def test_raises_on_bad_generate_kibana_filters(): test_rule['generate_kibana_link'] = True bad_filters = [[{'not': {'terms': {'blah': 'blah'}}}], [{'terms': {'blah': 'blah'}}], [{'query': {'not_querystring': 'this:that'}}], [{'query': {'wildcard': 'this*that'}}], [{'blah': 'blah'}]] good_filters = [[{'term': {'field': 'value'}}], [{'not': {'term': {'this': 'that'}}}], [{'not': {'query': {'query_string': {'query': 'this:that'}}}}], [{'query': {'query_string': {'query': 'this:that'}}}], [{'range': {'blah': {'from': 'a', 'to': 'b'}}}], [{'not': {'range': {'blah': {'from': 'a', 'to': 'b'}}}}]] # Test that all the good filters work, but fail with a bad filter added for good in good_filters: test_config_copy = copy.deepcopy(test_config) rules_loader = FileRulesLoader(test_config_copy) test_rule_copy = copy.deepcopy(test_rule) test_rule_copy['filter'] = good with mock.patch.object(rules_loader, 'get_yaml') as mock_open: mock_open.return_value = test_rule_copy rules_loader.load_configuration('blah', test_config) for bad in bad_filters: test_rule_copy['filter'] = good + bad with pytest.raises(EAException): rules_loader.load_configuration('blah', test_config)
def test_import_import(): rules_loader = FileRulesLoader(test_config) import_rule = copy.deepcopy(test_rule) del (import_rule['es_host']) del (import_rule['es_port']) import_rule['import'] = 'importme.ymlt' import_me = { 'es_host': 'imported_host', 'es_port': 12349, 'email': 'ignored@email', # overwritten by the email in import_rule } with mock.patch.object(rules_loader, 'get_yaml') as mock_open: mock_open.side_effect = [import_rule, import_me] rules = rules_loader.load_configuration('blah.yaml', test_config) assert mock_open.call_args_list[0][0] == ('blah.yaml', ) assert mock_open.call_args_list[1][0] == ('importme.ymlt', ) assert len(mock_open.call_args_list) == 2 assert rules['es_port'] == 12349 assert rules['es_host'] == 'imported_host' assert rules['email'] == ['*****@*****.**'] assert rules['filter'] == import_rule['filter'] # check global import_rule dependency assert rules_loader.import_rules == {'blah.yaml': ['importme.ymlt']}
def test_import_filter(): # Check that if a filter is specified the rules are merged: rules_loader = FileRulesLoader(test_config) import_rule = copy.deepcopy(test_rule) del (import_rule['es_host']) del (import_rule['es_port']) import_rule['import'] = 'importme.ymlt' import_me = { 'es_host': 'imported_host', 'es_port': 12349, 'filter': [{ 'term': { 'ratchet': 'clank' } }], } with mock.patch.object(rules_loader, 'get_yaml') as mock_open: mock_open.side_effect = [import_rule, import_me] rules = rules_loader.load_configuration('blah.yaml', test_config) assert rules['filter'] == [{ 'term': { 'ratchet': 'clank' } }, { 'term': { 'key': 'value' } }]
def test_import_rules(): rules_loader = FileRulesLoader(test_config) test_rule_copy = copy.deepcopy(test_rule) test_rule_copy['type'] = 'testing.test.RuleType' with mock.patch.object(rules_loader, 'load_yaml') as mock_open: mock_open.return_value = test_rule_copy # Test that type is imported with mock.patch('builtins.__import__') as mock_import: mock_import.return_value = elastalert.ruletypes rules_loader.load_configuration('test_config', test_config) assert mock_import.call_args_list[0][0][0] == 'testing.test' assert mock_import.call_args_list[0][0][3] == ['RuleType'] # Test that alerts are imported test_rule_copy = copy.deepcopy(test_rule) mock_open.return_value = test_rule_copy test_rule_copy['alert'] = 'testing2.test2.Alerter' with mock.patch('builtins.__import__') as mock_import: mock_import.return_value = elastalert.alerts rules_loader.load_configuration('test_config', test_config) assert mock_import.call_args_list[0][0][0] == 'testing2.test2' assert mock_import.call_args_list[0][0][3] == ['Alerter']