def test_empty_value(self):
"""Normalizer - Normalize, Empty Value"""
test_record = {
'account': 123456,
'region': '' # This value is empty so should not be stored
}
normalized_types = {
'region': ['region', 'awsRegion'],
'sourceAccount': ['account', 'accountId'],
'ipv4': ['sourceIPAddress']
}
expected_results = {'sourceAccount': [123456]}
results = Normalizer.match_types(test_record, normalized_types)
assert_equal(results, expected_results)
def test_match_types_list(self):
"""Normalizer - Match Types, List of Values"""
normalized_types = {
'ipv4': ['sourceIPAddress'],
}
expected_results = {
'ipv4': ['1.1.1.2', '1.1.1.3']
}
test_record = {
'account': 123456,
'sourceIPAddress': ['1.1.1.2', '1.1.1.3']
}
results = Normalizer.match_types(test_record, normalized_types)
assert_equal(results, expected_results)
def test_match_types_multiple(self):
"""Normalizer - Match Types, Mutiple Sub-keys"""
normalized_types = {
'account': ['account'],
'region': ['region', 'awsRegion'],
'ipv4': ['destination', 'source', 'sourceIPAddress'],
'userName': ['userName', 'owner', 'invokedBy']
}
expected_results = {
'account': [123456],
'ipv4': ['1.1.1.2', '1.1.1.3'],
'region': ['region_name'],
'userName': ['Alice', 'signin.amazonaws.com']
}
results = Normalizer.match_types(self._test_record(), normalized_types)
assert_equal(results, expected_results)
def test_key_does_not_exist(self):
"""Normalizer - Normalize, Key Does Not Exist"""
test_record = {'accountId': 123456, 'region': 'region_name'}
normalized_types = {
'region': ['region', 'awsRegion'],
'sourceAccount': ['account', 'accountId'],
# There is no IP value in record, so normalization should not include this
'ipv4': ['sourceIPAddress']
}
expected_results = {
'sourceAccount': [123456],
'region': ['region_name']
}
results = Normalizer.match_types(test_record, normalized_types)
assert_equal(results, expected_results)
def test_load_from_config(self):
"""Normalizer - Load From Config"""
config = {
'normalized_types': {
'cloudtrail': {
'region': ['region', 'awsRegion'],
'sourceAccount': ['account', 'accountId']
}
}
}
normalizer = Normalizer.load_from_config(config)
expected_config = {
'cloudtrail': {
'region': ['region', 'awsRegion'],
'sourceAccount': ['account', 'accountId']
}
}
assert_equal(normalizer, Normalizer)
assert_equal(normalizer._types_config, expected_config)
def test_load_from_config_empty(self):
"""Normalizer - Load From Config, Empty"""
normalizer = Normalizer.load_from_config({})
assert_equal(normalizer, Normalizer)
assert_equal(normalizer._types_config, None)
def test_normalize_none_defined(self, log_mock):
"""Normalizer - Normalize, No Types Defined"""
log_type = 'cloudtrail'
Normalizer._types_config = {}
Normalizer.normalize(self._test_record(), log_type)
log_mock.assert_called_with('No normalized types defined for log type: %s', log_type)