feat(wazuh/wazuh#17388): separate cloudwatch test cases

wazuh · Jul 4, 2023 · e50f774 · e50f774
1 parent 0032d7e
commit e50f774
Show file tree

Hide file tree

Showing 6 changed files with 172 additions and 34 deletions.
diff --git a/...nfiguration_cloudwatch_discard_regex.yaml → ...ration_cloudwatch_discard_regex_json.yaml b/...nfiguration_cloudwatch_discard_regex.yaml → ...ration_cloudwatch_discard_regex_json.yaml
diff --git a/...emplate/discard_regex_test_module/configuration_cloudwatch_discard_regex_simple_text.yaml b/...emplate/discard_regex_test_module/configuration_cloudwatch_discard_regex_simple_text.yaml
@@ -0,0 +1,21 @@
+- sections:
+    - section: wodle
+      attributes:
+        - name: aws-s3
+      elements:
+        - disabled:
+            value: 'no'
+        - service:
+            attributes:
+              - type: SERVICE_TYPE
+            elements:
+              - aws_profile:
+                  value: qa
+              - aws_log_groups:
+                  value: LOG_GROUP_NAME
+              - only_logs_after:
+                  value: ONLY_LOGS_AFTER
+              - regions:
+                  value: REGIONS
+              - discard_regex:
+                  value: DISCARD_REGEX
diff --git a/...odule/cases_cloudwatch_discard_regex.yaml → .../cases_cloudwatch_discard_regex_json.yaml b/...odule/cases_cloudwatch_discard_regex.yaml → .../cases_cloudwatch_discard_regex_json.yaml
@@ -1,5 +1,5 @@
 - name: cloudwatch_discard_regex_json
-  description: CloudWatch discard regex configurations
+  description: CloudWatch discard regex configuration for JSON logs
   configuration_parameters:
     SERVICE_TYPE: cloudwatchlogs
     LOG_GROUP_NAME: wazuh-cloudwatchlogs-integration-tests
@@ -15,19 +15,3 @@
     discard_regex: .*eni-networkInterfaceId.*
     regions: us-east-1
     found_logs: 1
-
-- name: cloudwatch_discard_regex_simple_text
-  description: CloudWatch discard regex configurations
-  configuration_parameters:
-    SERVICE_TYPE: cloudwatchlogs
-    LOG_GROUP_NAME: wazuh-cloudwatchlogs-integration-tests
-    REGIONS: us-east-1
-    DISCARD_REGEX: .*Test.*
-    ONLY_LOGS_AFTER: 2023-JAN-12
-  metadata:
-    service_type: cloudwatchlogs
-    log_group_name: wazuh-cloudwatchlogs-integration-tests
-    only_logs_after: 2023-JAN-12
-    discard_regex: .*Test.*
-    regions: us-east-1
-    found_logs: 3
diff --git a/...data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_simple_text.yaml b/...data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_simple_text.yaml
@@ -0,0 +1,15 @@
+- name: cloudwatch_discard_regex_simple_text
+  description: CloudWatch discard regex configuration for simple text logs
+  configuration_parameters:
+    SERVICE_TYPE: cloudwatchlogs
+    LOG_GROUP_NAME: wazuh-cloudwatchlogs-integration-tests
+    REGIONS: us-east-1
+    DISCARD_REGEX: .*Test.*
+    ONLY_LOGS_AFTER: 2023-JAN-12
+  metadata:
+    service_type: cloudwatchlogs
+    log_group_name: wazuh-cloudwatchlogs-integration-tests
+    only_logs_after: 2023-JAN-12
+    discard_regex: .*Test.*
+    regions: us-east-1
+    found_logs: 3
diff --git a/...ion/test_aws/data/test_cases/discard_regex_test_module/cases_inspector_discard_regex.yaml b/...ion/test_aws/data/test_cases/discard_regex_test_module/cases_inspector_discard_regex.yaml
@@ -12,4 +12,5 @@
     discard_field: assetAttributes.tags.value
     discard_regex: .*inspector-integration-test.*
     regions: us-east-1
-    found_logs: 4
+    found_logs: 4
+
diff --git a/tests/integration/test_aws/test_discard_regex.py b/tests/integration/test_aws/test_discard_regex.py
@@ -141,9 +141,9 @@ def test_bucket_discard_regex(
 
     assert s3_db_exists()
 
-# ---------------------------------------------------- TEST_CLOUDWATCH_DISCARD_REGEX -------------------------------------------------------
-t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cloudwatch_discard_regex.yaml')
-t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cloudwatch_discard_regex.yaml')
+# ---------------------------------------------------- TEST_CLOUDWATCH_DISCARD_REGEX_JSON -------------------------------------------------------
+t1_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cloudwatch_discard_regex_json.yaml')
+t1_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cloudwatch_discard_regex_json.yaml')
 
 t1_configuration_parameters, t1_configuration_metadata, t1_case_ids = get_test_cases_data(t1_cases_path)
 t1_configurations = load_configuration_template(
@@ -153,7 +153,7 @@ def test_bucket_discard_regex(
 
 @pytest.mark.tier(level=0)
 @pytest.mark.parametrize('configuration, metadata', zip(t1_configurations, t1_configuration_metadata), ids=t1_case_ids)
-def test_cloudwatch_discard_regex(
+def test_cloudwatch_discard_regex_json(
     configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_aws_services_db,
     configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, file_monitoring,
 ):
@@ -220,23 +220,20 @@ def test_cloudwatch_discard_regex(
     discard_regex = metadata.get('discard_regex')
     found_logs = metadata.get('found_logs')
 
-    pattern_json = fr'.*The "{discard_regex}" regex found a match in the "{discard_field}" field. The event will be skipped.'
-    pattern_simple_text = fr'.*The "{discard_regex}" regex found a match. The event will be skipped.'
-
+    pattern = fr'.*The "{discard_regex}" regex found a match in the "{discard_field}" field. The event will be skipped.'
+
     parameters = [
         'wodles/aws/aws-s3',
         '--service', service_type,
         '--aws_profile', 'qa',
         '--only_logs_after', only_logs_after,
         '--regions', regions,
         '--aws_log_groups', log_group_name,
-        '--discard-field' if discard_field else None , discard_field,
+        '--discard-field', discard_field,
         '--discard-regex', discard_regex,
         '--debug', '2'
     ]
 
-    parameters = [parameter for parameter in parameters if parameter is not None]
-
     # Check AWS module started
     log_monitor.start(
         timeout=global_parameters.default_timeout,
@@ -253,7 +250,7 @@ def test_cloudwatch_discard_regex(
 
     log_monitor.start(
         timeout=T_20,
-        callback=event_monitor.callback_detect_event_processed_or_skipped(pattern_json if discard_field else pattern_simple_text),
+        callback=event_monitor.callback_detect_event_processed_or_skipped(pattern),
         error_message=(
             'The AWS module did not show the correct message about discard regex or ',
             'did not process the expected amount of logs'
@@ -263,9 +260,9 @@ def test_cloudwatch_discard_regex(
 
     assert services_db_exists()
 
-# ---------------------------------------------------- TEST_INSPECTOR_DISCARD_REGEX -------------------------------------------------------
-t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_inspector_discard_regex.yaml')
-t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_inspector_discard_regex.yaml')
+# ---------------------------------------------------- TEST_CLOUDWATCH_DISCARD_REGEX_SIMPLE_TEXT -------------------------------------------------------
+t2_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_cloudwatch_discard_regex_simple_text.yaml')
+t2_cases_path = os.path.join(TEST_CASES_PATH, 'cases_cloudwatch_discard_regex_simple_text.yaml')
 
 t2_configuration_parameters, t2_configuration_metadata, t2_case_ids = get_test_cases_data(t2_cases_path)
 t2_configurations = load_configuration_template(
@@ -275,6 +272,125 @@ def test_cloudwatch_discard_regex(
 
 @pytest.mark.tier(level=0)
 @pytest.mark.parametrize('configuration, metadata', zip(t2_configurations, t2_configuration_metadata), ids=t2_case_ids)
+def test_cloudwatch_discard_regex_simple_text(
+    configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_aws_services_db,
+    configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, file_monitoring,
+):
+    """
+    description: Fetch logs excluding the ones that match with the regex.
+    test_phases:
+        - setup:
+            - Load Wazuh light configuration.
+            - Apply ossec.conf configuration changes according to the configuration template and use case.
+            - Apply custom settings in local_internal_options.conf.
+            - Truncate wazuh logs.
+            - Restart wazuh-manager service to apply configuration changes.
+        - test:
+            - Check in the ossec.log that a line has appeared calling the module with correct parameters.
+            - Check the expected number of events were forwarded to analysisd, only logs stored in the bucket and skips
+              the ones that match with regex.
+            - Check the database was created and updated accordingly.
+        - teardown:
+            - Truncate wazuh logs.
+            - Restore initial configuration, both ossec.conf and local_internal_options.conf.
+            - Delete the uploaded file
+    wazuh_min_version: 4.5.0
+    parameters:
+        - configuration:
+            type: dict
+            brief: Get configurations from the module.
+        - metadata:
+            type: dict
+            brief: Get metadata from the module.
+        - load_wazuh_basic_configuration:
+            type: fixture
+            brief: Load basic wazuh configuration.
+        - set_wazuh_configuration:
+            type: fixture
+            brief: Apply changes to the ossec.conf configuration.
+        - clean_aws_services_db:
+            type: fixture
+            brief: Delete the DB file before and after the test execution.
+        - configure_local_internal_options_function:
+            type: fixture
+            brief: Apply changes to the local_internal_options.conf configuration.
+        - truncate_monitored_files:
+            type: fixture
+            brief: Truncate wazuh logs.
+        - restart_wazuh_daemon_function:
+            type: fixture
+            brief: Restart the wazuh service.
+        - file_monitoring:
+            type: fixture
+            brief: Handle the monitoring of a specified file.
+    assertions:
+        - Check in the log that the module was called with correct parameters.
+        - Check the expected number of events were forwarded to analysisd.
+        - Check the database was created and updated accordingly.
+    input_description:
+        - The `configuration_cloudwatch_discard_regex_simple_text` file provides the module configuration for this test.
+        - The `cases_cloudwatch_discard_regex_simple_text` file provides the test cases.
+    """
+    log_group_name = metadata.get('log_group_name')
+    service_type = metadata.get('service_type')
+    only_logs_after = metadata.get('only_logs_after')
+    regions: str = metadata.get('regions')
+    discard_regex = metadata.get('discard_regex')
+    found_logs = metadata.get('found_logs')
+
+    pattern = fr'.*The "{discard_regex}" regex found a match. The event will be skipped.'
+
+    parameters = [
+        'wodles/aws/aws-s3',
+        '--service', service_type,
+        '--aws_profile', 'qa',
+        '--only_logs_after', only_logs_after,
+        '--regions', regions,
+        '--aws_log_groups', log_group_name,
+        '--discard-regex', discard_regex,
+        '--debug', '2'
+    ]
+
+
+    # Check AWS module started
+    log_monitor.start(
+        timeout=global_parameters.default_timeout,
+        callback=event_monitor.callback_detect_aws_module_start,
+        error_message='The AWS module did not start as expected',
+    ).result()
+
+    # Check command was called correctly
+    log_monitor.start(
+        timeout=global_parameters.default_timeout,
+        callback=event_monitor.callback_detect_aws_module_called(parameters),
+        error_message='The AWS module was not called with the correct parameters',
+    ).result()
+
+    log_monitor.start(
+        timeout=T_20,
+        callback=event_monitor.callback_detect_event_processed_or_skipped(pattern),
+        error_message=(
+            'The AWS module did not show the correct message about discard regex or ',
+            'did not process the expected amount of logs'
+        ),
+        accum_results=found_logs
+    ).result()
+
+    assert services_db_exists()
+
+
+# ---------------------------------------------------- TEST_INSPECTOR_DISCARD_REGEX -------------------------------------------------------
+t3_configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_inspector_discard_regex.yaml')
+t3_cases_path = os.path.join(TEST_CASES_PATH, 'cases_inspector_discard_regex.yaml')
+
+t3_configuration_parameters, t3_configuration_metadata, t3_case_ids = get_test_cases_data(t3_cases_path)
+t3_configurations = load_configuration_template(
+    t3_configurations_path, t3_configuration_parameters, t3_configuration_metadata
+)
+
+
+@pytest.mark.tier(level=0)
+@pytest.mark.parametrize('configuration, metadata', zip(t3_configurations, t3_configuration_metadata), ids=t3_case_ids)
 def test_inspector_discard_regex(
     configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_aws_services_db,
     configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, file_monitoring,
@@ -349,7 +465,7 @@ def test_inspector_discard_regex(
         '--aws_profile', 'qa',
         '--only_logs_after', only_logs_after,
         '--regions', regions,
-        '--discard-field' if discard_field else '' , discard_field,
+        '--discard-field', discard_field,
         '--discard-regex', discard_regex,
         '--debug', '2'
     ]
@@ -379,4 +495,5 @@ def test_inspector_discard_regex(
         accum_results=found_logs
     ).result()
 
-    assert services_db_exists()
+    assert services_db_exists()
+