) == 2
    assert len(next_run.get('incidents')) == 1
    assert next_run['incidents'][0].get('mock_log3') == 'mock_value3'
    assert isinstance(last_run_time, datetime)
Example #2
0
def test_fetch_incidents__two_logs_batches(mocker):
    """
    Given:
        - An Okta IAM client object and fetch-relevant instance parameters
    When:
        - Calling function fetch_incidents
        - Events should come in two batches of two events in the first batch, and one event in the second batch.
    Then:
        - Ensure three events are returned in incident the correct format.
    """
    import json
    mocker.patch.object(Client, 'get_logs_batch', side_effect=mock_get_logs_batch)
    mocker.patch('Okta_IAM.get_all_user_profiles', return_value={})
    events, _ = fetch_incidents(
        client=mock_client(),
        last_run={},
        query_filter='mock_query_filter',
        first_fetch_str='7 days',
        fetch_limit=5
    )

    assert len(events) == 3
    assert json.loads(events[0]['rawJSON']).get('mock_log1') == 'mock_value1'
    assert json.loads(events[1]['rawJSON']).get('mock_log2') == 'mock_value2'
    assert json.loads(events[2]['rawJSON']).get('mock_log3') == 'mock_value3'
Example #3
0
def test_fetch_incidents__fetch_limit(mocker):
    """
    Given:
        - An Okta IAM client object and fetch-relevant instance parameters
    When:
        - Calling function fetch_incidents
        - Three events exist Okta logs.
        - Fetch limit is 2.
    Then:
        - Ensure only two events are returned in incident the correct format.
    """
    mocker.patch.object(Client,
                        'get_logs_batch',
                        side_effect=mock_get_logs_batch)
    events, _ = fetch_incidents(client=mock_client(),
                                last_run={},
                                query_filter='mock_query_filter',
                                first_fetch_str='7 days',
                                fetch_limit=2)

    assert len(events) == 2