Exemple #1
0
def test_get_json_payload_error():
    rule = {
        'name': 'Test Alerta rule!',
        'alerta_api_url': 'http://*****:*****@timestamp',
        'type': 'any',
        'alert': 'alerta',
        'query_key': 'hostname'
    }
    match = {
        '@timestamp': '2014-10-10T00:00:00',
        'sender_ip': '1.1.1.1',
        'hostname': 'aProbe'
    }
    rules_loader = FileRulesLoader({})
    rules_loader.load_modules(rule)
    alert = AlertaAlerter(rule)

    mock_run = mock.MagicMock(side_effect=Exception)
    with mock.patch('json.dumps', mock_run):

        with pytest.raises(Exception) as e:
            alert.get_json_payload(match)

        assert 'Error building Alerta request: ' in str(e)
Exemple #2
0
def test_alerta_create_default_title(query_key, expected_data):
    rule = {
        'name': 'Test Alerta rule!',
        'alerta_api_url': 'http://*****:*****@timestamp',
        'type': 'any',
        'alert': 'alerta'
    }
    if query_key:
        rule['query_key'] = query_key

    match = [{
        '@timestamp': '2014-10-10T00:00:00',
        'sender_ip': '1.1.1.1',
        'hostname': 'aProbe'
    }, {
        '@timestamp': '2014-10-10T00:00:00',
        'sender_ip': '1.1.1.1',
        'hostname2': 'aProbe'
    }]
    rules_loader = FileRulesLoader({})
    rules_loader.load_modules(rule)
    alert = AlertaAlerter(rule)

    result = alert.create_default_title(match)
    assert expected_data == result
Exemple #3
0
def test_alerta_auth():
    rule = {
        'name': 'Test Alerta rule!',
        'alerta_api_url': 'http://*****:*****@timestamp',
        'alerta_severity': "debug",
        'type': 'any',
        'alerta_use_match_timestamp': True,
        'alert': 'alerta'
    }

    match = {
        '@timestamp': '2014-10-10T00:00:00',
        'sender_ip': '1.1.1.1',
        'hostname': 'aProbe'
    }

    rules_loader = FileRulesLoader({})
    rules_loader.load_modules(rule)
    alert = AlertaAlerter(rule)
    with mock.patch('requests.post') as mock_post_request:
        alert.alert([match])

    mock_post_request.assert_called_once_with(alert.url,
                                              data=mock.ANY,
                                              verify=True,
                                              headers={
                                                  'content-type':
                                                  'application/json',
                                                  'Authorization':
                                                  'Key {}'.format(
                                                      rule['alerta_api_key'])
                                              })
Exemple #4
0
def test_alerta_use_match_timestamp():
    rule = {
        'name': 'Test Alerta rule!',
        'alerta_api_url': 'http://elastalerthost:8080/api/alert',
        'timeframe': datetime.timedelta(hours=1),
        'alerta_attributes_keys': ["hostname", "TimestampEvent", "senderIP"],
        'alerta_attributes_values': ["{hostname}", "{logdate}", "{sender_ip}"],
        'alerta_correlate': ["ProbeUP", "ProbeDOWN"],
        'alerta_event': "ProbeUP",
        'alerta_group': "Health",
        'alerta_origin': "ElastAlert 2",
        'alerta_severity': "debug",
        'alerta_text': "Probe {hostname} is UP at {logdate} GMT",
        'alerta_value': "UP",
        'type': 'any',
        'alerta_use_match_timestamp': False,
        'alerta_tags': ['elastalert2'],
        'alert': 'alerta'
    }

    match = {'sender_ip': '1.1.1.1', 'hostname': 'aProbe'}

    rules_loader = FileRulesLoader({})
    rules_loader.load_modules(rule)
    alert = AlertaAlerter(rule)
    with mock.patch('requests.post') as mock_post_request:
        alert.alert([match])

    expected_data = {
        "origin": "ElastAlert 2",
        "resource": "elastalert",
        "severity": "debug",
        "service": ["elastalert"],
        "tags": ['elastalert2'],
        "text": "Probe aProbe is UP at <MISSING VALUE> GMT",
        "value": "UP",
        "environment": "Production",
        "timeout": 86400,
        "correlate": ["ProbeUP", "ProbeDOWN"],
        "group": "Health",
        "attributes": {
            "senderIP": "1.1.1.1",
            "hostname": "aProbe",
            "TimestampEvent": "<MISSING VALUE>"
        },
        "type": "elastalert",
        "event": "ProbeUP"
    }

    mock_post_request.assert_called_once_with(
        alert.url,
        data=mock.ANY,
        verify=True,
        headers={'content-type': 'application/json'})

    actual_data = json.loads(mock_post_request.call_args_list[0][1]['data'])
    del actual_data['createTime']
    del actual_data['rawData']
    assert expected_data == actual_data
Exemple #5
0
def test_alerta_required_error(alerta_api_url, expected_data):
    try:
        rule = {
            'name': 'Test Alerta rule!',
            'timeframe': datetime.timedelta(hours=1),
            'timestamp_field': '@timestamp',
            'type': 'any',
            'alert': 'alerta'
        }

        if alerta_api_url:
            rule['alerta_api_url'] = alerta_api_url

        rules_loader = FileRulesLoader({})
        rules_loader.load_modules(rule)
        alert = AlertaAlerter(rule)

        actual_data = alert.get_info()
        assert expected_data == actual_data
    except Exception as ea:
        assert expected_data in str(ea)
Exemple #6
0
def test_alerta_getinfo():
    rule = {
        'name': 'Test Alerta rule!',
        'alerta_api_url': 'http://*****:*****@timestamp',
        'type': 'any',
        'alert': 'alerta'
    }

    rules_loader = FileRulesLoader({})
    rules_loader.load_modules(rule)
    alert = AlertaAlerter(rule)

    expected_data = {
        'type': 'alerta',
        'alerta_url': 'http://elastalerthost:8080/api/alert'
    }
    actual_data = alert.get_info()

    assert expected_data == actual_data
Exemple #7
0
def test_alerta_ea_exception():
    with pytest.raises(EAException) as ea:
        rule = {
            'name': 'Test Alerta rule!',
            'alerta_api_url': 'http://*****:*****@timestamp',
            'alerta_attributes_keys':
            ["hostname", "TimestampEvent", "senderIP"],
            'alerta_attributes_values':
            ["{hostname}", "{logdate}", "{sender_ip}"],
            'alerta_correlate': ["ProbeUP", "ProbeDOWN"],
            'alerta_event': "ProbeUP",
            'alerta_group': "Health",
            'alerta_origin': "ElastAlert 2",
            'alerta_severity': "debug",
            'alerta_text': "Probe {hostname} is UP at {logdate} GMT",
            'alerta_value': "UP",
            'type': 'any',
            'alerta_use_match_timestamp': True,
            'alerta_tags': ['elastalert2'],
            'alert': 'alerta'
        }

        match = {
            '@timestamp': '2014-10-10T00:00:00',
            'sender_ip': '1.1.1.1',
            'hostname': 'aProbe'
        }

        rules_loader = FileRulesLoader({})
        rules_loader.load_modules(rule)
        alert = AlertaAlerter(rule)
        mock_run = mock.MagicMock(side_effect=RequestException)
        with mock.patch('requests.post',
                        mock_run), pytest.raises(RequestException):
            alert.alert([match])
    assert 'Error posting to Alerta: ' in str(ea)
Exemple #8
0
def test_alerta_no_auth(caplog):
    caplog.set_level(logging.INFO)
    rule = {
        'name': 'Test Alerta rule!',
        'alerta_api_url': 'http://*****:*****@timestamp',
        'alerta_api_skip_ssl': True,
        'alerta_attributes_keys': ["hostname", "TimestampEvent", "senderIP"],
        'alerta_attributes_values':
        ["%(key)s", "%(logdate)s", "%(sender_ip)s"],
        'alerta_correlate': ["ProbeUP", "ProbeDOWN"],
        'alerta_event': "ProbeUP",
        'alerta_group': "Health",
        'alerta_origin': "ElastAlert 2",
        'alerta_severity': "debug",
        'alerta_text': "Probe %(hostname)s is UP at %(logdate)s GMT",
        'alerta_value': "UP",
        'type': 'any',
        'alerta_use_match_timestamp': True,
        'alert': 'alerta'
    }

    match = {
        '@timestamp': '2014-10-10T00:00:00',
        # 'key': ---- missing field on purpose, to verify that simply the text is left empty
        # 'logdate': ---- missing field on purpose, to verify that simply the text is left empty
        'sender_ip': '1.1.1.1',
        'hostname': 'aProbe'
    }

    rules_loader = FileRulesLoader({})
    rules_loader.load_modules(rule)
    alert = AlertaAlerter(rule)
    with mock.patch('requests.post') as mock_post_request:
        alert.alert([match])

    expected_data = {
        "origin": "ElastAlert 2",
        "resource": "elastalert",
        "severity": "debug",
        "service": ["elastalert"],
        "tags": [],
        "text": "Probe aProbe is UP at <MISSING VALUE> GMT",
        "value": "UP",
        "createTime": "2014-10-10T00:00:00.000000Z",
        "environment": "Production",
        "rawData":
        "Test Alerta rule!\n\n@timestamp: 2014-10-10T00:00:00\nhostname: aProbe\nsender_ip: 1.1.1.1\n",
        "timeout": 86400,
        "correlate": ["ProbeUP", "ProbeDOWN"],
        "group": "Health",
        "attributes": {
            "senderIP": "1.1.1.1",
            "hostname": "<MISSING VALUE>",
            "TimestampEvent": "<MISSING VALUE>"
        },
        "type": "elastalert",
        "event": "ProbeUP"
    }

    mock_post_request.assert_called_once_with(
        alert.url,
        data=mock.ANY,
        headers={'content-type': 'application/json'},
        verify=False)
    assert expected_data == json.loads(
        mock_post_request.call_args_list[0][1]['data'])
    assert ('elastalert', logging.INFO,
            'Alert sent to Alerta') == caplog.record_tuples[0]