예제 #1
0
    def testPopulatesBatchCorrectly(self):
        with test_lib.ConfigOverrider({
                'Elasticsearch.url': 'http://a',
                'Elasticsearch.token': 'b',
        }):
            mock_post = self._CallPlugin(
                plugin_args=elasticsearch_plugin.ElasticsearchOutputPluginArgs(
                ),
                responses=[
                    rdf_client_fs.StatEntry(pathspec=rdf_paths.PathSpec(
                        path='/中国', pathtype='OS')),
                    rdf_client.Process(pid=42),
                ])

        bulk_pairs = self._ParseEvents(mock_post)

        self.assertLen(bulk_pairs, 2)
        for event_pair in bulk_pairs:
            self.assertEqual(event_pair[1]['client']['clientUrn'],
                             'aff4:/C.1000000000000000')

        self.assertEqual(bulk_pairs[0][1]['resultType'], 'StatEntry')
        self.assertEqual(bulk_pairs[0][1]['result'], {
            'pathspec': {
                'pathtype': 'OS',
                'path': '/中国',
            },
        })

        self.assertEqual(bulk_pairs[1][1]['resultType'], 'Process')
        self.assertEqual(bulk_pairs[1][1]['result'], {
            'pid': 42,
        })
  def testPopulatesEventCorrectly(self):
    with test_lib.ConfigOverrider({
        'Elasticsearch.url': 'http://a',
        'Elasticsearch.token': 'b',
    }):
      with test_lib.FakeTime(rdfvalue.RDFDatetime.FromSecondsSinceEpoch(15)):
        mock_post = self._CallPlugin(
            plugin_args=elasticsearch_plugin.ElasticsearchOutputPluginArgs(
                index='idx', tags=['a', 'b', 'c']),
            responses=[
                rdf_client_fs.StatEntry(
                    pathspec=rdf_paths.PathSpec(path='/中国', pathtype='OS'))
            ])
    bulk_pairs = self._ParseEvents(mock_post)

    self.assertLen(bulk_pairs, 1)
    event_pair = bulk_pairs[0]
    self.assertEqual(event_pair[0]['index']['_index'], 'idx')
    self.assertEqual(event_pair[1]['client']['clientUrn'],
                     'aff4:/C.1000000000000000')
    self.assertEqual(event_pair[1]['flow']['flowId'], '12345678')
    self.assertEqual(event_pair[1]['tags'], ['a', 'b', 'c'])
    self.assertEqual(event_pair[1]['resultType'], 'StatEntry')
    self.assertEqual(event_pair[1]['result'], {
        'pathspec': {
            'pathtype': 'OS',
            'path': '/中国',
        },
    })
 def testFailsWhenUrlIsNotConfigured(self):
   with test_lib.ConfigOverrider({'Elasticsearch.token': 'b'}):
     with self.assertRaisesRegex(
       elasticsearch_plugin.ElasticsearchConfigurationError,
       'Elasticsearch.url'
     ):
       self._CallPlugin(
           plugin_args=elasticsearch_plugin.ElasticsearchOutputPluginArgs(),
           responses=[rdf_client.Process(pid=42)])
예제 #4
0
    def testArgsOverrideConfiguration(self):
        with test_lib.ConfigOverrider({
                'Elasticsearch.url': 'http://a',
                'Elasticsearch.token': 'b',
                'Elasticsearch.index': 'e'
        }):
            mock_post = self._CallPlugin(
                plugin_args=elasticsearch_plugin.ElasticsearchOutputPluginArgs(
                    index='f'),
                responses=[rdf_client.Process(pid=42)])

        bulk_pairs = self._ParseEvents(mock_post)
        self.assertEqual(bulk_pairs[0][0]['index']['_index'], 'f')
  def testRaisesForHttpError(self):
    post = mock.MagicMock()
    post.return_value.raise_for_status.side_effect = (
        requests.exceptions.HTTPError())

    with test_lib.ConfigOverrider({
        'Elasticsearch.url': 'http://a',
        'Elasticsearch.token': 'b',
    }):
      with self.assertRaises(requests.exceptions.HTTPError):
        self._CallPlugin(
            plugin_args=elasticsearch_plugin.ElasticsearchOutputPluginArgs(),
            responses=[rdf_client.Process(pid=42)],
            patcher=mock.patch.object(requests, 'post', post))
예제 #6
0
    def testReadsConfigurationValuesCorrectly(self):
        with test_lib.ConfigOverrider({
                'Elasticsearch.url': 'http://a',
                'Elasticsearch.token': 'b',
                'Elasticsearch.verify_https': False,
                'Elasticsearch.index': 'e'
        }):
            mock_post = self._CallPlugin(
                plugin_args=elasticsearch_plugin.ElasticsearchOutputPluginArgs(
                ),
                responses=[rdf_client.Process(pid=42)])

        self.assertEqual(mock_post.call_args[KWARGS]['url'], 'http://a/_bulk')
        self.assertFalse(mock_post.call_args[KWARGS]['verify'])
        self.assertEqual(
            mock_post.call_args[KWARGS]['headers']['Authorization'], 'Basic b')

        bulk_pairs = self._ParseEvents(mock_post)
        self.assertEqual(bulk_pairs[0][0]['index']['_index'], 'e')