def setup_outputs(self, alert):
"""Helper function to handler any output setup
Args:
alert (dict): The alert dictionary containing outputs the need mocking out
"""
outputs = alert.get('outputs', [])
# Patch the urllib2.urlopen event to override HTTPStatusCode, etc
url_mock = Mock()
patch('urllib2.urlopen', url_mock).start()
for output in outputs:
try:
service, descriptor = output.split(':')
except ValueError:
LOGGER_CLI.error(
'Outputs should be declared in the format <SERVICE>:<DESCRIPTOR>')
continue
if service == 'aws-s3':
bucket = self.outputs_config[service][descriptor]
boto3.client('s3', region_name='us-east-1').create_bucket(Bucket=bucket)
elif service == 'aws-lambda':
lambda_function = self.outputs_config[service][descriptor]
parts = lambda_function.split(':')
if len(parts) == 2 or len(parts) == 8:
lambda_function = parts[-2]
else:
lambda_function = parts[-1]
helpers.create_lambda_function(lambda_function, 'us-east-1')
elif service == 'pagerduty':
output_name = '{}/{}'.format(service, descriptor)
creds = {'service_key': '247b97499078a015cc6c586bc0a92de6'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
# Set the patched urlopen.getcode return value to 200
url_mock.return_value.getcode.return_value = 200
elif service == 'phantom':
output_name = '{}/{}'.format(service, descriptor)
creds = {'ph_auth_token': '6c586bc047b9749a92de29078a015cc6',
'url': 'phantom.foo.bar'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
# Set the patched urlopen.getcode return value to 200
url_mock.return_value.getcode.return_value = 200
# Phantom needs a container 'id' value in the http response
url_mock.return_value.read.side_effect = ['{"count": 0, "data": []}',
'{"id": 1948}']
elif service == 'slack':
output_name = '{}/{}'.format(service, descriptor)
creds = {'url': 'https://api.slack.com/web-hook-key'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
# Set the patched urlopen.getcode return value to 200
url_mock.return_value.getcode.return_value = 200
def test_dispatch_with_qualifier(self, log_mock):
"""LambdaOutput - Dispatch Success, With Qualifier"""
alt_descriptor = '{}_qual'.format(self.DESCRIPTOR)
create_lambda_function(CONFIG[self.SERVICE][alt_descriptor], REGION)
assert_true(self._dispatcher.dispatch(get_alert(), alt_descriptor))
log_mock.assert_called_with('Successfully sent alert to %s:%s',
self.SERVICE, alt_descriptor)
def setup(self):
"""Alert Merger - Setup"""
self.dynamo_mock = mock_dynamodb2()
self.lambda_mock = mock_lambda()
self.dynamo_mock.start()
self.lambda_mock.start()
create_lambda_function(_ALERT_PROCESSOR, 'us-east-1')
setup_mock_alerts_table(_ALERTS_TABLE)
self.merger = main.AlertMerger.get_instance()
def test_dispatch_with_qualifier(self, log_mock):
"""LambdaOutput - Dispatch Success, With Qualifier"""
alt_descriptor = '{}_qual'.format(self.DESCRIPTOR)
create_lambda_function(alt_descriptor, REGION)
assert_true(
self._dispatcher.dispatch(descriptor=alt_descriptor,
rule_name='rule_name',
alert=get_alert()))
log_mock.assert_called_with('Successfully sent alert to %s',
self.SERVICE)
def setup_outputs(self, alert):
"""Helper function to handler any output setup"""
outputs = alert['metadata'].get('outputs', [])
# Patch the urllib2.urlopen event to override HTTPStatusCode, etc
url_mock = Mock()
patch('urllib2.urlopen', url_mock).start()
for output in outputs:
try:
service, descriptor = output.split(':')
except ValueError:
continue
if service == 'aws-s3':
bucket = self.outputs_config[service][descriptor]
boto3.client(
's3', region_name='us-east-1').create_bucket(Bucket=bucket)
elif service == 'aws-lambda':
function = self.outputs_config[service][descriptor]
parts = function.split(':')
if len(parts) == 2 or len(parts) == 8:
function = parts[-2]
else:
function = parts[-1]
helpers.create_lambda_function(function, 'us-east-1')
elif service == 'pagerduty':
output_name = ('/').join([service, descriptor])
creds = {'service_key': '247b97499078a015cc6c586bc0a92de6'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
# Set the patched urlopen.getcode return value to 200
url_mock.return_value.getcode.return_value = 200
elif service == 'phantom':
output_name = ('/').join([service, descriptor])
creds = {
'ph_auth_token': '6c586bc047b9749a92de29078a015cc6',
'url': 'phantom.foo.bar'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
# Set the patched urlopen.getcode return value to 200
url_mock.return_value.getcode.return_value = 200
# Phantom needs a container 'id' value in the http response
url_mock.return_value.read.return_value = '{"id": 1948}'
elif service == 'slack':
output_name = ('/').join([service, descriptor])
creds = {'url': 'https://api.slack.com/web-hook-key'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
# Set the patched urlopen.getcode return value to 200
url_mock.return_value.getcode.return_value = 200
def setup(self):
"""Alert Merger - Setup - Create AlertMerger instance and mock alert processor"""
# pylint: disable=attribute-defined-outside-init
self.merger = main.AlertMerger()
create_lambda_function(_ALERT_PROCESSOR, 'us-east-1')
def setup_outputs(self, alert):
"""Helper function to handler any output setup
Args:
alert (Alert): The Alert instance containing outputs to be mocked out
"""
# Patch requests.get and requests.post
self._setup_api_mocks()
alert_outputs = resources.get_required_outputs()
alert_outputs.update(alert.outputs)
for output in alert_outputs:
try:
service, descriptor = output.split(':')
except ValueError:
LOGGER_CLI.error(
'Outputs should be declared in the format <SERVICE>:<DESCRIPTOR>'
)
continue
if service == 'aws-s3':
bucket = self.outputs_config[service][descriptor]
client = boto3.client('s3', region_name=self.region)
try:
# Check if the bucket exists before creating it
client.head_bucket(Bucket=bucket)
except ClientError:
client.create_bucket(Bucket=bucket)
elif service == 'aws-firehose':
stream_name = self.outputs_config[service][descriptor]
helpers.create_delivery_stream(self.region, stream_name)
elif service == 'aws-lambda':
lambda_function = self.outputs_config[service][descriptor]
parts = lambda_function.split(':')
if len(parts) == 2 or len(parts) == 8:
lambda_function = parts[-2]
else:
lambda_function = parts[-1]
helpers.create_lambda_function(lambda_function, self.region)
elif service == 'aws-sns':
topic_name = self.outputs_config[service][descriptor]
boto3.client(
'sns',
region_name=self.region).create_topic(Name=topic_name)
elif service == 'aws-sqs':
queue_name = self.outputs_config[service][descriptor]
boto3.client(
'sqs',
region_name=self.region).create_queue(QueueName=queue_name)
elif service == 'carbonblack':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'token': 'e51273c7c8e0fd9fae431cc019ab244112345678',
'url': 'cb.foo.bar'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'komand':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'komand_auth_token':
'00000000-0000-0000-0000-000000000000',
'url': 'komand.foo.bar'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'pagerduty':
output_name = '{}/{}'.format(service, descriptor)
creds = {'service_key': '247b97499078a015cc6c586bc0a92de6'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'pagerduty-v2':
output_name = '{}/{}'.format(service, descriptor)
creds = {'routing_key': '247b97499078a015cc6c586bc0a92de6'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'pagerduty-incident':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'token': '247b97499078a015cc6c586bc0a92de6',
'service_name': '247b97499078a015cc6c586bc0a92de6',
'service_id': 'SERVICEID123',
'escalation_policy': '247b97499078a015cc6c586bc0a92de6',
'escalation_policy_id': 'POLICYID123',
'email_from': '*****@*****.**',
'integration_key': '247b97499078a015cc6c586bc0a92de6'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
elif service == 'phantom':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'ph_auth_token': '6c586bc047b9749a92de29078a015cc6',
'url': 'phantom.foo.bar'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'slack':
output_name = '{}/{}'.format(service, descriptor)
creds = {'url': 'https://api.slack.com/web-hook-key'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'jira':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'username': '******',
'password': '******',
'url': 'jira.foo.bar',
'project_key': 'foobar',
'issue_type': 'Task',
'aggregate': 'no'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
elif service == 'github':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'username': '******',
'repository': 'github-user/github-repository',
'access_token': 'foobar',
'labels': 'test-label'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
def setup_outputs(self, alert):
"""Helper function to handler any output setup
Args:
alert (dict): The alert dictionary containing outputs the need mocking out
"""
# Patch requests.get and requests.post
self._setup_requests_mocks()
for output in alert.get('outputs', []):
try:
service, descriptor = output.split(':')
except ValueError:
LOGGER_CLI.error(
'Outputs should be declared in the format <SERVICE>:<DESCRIPTOR>'
)
continue
if service == 'aws-s3':
bucket = self.outputs_config[service][descriptor]
client = boto3.client('s3', region_name=self.region)
try:
# Check if the bucket exists before creating it
client.head_bucket(Bucket=bucket)
except ClientError:
client.create_bucket(Bucket=bucket)
elif service == 'aws-firehose':
stream_name = self.outputs_config[service][descriptor]
helpers.create_delivery_stream(self.region, stream_name)
elif service == 'aws-lambda':
lambda_function = self.outputs_config[service][descriptor]
parts = lambda_function.split(':')
if len(parts) == 2 or len(parts) == 8:
lambda_function = parts[-2]
else:
lambda_function = parts[-1]
helpers.create_lambda_function(lambda_function, self.region)
elif service == 'pagerduty':
output_name = '{}/{}'.format(service, descriptor)
creds = {'service_key': '247b97499078a015cc6c586bc0a92de6'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'pagerduty-v2':
output_name = '{}/{}'.format(service, descriptor)
creds = {'routing_key': '247b97499078a015cc6c586bc0a92de6'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'pagerduty-incident':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'token': '247b97499078a015cc6c586bc0a92de6',
'service_name': '247b97499078a015cc6c586bc0a92de6',
'escalation_policy': '247b97499078a015cc6c586bc0a92de6',
'email_from': '*****@*****.**',
'integration_key': '247b97499078a015cc6c586bc0a92de6'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
elif service == 'phantom':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'ph_auth_token': '6c586bc047b9749a92de29078a015cc6',
'url': 'phantom.foo.bar'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'slack':
output_name = '{}/{}'.format(service, descriptor)
creds = {'url': 'https://api.slack.com/web-hook-key'}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
self.region, self.kms_alias)
elif service == 'jira':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'username': '******',
'password': '******',
'url': 'jira.foo.bar',
'project_key': 'foobar',
'issue_type': 'Task',
'aggregate': 'no'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
elif service == 'github':
output_name = '{}/{}'.format(service, descriptor)
creds = {
'username': '******',
'repository': 'github-user/github-repository',
'access_token': 'foobar',
'labels': 'test-label'
}
helpers.put_mock_creds(output_name, creds, self.secrets_bucket,
'us-east-1', self.kms_alias)
def setup(self):
"""Setup before each method"""
self._dispatcher = LambdaOutput(REGION, ACCOUNT_ID, FUNCTION_NAME,
CONFIG)
create_lambda_function(CONFIG[self.SERVICE][self.DESCRIPTOR], REGION)
def _setup_dispatch(self, alt_descriptor=''):
"""Helper for setting up LambdaOutput dispatch"""
function_name = CONFIG[self.__service][alt_descriptor or self.__descriptor]
create_lambda_function(function_name, REGION)
return get_alert()
def _setup_dispatch(self):
"""Helper for setting up LambdaOutput dispatch"""
function_name = CONFIG[self.__service][self.__descriptor]
create_lambda_function(function_name, REGION)
return _get_sns_message(0)['default']
