def test_splunk_client_connect_failed(self, mocked_splunk_client_connect):
print("Test failed connect\n")
try:
splunk_client = splunk_utils.SplunkClient(
host=self.fake_host,
port=self.fake_port,
username=self.fake_username,
password=self.fake_password)
mocked_splunk_client_connect.side_effect = Exception("Failed")
assert False
except:
assert True
def test_splunk_client_search_job_failed(self, mocked_result_reader,
mocked_service_jobs, mocked_job,
mocked_service,
mocked_splunk_client_connect):
print("Test failure in creating search job\n")
try:
fake_query_string = "search index=_internal"
mocked_splunk_client_connect.return_value = mocked_service
splunk_client = splunk_utils.SplunkClient(
host=self.fake_host,
port=self.fake_port,
username=self.fake_username,
password=self.fake_password)
ret_events = [{
"host": "host1",
"clientip": "127.0.0.1"
}, {
"host": "host2",
"clientip": "0.0.0.0"
}]
with patch("splunklib.client.Service.jobs",
new_callable=mock.PropertyMock) as mocked_jobs_call:
mocked_jobs_call.create.return_value = mocked_job
mocked_job.set_ttl.side_effect = Exception("Failed!")
ret = splunk_client.start_search(query=fake_query_string,
job_ttl=100)
#
# If the search job can not be created, exception shall be thrown.
# The code should not get here.
#
assert False
except splunk_utils.SearchJobFailure as e:
print(
"Failure in creating search job throws SearchJobFailure exception"
)
assert True
except Exception as e:
assert False
def test_splunk_client_search_failed(self, mocked_result_reader,
mocked_service_jobs, mocked_job,
mocked_service,
mocked_splunk_client_connect):
print("Test failed search\n")
try:
fake_query_string = "search index=_internal"
mocked_splunk_client_connect.return_value = mocked_service
splunk_client = splunk_utils.SplunkClient(
host=self.fake_host,
port=self.fake_port,
username=self.fake_username,
password=self.fake_password)
splunk_client.set_timeout(123)
assert splunk_client.time_out == 123
splunk_client.set_max_return(314)
assert splunk_client.max_return == 314
# Set it to 1sec, so the test won't wait too long
splunk_client.set_polling_interval(1)
assert splunk_client.polling_interval == 1
ret_events = [{
"host": "host1",
"clientip": "127.0.0.1"
}, {
"host": "host2",
"clientip": "0.0.0.0"
}]
with patch("splunklib.client.Service.jobs",
new_callable=mock.PropertyMock) as mocked_jobs_call:
mocked_jobs_call.create.return_value = mocked_job
ret_dict = {
"dispatchState":
"FAILED", #Indicate that the search failed
"scanCount": 1,
"eventCount": 1,
"doneProgress": 1.1,
"resultCount": 1,
"isFailed": True,
"messages": "Splunk search failed."
}
# https://stackoverflow.com/questions/30340170/how-to-let-magicmock-behave-like-a-dict
mocked_job.__getitem__.side_effect = ret_dict.__getitem__
mocked_job.__iter__.side_effect = ret_dict.__iter__
mocked_result_reader.return_value = ret_events
ret = splunk_client.execute_query(query=fake_query_string)
#
# Assert that we get the return from ResultsReader
#
assert ret["events"] == ret_events
#
# Is this important? Asserting we call job.refresh first
#
mocked_job.refresh.assert_called_with()
except splunk_utils.SearchFailure as e:
print("Failed search throws SearchFailure as expected")
assert True
except Exception as e:
assert False
def test_splunk_client_search_timeout(self, mocked_result_reader,
mocked_service_jobs, mocked_job,
mocked_service,
mocked_splunk_client_connect):
import time
print("Test search time out.....\n")
start_time = 0
# Set timeout to 3 secs
time_out = 3
try:
fake_query_string = "search index=_internal"
mocked_splunk_client_connect.return_value = mocked_service
splunk_client = splunk_utils.SplunkClient(
host=self.fake_host,
port=self.fake_port,
username=self.fake_username,
password=self.fake_password)
# Small timeout value to force it to timeout
splunk_client.set_timeout(time_out)
assert splunk_client.time_out == time_out
# Set it to 1sec, so the test won't wait too long
splunk_client.set_polling_interval(1)
assert splunk_client.polling_interval == 1
ret_events = [{
"host": "host1",
"clientip": "127.0.0.1"
}, {
"host": "host2",
"clientip": "0.0.0.0"
}]
with patch("splunklib.client.Service.jobs",
new_callable=mock.PropertyMock) as mocked_jobs_call:
mocked_jobs_call.create.return_value = mocked_job
ret_dict = {
"dispatchState": "PENDING",
"scanCount": 1,
"eventCount": 1,
"doneProgress": 1.1,
"resultCount": 1,
"isFailed": False
}
# https://stackoverflow.com/questions/30340170/how-to-let-magicmock-behave-like-a-dict
mocked_job.__getitem__.side_effect = ret_dict.__getitem__
mocked_job.__iter__.side_effect = ret_dict.__iter__
#
# The job is not already always, this will force it to timeout
# We set time out to be 3 sec above and we poll every second
# so we will call job.is_ready() 3 times. Put 5 here for sure.
mocked_job.is_ready.return_value = False
mocked_job.is_ready.return_value = False
mocked_job.is_ready.return_value = False
mocked_job.is_ready.return_value = False
mocked_job.is_ready.return_value = False
mocked_job.cancel.return_value = mocked_job
mocked_result_reader.return_value = ret_events
start_time = time.time()
ret = splunk_client.execute_query(query=fake_query_string)
#
# Assert that we get the return from ResultsReader
#
assert ret["events"] == ret_events
#
# Is this important? Asserting we call job.refresh first
#
mocked_job.refresh.assert_called_with()
#
# This one is important. Assert that we cancel the
# search job when it times out
#
mocked_job.cancel.assert_called_with()
except splunk_utils.SearchTimeout:
time_used = time.time() - start_time
print(
"Search times out after {} secs with time out set to {} secs".
format(time_used, time_out))
assert True
except Exception as e:
assert False
