From 93b48a74e100642c4a7300bf3cae5da77f58e1bd Mon Sep 17 00:00:00 2001 From: Surya Sashank Nistala Date: Mon, 1 Jul 2024 16:48:43 -0700 Subject: [PATCH] remove ioc finding tests with sleep Signed-off-by: Surya Sashank Nistala --- .../RestGetThreatIntelAlertsAction.java | 93 ------------- .../dao/IocFindingServiceRestApiIT.java | 127 +++++++++--------- 2 files changed, 61 insertions(+), 159 deletions(-) delete mode 100644 src/main/java/org/opensearch/securityanalytics/resthandler/RestGetThreatIntelAlertsAction.java diff --git a/src/main/java/org/opensearch/securityanalytics/resthandler/RestGetThreatIntelAlertsAction.java b/src/main/java/org/opensearch/securityanalytics/resthandler/RestGetThreatIntelAlertsAction.java deleted file mode 100644 index 7dacb7b96..000000000 --- a/src/main/java/org/opensearch/securityanalytics/resthandler/RestGetThreatIntelAlertsAction.java +++ /dev/null @@ -1,93 +0,0 @@ -package org.opensearch.securityanalytics.resthandler; - -import org.opensearch.client.node.NodeClient; -import org.opensearch.commons.alerting.model.Table; -import org.opensearch.rest.BaseRestHandler; -import org.opensearch.rest.RestRequest; -import org.opensearch.rest.action.RestToXContentListener; -import org.opensearch.securityanalytics.SecurityAnalyticsPlugin; -import org.opensearch.securityanalytics.action.GetAlertsAction; -import org.opensearch.securityanalytics.action.GetAlertsRequest; - -import java.io.IOException; -import java.time.DateTimeException; -import java.time.Instant; -import java.util.List; - -import static java.util.Collections.singletonList; -import static org.opensearch.rest.RestRequest.Method.GET; - -public class RestGetThreatIntelAlertsAction extends BaseRestHandler { - - @Override - public String getName() { - return "get_alerts_action_sa"; - } - - @Override - protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException { - - String detectorId = request.param("detector_id", null); - String detectorType = request.param("detectorType", null); - String severityLevel = request.param("severityLevel", "ALL"); - String alertState = request.param("alertState", "ALL"); - // Table params - String sortString = request.param("sortString", "start_time"); - String sortOrder = request.param("sortOrder", "asc"); - String missing = request.param("missing"); - int size = request.paramAsInt("size", 20); - int startIndex = request.paramAsInt("startIndex", 0); - String searchString = request.param("searchString", ""); - - Instant startTime = null; - String startTimeParam = request.param("startTime"); - if (startTimeParam != null && !startTimeParam.isEmpty()) { - try { - startTime = Instant.ofEpochMilli(Long.parseLong(startTimeParam)); - } catch (NumberFormatException | NullPointerException | DateTimeException e) { - startTime = Instant.now(); - } - } - - Instant endTime = null; - String endTimeParam = request.param("endTime"); - if (endTimeParam != null && !endTimeParam.isEmpty()) { - try { - endTime = Instant.ofEpochMilli(Long.parseLong(endTimeParam)); - } catch (NumberFormatException | NullPointerException | DateTimeException e) { - endTime = Instant.now(); - } - } - - Table table = new Table( - sortOrder, - sortString, - missing, - size, - startIndex, - searchString - ); - - GetAlertsRequest req = new GetAlertsRequest( - detectorId, - detectorType, - table, - severityLevel, - alertState, - startTime, - endTime - ); - - return channel -> client.execute( - GetAlertsAction.INSTANCE, - req, - new RestToXContentListener<>(channel) - ); - } - - @Override - public List routes() { - return singletonList(new Route(GET, SecurityAnalyticsPlugin.ALERTS_BASE_URI)); - } - -} diff --git a/src/test/java/org/opensearch/securityanalytics/threatIntel/iocscan/dao/IocFindingServiceRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/threatIntel/iocscan/dao/IocFindingServiceRestApiIT.java index 6c699b94e..79548fd48 100644 --- a/src/test/java/org/opensearch/securityanalytics/threatIntel/iocscan/dao/IocFindingServiceRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/threatIntel/iocscan/dao/IocFindingServiceRestApiIT.java @@ -10,17 +10,12 @@ import org.opensearch.securityanalytics.SecurityAnalyticsRestTestCase; import org.opensearch.securityanalytics.model.threatintel.IocFinding; import org.opensearch.securityanalytics.model.threatintel.IocWithFeeds; -import org.opensearch.test.OpenSearchTestCase; import java.io.IOException; import java.time.Instant; import java.util.ArrayList; import java.util.List; import java.util.Map; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicBoolean; - -import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.*; public class IocFindingServiceRestApiIT extends SecurityAnalyticsRestTestCase { @@ -56,67 +51,67 @@ public void testGetIocFindingsWithIocIdFilter() throws IOException { Map responseAsMap = responseAsMap(response); Assert.assertEquals(1, ((List>) responseAsMap.get("ioc_findings")).size()); } - - public void testGetIocFindingsRolloverByMaxDocs() throws IOException, InterruptedException { - updateClusterSetting(IOC_FINDING_HISTORY_ROLLOVER_PERIOD.getKey(), "1s"); - updateClusterSetting(IOC_FINDING_HISTORY_MAX_DOCS.getKey(), "1"); - makeRequest(client(), "GET", SecurityAnalyticsPlugin.THREAT_INTEL_BASE_URI + "/findings/_search?startIndex=1&size=5", - Map.of(), null); - List iocFindings = generateIocMatches(5); - for (IocFinding iocFinding: iocFindings) { - makeRequest(client(), "POST", IocFindingService.IOC_FINDING_ALIAS_NAME + "/_doc?refresh", Map.of(), - toHttpEntity(iocFinding)); - } - - AtomicBoolean found = new AtomicBoolean(false); - OpenSearchTestCase.waitUntil(() -> { - try { - found.set(getIocFindingIndices().size() == 2); - return found.get(); - } catch (IOException e) { - return false; - } - }, 30000, TimeUnit.SECONDS); - Assert.assertTrue(found.get()); - } - - public void testGetIocFindingsRolloverByMaxAge() throws IOException, InterruptedException { - updateClusterSetting(IOC_FINDING_HISTORY_ROLLOVER_PERIOD.getKey(), "1s"); - updateClusterSetting(IOC_FINDING_HISTORY_MAX_DOCS.getKey(), "1000"); - updateClusterSetting(IOC_FINDING_HISTORY_INDEX_MAX_AGE.getKey(), "1s"); - makeRequest(client(), "GET", SecurityAnalyticsPlugin.THREAT_INTEL_BASE_URI + "/findings/_search?startIndex=1&size=5", - Map.of(), null); - List iocFindings = generateIocMatches(5); - for (IocFinding iocFinding: iocFindings) { - makeRequest(client(), "POST", IocFindingService.IOC_FINDING_ALIAS_NAME + "/_doc?refresh", Map.of(), - toHttpEntity(iocFinding)); - } - - AtomicBoolean found = new AtomicBoolean(false); - OpenSearchTestCase.waitUntil(() -> { - try { - found.set(getIocFindingIndices().size() == 2); - return found.get(); - } catch (IOException e) { - return false; - } - }, 30000, TimeUnit.SECONDS); - Assert.assertTrue(found.get()); - - updateClusterSetting(IOC_FINDING_HISTORY_INDEX_MAX_AGE.getKey(), "1000s"); - updateClusterSetting(IOC_FINDING_HISTORY_RETENTION_PERIOD.getKey(), "1s"); - - AtomicBoolean retFound = new AtomicBoolean(false); - OpenSearchTestCase.waitUntil(() -> { - try { - retFound.set(getIocFindingIndices().size() == 1); - return retFound.get(); - } catch (IOException e) { - return false; - } - }, 30000, TimeUnit.SECONDS); - Assert.assertTrue(retFound.get()); - } +// +// public void testGetIocFindingsRolloverByMaxDocs() throws IOException, InterruptedException { +// updateClusterSetting(IOC_FINDING_HISTORY_ROLLOVER_PERIOD.getKey(), "1s"); +// updateClusterSetting(IOC_FINDING_HISTORY_MAX_DOCS.getKey(), "1"); +// makeRequest(client(), "GET", SecurityAnalyticsPlugin.THREAT_INTEL_BASE_URI + "/findings/_search?startIndex=1&size=5", +// Map.of(), null); +// List iocFindings = generateIocMatches(5); +// for (IocFinding iocFinding: iocFindings) { +// makeRequest(client(), "POST", IocFindingService.IOC_FINDING_ALIAS_NAME + "/_doc?refresh", Map.of(), +// toHttpEntity(iocFinding)); +// } +// +// AtomicBoolean found = new AtomicBoolean(false); +// OpenSearchTestCase.waitUntil(() -> { +// try { +// found.set(getIocFindingIndices().size() == 2); +// return found.get(); +// } catch (IOException e) { +// return false; +// } +// }, 30000, TimeUnit.SECONDS); +// Assert.assertTrue(found.get()); +// } +// +// public void testGetIocFindingsRolloverByMaxAge() throws IOException, InterruptedException { +// updateClusterSetting(IOC_FINDING_HISTORY_ROLLOVER_PERIOD.getKey(), "1s"); +// updateClusterSetting(IOC_FINDING_HISTORY_MAX_DOCS.getKey(), "1000"); +// updateClusterSetting(IOC_FINDING_HISTORY_INDEX_MAX_AGE.getKey(), "1s"); +// makeRequest(client(), "GET", SecurityAnalyticsPlugin.THREAT_INTEL_BASE_URI + "/findings/_search?startIndex=1&size=5", +// Map.of(), null); +// List iocFindings = generateIocMatches(5); +// for (IocFinding iocFinding: iocFindings) { +// makeRequest(client(), "POST", IocFindingService.IOC_FINDING_ALIAS_NAME + "/_doc?refresh", Map.of(), +// toHttpEntity(iocFinding)); +// } +// +// AtomicBoolean found = new AtomicBoolean(false); +// OpenSearchTestCase.waitUntil(() -> { +// try { +// found.set(getIocFindingIndices().size() == 2); +// return found.get(); +// } catch (IOException e) { +// return false; +// } +// }, 30000, TimeUnit.SECONDS); +// Assert.assertTrue(found.get()); +// +// updateClusterSetting(IOC_FINDING_HISTORY_INDEX_MAX_AGE.getKey(), "1000s"); +// updateClusterSetting(IOC_FINDING_HISTORY_RETENTION_PERIOD.getKey(), "1s"); +// +// AtomicBoolean retFound = new AtomicBoolean(false); +// OpenSearchTestCase.waitUntil(() -> { +// try { +// retFound.set(getIocFindingIndices().size() == 1); +// return retFound.get(); +// } catch (IOException e) { +// return false; +// } +// }, 30000, TimeUnit.SECONDS); +// Assert.assertTrue(retFound.get()); +// } private List generateIocMatches(int i) { List iocFindings = new ArrayList<>();