def test_alert_rules_service_calls_get_rules_page_with_expected_params(
self, mock_alerts_service, mock_alert_rules_service):
alert_rules_client = AlertRulesClient(mock_alerts_service,
mock_alert_rules_service)
alert_rules_client.get_page("key", "dir", 70, 700)
mock_alerts_service.get_rules_page.assert_called_once_with(
sort_key="key", sort_direction="dir", page_num=70, page_size=700)
def test_remove_user_calls_alert_rules_service_remove_user_with_expected_value(
self, mock_alerts_service, mock_alert_rules_service):
alert_rules_client = AlertRulesClient(mock_alerts_service,
mock_alert_rules_service)
alert_rules_client.remove_user(TEST_RULE_ID, TEST_USER_ID)
mock_alert_rules_service.remove_user.assert_called_once_with(
TEST_RULE_ID, TEST_USER_ID)
def test_alert_rules_service_calls_get_rules_by_observer_id_with_expected_value(
self, mock_alerts_service, mock_alert_rules_service):
rule_id = "test-rule-id"
alert_rules_client = AlertRulesClient(mock_alerts_service,
mock_alert_rules_service)
alert_rules_client.get_by_observer_id(rule_id)
mock_alerts_service.get_rule_by_observer_id.assert_called_once_with(
rule_id)
def test_alert_rules_service_calls_get_all_by_name_with_expected_value(
self, mock_alerts_service, mock_alert_rules_service):
rule_name = "test rule"
alert_rules_client = AlertRulesClient(mock_alerts_service,
mock_alert_rules_service)
alert_rules_client.get_all_by_name(rule_name)
mock_alerts_service.get_all_rules_by_name.assert_called_once_with(
rule_name)
def test_alert_rules_service_calls_get_all_with_expected_value(
self, mock_alerts_service, mock_alert_rules_service
):
alert_rules_client = AlertRulesClient(
mock_alerts_service, mock_alert_rules_service
)
alert_rules_client.get_all()
assert mock_alerts_service.get_all_rules.call_count == 1
def _init_clients(services, connection):
# clients are imported within function to prevent circular imports when a client
# imports anything from py42.sdk.queries
from py42.clients import Clients
from py42.clients._archiveaccess.accessorfactory import ArchiveAccessorFactory
from py42.clients.alertrules import AlertRulesClient
from py42.clients.alerts import AlertsClient
from py42.clients.archive import ArchiveClient
from py42.clients.auditlogs import AuditLogsClient
from py42.clients.authority import AuthorityClient
from py42.clients.cases import CasesClient
from py42.clients.detectionlists import DetectionListsClient
from py42.clients.loginconfig import LoginConfigurationClient
from py42.clients.securitydata import SecurityDataClient
from py42.clients.trustedactivities import TrustedActivitiesClient
from py42.services.storage._service_factory import ConnectionManager
from py42.services.storage._service_factory import StorageServiceFactory
authority = AuthorityClient(
administration=services.administration,
archive=services.archive,
devices=services.devices,
legalhold=services.legalhold,
orgs=services.orgs,
users=services.users,
)
detectionlists = DetectionListsClient(services.userprofile,
services.departingemployee,
services.highriskemployee)
storage_service_factory = StorageServiceFactory(connection,
services.devices,
ConnectionManager())
alertrules = AlertRulesClient(services.alerts, services.alertrules)
securitydata = SecurityDataClient(
services.fileevents,
services.preservationdata,
services.savedsearch,
storage_service_factory,
)
alerts = AlertsClient(services.alerts, alertrules)
archive_accessor_factory = ArchiveAccessorFactory(services.archive,
storage_service_factory)
archive = ArchiveClient(archive_accessor_factory, services.archive)
auditlogs = AuditLogsClient(services.auditlogs)
loginconfig = LoginConfigurationClient(connection)
trustedactivities = TrustedActivitiesClient(services.trustedactivities)
clients = Clients(
authority=authority,
detectionlists=detectionlists,
alerts=alerts,
securitydata=securitydata,
archive=archive,
auditlogs=auditlogs,
cases=CasesClient(services.cases, services.casesfileevents),
loginconfig=loginconfig,
trustedactivities=trustedactivities,
)
return clients
def test_remove_user_raises_invalid_rule_type_error_when_adding_to_system_rule(
self,
mock_alerts_service_system_rule,
mock_alert_rules_service,
internal_server_error,
):
def add(*args, **kwargs):
raise internal_server_error
mock_alert_rules_service.remove_user.side_effect = add
alert_rules_module = AlertRulesClient(mock_alerts_service_system_rule,
mock_alert_rules_service)
with pytest.raises(Py42InvalidRuleOperationError) as err:
alert_rules_module.remove_user(TEST_RULE_ID, TEST_USER_ID)
actual = str(err.value)
assert (
"Only alert rules with a source of 'Alerting' can be targeted by this command."
in actual)
assert "Rule rule-id has a source of 'NOTVALID'." in actual
def _init_clients(services, connection):
authority = AuthorityClient(
administration=services.administration,
archive=services.archive,
devices=services.devices,
legalhold=services.legalhold,
orgs=services.orgs,
securitydata=services.securitydata,
users=services.users,
)
detectionlists = DetectionListsClient(services.userprofile,
services.departingemployee,
services.highriskemployee)
storage_service_factory = StorageServiceFactory(connection,
services.devices,
ConnectionManager())
alertrules = AlertRulesClient(services.alerts, services.alertrules)
securitydata = SecurityDataClient(
services.securitydata,
services.fileevents,
services.preservationdata,
services.savedsearch,
storage_service_factory,
)
alerts = AlertsClient(services.alerts, alertrules)
archive_accessor_mgr = ArchiveAccessorManager(services.archive,
storage_service_factory)
archive = ArchiveClient(archive_accessor_mgr, services.archive)
auditlogs = AuditLogsClient(services.auditlogs)
clients = Clients(
authority=authority,
detectionlists=detectionlists,
alerts=alerts,
securitydata=securitydata,
archive=archive,
auditlogs=auditlogs,
)
return clients