def test_issue_creation_failure(self, post_mock, get_mock, log_mock):
"""JiraOutput - Issue Creation, Failure"""
# setup the successful search response - no results
get_mock.return_value.status_code = 200
get_mock.return_value.json.return_value = {'issues': []}
# setup successful auth response and failed issue creation
type(post_mock.return_value).status_code = PropertyMock(
side_effect=[200, 400])
auth_resp = {
'session': {
'name': 'cookie_name',
'value': 'cookie_value'
}
}
post_mock.return_value.content = 'some bad content'
post_mock.return_value.json.side_effect = [auth_resp, dict()]
assert_false(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_has_calls([
call('Encountered an error while sending to %s:\n%s', self.SERVICE,
'some bad content'),
call('Failed to send alert to %s', self.SERVICE)
])
def test_dispatch_success_bad_policy(self, get_mock, post_mock, log_mock):
"""PagerDutyIncidentOutput - Dispatch Success, Bad Policy"""
# /users, /escalation_policies, /escalation_policies, /services
type(get_mock.return_value).status_code = PropertyMock(
side_effect=[200, 400, 200, 200])
json_user = {'users': [{'id': 'user_id'}]}
json_bad_policy = dict()
json_good_policy = {'escalation_policies': [{'id': 'policy_id'}]}
json_service = {'services': [{'id': 'service_id'}]}
get_mock.return_value.json.side_effect = [
json_user, json_bad_policy, json_good_policy, json_service
]
# /incidents
post_mock.return_value.status_code = 200
ctx = {'pagerduty-incident': {'assigned_policy': 'valid_policy'}}
assert_true(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert(context=ctx)))
log_mock.assert_called_with('Successfully sent alert to %s',
self.SERVICE)
def test_dispatch_bad_descriptor(self, log_error_mock):
"""KomandOutput - Dispatch Failure, Bad Descriptor"""
assert_false(
self._dispatcher.dispatch(get_alert(), ':'.join([self.SERVICE, 'bad_descriptor'])))
log_error_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, 'bad_descriptor')
def test_dispatch_success_no_merge_response(self, get_mock, post_mock, put_mock, log_mock):
"""PagerDutyIncidentOutput - Dispatch Success, No Merge Response"""
# GET /users, /escalation_policies, /escalation_policies, /services
get_mock.return_value.status_code = 200
json_user = {'users': [{'id': 'user_id'}]}
json_bad_policy = {'not_escalation_policies': [{'id': 'other_policy_id'}]}
json_good_policy = {'escalation_policies': [{'id': 'policy_id'}]}
json_service = {'services': [{'id': 'service_id'}]}
json_lookup = {'incidents': [{'id': 'existing_incident_id'}]}
get_mock.return_value.json.side_effect = [json_user, json_bad_policy,
json_good_policy, json_service, json_lookup]
# POST /incidents, /v2/enqueue
post_mock.return_value.status_code = 200
json_incident = {'incident': {'id': 'incident_id'}}
json_event = {'dedup_key': 'returned_dedup_key'}
post_mock.return_value.json.side_effect = [json_incident, json_event]
# PUT /incidents/indicent_id/merge
put_mock.return_value.status_code = 200
put_mock.return_value.json.return_value = {}
ctx = {'pagerduty-incident': {'assigned_policy': 'valid_policy'}}
assert_true(self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert(context=ctx)))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_dispatch_bad_descriptor(self, log_mock):
"""PagerDutyIncidentOutput - Dispatch Failure, Bad Descriptor"""
assert_false(self._dispatcher.dispatch(descriptor='bad_descriptor',
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Failed to send alert to %s:%s', self.SERVICE, 'bad_descriptor')
def test_dispatch_success_no_context(self, get_mock, post_mock, put_mock, log_mock):
"""PagerDutyIncidentOutput - Dispatch Success, No Context"""
# GET /users, /escalation_policies, /services
json_user = {'users': [{'id': 'user_id'}]}
json_policy = {'escalation_policies': [{'id': 'policy_id'}]}
json_service = {'services': [{'id': 'service_id'}]}
# GET /incidents
json_lookup = {'incidents': [{'id': 'incident_id'}]}
get_mock.return_value.status_code = 200
get_mock.return_value.json.side_effect = [json_user, json_policy,
json_service, json_lookup]
# POST /incidents, /v2/enqueue, /incidents/incident_id/notes
post_mock.return_value.status_code = 200
json_incident = {'incident': {'id': 'incident_id'}}
json_event = {'dedup_key': 'returned_dedup_key'}
json_note = {'note': {'id': 'note_id'}}
post_mock.return_value.json.side_effect = [json_incident, json_event, json_note]
# PUT /incidents/indicent_id/merge
put_mock.return_value.status_code = 200
assert_true(self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_dispatch_issue_existing(self, post_mock, get_mock, log_mock):
"""JiraOutput - Dispatch Success, Existing Issue"""
# setup the request to find an existing issue
get_mock.return_value.status_code = 200
existing_issues = {
'issues': [{
'fields': {
'summary': 'Bogus'
},
'id': '5000'
}]
}
get_mock.return_value.json.return_value = existing_issues
auth_resp = {
'session': {
'name': 'cookie_name',
'value': 'cookie_value'
}
}
# setup the auth and successful creation responses
post_mock.return_value.status_code = 200
post_mock.return_value.json.side_effect = [auth_resp, {'id': 5000}]
assert_true(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Successfully sent alert to %s',
self.SERVICE)
def test_comment_creation_failure(self, post_mock, get_mock, log_mock):
"""JiraOutput - Comment Creation, Failure"""
# setup successful search response
get_mock.return_value.status_code = 200
existing_issues = {
'issues': [{
'fields': {
'summary': 'Bogus'
},
'id': '5000'
}]
}
get_mock.return_value.json.return_value = existing_issues
# setup successful auth, failed comment creation, and successful issue creation
type(post_mock.return_value).status_code = PropertyMock(
side_effect=[200, 400, 200])
auth_resp = {
'session': {
'name': 'cookie_name',
'value': 'cookie_value'
}
}
post_mock.return_value.json.side_effect = [auth_resp, {'id': 6000}]
assert_true(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with(
'Encountered an error when adding alert to existing Jira '
'issue %s. Attempting to create new Jira issue.', 5000)
def test_dispatch_existing_container(self, post_mock, log_mock):
"""KomandOutput - Dispatch Success"""
post_mock.return_value.status_code = 200
assert_true(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_dispatch(self, log_mock):
"""Cloudwatch - Dispatch"""
alert = get_alert()
assert_true(self._dispatcher.dispatch(alert, self.OUTPUT))
assert_equal(log_mock.call_count, 3)
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_dispatch_success(self, post_mock, log_mock):
"""PagerDutyOutput - Dispatch Success"""
post_mock.return_value.status_code = 200
assert_true(self._dispatcher.dispatch(get_alert(), self.DESCRIPTOR))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_dispatch_failure(self, post_mock, log_mock):
"""PagerDutyOutput - Dispatch Failure, Bad Request"""
post_mock.return_value.status_code = 400
assert_false(self._dispatcher.dispatch(get_alert(), self.DESCRIPTOR))
log_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def setup(self):
self._alert = get_alert(context={'context': 'value'})
self._alert.created = datetime(2019, 1, 1)
self._alert.publishers = [
TestDefaultPublisher.PUBLISHER_NAME, self.PUBLISHER_NAME
]
self._output = MagicMock(
spec=SlackOutput) # Just use some random output
def test_dispatch_ignore_large_payload(self):
"""Output Dispatch - Kinesis Firehose with Large Payload"""
alert = get_alert()
alert['record'] = 'test' * 1000 * 1000
assert_false(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=alert))
def test_dispatch(self, log_mock):
"""Kinesis Firehose - Output Dispatch Success"""
assert_true(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_auth_empty_response(self, post_mock, log_mock):
"""JiraOutput - Auth, Failure Empty Response"""
# setup unsuccesful auth response
post_mock.return_value.status_code = 200
post_mock.return_value.json.return_value = {}
assert_false(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
log_mock.assert_called_with('Failed to send alert to %s:%s', self.SERVICE, self.DESCRIPTOR)
def test_dispatch_not_banned(self, mock_cb):
"""CarbonBlackOutput - Dispatch Not Banned"""
alert_context = {
'carbonblack': {
'action': 'ban',
'value': 'NOT_BANNED_HASH'
}
}
assert_true(self._dispatcher.dispatch(get_alert(context=alert_context), self.OUTPUT))
def test_wrapped_function_publisher():
"""WrappedFunctionPublisher - Ensure function is executed properly"""
publisher = WrappedFunctionPublisher(sample_publisher_5)
alert = get_alert()
publication = publisher.publish(alert, {})
expectation = {'test4': True}
assert_equal(publication, expectation)
def test_dispatch(self, log_mock):
"""LambdaOutput dispatch"""
assert_true(
self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Successfully sent alert to %s',
self.SERVICE)
def test_dispatch_no_context(self, mock_logger):
"""CarbonBlackOutput - Dispatch No Context"""
assert_false(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
mock_logger.assert_has_calls([
call('[%s] Alert must contain context to run actions',
'carbonblack'),
call('Failed to send alert to %s:%s', 'carbonblack',
'unit_test_carbonblack')
])
def test_dispatch_success(self, url_mock, log_mock):
"""SlackOutput - Dispatch Success"""
url_mock.return_value.status_code = 200
url_mock.return_value.json.return_value = dict()
assert_true(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_dispatch_with_qualifier(self, log_mock):
"""LambdaOutput - Dispatch Success, With Qualifier"""
alt_descriptor = '{}_qual'.format(self.DESCRIPTOR)
create_lambda_function(CONFIG[self.SERVICE][alt_descriptor], REGION)
assert_true(self._dispatcher.dispatch(get_alert(), alt_descriptor))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, alt_descriptor)
def test_dispatch_failure(self, url_mock, log_mock):
"""GithubOutput - Dispatch Failure, Bad Request"""
json_error = {'message': 'error message', 'errors': ['error1']}
url_mock.return_value.json.return_value = json_error
url_mock.return_value.status_code = 400
assert_false(self._dispatcher.dispatch(get_alert(), self.DESCRIPTOR))
log_mock.assert_called_with('Failed to send alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_dispatch_container_failure(self, post_mock, log_mock):
"""KomandOutput - Dispatch Failure"""
post_mock.return_value.status_code = 400
json_error = {'message': 'error message', 'errors': ['error1']}
post_mock.return_value.json.return_value = json_error
assert_false(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
log_mock.assert_called_with('Failed to send alert to %s:%s', self.SERVICE, self.DESCRIPTOR)
def test_outputs_type():
"""Alert Processor Input Validation - Metadata Outputs Bad Type"""
# Default valid alert to be modified
invalid_metadata_outputs = get_alert()
# metadata > outputs type validation
invalid_metadata_outputs['outputs'] = {'bad': 'value'}
# Test with invalid metadata outputs type
assert_false(validate_alert(invalid_metadata_outputs))
def test_outputs_value_type():
"""Alert Processor Input Validation - Metadata Outputs Bad Value Type"""
# Default valid alert to be modified
invalid_metadata_outputs = get_alert()
# metadata > outputs value validation
invalid_metadata_outputs['outputs'] = ['good', 100]
# Test with invalid metadata outputs value
assert_false(validate_alert(invalid_metadata_outputs))
def test_dispatch_bad_email(self, get_mock, log_mock):
"""PagerDutyIncidentOutput - Dispatch Failure, Bad Email"""
# /users
get_mock.return_value.status_code = 400
json_user = {'not_users': [{'id': 'no_user_id'}]}
get_mock.return_value.json.return_value = json_user
assert_false(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
log_mock.assert_called_with('Failed to send alert to %s:%s', self.SERVICE, self.DESCRIPTOR)
def test_metadata_non_string_type():
"""Alert Processor Input Validation - Metadata Non-String"""
# Default valid alert to be modified
invalid_metadata_non_string = get_alert()
# metadata > non-string value validation
invalid_metadata_non_string['log_type'] = 4.5
# Test with invalid metadata non-string value
assert_false(validate_alert(invalid_metadata_non_string))
def test_dispatch_success_with_labels(self, url_mock, log_mock):
"""GithubOutput - Dispatch Success with Labels"""
url_mock.return_value.status_code = 200
url_mock.return_value.json.return_value = dict()
assert_true(self._dispatcher.dispatch(get_alert(), self.OUTPUT))
assert_equal(url_mock.call_args[1]['json']['labels'], ['label1', 'label2'])
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, self.DESCRIPTOR)
def test_dispatch_success(self, url_mock, log_mock):
"""SlackOutput - Dispatch Success"""
url_mock.return_value.status_code = 200
url_mock.return_value.json.return_value = dict()
assert_true(self._dispatcher.dispatch(descriptor=self.DESCRIPTOR,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Successfully sent alert to %s', self.SERVICE)
