def test_audit_log_splunk_convert_event(self): splunk = enterprise.AuditLogSplunkExport() props = { 'host': 'h', 'enterprise_name': 'Unittest' } splunk.convert_event(props, self.get_audit_event())
def test_audit_log_splunk_properties_success(self): splunk = enterprise.AuditLogSplunkExport() props = {} record = Record() with mock.patch('builtins.print'), mock.patch( 'builtins.input') as mock_input, mock.patch( 'requests.post') as mock_post: resp1 = mock.Mock() resp1.status_code = 401 resp1.json.return_value = {'code': 2} resp2 = mock.Mock() resp2.status_code = 400 resp2.json.return_value = {'code': 6} mock_input.side_effect = [ 'www.splunk.com', 'Splunk Token', KeyboardInterrupt() ] mock_post.side_effect = [resp1, resp2, Exception()] splunk.get_properties(record, props) self.assertIn('hec_url', props) self.assertIn('token', props) self.assertEqual(props['hec_url'], record.login_url) self.assertEqual(props['token'], record.password) self.assertTrue(splunk.store_record)
def test_audit_log_splunk_properties_cancel(self): splunk = enterprise.AuditLogSplunkExport() props = {} record = Record() with mock.patch('builtins.print'), mock.patch('builtins.input') as mock_input, mock.patch('requests.post') as mock_post: resp1 = mock.Mock() resp1.status_code = 404 mock_input.side_effect = ['www.splunk.com', KeyboardInterrupt()] mock_post.side_effect = [resp1, Exception()] with self.assertRaises(KeyboardInterrupt): splunk.get_properties(record, props)