Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes rule group addition in IoaRuleGroup._update_create_delete #217

Merged
merged 2 commits into from
Oct 25, 2024
Merged

Fixes rule group addition in IoaRuleGroup._update_create_delete #217

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ef41326
Fixes rule creation bug in IoaRuleGroup._update_create_delete
hur Oct 25, 2024
f3a80ab
Linting
hur Oct 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion caracara/modules/custom_ioa/custom_ioa.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ def _update_create_delete_rules(self, group: IoaRuleGroup, comment: str) -> IoaR
new_group.rules = list(
chain(
(rule for rule in group.rules if rule.exists_in_cloud()),
(new_rule for rule in new_rules),
(new_rule for new_rule in new_rules),
)
)

Expand Down
141 changes: 141 additions & 0 deletions tests/unit_tests/test_custom_ioas.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -708,3 +708,144 @@ def mock_delete_rule(rule_group_id, ids, comment):
)
# Assert new group is as expected
assert new_group.version == group.version + 4


def test_update_rule_group_with_new_rules(
client: Client, custom_ioa_api: falconpy.CustomIOA, simple_rule_type: RuleType
):
"""Tests `CustomIoaApiModule.update_rule_groups` when the group a rule to create."""
raw_group = { # Acts as a store for the API
"customer_id": "test_customer",
"id": "test_group_01",
"name": "test rule group",
"description": "test rule group desc",
"platform": "windows",
"enabled": False,
"deleted": False,
"rule_ids": ["test_rule_01", "test_rule_02"],
"rules": [
{
"customer_id": "test_customer",
"instance_id": "test_rule_01",
"name": "test rule 1",
"description": "test rule 1 desc",
"pattern_id": "41000",
"pattern_severity": "critical",
"disposition_id": list(simple_rule_type.disposition_map.keys())[0],
"action_label": list(simple_rule_type.disposition_map.values())[0],
"ruletype_id": simple_rule_type.id_,
"ruletype_name": simple_rule_type.name,
"field_values": [],
"enabled": True,
"deleted": False,
"instance_version": 1,
"version_ids": [1],
"magic_cookie": 1,
"committed_on": "2022-01-01T12:00:00.000000000Z",
"created_on": "2022-01-01T12:00:00.000000000Z",
"created_by": "[email protected]",
"modified_on": "2022-01-01T12:00:00.000000000Z",
"modified_by": "[email protected]",
"comment": "test rule 1 comment",
},
{
"customer_id": "test_customer",
"instance_id": "test_rule_02",
"name": "test rule 2",
"description": "test rule 2 desc",
"pattern_id": "41000",
"pattern_severity": "critical",
"disposition_id": list(simple_rule_type.disposition_map.keys())[0],
"action_label": list(simple_rule_type.disposition_map.values())[0],
"ruletype_id": simple_rule_type.id_,
"ruletype_name": simple_rule_type.name,
"field_values": [],
"enabled": True,
"deleted": False,
"instance_version": 1,
"version_ids": [1],
"magic_cookie": 1,
"committed_on": "2022-01-01T12:00:00.000000000Z",
"created_on": "2022-01-01T12:00:00.000000000Z",
"created_by": "[email protected]",
"modified_on": "2022-01-01T12:00:00.000000000Z",
"modified_by": "[email protected]",
"comment": "test rule 2 comment",
},
],
"version": 1,
"committed_on": "2022-01-01T12:00:00.000000000Z",
"created_on": "2022-01-01T12:00:00.000000000Z",
"created_by": "[email protected]",
"modified_on": "2022-01-01T12:00:00.000000000Z",
"modified_by": "[email protected]",
"comment": "test rule group comment",
}
group = IoaRuleGroup.from_data_dict( # Acts as an already queried group
raw_group, rule_type_map={simple_rule_type.id_: simple_rule_type}
)

rule = CustomIoaRule(
name="test rule 3",
description="test rule 3 desc",
severity="critical",
rule_type=simple_rule_type,
)
rule.set_action("Test Action")
group.add_rule(rule)

def mock_create_rule(body):
assert raw_group["id"] == body["rulegroup_id"]
raw_group["version"] += 1
new_rule = {
"customer_id": "test_customer",
"instance_id": "test_rule_03",
"name": body["name"],
"description": body["description"],
"pattern_id": "41000",
"pattern_severity": body["pattern_severity"],
"disposition_id": body["disposition_id"],
"action_label": list(simple_rule_type.disposition_map.values())[0],
"ruletype_id": body["ruletype_id"],
"ruletype_name": simple_rule_type.name,
"field_values": body["field_values"],
"enabled": False,
"deleted": False,
"instance_version": 1,
"version_ids": [1],
"magic_cookie": 1,
"committed_on": "2022-01-01T12:00:00.000000000Z",
"created_on": "2022-01-01T12:00:00.000000000Z",
"created_by": "[email protected]",
"modified_on": "2022-01-01T12:00:00.000000000Z",
"modified_by": "[email protected]",
"comment": body["comment"],
}

raw_group["rules"].append(new_rule)
return {"body": {"resources": [new_rule]}}

custom_ioa_api.create_rule.side_effect = mock_create_rule

custom_ioa_api.query_rule_types.side_effect = create_mock_query_resources(
resources=[simple_rule_type.id_]
)
custom_ioa_api.get_rule_types.side_effect = create_mock_get_rule_types(
rule_types=[simple_rule_type]
)

new_group = client.custom_ioas.update_rule_group(group, comment="test update comment")

custom_ioa_api.create_rule.assert_called_once_with(
body={
"name": "test rule 3",
"description": "test rule 3 desc",
"pattern_severity": "critical",
"disposition_id": list(simple_rule_type.disposition_map.keys())[0],
"field_values": [],
"ruletype_id": simple_rule_type.id_,
"rulegroup_id": "test_group_01",
"comment": "test update comment",
}
)
assert len([rule for rule in new_group.rules if rule.exists_in_cloud()]) == len(group.rules)