def test_search_posts_to_expected_url(self, mock_session, user_context,
successful_post):
alert_client = AlertClient(mock_session, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(TENANT_ID_FROM_RESPONSE, _filter)
alert_client.search(query)
assert mock_session.post.call_args[0][0] == u"/svc/api/v1/query-alerts"
def test_search_posts_to_expected_url(
self, mock_connection, user_context, successful_post
):
alert_service = AlertService(mock_connection, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(_filter)
alert_service.search(query)
assert mock_connection.post.call_args[0][0] == u"/svc/api/v1/query-alerts"
def test_search(connection):
filters = [
AlertState.eq(AlertState.OPEN),
Severity.is_in([Severity.HIGH, Severity.MEDIUM]),
]
alert_query = AlertQuery(*filters)
response = connection.alerts.search(alert_query)
assert_successful_response(response)
def _create_alert_query(event_severity_filter, start_time):
"""Creates an alert query for the given severity (or severities) and start time."""
alert_filters = AlertQueryFilters()
severity = event_severity_filter
alert_filters.append_result(_get_severity_filter_value(severity), Severity.is_in)
alert_filters.append(AlertState.eq(AlertState.OPEN))
alert_filters.append_result(start_time, DateObserved.on_or_after)
alert_query = alert_filters.to_all_query()
return alert_query
def test_search_posts_expected_data(self, mock_session, user_context,
successful_post):
alert_client = AlertClient(mock_session, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(TENANT_ID_FROM_RESPONSE, _filter)
alert_client.search(query)
post_data = json.loads(mock_session.post.call_args[1]["data"])
assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE
and post_data["groupClause"] == "AND"
and post_data["srtKey"] == "CreatedAt"
and post_data["srtDirection"] == "desc"
and post_data["pgSize"] == 10000 and post_data["pgNum"] == 0
and post_data["groups"][0]["filterClause"] == "AND"
and post_data["groups"][0]["filters"][0]["operator"] == "IS"
and post_data["groups"][0]["filters"][0]["term"] == "state"
and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
def test_search_posts_expected_data_overwrites_default_option_when_passed_page_num_and_page_size(
self, mock_connection, user_context):
alert_service = AlertService(mock_connection, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(_filter)
alert_service.search(query, 10, 20)
assert mock_connection.post.call_count == 1
assert mock_connection.post.call_args[0][
0] == "/svc/api/v1/query-alerts"
post_data = mock_connection.post.call_args[1]["json"]
assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE
and post_data["groupClause"] == "AND"
and post_data["srtKey"] == "CreatedAt"
and post_data["srtDirection"] == "desc"
and post_data["pgSize"] == 20 and post_data["pgNum"] == 9
and post_data["groups"][0]["filterClause"] == "AND"
and post_data["groups"][0]["filters"][0]["operator"] == "IS"
and post_data["groups"][0]["filters"][0]["term"] == "state"
and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
def test_search_all_pages_posts_expected_data(self, mock_connection,
user_context):
alert_service = AlertService(mock_connection, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(_filter)
for _ in alert_service.search_all_pages(query):
break
assert mock_connection.post.call_count == 1
assert mock_connection.post.call_args[0][
0] == "/svc/api/v1/query-alerts"
post_data = mock_connection.post.call_args[1]["json"]
assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE
and post_data["groupClause"] == "AND"
and post_data["srtKey"] == "CreatedAt"
and post_data["srtDirection"] == "desc"
and post_data["pgSize"] == 500 and post_data["pgNum"] == 0
and post_data["groups"][0]["filterClause"] == "AND"
and post_data["groups"][0]["filters"][0]["operator"] == "IS"
and post_data["groups"][0]["filters"][0]["term"] == "state"
and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
)
end = opt.end_option(ALERTS_KEYWORD)
checkpoint = opt.checkpoint_option(ALERTS_KEYWORD)
advanced_query = searchopt.advanced_query_option(ALERTS_KEYWORD)
severity_option = click.option(
"--severity",
multiple=True,
type=click.Choice(Severity.choices()),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
callback=searchopt.is_in_filter(f.Severity),
help="Filter alerts by severity. Defaults to returning all severities.",
)
filter_state_option = click.option(
"--state",
multiple=True,
type=click.Choice(AlertState.choices()),
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
callback=searchopt.is_in_filter(f.AlertState),
help="Filter alerts by status. Defaults to returning all statuses.",
)
actor_option = click.option(
"--actor",
multiple=True,
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible,
callback=searchopt.is_in_filter(f.Actor),
help=
"Filter alerts by including the given actor(s) who triggered the alert. "
"Arguments must match the actor's cloud alias exactly.",
)
actor_contains_option = click.option(
"--actor-contains",
def test_alert_state_choices_returns_set():
choices = AlertState.choices()
valid_set = {"OPEN", "RESOLVED", "PENDING", "IN_PROGRESS"}
assert set(choices) == valid_set
def test_alert_state_not_in_str_gives_correct_json_representation():
items = ["OPEN", "DISMISSED", "other"]
_filter = AlertState.not_in(items)
expected = NOT_IN.format("state", *sorted(items))
assert str(_filter) == expected
def test_alert_state_not_eq_str_gives_correct_json_representation():
_filter = AlertState.not_eq("OPEN")
expected = IS_NOT.format("state", "OPEN")
assert str(_filter) == expected