def test_email_smtp_ssl_true_and_smtp_port():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'smtp_ssl': True,
'smtp_port': 455,
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'owner': 'owner_value',
'alert_subject': 'Test alert for {0}, owned by {1}',
'alert_subject_args': ['test_term', 'owner'],
'snowman': '☃'
}
with mock.patch('elastalert.alerters.email.SMTP_SSL') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [
mock.call('localhost', 455, certfile=None, keyfile=None),
mock.call().sendmail(mock.ANY,
['*****@*****.**', '*****@*****.**'],
mock.ANY),
mock.call().quit()
]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[1][1][2]
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'From: [email protected]' in body
assert 'Subject: Test alert for test_value, owned by owner_value' in body
def test_email_query_key_in_subject():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'query_key': 'username'
}
with mock.patch('elastalert.alerters.email.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{
'test_term': 'test_value',
'username': '******'
}])
body = mock_smtp.mock_calls[4][1][2]
lines = body.split('\n')
found_subject = False
for line in lines:
if line.startswith('Subject'):
assert 'werbenjagermanjensen' in line
found_subject = True
assert found_subject
def test_email_with_cc_and_bcc():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'cc': ['*****@*****.**', '*****@*****.**'],
'bcc': '*****@*****.**'
}
with mock.patch('elastalert.alerters.email.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [
mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(certfile=None, keyfile=None),
mock.call().sendmail(mock.ANY, [
'*****@*****.**', '*****@*****.**', '*****@*****.**',
'*****@*****.**', '*****@*****.**'
], mock.ANY),
mock.call().quit()
]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[4][1][2]
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'CC: [email protected],[email protected]' in body
assert 'From: [email protected]' in body
def test_email_with_cert_key():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0}',
'alert_subject_args': ['test_term'],
'smtp_auth_file': 'file.txt',
'smtp_cert_file': 'dummy/cert.crt',
'smtp_key_file': 'dummy/client.key',
'rule_file': '/tmp/foo.yaml'
}
with mock.patch('elastalert.alerters.email.SMTP') as mock_smtp:
with mock.patch('elastalert.alerts.read_yaml') as mock_open:
mock_open.return_value = {'user': '******', 'password': '******'}
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [
mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(certfile='dummy/cert.crt',
keyfile='dummy/client.key'),
mock.call().login('someone', 'hunter2'),
mock.call().sendmail(mock.ANY,
['*****@*****.**', '*****@*****.**'],
mock.ANY),
mock.call().quit()
]
assert mock_smtp.mock_calls == expected
def test_email_with_args():
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0} {1}',
'alert_subject_args': ['test_term', 'test.term'],
'alert_text': 'Test alert for {0} and {1} {2}',
'alert_text_args': ['test_arg1', 'test_arg2', 'test.arg3'],
'alert_missing_value': '<CUSTOM MISSING VALUE>'
}
with mock.patch('elastalert.alerters.email.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{
'test_term': 'test_value',
'test_arg1': 'testing',
'test': {
'term': ':)',
'arg3': '☃'
}
}])
expected = [
mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(certfile=None, keyfile=None),
mock.call().sendmail(mock.ANY,
['*****@*****.**', '*****@*****.**'],
mock.ANY),
mock.call().quit()
]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[4][1][2]
# Extract the MIME encoded message body
body_text = base64.b64decode(
body.split('\n\n')[-1][:-1]).decode('utf-8')
assert 'testing' in body_text
assert '<CUSTOM MISSING VALUE>' in body_text
assert '☃' in body_text
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'From: [email protected]' in body
assert 'Subject: Test alert for test_value :)' in body
def test_email_from_field(email_from_field, email_add_domain, match_data,
expected_data):
rule = {
'name': 'test alert',
'email': ['*****@*****.**'],
'email_add_domain': 'example.com',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_from_field': 'data.user',
'owner': 'owner_value'
}
if email_from_field:
rule['email_from_field'] = email_from_field
if email_add_domain:
rule['email_add_domain'] = email_add_domain
with mock.patch('elastalert.alerters.email.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert(match_data)
assert mock_smtp.mock_calls[4][1][1] == expected_data
def test_email(caplog):
caplog.set_level(logging.INFO)
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'owner': 'owner_value',
'alert_subject': 'Test alert for {0}, owned by {1}',
'alert_subject_args': ['test_term', 'owner'],
'snowman': '☃'
}
with mock.patch('elastalert.alerters.email.SMTP') as mock_smtp:
mock_smtp.return_value = mock.Mock()
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
expected = [
mock.call('localhost'),
mock.call().ehlo(),
mock.call().has_extn('STARTTLS'),
mock.call().starttls(certfile=None, keyfile=None),
mock.call().sendmail(mock.ANY,
['*****@*****.**', '*****@*****.**'],
mock.ANY),
mock.call().quit()
]
assert mock_smtp.mock_calls == expected
body = mock_smtp.mock_calls[4][1][2]
assert 'Reply-To: [email protected]' in body
assert 'To: [email protected]' in body
assert 'From: [email protected]' in body
assert 'Subject: Test alert for test_value, owned by owner_value' in body
assert ('elastalert', logging.INFO,
"Sent email to ['*****@*****.**', '*****@*****.**']"
) == caplog.record_tuples[0]
def test_email_smtp_exception():
with pytest.raises(EAException) as ea:
rule = {
'name': 'test alert',
'email': ['*****@*****.**', '*****@*****.**'],
'from_addr': '*****@*****.**',
'type': mock_rule(),
'timestamp_field': '@timestamp',
'email_reply_to': '*****@*****.**',
'alert_subject': 'Test alert for {0}',
'alert_subject_args': ['test_term'],
'smtp_auth_file': 'file.txt',
'rule_file': '/tmp/foo.yaml'
}
with mock.patch('elastalert.alerters.email.SMTP_SSL'):
with mock.patch('elastalert.alerts.read_yaml') as mock_open:
mock_open.return_value = {
'user': '******',
'password': '******'
}
alert = EmailAlerter(rule)
alert.alert([{'test_term': 'test_value'}])
assert 'Error connecting to SMTP host: ' in str(ea)