def test_create_if_not_exists_posts_expected_data_when_user_does_not_exist( self, mock_get_by_id_fails, user_context, mock_user_client ): # In this test case we can't verify create successful, hence we verified failure in create # because same mock_connection instance # 'mock_get_by_id_fails' will be called for get & create and its going to return failure. # We verified create is being called and two times post method is called, also we # verified user_client.get_by_uid is successfully called. detection_list_user_client = DetectionListUserService( mock_get_by_id_fails, user_context, mock_user_client ) with pytest.raises(Py42BadRequestError): detection_list_user_client.create_if_not_exists("942897397520289999") posted_data = mock_get_by_id_fails.post.call_args[1]["json"] assert mock_get_by_id_fails.post.call_args[0][0] == "/svc/api/v2/user/create" assert ( posted_data["tenantId"] == user_context.get_current_tenant_id() and posted_data["userName"] == "username" ) assert mock_get_by_id_fails.post.call_count == 2 assert mock_user_client._connection.get.call_count == 1 assert ( mock_user_client._connection.get.call_args[0][0] == "/api/User/942897397520289999" )
def test_get_by_id_posts_expected_data(self, mock_connection, user_context, mock_user_client): detection_list_user_client = DetectionListUserService( mock_connection, user_context, mock_user_client) detection_list_user_client.get_by_id("942897397520289999") posted_data = mock_connection.post.call_args[1]["json"] assert mock_connection.post.call_count == 1 assert mock_connection.post.call_args[0][0] == "v2/user/getbyid" assert (posted_data["tenantId"] == user_context.get_current_tenant_id() and posted_data["userId"] == "942897397520289999")
def test_add_risk_tag_posts_expected_data(self, mock_connection, user_context, mock_user_client, tags): detection_list_user_client = DetectionListUserService( mock_connection, user_context, mock_user_client) detection_list_user_client.add_risk_tags("942897397520289999", tags) posted_data = mock_connection.post.call_args[1]["json"] assert mock_connection.post.call_count == 1 assert mock_connection.post.call_args[0][0] == "v2/user/addriskfactors" assert (posted_data["tenantId"] == user_context.get_current_tenant_id() and posted_data["userId"] == "942897397520289999" and posted_data["riskFactors"] == ["test_tag"])
def test_add_cloud_alias_limit_raises_custom_error_on_limit( self, mock_connection, user_context, mock_user_client_error_on_adding_cloud_aliases, ): detection_list_user_client = DetectionListUserService( mock_connection, user_context, mock_user_client_error_on_adding_cloud_aliases, ) with pytest.raises(Py42CloudAliasLimitExceededError) as err: detection_list_user_client.add_cloud_alias("942897397520289999", "Test") assert "Cloud alias limit exceeded." in str(err.value)
def test_remove_cloud_alias_posts_expected_data(self, mock_connection, user_context, mock_user_client): detection_list_user_client = DetectionListUserService( mock_connection, user_context, mock_user_client) detection_list_user_client.remove_cloud_alias("942897397520289999", u"Test") posted_data = mock_connection.post.call_args[1]["json"] assert mock_connection.post.call_count == 1 assert mock_connection.post.call_args[0][ 0] == "v2/user/removecloudusernames" assert (posted_data["tenantId"] == user_context.get_current_tenant_id() and posted_data["userId"] == "942897397520289999" and posted_data["cloudUsernames"] == ["Test"])
def test_update_notes_posts_expected_data( self, mock_connection, user_context, mock_user_client ): detection_list_user_client = DetectionListUserService( mock_connection, user_context, mock_user_client ) detection_list_user_client.update_notes("942897397520289999", "Test") posted_data = mock_connection.post.call_args[1]["json"] assert mock_connection.post.call_count == 1 assert mock_connection.post.call_args[0][0] == "/svc/api/v2/user/updatenotes" assert ( posted_data["tenantId"] == user_context.get_current_tenant_id() and posted_data["userId"] == "942897397520289999" and posted_data["notes"] == "Test" )
def _init_services(main_connection, main_auth): alert_rules_key = u"FedObserver-API_URL" alerts_key = u"AlertService-API_URL" file_events_key = u"FORENSIC_SEARCH-API_URL" preservation_data_key = u"PRESERVATION-DATA-SERVICE_API-URL" employee_case_mgmt_key = u"employeecasemanagement-API_URL" kv_prefix = u"simple-key-value-store" audit_logs_key = u"AUDIT-LOG_API-URL" kv_connection = Connection.from_microservice_prefix( main_connection, kv_prefix) kv_service = KeyValueStoreService(kv_connection) alert_rules_conn = Connection.from_microservice_key(kv_service, alert_rules_key, auth=main_auth) alerts_conn = Connection.from_microservice_key(kv_service, alerts_key, auth=main_auth) file_events_conn = Connection.from_microservice_key(kv_service, file_events_key, auth=main_auth) pds_conn = Connection.from_microservice_key(kv_service, preservation_data_key, auth=main_auth) ecm_conn = Connection.from_microservice_key(kv_service, employee_case_mgmt_key, auth=main_auth) audit_logs_conn = Connection.from_microservice_key(kv_service, audit_logs_key, auth=main_auth) user_svc = UserService(main_connection) administration_svc = AdministrationService(main_connection) file_event_svc = FileEventService(file_events_conn) user_ctx = UserContext(administration_svc) user_profile_svc = DetectionListUserService(ecm_conn, user_ctx, user_svc) services = Services( administration=administration_svc, archive=ArchiveService(main_connection), devices=DeviceService(main_connection), legalhold=LegalHoldService(main_connection), orgs=OrgService(main_connection), securitydata=SecurityDataService(main_connection), users=UserService(main_connection), alertrules=AlertRulesService(alert_rules_conn, user_ctx, user_profile_svc), alerts=AlertService(alerts_conn, user_ctx), fileevents=file_event_svc, savedsearch=SavedSearchService(file_events_conn, file_event_svc), preservationdata=PreservationDataService(pds_conn), departingemployee=DepartingEmployeeService(ecm_conn, user_ctx, user_profile_svc), highriskemployee=HighRiskEmployeeService(ecm_conn, user_ctx, user_profile_svc), userprofile=user_profile_svc, auditlogs=AuditLogsService(audit_logs_conn), ) return services, user_ctx
def mock_detection_list_user_client( self, mock_connection, user_context, py42_response, mock_user_client ): user_client = DetectionListUserService( mock_connection, user_context, mock_user_client ) mock_connection.post.return_value = py42_response return user_client
def mock_detection_list_user_client( self, mock_connection, user_context, mocker, mock_user_client ): user_client = DetectionListUserService( mock_connection, user_context, mock_user_client ) mock_connection.post.return_value = create_mock_response(mocker, "{}") return user_client
def test_create_posts_expected_data( self, mock_connection, user_context, mock_user_client ): detection_list_user_client = DetectionListUserService( mock_connection, user_context, mock_user_client ) detection_list_user_client.create("942897397520289999") posted_data = mock_connection.post.call_args[1]["json"] assert mock_connection.post.call_count == 1 assert mock_connection.post.call_args[0][0] == "v2/user/create" assert ( posted_data["tenantId"] == user_context.get_current_tenant_id() and posted_data["userName"] == "942897397520289999" and posted_data["riskFactors"] == [] and posted_data["cloudUsernames"] == [] and posted_data["notes"] == "" )
def test_create_if_not_exists_posts_expected_data_when_user_exists( self, mock_connection, user_context, mock_user_client ): detection_list_user_client = DetectionListUserService( mock_connection, user_context, mock_user_client ) assert ( detection_list_user_client.create_if_not_exists("942897397520289999") is True ) posted_data = mock_connection.post.call_args[1]["json"] assert mock_connection.post.call_args[0][0] == "/svc/api/v2/user/getbyid" assert ( posted_data["tenantId"] == user_context.get_current_tenant_id() and posted_data["userId"] == "942897397520289999" ) assert mock_connection.post.call_count == 1
def _init_services(main_connection, main_auth): # services are imported within function to prevent circular imports when a service # imports anything from py42.sdk.queries from py42.services import Services from py42.services._keyvaluestore import KeyValueStoreService from py42.services.administration import AdministrationService from py42.services.alertrules import AlertRulesService from py42.services.alerts import AlertService from py42.services.archive import ArchiveService from py42.services.auditlogs import AuditLogsService from py42.services.cases import CasesService from py42.services.casesfileevents import CasesFileEventsService from py42.services.detectionlists.departing_employee import DepartingEmployeeService from py42.services.detectionlists.high_risk_employee import HighRiskEmployeeService from py42.services.detectionlists.user_profile import DetectionListUserService from py42.services.devices import DeviceService from py42.services.fileevent import FileEventService from py42.services.legalhold import LegalHoldService from py42.services.orgs import OrgService from py42.services.preservationdata import PreservationDataService from py42.services.savedsearch import SavedSearchService from py42.services.trustedactivities import TrustedActivitiesService from py42.services.users import UserService alert_rules_key = "FedObserver-API_URL" alerts_key = "AlertService-API_URL" file_events_key = "FORENSIC_SEARCH-API_URL" preservation_data_key = "PRESERVATION-DATA-SERVICE_API-URL" employee_case_mgmt_key = "employeecasemanagementV2-API_URL" kv_prefix = "simple-key-value-store" audit_logs_key = "AUDIT-LOG_API-URL" cases_key = "CASES_API-URL" trusted_activities_key = "TRUSTED-DOMAINS_API-URL" kv_connection = Connection.from_microservice_prefix( main_connection, kv_prefix) kv_service = KeyValueStoreService(kv_connection) alert_rules_conn = Connection.from_microservice_key(kv_service, alert_rules_key, auth=main_auth) alerts_conn = Connection.from_microservice_key(kv_service, alerts_key, auth=main_auth) file_events_conn = Connection.from_microservice_key(kv_service, file_events_key, auth=main_auth) pds_conn = Connection.from_microservice_key(kv_service, preservation_data_key, auth=main_auth) ecm_conn = Connection.from_microservice_key(kv_service, employee_case_mgmt_key, auth=main_auth) audit_logs_conn = Connection.from_microservice_key(kv_service, audit_logs_key, auth=main_auth) user_svc = UserService(main_connection) administration_svc = AdministrationService(main_connection) file_event_svc = FileEventService(file_events_conn) user_ctx = UserContext(administration_svc) user_profile_svc = DetectionListUserService(ecm_conn, user_ctx, user_svc) cases_conn = Connection.from_microservice_key(kv_service, cases_key, auth=main_auth) trusted_activities_conn = Connection.from_microservice_key( kv_service, trusted_activities_key, auth=main_auth) services = Services( administration=administration_svc, archive=ArchiveService(main_connection), devices=DeviceService(main_connection), legalhold=LegalHoldService(main_connection), orgs=OrgService(main_connection), users=UserService(main_connection), alertrules=AlertRulesService(alert_rules_conn, user_ctx, user_profile_svc), alerts=AlertService(alerts_conn, user_ctx), fileevents=file_event_svc, savedsearch=SavedSearchService(file_events_conn, file_event_svc), preservationdata=PreservationDataService(pds_conn), departingemployee=DepartingEmployeeService(ecm_conn, user_ctx, user_profile_svc), highriskemployee=HighRiskEmployeeService(ecm_conn, user_ctx, user_profile_svc), userprofile=user_profile_svc, auditlogs=AuditLogsService(audit_logs_conn), cases=CasesService(cases_conn), casesfileevents=CasesFileEventsService(cases_conn), trustedactivities=TrustedActivitiesService(trusted_activities_conn), ) return services, user_ctx