def test_raises_on_bad_generate_kibana_filters():
test_rule['generate_kibana_link'] = True
bad_filters = [[{'not': {'terms': {'blah': 'blah'}}}],
[{'terms': {'blah': 'blah'}}],
[{'query': {'not_querystring': 'this:that'}}],
[{'query': {'wildcard': 'this*that'}}],
[{'blah': 'blah'}]]
good_filters = [[{'term': {'field': 'value'}}],
[{'not': {'term': {'this': 'that'}}}],
[{'not': {'query': {'query_string': {'query': 'this:that'}}}}],
[{'query': {'query_string': {'query': 'this:that'}}}],
[{'range': {'blah': {'from': 'a', 'to': 'b'}}}],
[{'not': {'range': {'blah': {'from': 'a', 'to': 'b'}}}}]]
# Test that all the good filters work, but fail with a bad filter added
for good in good_filters:
test_rule_copy = copy.deepcopy(test_rule)
test_rule_copy['filter'] = good
with mock.patch('elastalert.config.yaml_loader') as mock_open:
mock_open.return_value = test_rule_copy
load_rule_configuration('blah', test_config)
for bad in bad_filters:
test_rule_copy['filter'] = good + bad
with pytest.raises(EAException):
load_rule_configuration('blah', test_config)
def test_import_rules():
test_rule_copy = copy.deepcopy(test_rule)
test_rule_copy['type'] = 'testing.test.RuleType'
with mock.patch('elastalert.config.yaml_loader') as mock_open:
mock_open.return_value = test_rule_copy
# Test that type is imported
with mock.patch('__builtin__.__import__') as mock_import:
mock_import.return_value = elastalert.ruletypes
load_rule_configuration('test_config', test_config)
assert mock_import.call_args_list[0][0][0] == 'testing.test'
assert mock_import.call_args_list[0][0][3] == ['RuleType']
# Test that alerts are imported
test_rule_copy = copy.deepcopy(test_rule)
mock_open.return_value = test_rule_copy
test_rule_copy['alert'] = 'testing2.test2.Alerter'
with mock.patch('__builtin__.__import__') as mock_import:
mock_import.return_value = elastalert.alerts
load_rule_configuration('test_config', test_config)
assert mock_import.call_args_list[0][0][0] == 'testing2.test2'
assert mock_import.call_args_list[0][0][3] == ['Alerter']
def test_import_filter():
# Check that if a filter is specified the rules are merged:
import_rule = copy.deepcopy(test_rule)
del(import_rule['es_host'])
del(import_rule['es_port'])
import_rule['import'] = 'importme.ymlt'
import_me = {
'es_host': 'imported_host',
'es_port': 12349,
'filter': [{'term': {'ratchet': 'clank'}}],
}
with mock.patch('elastalert.config.yaml_loader') as mock_open:
mock_open.side_effect = [import_rule, import_me]
rules = load_rule_configuration('blah.yaml', test_config)
assert rules['filter'] == [{'term': {'ratchet': 'clank'}}, {'term': {'key': 'value'}}]
def test_import_absolute_import():
import_rule = copy.deepcopy(test_rule)
del(import_rule['es_host'])
del(import_rule['es_port'])
import_rule['import'] = '/importme.ymlt'
import_me = {
'es_host': 'imported_host',
'es_port': 12349,
'email': 'ignored@email', # overwritten by the email in import_rule
}
with mock.patch('elastalert.config.yaml_loader') as mock_open:
mock_open.side_effect = [import_rule, import_me]
rules = load_rule_configuration('blah.yaml', test_config)
assert mock_open.call_args_list[0][0] == ('blah.yaml',)
assert mock_open.call_args_list[1][0] == ('/importme.ymlt',)
assert len(mock_open.call_args_list) == 2
assert rules['es_port'] == 12349
assert rules['es_host'] == 'imported_host'
assert rules['email'] == ['*****@*****.**']
assert rules['filter'] == import_rule['filter']