def test_will_email_on_rule_match(self, node, rule, testapp): from flask_mail import email_dispatched match = RuleMatch(rule=rule, node=node.to_dict(), result={ 'name': 'foo', 'action': 'added', 'timestamp': 'bar', 'columns': { 'boo': 'baz', 'kung': 'bloo' }, }) expected_subject = '[Doorman Test] {host_identifier} {name} ({action})'.format( host_identifier=node.host_identifier, name=rule.name, action=match.result['action']) @email_dispatched.connect def verify(message, app): assert message.subject == expected_subject assert self.recipients == message.recipients assert rule.name in message.body assert 'boo' in message.body assert 'baz' in message.body alerter = EmailAlerter(self.config) alerter.handle_alert(node.to_dict(), match)
def test_will_make_request(self, node, rule): """ Simple test to ensure that there's no serialization or syntax errors. """ match = RuleMatch(rule=rule, node=node.to_dict(), result={ 'name': 'foo', 'action': 'added', 'timestamp': 'bar', 'columns': { 'boo': 'baz', 'kung': 'bloo' }, }) resp = MockResponse(ok=True, content='blah') with mock.patch('requests.post', return_value=resp) as pmock: alerter = PagerDutyAlerter(self.config) alerter.handle_alert(node.to_dict(), match) assert pmock.called args, kwargs = pmock.call_args assert args[ 0] == 'https://events.pagerduty.com/generic/2010-04-15/create_event.json' assert rule.name in kwargs['data'] assert 'boo' in kwargs['data'] assert 'baz' in kwargs['data']
def handle_log_entry(self, entry, node): """ The actual entrypoint for handling input log entries. """ from doorman.models import Rule from doorman.rules import RuleMatch from doorman.utils import extract_results self.load_rules() to_trigger = [] for name, action, columns, timestamp in extract_results(entry): result = { 'name': name, 'action': action, 'timestamp': timestamp, 'columns': columns, } alerts = self.network.process(result, node) if len(alerts) == 0: continue # Alerts is a set of (alerter name, rule id) tuples. We convert # these into RuleMatch instances, which is what our alerters are # actually expecting. for alerter, rule_id in alerts: rule = Rule.get_by_id(rule_id) to_trigger.append( (alerter, RuleMatch(rule=rule, result=result, node=node))) # Now that we've collected all results, start triggering them. for alerter, match in to_trigger: self.alerters[alerter].handle_alert(node, match)
def test_will_pass_service_key(self, node, rule): match = RuleMatch(rule=rule, node=node.to_dict(), result={ 'name': 'foo', 'action': 'added', 'timestamp': 'bar', 'columns': { 'boo': 'baz', 'kung': 'bloo' }, }) resp = MockResponse(ok=True, content='blah') with mock.patch('requests.post', return_value=resp) as pmock: alerter = PagerDutyAlerter(self.config) alerter.handle_alert(node.to_dict(), match) assert pmock.called _, kwargs = pmock.call_args data = json.loads(kwargs['data']) assert data['service_key'] == self.service_key
def test_will_alert(self, node, rule, testapp): match = RuleMatch(rule=rule, node=node.to_dict(), result={ 'name': 'foo', 'action': 'added', 'timestamp': dt.datetime.utcnow(), 'columns': { 'boo': 'baz', 'kung': 'bloo' }, }) with mock.patch.object(raven.Client, 'captureMessage', return_value=None) as pmock: alerter = SentryAlerter(self.config) alerter.handle_alert(node.to_dict(), match) assert pmock.called _, kwargs = pmock.call_args assert kwargs['message'] == rule.template.safe_substitute( match.result['columns'], **node.to_dict()).rstrip()