def test_splunk_client_connect_failed(self, mocked_splunk_client_connect): print("Test failed connect\n") try: splunk_client = splunk_utils.SplunkClient( host=self.fake_host, port=self.fake_port, username=self.fake_username, password=self.fake_password) mocked_splunk_client_connect.side_effect = Exception("Failed") assert False except: assert True
def test_splunk_client_search_job_failed(self, mocked_result_reader, mocked_service_jobs, mocked_job, mocked_service, mocked_splunk_client_connect): print("Test failure in creating search job\n") try: fake_query_string = "search index=_internal" mocked_splunk_client_connect.return_value = mocked_service splunk_client = splunk_utils.SplunkClient( host=self.fake_host, port=self.fake_port, username=self.fake_username, password=self.fake_password) ret_events = [{ "host": "host1", "clientip": "127.0.0.1" }, { "host": "host2", "clientip": "0.0.0.0" }] with patch("splunklib.client.Service.jobs", new_callable=mock.PropertyMock) as mocked_jobs_call: mocked_jobs_call.create.return_value = mocked_job mocked_job.set_ttl.side_effect = Exception("Failed!") ret = splunk_client.start_search(query=fake_query_string, job_ttl=100) # # If the search job can not be created, exception shall be thrown. # The code should not get here. # assert False except splunk_utils.SearchJobFailure as e: print( "Failure in creating search job throws SearchJobFailure exception" ) assert True except Exception as e: assert False
def test_splunk_client_search_failed(self, mocked_result_reader, mocked_service_jobs, mocked_job, mocked_service, mocked_splunk_client_connect): print("Test failed search\n") try: fake_query_string = "search index=_internal" mocked_splunk_client_connect.return_value = mocked_service splunk_client = splunk_utils.SplunkClient( host=self.fake_host, port=self.fake_port, username=self.fake_username, password=self.fake_password) splunk_client.set_timeout(123) assert splunk_client.time_out == 123 splunk_client.set_max_return(314) assert splunk_client.max_return == 314 # Set it to 1sec, so the test won't wait too long splunk_client.set_polling_interval(1) assert splunk_client.polling_interval == 1 ret_events = [{ "host": "host1", "clientip": "127.0.0.1" }, { "host": "host2", "clientip": "0.0.0.0" }] with patch("splunklib.client.Service.jobs", new_callable=mock.PropertyMock) as mocked_jobs_call: mocked_jobs_call.create.return_value = mocked_job ret_dict = { "dispatchState": "FAILED", #Indicate that the search failed "scanCount": 1, "eventCount": 1, "doneProgress": 1.1, "resultCount": 1, "isFailed": True, "messages": "Splunk search failed." } # https://stackoverflow.com/questions/30340170/how-to-let-magicmock-behave-like-a-dict mocked_job.__getitem__.side_effect = ret_dict.__getitem__ mocked_job.__iter__.side_effect = ret_dict.__iter__ mocked_result_reader.return_value = ret_events ret = splunk_client.execute_query(query=fake_query_string) # # Assert that we get the return from ResultsReader # assert ret["events"] == ret_events # # Is this important? Asserting we call job.refresh first # mocked_job.refresh.assert_called_with() except splunk_utils.SearchFailure as e: print("Failed search throws SearchFailure as expected") assert True except Exception as e: assert False
def test_splunk_client_search_timeout(self, mocked_result_reader, mocked_service_jobs, mocked_job, mocked_service, mocked_splunk_client_connect): import time print("Test search time out.....\n") start_time = 0 # Set timeout to 3 secs time_out = 3 try: fake_query_string = "search index=_internal" mocked_splunk_client_connect.return_value = mocked_service splunk_client = splunk_utils.SplunkClient( host=self.fake_host, port=self.fake_port, username=self.fake_username, password=self.fake_password) # Small timeout value to force it to timeout splunk_client.set_timeout(time_out) assert splunk_client.time_out == time_out # Set it to 1sec, so the test won't wait too long splunk_client.set_polling_interval(1) assert splunk_client.polling_interval == 1 ret_events = [{ "host": "host1", "clientip": "127.0.0.1" }, { "host": "host2", "clientip": "0.0.0.0" }] with patch("splunklib.client.Service.jobs", new_callable=mock.PropertyMock) as mocked_jobs_call: mocked_jobs_call.create.return_value = mocked_job ret_dict = { "dispatchState": "PENDING", "scanCount": 1, "eventCount": 1, "doneProgress": 1.1, "resultCount": 1, "isFailed": False } # https://stackoverflow.com/questions/30340170/how-to-let-magicmock-behave-like-a-dict mocked_job.__getitem__.side_effect = ret_dict.__getitem__ mocked_job.__iter__.side_effect = ret_dict.__iter__ # # The job is not already always, this will force it to timeout # We set time out to be 3 sec above and we poll every second # so we will call job.is_ready() 3 times. Put 5 here for sure. mocked_job.is_ready.return_value = False mocked_job.is_ready.return_value = False mocked_job.is_ready.return_value = False mocked_job.is_ready.return_value = False mocked_job.is_ready.return_value = False mocked_job.cancel.return_value = mocked_job mocked_result_reader.return_value = ret_events start_time = time.time() ret = splunk_client.execute_query(query=fake_query_string) # # Assert that we get the return from ResultsReader # assert ret["events"] == ret_events # # Is this important? Asserting we call job.refresh first # mocked_job.refresh.assert_called_with() # # This one is important. Assert that we cancel the # search job when it times out # mocked_job.cancel.assert_called_with() except splunk_utils.SearchTimeout: time_used = time.time() - start_time print( "Search times out after {} secs with time out set to {} secs". format(time_used, time_out)) assert True except Exception as e: assert False