def test_search_audit_logs_with_all_filter_parameters(runner, cli_state, date_str):
end_time = datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S")
expected_begin_timestamp = convert_datetime_to_timestamp(
MagicDate(rounding_func=round_datetime_to_day_start).convert(
date_str, None, None
)
)
expected_end_timestamp = convert_datetime_to_timestamp(
MagicDate(rounding_func=round_datetime_to_day_end).convert(end_time, None, None)
)
runner.invoke(
cli,
[
"audit-logs",
"search",
"--actor-username",
"*****@*****.**",
"--actor-username",
"*****@*****.**",
"--event-type",
"saved-search",
"--actor-ip",
"0.0.0.0",
"--affected-username",
"*****@*****.**",
"--affected-user-id",
"123",
"--affected-user-id",
"456",
"--actor-user-id",
"userid",
"-b",
date_str,
"--end",
end_time,
],
obj=cli_state,
)
assert cli_state.sdk.auditlogs.get_all.call_count == 1
cli_state.sdk.auditlogs.get_all.assert_called_once_with(
usernames=("*****@*****.**", "*****@*****.**"),
affected_user_ids=("123", "456"),
affected_usernames=("*****@*****.**",),
begin_time=expected_begin_timestamp,
end_time=expected_end_timestamp,
event_types=("saved-search",),
user_ids=("userid",),
user_ip_addresses=("0.0.0.0",),
)
def test_search_and_send_to_handles_filter_parameters(runner, cli_state,
date_str, command):
expected_begin_timestamp = convert_datetime_to_timestamp(
MagicDate(rounding_func=round_datetime_to_day_start).convert(
date_str, None, None))
runner.invoke(
cli,
[
*command,
"--actor-username",
"*****@*****.**",
"--actor-username",
"*****@*****.**",
"--begin",
date_str,
],
obj=cli_state,
)
cli_state.sdk.auditlogs.get_all.assert_called_once_with(
usernames=("*****@*****.**", "*****@*****.**"),
affected_user_ids=(),
affected_usernames=(),
begin_time=expected_begin_timestamp,
end_time=None,
event_types=(),
user_ids=(),
user_ip_addresses=(),
)
def test_search_audit_logs_with_filter_parameters(runner, cli_state, date_str):
expected_begin_timestamp = convert_datetime_to_timestamp(
MagicDate(rounding_func=round_datetime_to_day_start).convert(
date_str, None, None
)
)
runner.invoke(
cli,
[
"audit-logs",
"search",
"--actor-username",
"*****@*****.**",
"--actor-username",
"*****@*****.**",
"--begin",
date_str,
],
obj=cli_state,
)
assert cli_state.sdk.auditlogs.get_all.call_count == 1
cli_state.sdk.auditlogs.get_all.assert_called_once_with(
usernames=("*****@*****.**", "*****@*****.**"),
affected_user_ids=(),
affected_usernames=(),
begin_time=expected_begin_timestamp,
end_time=None,
event_types=(),
user_ids=(),
user_ip_addresses=(),
)
def set_end_default_dict(term):
return dict(
type=MagicDate(rounding_func=round_datetime_to_day_end),
help=f"The end of the date range in which to look for {term}, argument format options are "
"the same as `--begin`.",
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
def set_begin_default_dict(term):
return dict(
type=MagicDate(rounding_func=round_datetime_to_day_start),
help=
f"The beginning of the date range in which to look for {term}. {MagicDate.HELP_TEXT}",
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
def begin_option(term, **kwargs):
defaults = dict(
type=MagicDate(rounding_func=round_datetime_to_day_start),
help=f"The beginning of the date range in which to look for {term}. {MagicDate.HELP_TEXT}",
cls=BeginOption,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
defaults.update(kwargs)
return click.option("-b", "--begin", **defaults)
def test_search_events_is_called_with_expected_begin_timestamp(
runner, cli_state):
expected_timestamp = convert_datetime_to_timestamp(
datetime.datetime.strptime("2017-01-01", "%Y-%m-%d"))
command = ["legal-hold", "search-events", "--begin", "2017-01-01T00:00:00"]
runner.invoke(cli, command, obj=cli_state)
cli_state.sdk.legalhold.get_all_events.assert_called_once_with(
None, expected_timestamp, None)
def end_option(term, **kwargs):
defaults = dict(
type=MagicDate(rounding_func=round_datetime_to_day_end),
cls=AdvancedQueryAndSavedSearchIncompatible,
help=f"The end of the date range in which to look for {term}, argument format options are "
"the same as `--begin`.",
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
defaults.update(kwargs)
return click.option("-e", "--end", **defaults)
if arg is None:
return
query = ctx.obj.sdk.securitydata.savedsearches.get_query(arg)
return query
saved_search_option = click.option(
"--saved-search",
help="Get events from a saved search filter with the given ID.",
callback=_get_saved_search_query,
cls=incompatible_with("advanced_query"),
)
begin_option = opt.begin_option(
SECURITY_DATA_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(
limit_date_range(arg, max_days_back=90)),
)
end_option = opt.end_option(SECURITY_DATA_KEYWORD)
checkpoint_option = opt.checkpoint_option(
SECURITY_DATA_KEYWORD,
cls=searchopt.AdvancedQueryAndSavedSearchIncompatible)
advanced_query_option = searchopt.advanced_query_option(SECURITY_DATA_KEYWORD)
def search_options(f):
f = checkpoint_option(f)
f = advanced_query_option(f)
f = end_option(f)
f = begin_option(f)
return f
def _get_audit_logs_default_header():
return {
"timestamp": "Timestamp",
"type$": "Type",
"actorName": "ActorName",
"actorIpAddress": "ActorIpAddress",
"userName": "******",
"userId": "AffectedUserUID",
}
begin_option = opt.begin_option(
AUDIT_LOGS_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
end_option = opt.end_option(
AUDIT_LOGS_KEYWORD,
callback=lambda ctx, param, arg: convert_datetime_to_timestamp(arg),
)
filter_option_usernames = click.option(
"--actor-username",
required=False,
help="Filter results by actor usernames.",
multiple=True,
)
filter_option_user_ids = click.option(
"--actor-user-id",
required=False,
help="Filter results by actor user IDs.",
