def test_except(self, mock_client):
with pytest.raises(ValueError):
mock_client.investigations.search(close_comment=notnull(21123))
with pytest.raises(ValueError):
mock_client.investigations.search(
relationship('comments.comment', notnull(21123)))
def test_true(self, mock_client):
mock_client.investigations.search(close_comment=notnull(True))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[close_comment]=\u2400false&sort=+created_at&sort=+id'
mock_client.investigations.search(
relationship('comments.comment', notnull(True)))
result = get_url_from_request_mock(mock_client)
assert result == '/api/v2/investigations?filter[comments][comment]=\u2400false&sort=+created_at&sort=+id'
def get_inv_changes(xc, since):
'''
Method polls a few different endpoints for updates to their histories which indicate updates/changes in Workbench.
'''
for change in xc.investigative_action_histories.search(
relationship('investigation.id', notnull()),
created_at=gt(since.isoformat())):
if change.investigation is None:
print("Skipping ... due to expel alert")
continue
entry = {
'action': change.action,
'value': change.value,
'investigation_id': change.investigation.id
}
if change.action == 'ASSIGNED':
entry['assigned_to_actor'] = change.assigned_to_actor.display_name
yield entry
for change in xc.investigation_finding_histories.search(
created_at=gt(since.isoformat())):
entry = {
'action': change.action,
'created_at': change.created_at,
'updated_at': change.updated_at,
'updated_by': change.updated_by.display_name,
'value': change.value,
'investigation_id': change.investigation.id
}
yield entry
for change in xc.investigation_histories.search(
created_at=gt(since.isoformat())):
entry = {
'action': change.action,
'created_at': change.created_at,
'created_by': change.created_by.display_name,
'assigned_to_actor': change.assigned_to_actor.display_name,
'value': change.value,
'investigation_id': change.investigation.id
}
yield entry
def test_true(self):
op = notnull(True)
assert is_operator(op) is True