def test_detections_to_incident(): """ Given: - 10 detections, sorted by their detection time. - 10 detections, shuffled. When: - Calling detections_to_incidents to parse the detections to incidents on the sorted detections. - Calling detections_to_incidents to parse the detections to incidents on the shuffled detections. Then: - Both calls return 10 incidents, and the latest detection time among the detections. """ from AzureADIdentityProtection import detections_to_incidents detections_in_order = util_load_json('test_data/incidents.json')['value'] detections_out_of_order = copy.deepcopy(detections_in_order) random.shuffle(detections_out_of_order) last_fetch = '2019-07-28T00:10:00.123456' incidents, latest_incident_time = detections_to_incidents( detections_in_order, last_fetch) assert len(incidents) == 10 assert latest_incident_time == '2021-07-17T14:11:57Z' incidents, latest_incident_time = detections_to_incidents( detections_out_of_order, last_fetch) assert len(incidents) == 10 assert latest_incident_time == '2021-07-17T14:11:57Z'
def test_fetch_new_incidents(mocker): """ Given fetch incidents command running for the first time. When mock the Client's http_request. Then validate fetch incidents command using the Client gets all relevant incidents """ from AzureADIdentityProtection import detections_to_incidents, get_last_fetch_time test_incidents = util_load_json('test_data/incidents.json') last_run = {'latest_detection_found': '2021-07-20T11:02:54Z'} last_fetch = get_last_fetch_time(last_run, {}) incidents, last_item_time = detections_to_incidents( test_incidents.get('value', []), last_fetch) assert len(incidents) == 10 assert incidents[0].get( 'name') == 'Azure AD: 17 newCountry adminDismissedAllRiskForUser' assert last_item_time == '2021-07-20T11:02:54Z'