Exemple #1
0
 def test_get_all_calls_all_params_in_valid_formats(self, mock_connection):
     service = AuditLogsService(mock_connection)
     for _ in service.get_all(
         usernames=["*****@*****.**", "*****@*****.**"],
         user_ids=["1208", "12089"],
         event_types="abc",
         user_ip_addresses=["127.0.0.1", "0.0.0.0"],
         affected_user_ids="",
         affected_usernames="*****@*****.**",
     ):
         pass
     expected_data = {
         "page": 0,
         "pageSize": 500,
         "dateRange": {},
         "eventTypes": ["abc"],
         "actorIds": ["1208", "12089"],
         "actorNames": ["*****@*****.**", "*****@*****.**"],
         "actorIpAddresses": ["127.0.0.1", "0.0.0.0"],
         "affectedUserIds": [],
         "affectedUserNames": ["*****@*****.**"],
     }
     mock_connection.post.assert_called_once_with(
         "/rpc/search/search-audit-log", json=expected_data, headers=None
     )
Exemple #2
0
 def test_get_page_calls_expected_uri_and_params(self, mock_connection):
     service = AuditLogsService(mock_connection)
     service.get_page(
         page_num=1,
         page_size=3,
         begin_time=None,
         end_time=None,
         event_types=None,
         user_ids=None,
         usernames=None,
         user_ip_addresses=None,
         affected_user_ids=None,
         affected_usernames=None,
     )
     expected_data = {
         "page": 0,
         "pageSize": 3,
         "dateRange": {},
         "eventTypes": [],
         "actorIds": [],
         "actorNames": [],
         "actorIpAddresses": [],
         "affectedUserIds": [],
         "affectedUserNames": [],
     }
     mock_connection.post.assert_called_once_with(
         "/rpc/search/search-audit-log", json=expected_data, headers=None
     )
Exemple #3
0
    def test_get_all_passes_valid_date_range_param_when_begin_and_end_time_are_epoch(
        self, mock_connection
    ):
        service = AuditLogsService(mock_connection)

        start_time = 1591401600  # 2020-06-06 00:00:00"
        end_time = 1599653541  # 2020-09-09 12:12:21"
        for _ in service.get_all(begin_time=start_time, end_time=end_time):
            pass
        expected_data = {
            "page": 0,
            "pageSize": 500,
            "dateRange": {
                "startTime": "2020-06-06T00:00:00.000Z",
                "endTime": "2020-09-09T12:12:21.000Z",
            },
            "eventTypes": [],
            "actorIds": [],
            "actorNames": [],
            "actorIpAddresses": [],
            "affectedUserIds": [],
            "affectedUserNames": [],
        }
        mock_connection.post.assert_called_once_with(
            "/rpc/search/search-audit-log", json=expected_data, headers=None
        )
Exemple #4
0
 def test_get_page_passes_no_headers_and_params_when_invalid_format_is_specified(
     self, mock_connection
 ):
     service = AuditLogsService(mock_connection)
     service.get_page(
         format="abc",
         page_num=5,
         page_size=300,
         begin_time=None,
         end_time=None,
         usernames=["*****@*****.**", "*****@*****.**"],
         user_ids=["1208", "12089"],
         event_types="abc",
         user_ip_addresses=["127.0.0.1", "0.0.0.0"],
         affected_user_ids="",
         affected_usernames="*****@*****.**",
     )
     expected_data = {
         "page": 4,
         "pageSize": 300,
         "dateRange": {},
         "eventTypes": ["abc"],
         "actorIds": ["1208", "12089"],
         "actorNames": ["*****@*****.**", "*****@*****.**"],
         "actorIpAddresses": ["127.0.0.1", "0.0.0.0"],
         "affectedUserIds": [],
         "affectedUserNames": ["*****@*****.**"],
     }
     mock_connection.post.assert_called_once_with(
         "/rpc/search/search-audit-log", json=expected_data, headers=None
     )
Exemple #5
0
 def test_get_page_passes_undefined_field_in_api_request(self, mock_connection):
     service = AuditLogsService(mock_connection)
     service.get_page(
         page_num=1,
         page_size=500,
         begin_time=None,
         end_time=None,
         event_types=None,
         user_ids=None,
         usernames=None,
         user_ip_addresses=None,
         affected_user_ids=None,
         affected_usernames=None,
         customParam="",
     )
     expected_data = {
         "page": 0,
         "pageSize": 500,
         "dateRange": {},
         "eventTypes": [],
         "actorIds": [],
         "actorNames": [],
         "actorIpAddresses": [],
         "affectedUserIds": [],
         "affectedUserNames": [],
         "customParam": "",
     }
     mock_connection.post.assert_called_once_with(
         "/rpc/search/search-audit-log", json=expected_data, headers=None
     )
Exemple #6
0
def _init_services(main_connection, main_auth):
    alert_rules_key = u"FedObserver-API_URL"
    alerts_key = u"AlertService-API_URL"
    file_events_key = u"FORENSIC_SEARCH-API_URL"
    preservation_data_key = u"PRESERVATION-DATA-SERVICE_API-URL"
    employee_case_mgmt_key = u"employeecasemanagement-API_URL"
    kv_prefix = u"simple-key-value-store"
    audit_logs_key = u"AUDIT-LOG_API-URL"

    kv_connection = Connection.from_microservice_prefix(
        main_connection, kv_prefix)
    kv_service = KeyValueStoreService(kv_connection)

    alert_rules_conn = Connection.from_microservice_key(kv_service,
                                                        alert_rules_key,
                                                        auth=main_auth)
    alerts_conn = Connection.from_microservice_key(kv_service,
                                                   alerts_key,
                                                   auth=main_auth)
    file_events_conn = Connection.from_microservice_key(kv_service,
                                                        file_events_key,
                                                        auth=main_auth)
    pds_conn = Connection.from_microservice_key(kv_service,
                                                preservation_data_key,
                                                auth=main_auth)
    ecm_conn = Connection.from_microservice_key(kv_service,
                                                employee_case_mgmt_key,
                                                auth=main_auth)
    audit_logs_conn = Connection.from_microservice_key(kv_service,
                                                       audit_logs_key,
                                                       auth=main_auth)
    user_svc = UserService(main_connection)
    administration_svc = AdministrationService(main_connection)
    file_event_svc = FileEventService(file_events_conn)
    user_ctx = UserContext(administration_svc)
    user_profile_svc = DetectionListUserService(ecm_conn, user_ctx, user_svc)

    services = Services(
        administration=administration_svc,
        archive=ArchiveService(main_connection),
        devices=DeviceService(main_connection),
        legalhold=LegalHoldService(main_connection),
        orgs=OrgService(main_connection),
        securitydata=SecurityDataService(main_connection),
        users=UserService(main_connection),
        alertrules=AlertRulesService(alert_rules_conn, user_ctx,
                                     user_profile_svc),
        alerts=AlertService(alerts_conn, user_ctx),
        fileevents=file_event_svc,
        savedsearch=SavedSearchService(file_events_conn, file_event_svc),
        preservationdata=PreservationDataService(pds_conn),
        departingemployee=DepartingEmployeeService(ecm_conn, user_ctx,
                                                   user_profile_svc),
        highriskemployee=HighRiskEmployeeService(ecm_conn, user_ctx,
                                                 user_profile_svc),
        userprofile=user_profile_svc,
        auditlogs=AuditLogsService(audit_logs_conn),
    )

    return services, user_ctx
Exemple #7
0
 def test_get_all_calls_expected_uri_and_params(self, mock_connection):
     service = AuditLogsService(mock_connection)
     for _ in service.get_all():
         pass
     expected_data = {
         "page": 0,
         "pageSize": 500,
         "dateRange": {},
         "eventTypes": [],
         "actorIds": [],
         "actorNames": [],
         "actorIpAddresses": [],
         "affectedUserIds": [],
         "affectedUserNames": [],
     }
     mock_connection.post.assert_called_once_with(
         "/rpc/search/search-audit-log", json=expected_data, headers=None
     )
Exemple #8
0
 def test_get_all_calls_actor_names_with_list_of_user_names(self, mock_connection):
     service = AuditLogsService(mock_connection)
     for _ in service.get_all(usernames=["*****@*****.**", "*****@*****.**"]):
         pass
     expected_data = {
         "page": 0,
         "pageSize": 500,
         "dateRange": {},
         "eventTypes": [],
         "actorIds": [],
         "actorNames": ["*****@*****.**", "*****@*****.**"],
         "actorIpAddresses": [],
         "affectedUserIds": [],
         "affectedUserNames": [],
     }
     mock_connection.post.assert_called_once_with(
         "/rpc/search/search-audit-log", json=expected_data, headers=None
     )
Exemple #9
0
def _init_services(main_connection, main_auth):
    # services are imported within function to prevent circular imports when a service
    # imports anything from py42.sdk.queries
    from py42.services import Services
    from py42.services._keyvaluestore import KeyValueStoreService
    from py42.services.administration import AdministrationService
    from py42.services.alertrules import AlertRulesService
    from py42.services.alerts import AlertService
    from py42.services.archive import ArchiveService
    from py42.services.auditlogs import AuditLogsService
    from py42.services.cases import CasesService
    from py42.services.casesfileevents import CasesFileEventsService
    from py42.services.detectionlists.departing_employee import DepartingEmployeeService
    from py42.services.detectionlists.high_risk_employee import HighRiskEmployeeService
    from py42.services.detectionlists.user_profile import DetectionListUserService
    from py42.services.devices import DeviceService
    from py42.services.fileevent import FileEventService
    from py42.services.legalhold import LegalHoldService
    from py42.services.orgs import OrgService
    from py42.services.preservationdata import PreservationDataService
    from py42.services.savedsearch import SavedSearchService
    from py42.services.trustedactivities import TrustedActivitiesService
    from py42.services.users import UserService

    alert_rules_key = "FedObserver-API_URL"
    alerts_key = "AlertService-API_URL"
    file_events_key = "FORENSIC_SEARCH-API_URL"
    preservation_data_key = "PRESERVATION-DATA-SERVICE_API-URL"
    employee_case_mgmt_key = "employeecasemanagementV2-API_URL"
    kv_prefix = "simple-key-value-store"
    audit_logs_key = "AUDIT-LOG_API-URL"
    cases_key = "CASES_API-URL"
    trusted_activities_key = "TRUSTED-DOMAINS_API-URL"

    kv_connection = Connection.from_microservice_prefix(
        main_connection, kv_prefix)
    kv_service = KeyValueStoreService(kv_connection)

    alert_rules_conn = Connection.from_microservice_key(kv_service,
                                                        alert_rules_key,
                                                        auth=main_auth)
    alerts_conn = Connection.from_microservice_key(kv_service,
                                                   alerts_key,
                                                   auth=main_auth)
    file_events_conn = Connection.from_microservice_key(kv_service,
                                                        file_events_key,
                                                        auth=main_auth)
    pds_conn = Connection.from_microservice_key(kv_service,
                                                preservation_data_key,
                                                auth=main_auth)
    ecm_conn = Connection.from_microservice_key(kv_service,
                                                employee_case_mgmt_key,
                                                auth=main_auth)
    audit_logs_conn = Connection.from_microservice_key(kv_service,
                                                       audit_logs_key,
                                                       auth=main_auth)
    user_svc = UserService(main_connection)
    administration_svc = AdministrationService(main_connection)
    file_event_svc = FileEventService(file_events_conn)
    user_ctx = UserContext(administration_svc)
    user_profile_svc = DetectionListUserService(ecm_conn, user_ctx, user_svc)
    cases_conn = Connection.from_microservice_key(kv_service,
                                                  cases_key,
                                                  auth=main_auth)
    trusted_activities_conn = Connection.from_microservice_key(
        kv_service, trusted_activities_key, auth=main_auth)

    services = Services(
        administration=administration_svc,
        archive=ArchiveService(main_connection),
        devices=DeviceService(main_connection),
        legalhold=LegalHoldService(main_connection),
        orgs=OrgService(main_connection),
        users=UserService(main_connection),
        alertrules=AlertRulesService(alert_rules_conn, user_ctx,
                                     user_profile_svc),
        alerts=AlertService(alerts_conn, user_ctx),
        fileevents=file_event_svc,
        savedsearch=SavedSearchService(file_events_conn, file_event_svc),
        preservationdata=PreservationDataService(pds_conn),
        departingemployee=DepartingEmployeeService(ecm_conn, user_ctx,
                                                   user_profile_svc),
        highriskemployee=HighRiskEmployeeService(ecm_conn, user_ctx,
                                                 user_profile_svc),
        userprofile=user_profile_svc,
        auditlogs=AuditLogsService(audit_logs_conn),
        cases=CasesService(cases_conn),
        casesfileevents=CasesFileEventsService(cases_conn),
        trustedactivities=TrustedActivitiesService(trusted_activities_conn),
    )

    return services, user_ctx