def testPopulatesEventCorrectly(self): with test_lib.ConfigOverrider({ 'Splunk.url': 'http://a', 'Splunk.token': 'b', }): with test_lib.FakeTime( rdfvalue.RDFDatetime.FromSecondsSinceEpoch(15)): mock_post = self._CallPlugin( plugin_args=splunk_plugin.SplunkOutputPluginArgs( index='idx', annotations=['a', 'b', 'c']), responses=[ rdf_client_fs.StatEntry(pathspec=rdf_paths.PathSpec( path='/中国', pathtype='OS')) ]) events = self._ParseEvents(mock_post) self.assertLen(events, 1) self.assertEqual(events[0]['host'], 'Host-0.example.com') self.assertEqual(events[0]['sourcetype'], 'grr_flow_result') self.assertEqual(events[0]['source'], 'grr') self.assertEqual(events[0]['time'], 15) self.assertEqual(events[0]['event']['client']['clientUrn'], 'aff4:/C.1000000000000000') self.assertEqual(events[0]['event']['annotations'], ['a', 'b', 'c']) self.assertEqual(events[0]['event']['flow']['flowId'], '12345678') self.assertEqual(events[0]['event']['resultType'], 'StatEntry') self.assertEqual(events[0]['event']['result'], { 'pathspec': { 'pathtype': 'OS', 'path': '/中国', }, })
def testFailsWhenTokenIsNotConfigured(self): with test_lib.ConfigOverrider({'Splunk.url': 'a'}): with self.assertRaisesRegex(splunk_plugin.SplunkConfigurationError, 'Splunk.token'): self._CallPlugin( plugin_args=splunk_plugin.SplunkOutputPluginArgs(), responses=[rdf_client.Process(pid=42)])
def testPopulatesBatchCorrectly(self): with test_lib.ConfigOverrider({ 'Splunk.url': 'http://a', 'Splunk.token': 'b', }): mock_post = self._CallPlugin( plugin_args=splunk_plugin.SplunkOutputPluginArgs(), responses=[ rdf_client_fs.StatEntry(pathspec=rdf_paths.PathSpec( path='/中国', pathtype='OS')), rdf_client.Process(pid=42), ]) events = self._ParseEvents(mock_post) self.assertLen(events, 2) for event in events: self.assertEqual(event['sourcetype'], 'grr_flow_result') self.assertEqual(event['source'], 'grr') self.assertEqual(event['host'], 'Host-0.example.com') self.assertEqual(event['event']['client']['clientUrn'], 'aff4:/C.1000000000000000') self.assertEqual(events[0]['event']['resultType'], 'StatEntry') self.assertEqual(events[0]['event']['result'], { 'pathspec': { 'pathtype': 'OS', 'path': '/中国', }, }) self.assertEqual(events[1]['event']['resultType'], 'Process') self.assertEqual(events[1]['event']['result'], { 'pid': 42, })
def testArgsOverrideConfiguration(self): with test_lib.ConfigOverrider({ 'Splunk.url': 'http://a', 'Splunk.token': 'b', 'Splunk.index': 'e' }): mock_post = self._CallPlugin( plugin_args=splunk_plugin.SplunkOutputPluginArgs(index='f'), responses=[rdf_client.Process(pid=42)]) events = self._ParseEvents(mock_post) self.assertEqual(events[0]['index'], 'f')
def testRaisesForHttpError(self): post = mock.MagicMock() post.return_value.raise_for_status.side_effect = ( requests.exceptions.HTTPError()) with test_lib.ConfigOverrider({ 'Splunk.url': 'http://a', 'Splunk.token': 'b', }): with self.assertRaises(requests.exceptions.HTTPError): self._CallPlugin( plugin_args=splunk_plugin.SplunkOutputPluginArgs(), responses=[rdf_client.Process(pid=42)], patcher=mock.patch.object(requests, 'post', post))
def testReadsConfigurationValuesCorrectly(self): with test_lib.ConfigOverrider({ 'Splunk.url': 'http://a', 'Splunk.token': 'b', 'Splunk.verify_https': False, 'Splunk.source': 'c', 'Splunk.sourcetype': 'd', 'Splunk.index': 'e' }): mock_post = self._CallPlugin( plugin_args=splunk_plugin.SplunkOutputPluginArgs(), responses=[rdf_client.Process(pid=42)]) self.assertEqual(mock_post.call_args[KWARGS]['url'], 'http://a/services/collector/event') self.assertFalse(mock_post.call_args[KWARGS]['verify']) self.assertEqual(mock_post.call_args[KWARGS]['headers']['Authorization'], 'Splunk b') events = self._ParseEvents(mock_post) self.assertEqual(events[0]['source'], 'c') self.assertEqual(events[0]['sourcetype'], 'd') self.assertEqual(events[0]['index'], 'e')