def test_create_query_filter_returns_obj_with_correct_json_representation():
query_filter = create_query_filter(
EVENT_FILTER_FIELD_NAME, OPERATOR_STRING, VALUE_STRING
)
assert (
str(query_filter)
== f'{{"operator":"{OPERATOR_STRING}", "term":"{EVENT_FILTER_FIELD_NAME}", "value":"{VALUE_STRING}"}}'
)
def create_not_exists_filter_group(term):
"""Creates a :class:`~py42.sdk.queries.query_filter.FilterGroup` to find events where
filter data does not exist. Useful for creating ``DOES_NOT_EXIST`` filters that are
not yet supported in py42 or programmatically crafting filter groups.
Args:
term (str): The term of the filter.
Returns:
:class:`~py42.sdk.queries.query_filter.FilterGroup`
"""
filter_list = [create_query_filter(term, u"DOES_NOT_EXIST")]
return create_filter_group(filter_list, u"AND")
def create_greater_than_filter_group(term, value):
"""Creates a :class:`~py42.sdk.queries.query_filter.FilterGroup` for matching file
events where the value with key ``term`` is greater than the given value. Useful for
creating ``GREATER_THAN`` filters that are not yet supported in py42 or programmatically
crafting filter groups.
Args:
term (str): The term of the filter.
value (str or int): The value used to filter file events.
Returns:
:class:`~py42.sdk.queries.query_filter.FilterGroup`
"""
filter_list = [create_query_filter(term, u"GREATER_THAN", value)]
return create_filter_group(filter_list, u"AND")
def create_contains_filter_group(term, value):
"""Creates a :class:`~py42.sdk.queries.query_filter.FilterGroup` for filtering results
where the value with key ``term`` contains the given value. Useful for creating ``CONTAINS``
filters that are not yet supported in py42 or programmatically crafting filter groups.
Args:
term: (str): The term of the filter, such as ``actor``.
value (str): The value used to match on.
Returns:
:class:`~py42.sdk.queries.query_filter.FilterGroup`
"""
filter_list = [create_query_filter(term, u"CONTAINS", value)]
return create_filter_group(filter_list, u"AND")
def create_contains_filter_group(term, value):
filter_list = [create_query_filter(term, u"CONTAINS", value)]
return create_filter_group(filter_list, u"AND")
def create_not_contains_filter_group(term, value):
filter_list = [create_query_filter(term, u"DOES_NOT_CONTAIN", value)]
return create_filter_group(filter_list, u"AND")
def create_less_than_filter_group(term, value):
filter_list = [create_query_filter(term, u"LESS_THAN", value)]
return create_filter_group(filter_list, u"AND")
def create_greater_than_filter_group(term, value):
filter_list = [create_query_filter(term, u"GREATER_THAN", value)]
return create_filter_group(filter_list, u"AND")
def create_not_exists_filter_group(term):
filter_list = [create_query_filter(term, u"DOES_NOT_EXIST")]
return create_filter_group(filter_list, u"AND")
def create_exists_filter_group(term):
filter_list = [create_query_filter(term, u"EXISTS")]
return create_filter_group(filter_list, u"AND")
def test_create_query_filter_returns_obj_with_correct_json_representation():
query_filter = create_query_filter(EVENT_FILTER_FIELD_NAME,
OPERATOR_STRING, VALUE_STRING)
assert str(query_filter
) == '{{"operator":"{0}", "term":"{1}", "value":"{2}"}}'.format(
OPERATOR_STRING, EVENT_FILTER_FIELD_NAME, VALUE_STRING)
