def test_alert_query_str_with_page_num_gives_correct_json_representation(
event_filter_group):
alert_query = AlertQuery(_TENANT_ID, event_filter_group)
alert_query.page_number = 5
json_query_str = JSON_QUERY_BASE.format(_TENANT_ID, "AND",
event_filter_group, 5, 10000,
"desc", "CreatedAt")
assert str(alert_query) == json_query_str
def test_alert_query_str_with_sort_key_gives_correct_json_representation(
event_filter_group):
alert_query = AlertQuery(_TENANT_ID, event_filter_group)
alert_query.sort_key = "some_field_to_sort_by"
json_query_str = JSON_QUERY_BASE.format(_TENANT_ID, "AND",
event_filter_group, 0, 10000,
"desc", "some_field_to_sort_by")
assert str(alert_query) == json_query_str
def test_alert_query_str_with_sort_direction_gives_correct_json_representation(
event_filter_group, ):
alert_query = AlertQuery(_TENANT_ID, event_filter_group)
alert_query.sort_direction = "asc"
json_query_str = JSON_QUERY_BASE.format(_TENANT_ID, "AND",
event_filter_group, 0, 10000,
"asc", "CreatedAt")
assert str(alert_query) == json_query_str
def _construct_query(state, begin, end, advanced_query, or_query):
if advanced_query:
state.search_filters = advanced_query
else:
if begin or end:
state.search_filters.append(
create_time_range_filter(f.DateObserved, begin, end))
if or_query:
state.search_filters = convert_to_or_query(state.search_filters)
query = AlertQuery(*state.search_filters)
query.page_size = ALERT_PAGE_SIZE
query.sort_direction = "asc"
query.sort_key = "CreatedAt"
return query
def test_alert_query_repr_does_not_throw_type_error():
# On python 2, `repr` doesn't throw.
# On python 3, if `repr` doesn't return type `str`, then an exception is thrown.
try:
_ = repr(AlertQuery(_TENANT_ID))
except TypeError:
assert False
def test_alert_query_str_with_single_filter_and_specified_gives_correct_json_representation(
event_filter_group, ):
alert_query = AlertQuery(_TENANT_ID,
event_filter_group,
group_clause="AND")
json_query_str = build_query_json("AND", event_filter_group)
assert str(alert_query) == json_query_str
def test_alert_query_str_with_many_filters_or_specified_gives_correct_json_representation(
event_filter_group_list, ):
alert_query = AlertQuery(_TENANT_ID,
event_filter_group_list,
group_clause="OR")
json_query_str = build_query_json("OR", event_filter_group_list)
assert str(alert_query) == json_query_str
def test_search_posts_to_expected_url(self, mock_session, user_context,
successful_post):
alert_client = AlertClient(mock_session, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(TENANT_ID_FROM_RESPONSE, _filter)
alert_client.search(query)
assert mock_session.post.call_args[0][0] == u"/svc/api/v1/query-alerts"
def test_alerts_client_get_all_alert_details_does_not_call_get_details_when_no_alerts_found(
self, mock_alerts_service_with_no_alerts,
mock_alert_rules_service):
alert_client = AlertsClient(mock_alerts_service_with_no_alerts,
mock_alert_rules_service)
query = AlertQuery()
list(alert_client.get_all_alert_details(query))
assert mock_alerts_service_with_no_alerts.get_details.call_count == 0
def test_alerts_client_get_all_alert_details_returns_empty_generator_when_no_alerts_found(
self, mock_alerts_service_with_no_alerts,
mock_alert_rules_service):
alert_client = AlertsClient(mock_alerts_service_with_no_alerts,
mock_alert_rules_service)
query = AlertQuery()
results = list(alert_client.get_all_alert_details(query))
assert results == []
def test_search_posts_to_expected_url(
self, mock_connection, user_context, successful_post
):
alert_service = AlertService(mock_connection, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(_filter)
alert_service.search(query)
assert mock_connection.post.call_args[0][0] == u"/svc/api/v1/query-alerts"
def test_search(connection):
filters = [
AlertState.eq(AlertState.OPEN),
Severity.is_in([Severity.HIGH, Severity.MEDIUM]),
]
alert_query = AlertQuery(*filters)
response = connection.alerts.search(alert_query)
assert_successful_response(response)
def test_alerts_client_get_all_alert_details_sorts_results_according_to_query_sort_key(
self,
mock_alerts_service_with_pages,
mock_alert_rules_service,
mock_details,
sort_key,
):
mock_alerts_service = mock_alerts_service_with_pages(ascending=True)
mock_alerts_service.get_details = mock_details
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
query = AlertQuery()
query.sort_direction = "asc"
query.sort_key = sort_key
results = list(alert_client.get_all_alert_details(query))
assert results == [
ALERT_A, ALERT_B, ALERT_C, ALERT_D, ALERT_E, ALERT_F
]
def test_alerts_client_get_all_alert_details_sorts_results_descending_when_specified(
self,
mock_alerts_service_with_pages,
mock_alert_rules_service,
mock_details,
sort_key,
):
mock_alerts_service = mock_alerts_service_with_pages(ascending=False)
mock_alerts_service.get_details = mock_details
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
query = AlertQuery()
query.sort_direction = "desc"
query.sort_key = sort_key
results = list(alert_client.get_all_alert_details(query))
assert results == [
ALERT_F, ALERT_E, ALERT_D, ALERT_C, ALERT_B, ALERT_A
]
def test_alert_query_dict_gives_expected_dict_representation(
event_filter_group):
alert_query = AlertQuery(event_filter_group)
alert_query_query_dict = dict(alert_query)
assert alert_query_query_dict["groupClause"] == "AND"
assert alert_query_query_dict["pgNum"] == 0
assert alert_query_query_dict["pgSize"] == 500
assert alert_query_query_dict["srtDirection"] == "desc"
assert alert_query_query_dict["srtKey"] == "CreatedAt"
assert type(alert_query_query_dict["groups"]) == list
def test_alerts_client_calls_search_all_pages_with_expected_value_and_param(
self,
mock_alerts_service,
mock_alert_rules_service,
):
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
query = AlertQuery()
alert_client.search_all_pages(query)
mock_alerts_service.search_all_pages.assert_called_once_with(query)
def test_alert_query_from_dict_gives_correct_json_representation():
group = {
"filterClause": "AND",
"filters": [{
"operator": "IS",
"term": "testterm",
"value": "testval"
}],
}
group_str = '{"filterClause":"AND", "filters":[{"operator":"IS", "term":"testterm", "value":"testval"}]}'
alert_query_dict = {"groupClause": "AND", "groups": [group]}
alert_query = AlertQuery.from_dict(alert_query_dict)
json_query_str = JSON_QUERY_BASE.format(_TENANT_ID, "AND", group_str, 0,
500, "desc", "CreatedAt")
assert str(alert_query) == json_query_str
def test_search_posts_expected_data(self, mock_session, user_context,
successful_post):
alert_client = AlertClient(mock_session, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(TENANT_ID_FROM_RESPONSE, _filter)
alert_client.search(query)
post_data = json.loads(mock_session.post.call_args[1]["data"])
assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE
and post_data["groupClause"] == "AND"
and post_data["srtKey"] == "CreatedAt"
and post_data["srtDirection"] == "desc"
and post_data["pgSize"] == 10000 and post_data["pgNum"] == 0
and post_data["groups"][0]["filterClause"] == "AND"
and post_data["groups"][0]["filters"][0]["operator"] == "IS"
and post_data["groups"][0]["filters"][0]["term"] == "state"
and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
def test_alerts_client_get_all_alert_details_calls_get_details_for_each_page(
self, mock_alerts_service_with_pages, mock_alert_rules_service):
mock_alerts_service = mock_alerts_service_with_pages(ascending=True)
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
query = AlertQuery()
list(alert_client.get_all_alert_details(query))
assert mock_alerts_service.get_details.call_args_list[0][0][0] == [
"A",
"B",
"C",
]
assert mock_alerts_service.get_details.call_args_list[1][0][0] == [
"D",
"E",
"F",
]
def test_search_posts_expected_data_overwrites_default_option_when_passed_page_num_and_page_size(
self, mock_connection, user_context):
alert_service = AlertService(mock_connection, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(_filter)
alert_service.search(query, 10, 20)
assert mock_connection.post.call_count == 1
assert mock_connection.post.call_args[0][
0] == "/svc/api/v1/query-alerts"
post_data = mock_connection.post.call_args[1]["json"]
assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE
and post_data["groupClause"] == "AND"
and post_data["srtKey"] == "CreatedAt"
and post_data["srtDirection"] == "desc"
and post_data["pgSize"] == 20 and post_data["pgNum"] == 9
and post_data["groups"][0]["filterClause"] == "AND"
and post_data["groups"][0]["filters"][0]["operator"] == "IS"
and post_data["groups"][0]["filters"][0]["term"] == "state"
and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
def test_search_all_pages_posts_expected_data(self, mock_connection,
user_context):
alert_service = AlertService(mock_connection, user_context)
_filter = AlertState.eq("OPEN")
query = AlertQuery(_filter)
for _ in alert_service.search_all_pages(query):
break
assert mock_connection.post.call_count == 1
assert mock_connection.post.call_args[0][
0] == "/svc/api/v1/query-alerts"
post_data = mock_connection.post.call_args[1]["json"]
assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE
and post_data["groupClause"] == "AND"
and post_data["srtKey"] == "CreatedAt"
and post_data["srtDirection"] == "desc"
and post_data["pgSize"] == 500 and post_data["pgNum"] == 0
and post_data["groups"][0]["filterClause"] == "AND"
and post_data["groups"][0]["filters"][0]["operator"] == "IS"
and post_data["groups"][0]["filters"][0]["term"] == "state"
and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
def test_alert_query_str_with_many_filters_gives_correct_json_representation(
event_filter_group_list, ):
alert_query = AlertQuery(_TENANT_ID, event_filter_group_list)
json_query_str = build_query_json("AND", event_filter_group_list)
assert str(alert_query) == json_query_str
def test_alert_query_unicode_with_single_filter_gives_correct_json_representation(
unicode_event_filter_group, ):
alert_query = AlertQuery(_TENANT_ID, unicode_event_filter_group)
json_query_str = build_query_json("AND", unicode_event_filter_group)
assert str(alert_query) == json_query_str
def test_alert_query_constructs_successfully(event_filter_group):
assert AlertQuery(event_filter_group)
def to_all_query(self):
query = AlertQuery.all(*self._filters)
query.page_size = 500
query.sort_direction = "asc"
return query
def test_alert_query_str_with_single_filter_gives_correct_json_representation(
event_filter_group, ):
alert_query = AlertQuery(event_filter_group)
json_query_str = build_query_json("AND", event_filter_group)
assert str(alert_query) == json_query_str
EMOJI = ":code42:"
# Slack send meaage:
def slackMessages(SlackHook, Channel, Username, EMOJI, SlackMessage):
payload = '{\"channel\": \"' + Channel + '\", \"username\": \"' + Username + '\", \"text\": \"' + SlackMessage + '\", \"icon_emoji\": \"' + EMOJI + '\"}'
headers = {
'Accept': 'application/json',
'Content-Type': 'application/json',
}
response = requests.post(SlackHook, headers=headers, data=payload)
# Query alerts:
filters = [AlertState.eq(AlertState.OPEN)]
query = AlertQuery(*filters)
sdk = py42.sdk.from_local_account('https://console.us.code42.com', '', '')
response = sdk.alerts.search(query)
alerts = response['alerts']
if alerts == []:
print('No new alerts')
sys.exit(0)
for alert in alerts:
alertID = alert['id']
print(alertID)
# Get full alert Details
alertDetails = sdk.alerts.get_aggregate_data(alertID)