def test_alert_query_str_with_single_filter_and_specified_gives_correct_json_representation( event_filter_group, ): alert_query = AlertQuery(_TENANT_ID, event_filter_group, group_clause="AND") json_query_str = build_query_json("AND", event_filter_group) assert str(alert_query) == json_query_str
def test_alert_query_str_with_many_filters_or_specified_gives_correct_json_representation( event_filter_group_list, ): alert_query = AlertQuery(_TENANT_ID, event_filter_group_list, group_clause="OR") json_query_str = build_query_json("OR", event_filter_group_list) assert str(alert_query) == json_query_str
def test_alert_query_repr_does_not_throw_type_error(): # On python 2, `repr` doesn't throw. # On python 3, if `repr` doesn't return type `str`, then an exception is thrown. try: _ = repr(AlertQuery(_TENANT_ID)) except TypeError: assert False
def test_search_posts_to_expected_url(self, mock_session, user_context, successful_post): alert_client = AlertClient(mock_session, user_context) _filter = AlertState.eq("OPEN") query = AlertQuery(TENANT_ID_FROM_RESPONSE, _filter) alert_client.search(query) assert mock_session.post.call_args[0][0] == u"/svc/api/v1/query-alerts"
def test_search_posts_to_expected_url( self, mock_connection, user_context, successful_post ): alert_service = AlertService(mock_connection, user_context) _filter = AlertState.eq("OPEN") query = AlertQuery(_filter) alert_service.search(query) assert mock_connection.post.call_args[0][0] == u"/svc/api/v1/query-alerts"
def test_search(connection): filters = [ AlertState.eq(AlertState.OPEN), Severity.is_in([Severity.HIGH, Severity.MEDIUM]), ] alert_query = AlertQuery(*filters) response = connection.alerts.search(alert_query) assert_successful_response(response)
def test_alert_query_str_with_sort_direction_gives_correct_json_representation( event_filter_group, ): alert_query = AlertQuery(_TENANT_ID, event_filter_group) alert_query.sort_direction = "asc" json_query_str = JSON_QUERY_BASE.format(_TENANT_ID, "AND", event_filter_group, 0, 10000, "asc", "CreatedAt") assert str(alert_query) == json_query_str
def test_alert_query_str_with_sort_key_gives_correct_json_representation( event_filter_group): alert_query = AlertQuery(_TENANT_ID, event_filter_group) alert_query.sort_key = "some_field_to_sort_by" json_query_str = JSON_QUERY_BASE.format(_TENANT_ID, "AND", event_filter_group, 0, 10000, "desc", "some_field_to_sort_by") assert str(alert_query) == json_query_str
def test_alerts_client_get_all_alert_details_does_not_call_get_details_when_no_alerts_found( self, mock_alerts_service_with_no_alerts, mock_alert_rules_service): alert_client = AlertsClient(mock_alerts_service_with_no_alerts, mock_alert_rules_service) query = AlertQuery() list(alert_client.get_all_alert_details(query)) assert mock_alerts_service_with_no_alerts.get_details.call_count == 0
def test_alerts_client_get_all_alert_details_returns_empty_generator_when_no_alerts_found( self, mock_alerts_service_with_no_alerts, mock_alert_rules_service): alert_client = AlertsClient(mock_alerts_service_with_no_alerts, mock_alert_rules_service) query = AlertQuery() results = list(alert_client.get_all_alert_details(query)) assert results == []
def test_alert_query_str_with_page_num_gives_correct_json_representation( event_filter_group): alert_query = AlertQuery(_TENANT_ID, event_filter_group) alert_query.page_number = 5 json_query_str = JSON_QUERY_BASE.format(_TENANT_ID, "AND", event_filter_group, 5, 10000, "desc", "CreatedAt") assert str(alert_query) == json_query_str
def test_alert_query_dict_gives_expected_dict_representation( event_filter_group): alert_query = AlertQuery(event_filter_group) alert_query_query_dict = dict(alert_query) assert alert_query_query_dict["groupClause"] == "AND" assert alert_query_query_dict["pgNum"] == 0 assert alert_query_query_dict["pgSize"] == 500 assert alert_query_query_dict["srtDirection"] == "desc" assert alert_query_query_dict["srtKey"] == "CreatedAt" assert type(alert_query_query_dict["groups"]) == list
def test_alerts_client_calls_search_all_pages_with_expected_value_and_param( self, mock_alerts_service, mock_alert_rules_service, ): alert_client = AlertsClient(mock_alerts_service, mock_alert_rules_service) query = AlertQuery() alert_client.search_all_pages(query) mock_alerts_service.search_all_pages.assert_called_once_with(query)
def _construct_query(state, begin, end, advanced_query, or_query): if advanced_query: state.search_filters = advanced_query else: if begin or end: state.search_filters.append( create_time_range_filter(f.DateObserved, begin, end)) if or_query: state.search_filters = convert_to_or_query(state.search_filters) query = AlertQuery(*state.search_filters) query.page_size = ALERT_PAGE_SIZE query.sort_direction = "asc" query.sort_key = "CreatedAt" return query
def test_search_posts_expected_data(self, mock_session, user_context, successful_post): alert_client = AlertClient(mock_session, user_context) _filter = AlertState.eq("OPEN") query = AlertQuery(TENANT_ID_FROM_RESPONSE, _filter) alert_client.search(query) post_data = json.loads(mock_session.post.call_args[1]["data"]) assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE and post_data["groupClause"] == "AND" and post_data["srtKey"] == "CreatedAt" and post_data["srtDirection"] == "desc" and post_data["pgSize"] == 10000 and post_data["pgNum"] == 0 and post_data["groups"][0]["filterClause"] == "AND" and post_data["groups"][0]["filters"][0]["operator"] == "IS" and post_data["groups"][0]["filters"][0]["term"] == "state" and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
def test_alerts_client_get_all_alert_details_calls_get_details_for_each_page( self, mock_alerts_service_with_pages, mock_alert_rules_service): mock_alerts_service = mock_alerts_service_with_pages(ascending=True) alert_client = AlertsClient(mock_alerts_service, mock_alert_rules_service) query = AlertQuery() list(alert_client.get_all_alert_details(query)) assert mock_alerts_service.get_details.call_args_list[0][0][0] == [ "A", "B", "C", ] assert mock_alerts_service.get_details.call_args_list[1][0][0] == [ "D", "E", "F", ]
def test_alerts_client_get_all_alert_details_sorts_results_descending_when_specified( self, mock_alerts_service_with_pages, mock_alert_rules_service, mock_details, sort_key, ): mock_alerts_service = mock_alerts_service_with_pages(ascending=False) mock_alerts_service.get_details = mock_details alert_client = AlertsClient(mock_alerts_service, mock_alert_rules_service) query = AlertQuery() query.sort_direction = "desc" query.sort_key = sort_key results = list(alert_client.get_all_alert_details(query)) assert results == [ ALERT_F, ALERT_E, ALERT_D, ALERT_C, ALERT_B, ALERT_A ]
def test_alerts_client_get_all_alert_details_sorts_results_according_to_query_sort_key( self, mock_alerts_service_with_pages, mock_alert_rules_service, mock_details, sort_key, ): mock_alerts_service = mock_alerts_service_with_pages(ascending=True) mock_alerts_service.get_details = mock_details alert_client = AlertsClient(mock_alerts_service, mock_alert_rules_service) query = AlertQuery() query.sort_direction = "asc" query.sort_key = sort_key results = list(alert_client.get_all_alert_details(query)) assert results == [ ALERT_A, ALERT_B, ALERT_C, ALERT_D, ALERT_E, ALERT_F ]
def test_search_posts_expected_data_overwrites_default_option_when_passed_page_num_and_page_size( self, mock_connection, user_context): alert_service = AlertService(mock_connection, user_context) _filter = AlertState.eq("OPEN") query = AlertQuery(_filter) alert_service.search(query, 10, 20) assert mock_connection.post.call_count == 1 assert mock_connection.post.call_args[0][ 0] == "/svc/api/v1/query-alerts" post_data = mock_connection.post.call_args[1]["json"] assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE and post_data["groupClause"] == "AND" and post_data["srtKey"] == "CreatedAt" and post_data["srtDirection"] == "desc" and post_data["pgSize"] == 20 and post_data["pgNum"] == 9 and post_data["groups"][0]["filterClause"] == "AND" and post_data["groups"][0]["filters"][0]["operator"] == "IS" and post_data["groups"][0]["filters"][0]["term"] == "state" and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
def test_search_all_pages_posts_expected_data(self, mock_connection, user_context): alert_service = AlertService(mock_connection, user_context) _filter = AlertState.eq("OPEN") query = AlertQuery(_filter) for _ in alert_service.search_all_pages(query): break assert mock_connection.post.call_count == 1 assert mock_connection.post.call_args[0][ 0] == "/svc/api/v1/query-alerts" post_data = mock_connection.post.call_args[1]["json"] assert (post_data["tenantId"] == TENANT_ID_FROM_RESPONSE and post_data["groupClause"] == "AND" and post_data["srtKey"] == "CreatedAt" and post_data["srtDirection"] == "desc" and post_data["pgSize"] == 500 and post_data["pgNum"] == 0 and post_data["groups"][0]["filterClause"] == "AND" and post_data["groups"][0]["filters"][0]["operator"] == "IS" and post_data["groups"][0]["filters"][0]["term"] == "state" and post_data["groups"][0]["filters"][0]["value"] == "OPEN")
def test_alert_query_str_with_single_filter_gives_correct_json_representation( event_filter_group, ): alert_query = AlertQuery(event_filter_group) json_query_str = build_query_json("AND", event_filter_group) assert str(alert_query) == json_query_str
EMOJI = ":code42:" # Slack send meaage: def slackMessages(SlackHook, Channel, Username, EMOJI, SlackMessage): payload = '{\"channel\": \"' + Channel + '\", \"username\": \"' + Username + '\", \"text\": \"' + SlackMessage + '\", \"icon_emoji\": \"' + EMOJI + '\"}' headers = { 'Accept': 'application/json', 'Content-Type': 'application/json', } response = requests.post(SlackHook, headers=headers, data=payload) # Query alerts: filters = [AlertState.eq(AlertState.OPEN)] query = AlertQuery(*filters) sdk = py42.sdk.from_local_account('https://console.us.code42.com', '', '') response = sdk.alerts.search(query) alerts = response['alerts'] if alerts == []: print('No new alerts') sys.exit(0) for alert in alerts: alertID = alert['id'] print(alertID) # Get full alert Details alertDetails = sdk.alerts.get_aggregate_data(alertID)
def test_alert_query_str_with_many_filters_gives_correct_json_representation( event_filter_group_list, ): alert_query = AlertQuery(_TENANT_ID, event_filter_group_list) json_query_str = build_query_json("AND", event_filter_group_list) assert str(alert_query) == json_query_str
def test_alert_query_unicode_with_single_filter_gives_correct_json_representation( unicode_event_filter_group, ): alert_query = AlertQuery(_TENANT_ID, unicode_event_filter_group) json_query_str = build_query_json("AND", unicode_event_filter_group) assert str(alert_query) == json_query_str
def test_alert_query_constructs_successfully(event_filter_group): assert AlertQuery(event_filter_group)