def setup_outputs(self, alert): """Helper function to handler any output setup Args: alert (dict): The alert dictionary containing outputs the need mocking out """ outputs = alert.get('outputs', []) # Patch the urllib2.urlopen event to override HTTPStatusCode, etc url_mock = Mock() patch('urllib2.urlopen', url_mock).start() for output in outputs: try: service, descriptor = output.split(':') except ValueError: LOGGER_CLI.error( 'Outputs should be declared in the format <SERVICE>:<DESCRIPTOR>') continue if service == 'aws-s3': bucket = self.outputs_config[service][descriptor] boto3.client('s3', region_name='us-east-1').create_bucket(Bucket=bucket) elif service == 'aws-lambda': lambda_function = self.outputs_config[service][descriptor] parts = lambda_function.split(':') if len(parts) == 2 or len(parts) == 8: lambda_function = parts[-2] else: lambda_function = parts[-1] helpers.create_lambda_function(lambda_function, 'us-east-1') elif service == 'pagerduty': output_name = '{}/{}'.format(service, descriptor) creds = {'service_key': '247b97499078a015cc6c586bc0a92de6'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) # Set the patched urlopen.getcode return value to 200 url_mock.return_value.getcode.return_value = 200 elif service == 'phantom': output_name = '{}/{}'.format(service, descriptor) creds = {'ph_auth_token': '6c586bc047b9749a92de29078a015cc6', 'url': 'phantom.foo.bar'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) # Set the patched urlopen.getcode return value to 200 url_mock.return_value.getcode.return_value = 200 # Phantom needs a container 'id' value in the http response url_mock.return_value.read.side_effect = ['{"count": 0, "data": []}', '{"id": 1948}'] elif service == 'slack': output_name = '{}/{}'.format(service, descriptor) creds = {'url': 'https://api.slack.com/web-hook-key'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) # Set the patched urlopen.getcode return value to 200 url_mock.return_value.getcode.return_value = 200
def test_dispatch_with_qualifier(self, log_mock): """LambdaOutput - Dispatch Success, With Qualifier""" alt_descriptor = '{}_qual'.format(self.DESCRIPTOR) create_lambda_function(CONFIG[self.SERVICE][alt_descriptor], REGION) assert_true(self._dispatcher.dispatch(get_alert(), alt_descriptor)) log_mock.assert_called_with('Successfully sent alert to %s:%s', self.SERVICE, alt_descriptor)
def setup(self): """Alert Merger - Setup""" self.dynamo_mock = mock_dynamodb2() self.lambda_mock = mock_lambda() self.dynamo_mock.start() self.lambda_mock.start() create_lambda_function(_ALERT_PROCESSOR, 'us-east-1') setup_mock_alerts_table(_ALERTS_TABLE) self.merger = main.AlertMerger.get_instance()
def test_dispatch_with_qualifier(self, log_mock): """LambdaOutput - Dispatch Success, With Qualifier""" alt_descriptor = '{}_qual'.format(self.DESCRIPTOR) create_lambda_function(alt_descriptor, REGION) assert_true( self._dispatcher.dispatch(descriptor=alt_descriptor, rule_name='rule_name', alert=get_alert())) log_mock.assert_called_with('Successfully sent alert to %s', self.SERVICE)
def setup_outputs(self, alert): """Helper function to handler any output setup""" outputs = alert['metadata'].get('outputs', []) # Patch the urllib2.urlopen event to override HTTPStatusCode, etc url_mock = Mock() patch('urllib2.urlopen', url_mock).start() for output in outputs: try: service, descriptor = output.split(':') except ValueError: continue if service == 'aws-s3': bucket = self.outputs_config[service][descriptor] boto3.client( 's3', region_name='us-east-1').create_bucket(Bucket=bucket) elif service == 'aws-lambda': function = self.outputs_config[service][descriptor] parts = function.split(':') if len(parts) == 2 or len(parts) == 8: function = parts[-2] else: function = parts[-1] helpers.create_lambda_function(function, 'us-east-1') elif service == 'pagerduty': output_name = ('/').join([service, descriptor]) creds = {'service_key': '247b97499078a015cc6c586bc0a92de6'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) # Set the patched urlopen.getcode return value to 200 url_mock.return_value.getcode.return_value = 200 elif service == 'phantom': output_name = ('/').join([service, descriptor]) creds = { 'ph_auth_token': '6c586bc047b9749a92de29078a015cc6', 'url': 'phantom.foo.bar' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) # Set the patched urlopen.getcode return value to 200 url_mock.return_value.getcode.return_value = 200 # Phantom needs a container 'id' value in the http response url_mock.return_value.read.return_value = '{"id": 1948}' elif service == 'slack': output_name = ('/').join([service, descriptor]) creds = {'url': 'https://api.slack.com/web-hook-key'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) # Set the patched urlopen.getcode return value to 200 url_mock.return_value.getcode.return_value = 200
def setup(self): """Alert Merger - Setup - Create AlertMerger instance and mock alert processor""" # pylint: disable=attribute-defined-outside-init self.merger = main.AlertMerger() create_lambda_function(_ALERT_PROCESSOR, 'us-east-1')
def setup_outputs(self, alert): """Helper function to handler any output setup Args: alert (Alert): The Alert instance containing outputs to be mocked out """ # Patch requests.get and requests.post self._setup_api_mocks() alert_outputs = resources.get_required_outputs() alert_outputs.update(alert.outputs) for output in alert_outputs: try: service, descriptor = output.split(':') except ValueError: LOGGER_CLI.error( 'Outputs should be declared in the format <SERVICE>:<DESCRIPTOR>' ) continue if service == 'aws-s3': bucket = self.outputs_config[service][descriptor] client = boto3.client('s3', region_name=self.region) try: # Check if the bucket exists before creating it client.head_bucket(Bucket=bucket) except ClientError: client.create_bucket(Bucket=bucket) elif service == 'aws-firehose': stream_name = self.outputs_config[service][descriptor] helpers.create_delivery_stream(self.region, stream_name) elif service == 'aws-lambda': lambda_function = self.outputs_config[service][descriptor] parts = lambda_function.split(':') if len(parts) == 2 or len(parts) == 8: lambda_function = parts[-2] else: lambda_function = parts[-1] helpers.create_lambda_function(lambda_function, self.region) elif service == 'aws-sns': topic_name = self.outputs_config[service][descriptor] boto3.client( 'sns', region_name=self.region).create_topic(Name=topic_name) elif service == 'aws-sqs': queue_name = self.outputs_config[service][descriptor] boto3.client( 'sqs', region_name=self.region).create_queue(QueueName=queue_name) elif service == 'carbonblack': output_name = '{}/{}'.format(service, descriptor) creds = { 'token': 'e51273c7c8e0fd9fae431cc019ab244112345678', 'url': 'cb.foo.bar' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'komand': output_name = '{}/{}'.format(service, descriptor) creds = { 'komand_auth_token': '00000000-0000-0000-0000-000000000000', 'url': 'komand.foo.bar' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'pagerduty': output_name = '{}/{}'.format(service, descriptor) creds = {'service_key': '247b97499078a015cc6c586bc0a92de6'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'pagerduty-v2': output_name = '{}/{}'.format(service, descriptor) creds = {'routing_key': '247b97499078a015cc6c586bc0a92de6'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'pagerduty-incident': output_name = '{}/{}'.format(service, descriptor) creds = { 'token': '247b97499078a015cc6c586bc0a92de6', 'service_name': '247b97499078a015cc6c586bc0a92de6', 'service_id': 'SERVICEID123', 'escalation_policy': '247b97499078a015cc6c586bc0a92de6', 'escalation_policy_id': 'POLICYID123', 'email_from': '*****@*****.**', 'integration_key': '247b97499078a015cc6c586bc0a92de6' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) elif service == 'phantom': output_name = '{}/{}'.format(service, descriptor) creds = { 'ph_auth_token': '6c586bc047b9749a92de29078a015cc6', 'url': 'phantom.foo.bar' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'slack': output_name = '{}/{}'.format(service, descriptor) creds = {'url': 'https://api.slack.com/web-hook-key'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'jira': output_name = '{}/{}'.format(service, descriptor) creds = { 'username': '******', 'password': '******', 'url': 'jira.foo.bar', 'project_key': 'foobar', 'issue_type': 'Task', 'aggregate': 'no' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) elif service == 'github': output_name = '{}/{}'.format(service, descriptor) creds = { 'username': '******', 'repository': 'github-user/github-repository', 'access_token': 'foobar', 'labels': 'test-label' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias)
def setup_outputs(self, alert): """Helper function to handler any output setup Args: alert (dict): The alert dictionary containing outputs the need mocking out """ # Patch requests.get and requests.post self._setup_requests_mocks() for output in alert.get('outputs', []): try: service, descriptor = output.split(':') except ValueError: LOGGER_CLI.error( 'Outputs should be declared in the format <SERVICE>:<DESCRIPTOR>' ) continue if service == 'aws-s3': bucket = self.outputs_config[service][descriptor] client = boto3.client('s3', region_name=self.region) try: # Check if the bucket exists before creating it client.head_bucket(Bucket=bucket) except ClientError: client.create_bucket(Bucket=bucket) elif service == 'aws-firehose': stream_name = self.outputs_config[service][descriptor] helpers.create_delivery_stream(self.region, stream_name) elif service == 'aws-lambda': lambda_function = self.outputs_config[service][descriptor] parts = lambda_function.split(':') if len(parts) == 2 or len(parts) == 8: lambda_function = parts[-2] else: lambda_function = parts[-1] helpers.create_lambda_function(lambda_function, self.region) elif service == 'pagerduty': output_name = '{}/{}'.format(service, descriptor) creds = {'service_key': '247b97499078a015cc6c586bc0a92de6'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'pagerduty-v2': output_name = '{}/{}'.format(service, descriptor) creds = {'routing_key': '247b97499078a015cc6c586bc0a92de6'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'pagerduty-incident': output_name = '{}/{}'.format(service, descriptor) creds = { 'token': '247b97499078a015cc6c586bc0a92de6', 'service_name': '247b97499078a015cc6c586bc0a92de6', 'escalation_policy': '247b97499078a015cc6c586bc0a92de6', 'email_from': '*****@*****.**', 'integration_key': '247b97499078a015cc6c586bc0a92de6' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) elif service == 'phantom': output_name = '{}/{}'.format(service, descriptor) creds = { 'ph_auth_token': '6c586bc047b9749a92de29078a015cc6', 'url': 'phantom.foo.bar' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'slack': output_name = '{}/{}'.format(service, descriptor) creds = {'url': 'https://api.slack.com/web-hook-key'} helpers.put_mock_creds(output_name, creds, self.secrets_bucket, self.region, self.kms_alias) elif service == 'jira': output_name = '{}/{}'.format(service, descriptor) creds = { 'username': '******', 'password': '******', 'url': 'jira.foo.bar', 'project_key': 'foobar', 'issue_type': 'Task', 'aggregate': 'no' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias) elif service == 'github': output_name = '{}/{}'.format(service, descriptor) creds = { 'username': '******', 'repository': 'github-user/github-repository', 'access_token': 'foobar', 'labels': 'test-label' } helpers.put_mock_creds(output_name, creds, self.secrets_bucket, 'us-east-1', self.kms_alias)
def setup(self): """Setup before each method""" self._dispatcher = LambdaOutput(REGION, ACCOUNT_ID, FUNCTION_NAME, CONFIG) create_lambda_function(CONFIG[self.SERVICE][self.DESCRIPTOR], REGION)
def _setup_dispatch(self, alt_descriptor=''): """Helper for setting up LambdaOutput dispatch""" function_name = CONFIG[self.__service][alt_descriptor or self.__descriptor] create_lambda_function(function_name, REGION) return get_alert()
def _setup_dispatch(self): """Helper for setting up LambdaOutput dispatch""" function_name = CONFIG[self.__service][self.__descriptor] create_lambda_function(function_name, REGION) return _get_sns_message(0)['default']