def test_create_query_filter_returns_obj_with_correct_json_representation(): query_filter = create_query_filter( EVENT_FILTER_FIELD_NAME, OPERATOR_STRING, VALUE_STRING ) assert ( str(query_filter) == f'{{"operator":"{OPERATOR_STRING}", "term":"{EVENT_FILTER_FIELD_NAME}", "value":"{VALUE_STRING}"}}' )
def create_not_exists_filter_group(term): """Creates a :class:`~py42.sdk.queries.query_filter.FilterGroup` to find events where filter data does not exist. Useful for creating ``DOES_NOT_EXIST`` filters that are not yet supported in py42 or programmatically crafting filter groups. Args: term (str): The term of the filter. Returns: :class:`~py42.sdk.queries.query_filter.FilterGroup` """ filter_list = [create_query_filter(term, u"DOES_NOT_EXIST")] return create_filter_group(filter_list, u"AND")
def create_greater_than_filter_group(term, value): """Creates a :class:`~py42.sdk.queries.query_filter.FilterGroup` for matching file events where the value with key ``term`` is greater than the given value. Useful for creating ``GREATER_THAN`` filters that are not yet supported in py42 or programmatically crafting filter groups. Args: term (str): The term of the filter. value (str or int): The value used to filter file events. Returns: :class:`~py42.sdk.queries.query_filter.FilterGroup` """ filter_list = [create_query_filter(term, u"GREATER_THAN", value)] return create_filter_group(filter_list, u"AND")
def create_contains_filter_group(term, value): """Creates a :class:`~py42.sdk.queries.query_filter.FilterGroup` for filtering results where the value with key ``term`` contains the given value. Useful for creating ``CONTAINS`` filters that are not yet supported in py42 or programmatically crafting filter groups. Args: term: (str): The term of the filter, such as ``actor``. value (str): The value used to match on. Returns: :class:`~py42.sdk.queries.query_filter.FilterGroup` """ filter_list = [create_query_filter(term, u"CONTAINS", value)] return create_filter_group(filter_list, u"AND")
def create_contains_filter_group(term, value): filter_list = [create_query_filter(term, u"CONTAINS", value)] return create_filter_group(filter_list, u"AND")
def create_not_contains_filter_group(term, value): filter_list = [create_query_filter(term, u"DOES_NOT_CONTAIN", value)] return create_filter_group(filter_list, u"AND")
def create_less_than_filter_group(term, value): filter_list = [create_query_filter(term, u"LESS_THAN", value)] return create_filter_group(filter_list, u"AND")
def create_greater_than_filter_group(term, value): filter_list = [create_query_filter(term, u"GREATER_THAN", value)] return create_filter_group(filter_list, u"AND")
def create_not_exists_filter_group(term): filter_list = [create_query_filter(term, u"DOES_NOT_EXIST")] return create_filter_group(filter_list, u"AND")
def create_exists_filter_group(term): filter_list = [create_query_filter(term, u"EXISTS")] return create_filter_group(filter_list, u"AND")
def test_create_query_filter_returns_obj_with_correct_json_representation(): query_filter = create_query_filter(EVENT_FILTER_FIELD_NAME, OPERATOR_STRING, VALUE_STRING) assert str(query_filter ) == '{{"operator":"{0}", "term":"{1}", "value":"{2}"}}'.format( OPERATOR_STRING, EVENT_FILTER_FIELD_NAME, VALUE_STRING)