def test_empty_value(self): """Normalizer - Normalize, Empty Value""" test_record = { 'account': 123456, 'region': '' # This value is empty so should not be stored } normalized_types = { 'region': ['region', 'awsRegion'], 'sourceAccount': ['account', 'accountId'], 'ipv4': ['sourceIPAddress'] } expected_results = {'sourceAccount': [123456]} results = Normalizer.match_types(test_record, normalized_types) assert_equal(results, expected_results)
def test_match_types_list(self): """Normalizer - Match Types, List of Values""" normalized_types = { 'ipv4': ['sourceIPAddress'], } expected_results = { 'ipv4': ['1.1.1.2', '1.1.1.3'] } test_record = { 'account': 123456, 'sourceIPAddress': ['1.1.1.2', '1.1.1.3'] } results = Normalizer.match_types(test_record, normalized_types) assert_equal(results, expected_results)
def test_match_types_multiple(self): """Normalizer - Match Types, Mutiple Sub-keys""" normalized_types = { 'account': ['account'], 'region': ['region', 'awsRegion'], 'ipv4': ['destination', 'source', 'sourceIPAddress'], 'userName': ['userName', 'owner', 'invokedBy'] } expected_results = { 'account': [123456], 'ipv4': ['1.1.1.2', '1.1.1.3'], 'region': ['region_name'], 'userName': ['Alice', 'signin.amazonaws.com'] } results = Normalizer.match_types(self._test_record(), normalized_types) assert_equal(results, expected_results)
def test_key_does_not_exist(self): """Normalizer - Normalize, Key Does Not Exist""" test_record = {'accountId': 123456, 'region': 'region_name'} normalized_types = { 'region': ['region', 'awsRegion'], 'sourceAccount': ['account', 'accountId'], # There is no IP value in record, so normalization should not include this 'ipv4': ['sourceIPAddress'] } expected_results = { 'sourceAccount': [123456], 'region': ['region_name'] } results = Normalizer.match_types(test_record, normalized_types) assert_equal(results, expected_results)
def test_load_from_config(self): """Normalizer - Load From Config""" config = { 'normalized_types': { 'cloudtrail': { 'region': ['region', 'awsRegion'], 'sourceAccount': ['account', 'accountId'] } } } normalizer = Normalizer.load_from_config(config) expected_config = { 'cloudtrail': { 'region': ['region', 'awsRegion'], 'sourceAccount': ['account', 'accountId'] } } assert_equal(normalizer, Normalizer) assert_equal(normalizer._types_config, expected_config)
def test_load_from_config_empty(self): """Normalizer - Load From Config, Empty""" normalizer = Normalizer.load_from_config({}) assert_equal(normalizer, Normalizer) assert_equal(normalizer._types_config, None)
def test_normalize_none_defined(self, log_mock): """Normalizer - Normalize, No Types Defined""" log_type = 'cloudtrail' Normalizer._types_config = {} Normalizer.normalize(self._test_record(), log_type) log_mock.assert_called_with('No normalized types defined for log type: %s', log_type)