def main(target="all", rule_name=None):
if rule_name:
if rule_name.startswith("AQ."):
alert_queries_runner.main(rule_name[3:].upper())
if rule_name.startswith("AS."):
alert_suppressions_runner.main(rule_name[3:].upper())
if rule_name.startswith("AH."):
alert_handler.main(rule_name[3:].upper())
if rule_name.startswith("VQ."):
violation_queries_runner.main(rule_name[3:].upper())
if rule_name.startswith("VS."):
violation_suppressions_runner.main(rule_name[3:].upper())
alert_processor.main()
else:
log.info(f"STARTING RUN WITH ID {RUN_ID}")
if target in ['alerts', 'all']:
alert_queries_runner.main()
alert_suppressions_runner.main()
alert_processor.main()
alert_handler.main()
if target in ['violations', 'all']:
violation_queries_runner.main()
violation_suppressions_runner.main()
if target in ['ingest']:
ingest_runner.main()
def main(target="all", rule_name=None):
if target == "connector" and rule_name:
connectors_runner.main(rule_name.upper())
elif target == "processor":
alert_processor.main()
elif target == "dispatcher":
alert_dispatcher.main()
elif rule_name and target == "ingest":
ingest_runner.main(rule_name)
elif rule_name:
if rule_name.endswith("_ALERT_QUERY"):
alert_queries_runner.main(rule_name.upper())
if rule_name.endswith("_ALERT_SUPPRESSION"):
alert_suppressions_runner.main(rule_name.upper())
if rule_name.endswith("_VIOLATION_QUERY"):
violation_queries_runner.main(rule_name.upper())
if rule_name.endswith("_VIOLATION_SUPPRESSION"):
violation_suppressions_runner.main(rule_name.upper())
if rule_name.endswith("_CONNECTION"):
connectors_runner.main(rule_name.upper())
if rule_name.upper().endswith("_BASELINE"):
baseline_runner.main(rule_name.upper())
else:
log.info(f"STARTING RUN WITH ID {RUN_ID}")
log.info(f"got command {target}")
if target in ['alert', 'alerts', 'all']:
alert_queries_runner.main()
alert_suppressions_runner.main()
alert_processor.main()
alert_dispatcher.main()
if target in ['violation', 'violations', 'all']:
violation_queries_runner.main()
violation_suppressions_runner.main()
if target in ['ingest']:
ingest_runner.main()
connectors_runner.main()
if target in ['connectors', 'all']:
connectors_runner.main()
if target in ['baseline', 'baselines', 'all']:
baseline_runner.main()
def main(command, rule_name=None):
if rule_name:
if rule_name.startswith("AQ."):
alert_queries_runner.main(rule_name[3:].upper())
if rule_name.startswith("AS."):
alert_suppressions_runner.main(rule_name[3:].upper())
if rule_name.startswith("AH."):
alert_handler.main(rule_name[3:].upper())
if rule_name.startswith("VQ."):
violation_queries_runner.main(rule_name[3:].upper())
if rule_name.startswith("VS."):
violation_suppressions_runner.main(rule_name[3:].upper())
else:
if command in ['alerts', 'all']:
alert_queries_runner.main()
alert_suppressions_runner.main()
if os.environ.get('JIRA_USER'):
alert_handler.main()
else:
print("No JIRA_USER in env, skipping handler.")
if command in ['violations', 'all']:
violation_queries_runner.main()
violation_suppressions_runner.main()
def test_run_violations(violation_queries):
from hashlib import md5
#
# run queries
#
violation_queries_runner.main()
violations = list(
db.fetch('SELECT * FROM data.violations ORDER BY query_name'))
assert len(violations) == 2
v = violations[-1]
default_identity = {
'ENVIRONMENT': "SnowAlert Test Runner",
'OBJECT': v['OBJECT'],
'TITLE': "Test Violation Title",
'ALERT_TIME': None,
'DESCRIPTION': "This is a testing violation.",
'EVENT_DATA': {
'b': 1,
'a': 2
},
'DETECTOR': "snowalert-test-detector",
'SEVERITY': "low",
'QUERY_ID': "test-violation-query-id",
'QUERY_NAME': "_TEST1_VIOLATION_QUERY",
'OWNER': None,
}
# basics
assert (v['ID'] == md5(
json_like_snowflake(default_identity).encode('utf-8')).hexdigest())
assert v['OBJECT'] == "Test Violation Object"
assert v['EVENT_DATA'] == {"b": 1, "a": 2}
assert v['SUPPRESSED'] is None
assert v['VIOLATION_TIME'] is None
assert v['CREATED_TIME'] is not None
# metadata
queries_run_records = list(
db.fetch(
'SELECT * FROM data.violation_queries_runs ORDER BY start_time'))
assert len(queries_run_records) == 1
assert queries_run_records[0]['NUM_VIOLATIONS_CREATED'] == 2
query_rule_run_record = list(
db.fetch(
'SELECT * FROM data.violation_query_rule_runs ORDER BY start_time')
)
assert len(query_rule_run_record) == 3
assert query_rule_run_record[-2]['QUERY_NAME'] == '_TEST1_VIOLATION_QUERY'
assert query_rule_run_record[-2]['NUM_VIOLATIONS_CREATED'] == 1
assert query_rule_run_record[-1][
'QUERY_NAME'] == '_TEST2_INVALID_VIOLATION_QUERY'
assert query_rule_run_record[-1]['NUM_VIOLATIONS_CREATED'] == 0
error = query_rule_run_record[-1].get('ERROR')
assert type(error) is dict
assert error['PROGRAMMING_ERROR'] == '100051 (22012): Division by zero'
assert 'snowflake.connector.errors.ProgrammingError' in error[
'EXCEPTION_ONLY']
assert 'Traceback (most recent call last)' in error['EXCEPTION']
#
# run supperessions
#
violation_suppressions_runner.main()
vs = list(db.fetch('SELECT * FROM data.violations ORDER BY created_time'))
v = vs[-1]
# basics
assert v['SUPPRESSED'] is True
assert v['SUPPRESSION_RULE'] == '_TEST1_VIOLATION_SUPPRESSION'
# metadata
suppressions_run_record = next(
db.fetch('SELECT * FROM data.violation_suppressions_runs'))
assert suppressions_run_record['NUM_VIOLATIONS_PASSED'] == 0
assert suppressions_run_record['NUM_VIOLATIONS_SUPPRESSED'] == 2
get_runs = 'SELECT * FROM data.violation_suppression_rule_runs ORDER BY start_time'
suppression_rule_run_record = list(db.fetch(get_runs))
assert len(suppression_rule_run_record) == 2
assert suppression_rule_run_record[0][
'RULE_NAME'] == '_TEST1_VIOLATION_SUPPRESSION'
assert suppression_rule_run_record[0]['NUM_VIOLATIONS_SUPPRESSED'] == 1
assert (suppression_rule_run_record[1]['RULE_NAME'] ==
'__SUPPRESS_SAMPLES_VIOLATION_SUPPRESSION')
assert suppression_rule_run_record[1]['NUM_VIOLATIONS_SUPPRESSED'] == 1
def test_run_violations():
from hashlib import md5
#
# run queries
#
violation_queries_runner.main()
violations = list(db.fetch('SELECT * FROM data.violations'))
assert len(violations) == 1
v = violations[0]
default_identity = {
"ENVIRONMENT": "SnowAlert Test Runner",
"OBJECT": "Test Violation Object",
"TITLE": "Test Violation Title",
"ALERT_TIME": None,
"DESCRIPTION": "This is a testing violation.",
"EVENT_DATA": {
'b': 1,
'a': 2
},
"DETECTOR": "snowalert-test-detector",
"SEVERITY": "low",
"QUERY_ID": "test-violation-query-id",
"QUERY_NAME": "TEST_VIOLATION_QUERY",
"OWNER": None,
}
# basics
assert v['ID'] == md5(
json_like_snowflake(default_identity).encode('utf-8')).hexdigest()
assert v['OBJECT'] == "Test Violation Object"
assert v['EVENT_DATA'] == json_like_connector({"b": 1, "a": 2})
assert v['SUPPRESSED'] is None
assert v['VIOLATION_TIME'] is None
assert v['CREATED_TIME'] is not None
# metadata
queries_run_records = list(
db.fetch(
'SELECT * FROM data.violation_queries_runs ORDER BY start_time DESC'
))
assert len(queries_run_records) == 1
assert queries_run_records[0]['NUM_VIOLATIONS_CREATED'] == 1
query_rule_run_record = list(
db.fetch(
'SELECT * FROM data.violation_query_rule_runs ORDER BY start_time DESC'
))
assert query_rule_run_record[0]['NUM_VIOLATIONS_CREATED'] == 1
assert query_rule_run_record[1]['NUM_VIOLATIONS_CREATED'] == 0
assert type(query_rule_run_record[1].get('ERROR')) is str
error = json.loads(query_rule_run_record[1]['ERROR'])
assert error['PROGRAMMING_ERROR'] == '100051 (22012): Division by zero'
assert 'snowflake.connector.errors.ProgrammingError' in error[
'EXCEPTION_ONLY']
assert 'Traceback (most recent call last)' in error['EXCEPTION']
#
# run supperessions
#
violation_suppressions_runner.main()
v = next(db.fetch('SELECT * FROM results.violations'))
# basics
assert v['SUPPRESSED'] is True
assert v['SUPPRESSION_RULE'] == 'TEST_VIOLATION_SUPPRESSION'
# metadata
suppressions_run_record = next(
db.fetch('SELECT * FROM data.violation_suppressions_runs'))
assert suppressions_run_record['NUM_VIOLATIONS_PASSED'] == 0
assert suppressions_run_record['NUM_VIOLATIONS_SUPPRESSED'] == 1
suppression_rule_run_record = next(
db.fetch('SELECT * FROM data.violation_suppression_rule_runs'))
assert suppression_rule_run_record['NUM_VIOLATIONS_SUPPRESSED'] == 1
