IT Integratord: Add new test integratord alerts messages

CHANGELOG.md

@@ -7,6 +7,9 @@ All notable changes to this project will be documented in this file.
 Wazuh commit: TBD \
 Release report: TBD
 
+## Added
+- Add Integratord IT - new test_integratord suite ([#3125](https:/wazuh/wazuh-qa/pull/3125)) \- (Framework + Tests)
+
 ### Changed
 
 - Increase framework version of jq and pytest in the requirements file to support python3.10 ([#3107](https:/wazuh/wazuh-qa/pull/3108)) \- (Framework)
@@ -16,8 +19,7 @@ Release report: TBD
 Wazuh commit: https:/wazuh/wazuh/commit/be15851b8ead7512d9cd4ef1ee18b3b953173211 \
 Release report: https:/wazuh/wazuh/issues/14188
 
-### Added
-
+## Added
 - Add Remoted IT - test_multi_groups ([#3060](https:/wazuh/wazuh-qa/pull/3060)) \- (Framework + Tests)
 
 ### Fixed

deps/wazuh_testing/wazuh_testing/__init__.py

@@ -22,7 +22,7 @@ def is_tcp(protocol):
 
 
 def is_tcp_udp(protocol):
- _protocol = protocol.replace(' ','').upper().split(',')
+ _protocol = protocol.replace(' ', '').upper().split(',')
  _protocol.sort()
  return ','.join(_protocol) == TCP_UDP
 
@@ -43,6 +43,7 @@ def __init__(self):
  self._gcp_configuration_file = None
  self._gcp_credentials = None
  self._fim_mode = []
+ self._integration_api_key = None
 
  @property
  def default_timeout(self):
@@ -242,6 +243,24 @@ def fim_mode(self, value):
  """
  self._fim_mode = value
 
+ @property
+ def integration_api_key(self):
+ """Getter method for the `integration_api_key` property
+
+ Returns:
+ string: api key value to be used by integratord tests
+ """
+ return self._integration_api_key
+
+ @integration_api_key.setter
+ def integration_api_key(self, value):
+ """Setter method for the `integration_api_key` property
+
+ Args:
+ value (str): New value for the `integration_api_key`.
+ """
+ self._integration_api_key = value
+
 
 global_parameters = Parameters()
 logger = logging.getLogger('wazuh_testing')

deps/wazuh_testing/wazuh_testing/modules/integratord/__init__.py

@@ -0,0 +1,31 @@
+'''
+copyright: Copyright (C) 2015-2022, Wazuh Inc.
+ Created by Wazuh, Inc. <[email protected]>.
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+
+# Variables
+INTEGRATORD_PREFIX = 'wazuh-integratord'
+
+# Callback Messages
+CB_VIRUSTOTAL_ENABLED = r".*wazuh-integratord.*Enabling integration for: 'virustotal'.*"
+CB_INTEGRATORD_SENDING_ALERT = r'.*wazuh-integratord.*DEBUG: sending new alert'
+CB_PROCESSING_ALERT = r'.*wazuh-integratord.*Processing alert.*'
+CB_INTEGRATORD_THREAD_READY = r'.*wazuh-integratord.*DEBUG: Local requests thread ready'
+CB_VIRUSTOTAL_ALERT = r'.*wazuh-integratord.*alert_id.*\"integration\": \"virustotal\".*'
+CB_VIRUSTOTAL_ALERT_JSON = r'.*VirusTotal: Alert.*\"integration\":\"virustotal\".*'
+CB_INVALID_JSON_ALERT_READ = r'.*wazuh-integratord.*WARNING: Invalid JSON alert read.*'
+CB_OVERLONG_JSON_ALERT_READ = r'.*wazuh-integratord.*WARNING: Overlong JSON alert read.*'
+CB_ALERTS_FILE_INODE_CHANGED = r'.*wazuh-integratord.*DEBUG: jqueue_next.*Alert file inode changed.*'
+CB_CANNOT_RETRIEVE_JSON_FILE = r'.*wazuh-integratord.*ERROR.*Could not retrieve information of file.*'\
+ r'alerts\.json.*No such file.*'
+
+# Error messages
+ERR_MSG_VIRUST_TOTAL_ENABLED_NOT_FOUND = r'Did not recieve the expected "Enabling integration for virustotal"'
+ERR_MSG_VIRUSTOTAL_ALERT_NOT_DETECTED = r'Did not recieve the expected VirusTotal alert in alerts.json'
+ERR_MSG_INVALID_ALERT_NOT_FOUND = r'Did not recieve the expected "...Invalid JSON alert read..." event'
+ERR_MSG_OVERLONG_ALERT_NOT_FOUND = r'Did not recieve the expected "...Overlong JSON alert read..." event'
+ERR_MSG_ALERT_INODE_CHANGED_NOT_FOUND = r'Did not recieve the expected "...Alert file inode changed..." event'
+ERR_MSG_CANNOT_RETRIEVE_MSG_NOT_FOUND = r'Did not recieve the expected "...Could not retrieve information/open file"'
+ERR_MSG_SENDING_ALERT_NOT_FOUND = r'Did not recieve the expected "...sending new alert" event'
+ERR_MSG_PROCESSING_ALERT_NOT_FOUND = r'Did not recieve the expected "...Procesing alert" event'

deps/wazuh_testing/wazuh_testing/modules/integratord/event_monitor.py

@@ -0,0 +1,27 @@
+'''
+copyright: Copyright (C) 2015-2022, Wazuh Inc.
+ Created by Wazuh, Inc. <[email protected]>.
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+
+from wazuh_testing.tools import LOG_FILE_PATH
+from wazuh_testing.tools.monitoring import FileMonitor
+
+
+def check_integratord_event(file_monitor=None, callback='', error_message=None, update_position=True,
+ timeout=30, accum_results=1, file_to_monitor=LOG_FILE_PATH):
+ """Check if an event occurs
+ Args:
+ file_monitor (FileMonitor): FileMonitor object to monitor the file content.
+ callback (str): log regex to check in Wazuh log
+ error_message (str): error message to show in case of expected event does not occur
+ update_position (boolean): filter configuration parameter to search in Wazuh log
+ timeout (str): timeout to check the event in Wazuh log
+ accum_results (int): Accumulation of matches.
+ """
+ file_monitor = FileMonitor(file_to_monitor) if file_monitor is None else file_monitor
+ error_message = f"Could not find this event in {file_to_monitor}: {callback}" if error_message is None else \
+ error_message
+
+ file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
+ callback=callback, error_message=error_message)

deps/wazuh_testing/wazuh_testing/tools/configuration.py

@@ -13,6 +13,7 @@
 import yaml
 from wazuh_testing import global_parameters, logger
 from wazuh_testing.tools import WAZUH_PATH, GEN_OSSEC, WAZUH_CONF, PREFIX, WAZUH_LOCAL_INTERNAL_OPTIONS
+from wazuh_testing.tools.file import read_yaml
 from wazuh_testing import global_parameters, logger
 from wazuh_testing.tools import file
 
@@ -645,18 +646,40 @@ def set_local_internal_options_dict(dict_local_internal_options):
  local_internal_option_file.write(local_internal_configuration_string)
 
 
-def get_test_cases_data(data_file_path):
- """Load a test case template file and get its data.
+def load_configuration_template(data_file_path, configuration_parameters=[], configuration_metadata=[]):
+ """Load different configurations of Wazuh from a YAML file.
+ Args:
+ data_file_path (str): Full path of the YAML file to be loaded.
+ configuration_parameters (list(dict)) : List of dicts where each dict represents a replacement.
+ configuration_metadata (list(dict)): Custom metadata to be inserted in the configuration.
+ Returns:
+ list(dict): List containing wazuh configurations in dictionary form.
+ Raises:
+ ValueError: If the length of `params` and `metadata` are not equal.
+ """
+ if len(configuration_parameters) != len(configuration_metadata):
+ raise ValueError(f"configuration_parameters and configuration_metadata should have the same data length "
+ f"{len(configuration_parameters)} != {len(configuration_metadata)}")
 
- Template example file: tests/integration/test_remoted/test_multi_groups/data/test_cases/case_file_actions.yaml
+ configuration = read_yaml(data_file_path)
 
+ if sys.platform == 'darwin':
+ configuration = set_correct_prefix([configuration], PREFIX)
+
+ return [process_configuration(configuration[0], placeholders=replacement, metadata=meta)
+ for replacement, meta in zip(configuration_parameters, configuration_metadata)]
+
+
+def get_test_cases_data(data_file_path):
+ """Load a test case template file and get its data.
+ Template example file: tests/integration/vulnerability_detector/test_providers/data/test_cases/test_enabled.yaml
  Args:
  data_file_path (str): Test case template file path.
-
  Returns:
  (list(dict), list(dict), list(str)): Configurations, metadata and test case names.
  """
- test_cases_data = file.read_yaml(data_file_path)
+ test_cases_data = read_yaml(data_file_path)
+
  configuration_parameters = []
  configuration_metadata = []
  test_cases_ids = []

deps/wazuh_testing/wazuh_testing/tools/local_actions.py

@@ -0,0 +1,54 @@
+'''
+copyright: Copyright (C) 2015-2022, Wazuh Inc.
+ Created by Wazuh, Inc. <[email protected]>.
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+import subprocess
+import sys
+
+from wazuh_testing.qa_ctl import QACTL_LOGGER
+from wazuh_testing.tools.logging import Logging
+from wazuh_testing.tools.exceptions import QAValueError
+
+LOGGER = Logging.get_logger(QACTL_LOGGER)
+
+
+def run_local_command_printing_output(command):
+ """Run local commands printing the output in the stdout. In addition, it is validate the result code.
+
+ Args:
+ command (string): Command to run.
+
+ Raises:
+ QAValueError: If the run command has failed (rc != 0).
+ """
+ if sys.platform == 'win32':
+ run = subprocess.Popen(command, shell=True)
+ else:
+ run = subprocess.Popen(['/bin/bash', '-c', command])
+
+ # Wait for the process to finish
+ run.communicate()
+
+ result_code = run.returncode
+
+ if result_code != 0:
+ raise QAValueError(f"The command {command} returned {result_code} as result code.", LOGGER.error,
+ QACTL_LOGGER)
+
+
+def run_local_command_returning_output(command):
+ """Run local commands catching and returning the stdout in a variable. Nothing is displayed on the stdout.
+
+ Args:
+ command (string): Command to run.
+
+ Returns:
+ str: Command output.
+ """
+ if sys.platform == 'win32':
+ run = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE)
+ else:
+ run = subprocess.Popen(['/bin/bash', '-c', command], stdout=subprocess.PIPE)
+
+ return run.stdout.read().decode()

tests/integration/conftest.py

@@ -88,6 +88,28 @@ def restart_wazuh(get_configuration, request):
  control_service('start')
 
 
+@pytest.fixture(scope='function')
+def restart_wazuh_function(daemons=None):
+ """Restarts before starting a test, and stop it after finishing.
+ Args:
+ daemons(List): List of wazuh daemons that need to be restarted. Default restarts al daemons.
+ """
+ control_service('restart', daemons)
+ yield
+ control_service('stop', daemons)
+
+
+@pytest.fixture(scope='module')
+def restart_wazuh_module(daemons=None):
+ """Restarts before starting a test, and stop it after finishing.
+ Args:
+ daemons(List): List of wazuh daemons that need to be restarted. Default restarts al daemons.
+ """
+ control_service('restart', daemons)
+ yield
+ control_service('stop', daemons)
+
+
 @pytest.fixture(scope='module')
 def reset_ossec_log(get_configuration, request):
  # Reset ossec.log and start a new monitor
@@ -222,6 +244,14 @@ def pytest_addoption(parser):
  type=str,
  help="run tests using a specific WPK package path"
  )
+ parser.addoption(
+ "--integration_api_key",
+ action="store",
+ metavar="integration_api_key",
+ default=None,
+ type=str,
+ help="pass api key required for integratord tests."
+ )
 
 
 def pytest_configure(config):
@@ -276,6 +306,11 @@ def pytest_configure(config):
  mode = ["scheduled", "whodata", "realtime"]
  global_parameters.fim_mode = mode
 
+ # Set integration_api_key if it is passed through command line args
+ integration_api_key = config.getoption("--integration_api_key")
+ if integration_api_key:
+ global_parameters.integration_api_key = integration_api_key
+
  # Set WPK package version
  global_parameters.wpk_version = config.getoption("--wpk_version")
 
@@ -731,6 +766,7 @@ def create_file_structure_function(get_files_list):
 
  delete_file_structure(get_files_list)
 
+
 @pytest.fixture(scope='module')
 def daemons_handler(get_configuration, request):
  """Handler of Wazuh daemons.
@@ -850,3 +886,56 @@ def configure_local_internal_options_module(request):
 
  logger.debug(f"Restore local_internal_option to {str(backup_local_internal_options)}")
  conf.set_local_internal_options_dict(backup_local_internal_options)
+
+
+@pytest.fixture(scope='function')
+def truncate_monitored_files():
+ """Truncate all the log files and json alerts files before and after the test execution"""
+ log_files = [LOG_FILE_PATH, ALERT_FILE_PATH]
+
+ for log_file in log_files:
+ truncate_file(log_file)
+
+ yield
+
+ for log_file in log_files:
+ truncate_file(log_file)
+
+
+@pytest.fixture(scope='module')
+def truncate_monitored_files_module():
+ """Truncate all the log files and json alerts files before and after the test execution"""
+ log_files = [LOG_FILE_PATH, ALERT_FILE_PATH]
+
+ for log_file in log_files:
+ truncate_file(log_file)
+
+ yield
+
+ for log_file in log_files:
+ truncate_file(log_file)
+
+
+@pytest.fixture(scope='function')
+def set_wazuh_configuration(configuration):
+ """Set wazuh configuration
+
+ Args:
+ configuration (dict): Configuration template data to write in the ossec.conf
+ """
+ # Save current configuration
+ backup_config = conf.get_wazuh_conf()
+
+ # Configuration for testing
+ test_config = conf.set_section_wazuh_conf(configuration.get('sections'))
+
+ # Set new configuration
+ conf.write_wazuh_conf(test_config)
+
+ # Set current configuration
+ global_parameters.current_configuration = configuration
+
+ yield
+
+ # Restore previous configuration
+ conf.write_wazuh_conf(backup_config)

tests/integration/test_integratord/conftest.py

@@ -0,0 +1,22 @@
+'''
+copyright: Copyright (C) 2015-2022, Wazuh Inc.
+ Created by Wazuh, Inc. <[email protected]>.
+ This program is free software; you can redistribute it and/or modify it under the terms of GPLv2
+'''
+
+
+import pytest
+
+from wazuh_testing.tools import LOG_FILE_PATH
+from wazuh_testing.tools.monitoring import FileMonitor, callback_generator
+from wazuh_testing.modules import integratord as integrator
+from wazuh_testing.modules.integratord.event_monitor import check_integratord_event
+
+
+@pytest.fixture(scope='function')
+def wait_for_start_module(request):
+ # Wait for integratord thread to start
+ file_monitor = FileMonitor(LOG_FILE_PATH)
+ check_integratord_event(file_monitor=file_monitor, timeout=20,
+ callback=callback_generator(integrator.CB_INTEGRATORD_THREAD_READY),
+ error_message=integrator.ERR_MSG_VIRUST_TOTAL_ENABLED_NOT_FOUND)