changing the usage of 'stream_log_envelope' to 'streamalert:envelope_…

…keys' and updating docs to reflect the change
airbnb · May 5, 2017 · a9a1c6b · a9a1c6b
1 parent cb29573
commit a9a1c6b
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 11 deletions.
diff --git a/docs/source/conf-schemas.rst b/docs/source/conf-schemas.rst
@@ -320,7 +320,7 @@ The resultant parsed records::
       "example": 1,
       "host": "jumphost-1.domain.com",
       "time": "11:00 PM",
-      "envelope": {
+      "streamalert:envelope_keys": {
         "id": 1431948983198,
         "application": "my-app"
       }
@@ -329,7 +329,7 @@ The resultant parsed records::
       "example": 2,
       "host": "jumphost-2.domain.com",
       "time": "12:00 AM",
-      "envelope": {
+      "streamalert:envelope_keys": {
         "id": 1431948983198,
         "application": "my-app"
       }

diff --git a/stream_alert/rule_processor/classifier.py b/stream_alert/rule_processor/classifier.py
@@ -317,7 +317,7 @@ def _parse(self, payload, data):
         for data in valid_parse.parsed_data:
             # Convert data types per the schema
             # Use the root schema for the parser due to updates caused by
-            # configuration settings such as envelope and optional_keys
+            # configuration settings such as envelope_keys and optional_keys
             if not self._convert_type(data, valid_parse.parser.type(), valid_parse.root_schema, valid_parse.parser.options):
                 return False
 
@@ -372,8 +372,8 @@ def _convert_type(self, payload, parser_type, schema, options):
                     continue # allow empty maps (dict)
 
                 # handle nested values
-                # skip the 'stream_log_envelope' key that we've added during parsing
-                if key == 'stream_log_envelope' and isinstance(payload[key], dict):
+                # skip the 'streamalert:envelope_keys' key that we've added during parsing
+                if key == 'streamalert:envelope_keys' and isinstance(payload[key], dict):
                     continue
 
                 if 'log_patterns' in options:

diff --git a/stream_alert/rule_processor/parsers.py b/stream_alert/rule_processor/parsers.py
@@ -135,7 +135,7 @@ def _key_check(self, schema, json_records):
             if json_keys == schema_keys:
                 schema_match = True
                 for key, key_type in schema.iteritems():
-                    if key == 'stream_log_envelope' and isinstance(json_records[index][key], dict):
+                    if key == 'streamalert:envelope_keys' and isinstance(json_records[index][key], dict):
                         continue
                     # Nested key check
                     if key_type and isinstance(key_type, dict):
@@ -154,7 +154,7 @@ def _parse_records(self, schema, json_payload):
         JSONpath selector that yields the desired nested records).
 
         If desired, fields present on the root record can be merged into child
-        events using the `envelope` option.
+        events using the `envelope_keys` option.
 
         Args:
             json_payload [dict]: The parsed json data
@@ -201,7 +201,7 @@ def default_optional_values(key):
             envelope = {}
             envelope_schema = self.options.get('envelope_keys', {})
             if len(envelope_schema):
-                schema.update({'stream_log_envelope': envelope_schema})
+                schema.update({'streamalert:envelope_keys': envelope_schema})
                 envelope_keys = envelope_schema.keys()
                 envelope_jsonpath = jsonpath_rw.parse("$." + ",".join(envelope_keys))
                 envelope_matches = [match.value for match in envelope_jsonpath.find(json_payload)]
@@ -211,7 +211,7 @@ def default_optional_values(key):
             for match in records_jsonpath.find(json_payload):
                 record = match.value
                 if len(envelope):
-                    record.update({'stream_log_envelope': envelope})
+                    record.update({'streamalert:envelope_keys': envelope})
 
                 json_records.append(record)
 

diff --git a/test/unit/test_gzip_json_parser.py b/test/unit/test_gzip_json_parser.py
@@ -60,9 +60,9 @@ def test_cloudwatch(self):
         expected_keys = (u'protocol', u'source', u'destination', u'srcport',
                          u'destport', u'eni', u'action', u'packets', u'bytes',
                          u'windowstart', u'windowend', u'version', u'account',
-                         u'flowlogstatus',u'stream_log_envelope')
+                         u'flowlogstatus',u'streamalert:envelope_keys')
         expected_envelope_keys = (u'logGroup', u'logStream', u'owner')
 
         for result in parsed_result:
             assert_equal(sorted(expected_keys), sorted(result.keys()))
-            assert_equal(sorted(expected_envelope_keys),sorted(result['stream_log_envelope'].keys()))
+            assert_equal(sorted(expected_envelope_keys),sorted(result['streamalert:envelope_keys'].keys()))