def test_search_audit_logs_with_all_filter_parameters(runner, cli_state, date_str): end_time = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S") expected_begin_timestamp = convert_datetime_to_timestamp( MagicDate(rounding_func=round_datetime_to_day_start).convert( date_str, None, None ) ) expected_end_timestamp = convert_datetime_to_timestamp( MagicDate(rounding_func=round_datetime_to_day_end).convert(end_time, None, None) ) runner.invoke( cli, [ "audit-logs", "search", "--actor-username", "*****@*****.**", "--actor-username", "*****@*****.**", "--event-type", "saved-search", "--actor-ip", "0.0.0.0", "--affected-username", "*****@*****.**", "--affected-user-id", "123", "--affected-user-id", "456", "--actor-user-id", "userid", "-b", date_str, "--end", end_time, ], obj=cli_state, ) assert cli_state.sdk.auditlogs.get_all.call_count == 1 cli_state.sdk.auditlogs.get_all.assert_called_once_with( usernames=("*****@*****.**", "*****@*****.**"), affected_user_ids=("123", "456"), affected_usernames=("*****@*****.**",), begin_time=expected_begin_timestamp, end_time=expected_end_timestamp, event_types=("saved-search",), user_ids=("userid",), user_ip_addresses=("0.0.0.0",), )
def test_search_and_send_to_handles_filter_parameters(runner, cli_state, date_str, command): expected_begin_timestamp = convert_datetime_to_timestamp( MagicDate(rounding_func=round_datetime_to_day_start).convert( date_str, None, None)) runner.invoke( cli, [ *command, "--actor-username", "*****@*****.**", "--actor-username", "*****@*****.**", "--begin", date_str, ], obj=cli_state, ) cli_state.sdk.auditlogs.get_all.assert_called_once_with( usernames=("*****@*****.**", "*****@*****.**"), affected_user_ids=(), affected_usernames=(), begin_time=expected_begin_timestamp, end_time=None, event_types=(), user_ids=(), user_ip_addresses=(), )
def test_search_audit_logs_with_filter_parameters(runner, cli_state, date_str): expected_begin_timestamp = convert_datetime_to_timestamp( MagicDate(rounding_func=round_datetime_to_day_start).convert( date_str, None, None ) ) runner.invoke( cli, [ "audit-logs", "search", "--actor-username", "*****@*****.**", "--actor-username", "*****@*****.**", "--begin", date_str, ], obj=cli_state, ) assert cli_state.sdk.auditlogs.get_all.call_count == 1 cli_state.sdk.auditlogs.get_all.assert_called_once_with( usernames=("*****@*****.**", "*****@*****.**"), affected_user_ids=(), affected_usernames=(), begin_time=expected_begin_timestamp, end_time=None, event_types=(), user_ids=(), user_ip_addresses=(), )
def set_end_default_dict(term): return dict( type=MagicDate(rounding_func=round_datetime_to_day_end), help=f"The end of the date range in which to look for {term}, argument format options are " "the same as `--begin`.", callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg), )
def set_begin_default_dict(term): return dict( type=MagicDate(rounding_func=round_datetime_to_day_start), help= f"The beginning of the date range in which to look for {term}. {MagicDate.HELP_TEXT}", callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg), )
def begin_option(term, **kwargs): defaults = dict( type=MagicDate(rounding_func=round_datetime_to_day_start), help=f"The beginning of the date range in which to look for {term}. {MagicDate.HELP_TEXT}", cls=BeginOption, callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg), ) defaults.update(kwargs) return click.option("-b", "--begin", **defaults)
def test_search_events_is_called_with_expected_begin_timestamp( runner, cli_state): expected_timestamp = convert_datetime_to_timestamp( datetime.datetime.strptime("2017-01-01", "%Y-%m-%d")) command = ["legal-hold", "search-events", "--begin", "2017-01-01T00:00:00"] runner.invoke(cli, command, obj=cli_state) cli_state.sdk.legalhold.get_all_events.assert_called_once_with( None, expected_timestamp, None)
def end_option(term, **kwargs): defaults = dict( type=MagicDate(rounding_func=round_datetime_to_day_end), cls=AdvancedQueryAndSavedSearchIncompatible, help=f"The end of the date range in which to look for {term}, argument format options are " "the same as `--begin`.", callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg), ) defaults.update(kwargs) return click.option("-e", "--end", **defaults)
if arg is None: return query = ctx.obj.sdk.securitydata.savedsearches.get_query(arg) return query saved_search_option = click.option( "--saved-search", help="Get events from a saved search filter with the given ID.", callback=_get_saved_search_query, cls=incompatible_with("advanced_query"), ) begin_option = opt.begin_option( SECURITY_DATA_KEYWORD, callback=lambda ctx, param, arg: convert_datetime_to_timestamp( limit_date_range(arg, max_days_back=90)), ) end_option = opt.end_option(SECURITY_DATA_KEYWORD) checkpoint_option = opt.checkpoint_option( SECURITY_DATA_KEYWORD, cls=searchopt.AdvancedQueryAndSavedSearchIncompatible) advanced_query_option = searchopt.advanced_query_option(SECURITY_DATA_KEYWORD) def search_options(f): f = checkpoint_option(f) f = advanced_query_option(f) f = end_option(f) f = begin_option(f) return f
def _get_audit_logs_default_header(): return { "timestamp": "Timestamp", "type$": "Type", "actorName": "ActorName", "actorIpAddress": "ActorIpAddress", "userName": "******", "userId": "AffectedUserUID", } begin_option = opt.begin_option( AUDIT_LOGS_KEYWORD, callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg), ) end_option = opt.end_option( AUDIT_LOGS_KEYWORD, callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg), ) filter_option_usernames = click.option( "--actor-username", required=False, help="Filter results by actor usernames.", multiple=True, ) filter_option_user_ids = click.option( "--actor-user-id", required=False, help="Filter results by actor user IDs.",