1-- siem_test.lua
2-- Runs unit tests against the severity filtering code from severity.lua
3-- requires 2 arguments
4-- 1. a path to the test library: e.g.: /Users/ur1337/edge-infra/third_party/lua/simple_test/src
5-- 2. a path to the test target dir: e.g.: /Users/ur1337/edge-infra/pkg/edge/logging/fluentbit
6
7local test_library = arg[1] .. "/?.lua"
8local target_dir = arg[2] .. "/?.lua"
9local test_data = arg[2] .. "/testdata"
10
11-- the test library and target directory need to be added to package.path so we can 'require' them
12package.path = package.path .. ";" .. test_library .. ";" .. target_dir .. ";" .. test_data
13
14local test = require("simple_test.init")
15local siem = require("siem")
16
17local siem_config_test = {
18 ["namespace"] = "redpanda",
19 ["pod"] = "redpanda",
20 ["container"] = "redpanda",
21 ["version"] = "test-version",
22 ["type1"] = "audit",
23 ["type2"] = "security",
24 ["class"] = "redpanda",
25}
26
27-- config maps where pod doesn't exist; container exists; neither exist
28
29local edge_siem_config_map_test_cases = {
30 -- These tests are for reading a file and using json.decode
31 -- to properly make use of the data in a file
32 {
33 description = "should populate the edge_siem_configs table for one log type",
34 input = test_data .. "/siem/static-full.data",
35 assert_func = function(t,result) t.not_equal(next(result), nil) end
36 },
37 {
38 description = "edge_siem_configs file not existing",
39 input = test_data .. "/file_does_not_exist",
40 assert_func = function(t,result) t.equal(next(result), nil) end
41 },
42 {
43 description = "empty edge_siem_configs file",
44 input = test_data .. "/siem/empty.data",
45 assert_func = function(t,result) t.equal(next(result), nil) end
46 },
47 {
48 description = "test reading namespace from edge_siem_configs",
49 input = test_data .. "/siem/static-full.data",
50 assert_func = function(t,result)
51 for i, item in ipairs(result) do
52 if i == 1 then
53 t.equal(item.namespace, "fim")
54 elseif i == 2 then
55 t.equal(item.namespace, "data-sync-couchdb")
56 end
57
58 end
59 end
60 },
61 {
62 description = "test reading pod from edge_siem_configs",
63 input = test_data .. "/siem/static-full.data",
64 assert_func = function(t,result)
65 for i, item in ipairs(result) do
66 if i == 1 then
67 t.equal(item.pod, "samhaim")
68 elseif i == 2 then
69 t.equal(item.pod, "data-sync-couchdb")
70 end
71
72 end
73 end
74 },
75 {
76 description = "test reading container from edge_siem_configs",
77 input = test_data .. "/siem/static-full.data",
78 assert_func = function(t,result)
79 for i, item in ipairs(result) do
80 if i == 1 then
81 t.equal(item.container, "alpine-fim")
82 elseif i == 2 then
83 t.equal(item.container, "couchdb")
84 end
85
86 end
87 end
88 },
89 {
90 description = "test reading log_class from edge_siem_configs",
91 input = test_data .. "/siem/static-full.data",
92 assert_func = function(t,result)
93 for i, item in ipairs(result) do
94 if i == 1 then
95 t.equal(item.log_class, "audit")
96 elseif i == 2 then
97 t.equal(item.log_class, "security")
98 end
99
100 end
101 end
102 },
103 {
104 description = "test reading log_type from edge_siem_configs",
105 input = test_data .. "/siem/static-full.data",
106 assert_func = function(t,result)
107 for i, item in ipairs(result) do
108 if i == 1 then
109 t.equal(item.log_type, "alpine-fim")
110 elseif i == 2 then
111 t.equal(item.log_type, "couchdb")
112 end
113
114 end
115 end
116 },
117}
118
119local third_party_siem_config_map_test_cases = {
120 -- These tests are for reading a file and using json.decode
121 -- to properly make use of the data in a file
122 {
123 description = "should populate the third_party_siem_configs table for one log type",
124 input = test_data .. "/siem/workload-full.data",
125 assert_func = function(t,result) t.not_equal(next(result), nil) end
126 },
127 {
128 description = "third_party_siem_configs file not existing",
129 input = test_data .. "/file_does_not_exist",
130 assert_func = function(t,result) t.equal(next(result), nil) end
131 },
132 {
133 description = "empty third_party_siem_configs file",
134 input = test_data .. "/siem/empty.data",
135 assert_func = function(t,result) t.equal(next(result), nil) end
136 },
137 {
138 description = "test reading label from workload-full.data",
139 input = test_data .. "/siem/workload-full.data",
140 assert_func = function(t,result)
141 for i, item in ipairs(result) do
142 if i == 1 then
143 t.equal(item.helm_edge_ID, "68f1e7b3-0609-4b20-a9b6-6d365bed3801")
144 elseif i == 2 then
145 t.equal(item.helm_edge_ID, "68f1e7b3-0609-4b20-a9b6-6d365bed3802")
146 elseif i == 3 then
147 t.equal(item.helm_edge_ID, "68f1e7b3-0609-4b20-a9b6-6d365bed3803")
148 end
149 end
150 end
151 },
152 {
153 description = "test reading pod from workload-full.data",
154 input = test_data .. "/siem/workload-full.data",
155 assert_func = function(t,result)
156 for i, item in ipairs(result) do
157 if i == 1 then
158 t.equal(item.pod, "samhaim")
159 elseif i == 2 then
160 t.equal(item.pod, "data-sync-couchdb")
161 elseif i == 3 then
162 t.equal(item.pod, "authserver")
163 end
164 end
165 end
166 },
167 {
168 description = "test reading container from workload-full.data",
169 input = test_data .. "/siem/workload-full.data",
170 assert_func = function(t,result)
171 for i, item in ipairs(result) do
172 if i == 1 then
173 t.equal(item.container, "alpine-fim")
174 elseif i == 2 then
175 t.equal(item.container, "couchdb")
176 elseif i == 3 then
177 t.equal(item.container, "authserver")
178 end
179 end
180 end
181 },
182 {
183 description = "test reading log_class from workload-full.data",
184 input = test_data .. "/siem/workload-full.data",
185 assert_func = function(t,result)
186 for i, item in ipairs(result) do
187 if i == 1 then
188 t.equal(item.log_class, "audit")
189 elseif i == 2 then
190 t.equal(item.log_class, "security")
191 elseif i == 3 then
192 t.equal(item.log_class, "security")
193 end
194 end
195 end
196 },
197 {
198 description = "test reading log_type from workload-full.data",
199 input = test_data .. "/siem/workload-full.data",
200 assert_func = function(t,result)
201 for i, item in ipairs(result) do
202 if i == 1 then
203 t.equal(item.log_type, "alpine-fim")
204 elseif i == 2 then
205 t.equal(item.log_type, "couchdb")
206 elseif i == 3 then
207 t.equal(item.log_type, "authserver")
208 end
209 end
210 end
211 },
212 {
213 description = "test reading pattern from workload-full.data",
214 input = test_data .. "/siem/workload-full.data",
215 assert_func = function(t,result)
216 for i, item in ipairs(result) do
217 if i == 1 then
218 t.equal(item.pattern, "xyz")
219 elseif i == 2 then
220 t.equal(item.pattern, "123")
221 elseif i == 3 then
222 t.equal(item.pattern, "")
223 end
224 end
225 end
226 },
227}
228
229local add_siem_record_test_cases_static= {
230 {
231 description = "check for log_class == security",
232 input = test_data .. "/siem/static-full.data",
233 record = {
234 ["kubernetes"] = {
235 ["container_name"] = "couchdb",
236 ["namespace_name"] = "data-sync-couchdb",
237 ["pod_name"] = "data-sync-couchdb-0",
238 },
239 ["message"] = "abc123def456",
240 ["severity"] = "INFO"
241 },
242 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
243 assert_func = function(t,result,bool)
244 t.equal(result["log_class"], "security")
245 t.equal(bool, true)
246 end
247 },
248 {
249 description = "check for log_class == audit",
250 input = test_data .. "/siem/static-full.data",
251 record = {
252 ["kubernetes"] = {
253 ["container_name"] = "alpine-fim",
254 ["namespace_name"] = "fim",
255 ["pod_name"] = "samhaim",
256 },
257 ["message"] = "abc123defrdj",
258 ["severity"] = "INFO"
259 },
260 tag = "k8s_container.fim_samhaim_alpine-fim",
261 assert_func = function(t,result,bool)
262 t.equal(result["log_class"], "audit")
263 t.equal(bool, true)
264 end
265 },
266 {
267 description = "check for log_type",
268 input = test_data .. "/siem/static-full.data",
269 record = {
270 ["kubernetes"] = {
271 ["container_name"] = "couchdb",
272 ["namespace_name"] = "data-sync-couchdb",
273 ["pod_name"] = "data-sync-couchdb-0",
274 },
275 ["message"] = "abc123def456",
276 ["severity"] = "INFO"
277 },
278 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
279 assert_func = function(t,result,bool)
280 t.equal(result["log_type"], "couchdb")
281 t.equal(bool, true)
282 end
283 },
284 {
285 description = "check for no changes to record",
286 input = test_data .. "/siem/static-full.data",
287 record = {
288 ["kubernetes"] = {
289 ["container_name"] = "couchdb",
290 ["namespace_name"] = "data-sync-couchdb",
291 },
292 ["message"] = "abc123def456",
293 ["severity"] = "INFO"
294 },
295 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_incorrect-conntainer-name",
296 assert_func = function(t,result,bool)
297 t.equal(result["log_type"], nil)
298 t.equal(bool, false)
299 end
300 },
301 {
302 description = "linkerd init container; log_class == security",
303 input = test_data .. "/siem/static-full.data",
304 record = {
305 ["kubernetes"] = {
306 ["container_name"] = "linkerd-init",
307 ["namespace_name"] = "data-sync-couchdb",
308 ["pod_name"] = "data-sync-couchdb-0",
309 },
310 ["message"] = "abc123def456",
311 ["severity"] = "INFO"
312 },
313 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
314 assert_func = function(t,result,bool)
315 t.equal(result["log_class"], "security")
316 t.equal(bool, true)
317 end
318 },
319 {
320 description = "linkerd proxy container; log_class == security",
321 input = test_data .. "/siem/static-full.data",
322 record = {
323 ["kubernetes"] = {
324 ["container_name"] = "linkerd-proxy",
325 ["namespace_name"] = "data-sync-couchdb",
326 ["pod_name"] = "data-sync-couchdb-0",
327 },
328 ["message"] = "abc123def456",
329 ["severity"] = "INFO"
330 },
331 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
332 assert_func = function(t,result,bool)
333 t.equal(result["log_class"], "security")
334 t.equal(bool, true)
335 end
336 },
337}
338
339local add_siem_record_test_cases_dynamic = {
340 {
341 description = "check for workloadEdgeID: 68f1e7b3-0609-4b20-a9b6-6d365bed3801",
342 input = test_data .. "/siem/workload-full.data",
343 record = {
344 ["kubernetes"] = {
345 ["namespace"] = {
346 ["name"] = "your-namespace",
347 ["labels"] = {
348 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3801",
349 }
350 }
351 },
352 ["message"] = "abcxyzdef456",
353 ["severity"] = "INFO"
354 },
355 tag = "k8s_container.fim_samhaim_alpine-fim",
356 assert_func = function(t,result,bool)
357 t.equal(result["log_type"], "alpine-fim")
358 t.equal(bool, true)
359 end
360 },
361 {
362 description = "check for workloadEdgeID: 68f1e7b3-0609-4b20-a9b6-6d365bed3802",
363 input = test_data .. "/siem/workload-full.data",
364 record = {
365 ["kubernetes"] = {
366 ["namespace"] = {
367 ["name"] = "your-namespace",
368 ["labels"] = {
369 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3802",
370 }
371 }
372 },
373 ["message"] = "abc123def456",
374 ["severity"] = "INFO"
375 },
376 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
377 assert_func = function(t,result,bool)
378 t.equal(result["log_type"], "couchdb")
379 t.equal(bool, true)
380 end
381 },
382 {
383 description = "check for workloadEdgeID: 68f1e7b3-0609-4b20-a9b6-6d365bed3803",
384 input = test_data .. "/siem/workload-full.data",
385 record = {
386 ["kubernetes"] = {
387 ["namespace"] = {
388 ["name"] = "your-namespace",
389 ["labels"] = {
390 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3803",
391 }
392 }
393 },
394 ["severity"] = "INFO"
395 },
396 tag = "k8s_container.authserver_authserver_authserver",
397 assert_func = function(t,result,bool)
398 t.equal(result["log_type"], "authserver")
399 t.equal(bool, true)
400 end
401 },
402 {
403 description = "check for workloadEdgeID: no label found",
404 input = test_data .. "/siem/workload-full.data",
405 record = {
406 ["kubernetes"] = {
407 ["namespace"] = {
408 ["labels"] = {
409 }
410 }
411 },
412 ["message"] = "abcxyzdef456",
413 ["severity"] = "INFO"
414 },
415 tag = "k8s_container.fim_samhaim_alpine-fim",
416 assert_func = function(t,result,bool)
417 t.equal(result["log_type"], nil)
418 t.equal(bool, false)
419 end
420 },
421 {
422 description = "check for simple pattern: 123 in record['message'] AND right level",
423 input = test_data .. "/siem/workload-full.data",
424 record = {
425 ["kubernetes"] = {
426 ["namespace"] = {
427 ["name"] = "your-namespace",
428 ["labels"] = {
429 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3802",
430 }
431 }
432 },
433 ["message"] = "abc123def456",
434 ["severity"] = "INFO"
435 },
436 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
437 assert_func = function(t,result,bool)
438 t.equal(result["log_type"], "couchdb")
439 t.equal(bool, true)
440 end
441 },
442 {
443 description = "check for simple pattern: 123 in record['message'] AND right level in range",
444 input = test_data .. "/siem/workload-full.data",
445 record = {
446 ["kubernetes"] = {
447 ["namespace"] = {
448 ["name"] = "your-namespace",
449 ["labels"] = {
450 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3802",
451 }
452 }
453 },
454 ["message"] = "abc123def456",
455 ["severity"] = "ERROR"
456 },
457 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
458 assert_func = function(t,result,bool)
459 t.equal(result["log_type"], "couchdb")
460 t.equal(bool, true)
461 end
462 },
463 {
464 description = "check for simple pattern: 123 in record['message'] AND wrong level",
465 input = test_data .. "/siem/workload-full.data",
466 record = {
467 ["kubernetes"] = {
468 ["namespace"] = {
469 ["name"] = "your-namespace",
470 ["labels"] = {
471 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3802",
472 }
473 }
474 },
475 ["message"] = "abc123def456",
476 ["severity"] = "DEBUG"
477 },
478 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
479 assert_func = function(t,result,bool)
480 t.equal(result["log_type"], nil)
481 t.equal(bool, false)
482 end
483 },
484 {
485 description = "check for simple pattern: xyz in record['message'] AND right level",
486 input = test_data .. "/siem/workload-full.data",
487 record = {
488 ["kubernetes"] = {
489 ["namespace"] = {
490 ["name"] = "your-namespace",
491 ["labels"] = {
492 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3801",
493 }
494 }
495 },
496 ["message"] = "abcxyzdef456",
497 ["severity"] = "INFO"
498 },
499 tag = "k8s_container.fim_samhaim_alpine-fim",
500 assert_func = function(t,result,bool)
501 t.equal(result["log_type"], "alpine-fim")
502 t.equal(bool, true)
503 end
504 },
505 {
506 description = "check for simple pattern: xyz in record['message'] AND right level in range",
507 input = test_data .. "/siem/workload-full.data",
508 record = {
509 ["kubernetes"] = {
510 ["namespace"] = {
511 ["name"] = "your-namespace",
512 ["labels"] = {
513 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3801",
514 }
515 }
516 },
517 ["message"] = "abcxyzdef456",
518 ["severity"] = "CRITICAL"
519 },
520 tag = "k8s_container.fim_samhaim_alpine-fim",
521 assert_func = function(t,result,bool)
522 t.equal(result["log_type"], "alpine-fim")
523 t.equal(bool, true)
524 end
525 },
526 {
527 description = "check for simple pattern: xyz in record['message'] AND wrong level",
528 input = test_data .. "/siem/workload-full.data",
529 record = {
530 ["kubernetes"] = {
531 ["namespace"] = {
532 ["name"] = "your-namespace",
533 ["labels"] = {
534 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3801",
535 }
536 }
537 },
538 ["message"] = "abcxyzdef456",
539 ["severity"] = "DEBUG"
540 },
541 tag = "k8s_container.fim_samhaim_alpine-fim",
542 assert_func = function(t,result,bool)
543 t.equal(result["log_type"], nil)
544 t.equal(bool, false)
545 end
546 },
547 {
548 description = "check for simple pattern: empty pattern should return true",
549 input = test_data .. "/siem/workload-full.data",
550 record = {
551 ["kubernetes"] = {
552 ["namespace"] = {
553 ["name"] = "your-namespace",
554 ["labels"] = {
555 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3803",
556 }
557 }
558 },
559 ["message"] = "abcxyzdef456",
560 ["severity"] = "INFO"
561 },
562 tag = "k8s_container.authserver_authserver_authserver",
563 assert_func = function(t,result,bool)
564 t.equal(result["log_type"], "authserver")
565 t.equal(bool, true)
566 end
567 },
568 {
569 description = "no record['message'] for pattern match",
570 input = test_data .. "/siem/workload-full.data",
571 record = {
572 ["kubernetes"] = {
573 ["namespace"] = {
574 ["name"] = "your-namespace",
575 ["labels"] = {
576 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3801",
577 }
578 }
579 },
580 ["severity"] = "INFO"
581 },
582 tag = "k8s_container.fim_samhaim_alpine-fim",
583 assert_func = function(t,result,bool)
584 t.equal(result["log_type"], nil)
585 t.equal(bool, false)
586 end
587 },
588 {
589 description = "no record['msg'] for pattern match",
590 input = test_data .. "/siem/workload-full.data",
591 record = {
592 ["kubernetes"] = {
593 ["namespace"] = {
594 ["name"] = "your-namespace",
595 ["labels"] = {
596 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3802",
597 }
598 }
599 },
600 ["severity"] = "INFO"
601 },
602 tag = "k8s_container.data-sync-couchdb_data-sync-couchdb-0_couchdb",
603 assert_func = function(t,result,bool)
604 t.equal(result["log_type"], nil)
605 t.equal(bool, false)
606 end
607 },
608 {
609 description = "no record['message'] for pattern match; wireguard-relay container",
610 input = test_data .. "/siem/workload-full.data",
611 record = {
612 ["kubernetes"] = {
613 ["namespace"] = {
614 ["name"] = "your-namespace",
615 ["labels"] = {
616 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3804",
617 }
618 }
619 },
620 ["severity"] = "INFO"
621 },
622 tag = "k8s_container.prometheus-exporter_vpn_wireguard-relay-6bd78894fb-txfwl",
623 assert_func = function(t,result,bool)
624 t.equal(result["log_type"], nil)
625 t.equal(bool, false)
626 end
627 },
628 {
629 description = "check for record['msg'] for pattern match; prometheus-operator container",
630 input = test_data .. "/siem/workload-full.data",
631 record = {
632 ["kubernetes"] = {
633 ["namespace"] = {
634 ["name"] = "your-namespace",
635 ["labels"] = {
636 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3805",
637 }
638 }
639 },
640 ["severity"] = "INFO"
641 },
642 tag = "k8s_container.prometheus-operator_prometheus-operator_prometheus-operator-6bbb94454d-dhvtr",
643 assert_func = function(t,result,bool)
644 t.equal(result["log_type"], nil)
645 t.equal(bool, false)
646 end
647 },
648 {
649 description = "Check that SEVERITY is working",
650 input = test_data .. "/siem/workload-full.data",
651 record = {
652 ["kubernetes"] = {
653 ["namespace"] = {
654 ["name"] = "your-namespace",
655 ["labels"] = {
656 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3806",
657 }
658 }
659 },
660 ["severity"] = "INFO"
661 },
662 tag = "k8s_container.prometheus-operator_prometheus-operator_prometheus-operator-6bbb94454d-dhvtr",
663 assert_func = function(t,result,bool)
664 t.equal(result["log_type"], nil)
665 t.equal(bool, false)
666 end
667 },
668 {
669 description = "check for advanced pattern: .* (in lua %w+) message check",
670 input = test_data .. "/siem/workload-full.data",
671 record = {
672 ["kubernetes"] = {
673 ["namespace"] = {
674 ["name"] = "your-namespace",
675 ["labels"] = {
676 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3807",
677 }
678 }
679 },
680 ["message"] = "abcxyzdef456",
681 ["severity"] = "INFO"
682 },
683 tag = "k8s_container.prometheus-operator_prometheus-operator_prometheus-operator-6bbb94454d-dhvtr",
684 assert_func = function(t,result,bool)
685 t.equal(result["log_class"], "audit")
686 t.equal(bool, true)
687 end
688 },
689 {
690 description = "check for advanced pattern: x%syz in record['message']",
691 input = test_data .. "/siem/workload-full.data",
692 record = {
693 ["kubernetes"] = {
694 ["namespace"] = {
695 ["name"] = "your-namespace",
696 ["labels"] = {
697 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3808",
698 }
699 }
700 },
701 ["message"] = "abcx yzdef456",
702 ["severity"] = "INFO"
703 },
704 tag = "k8s_container.test-namespace_test-pod_test-container",
705 assert_func = function(t,result,bool)
706 t.equal(result["log_type"], "test")
707 t.equal(bool, true)
708 end
709 },
710 {
711 description = "check for advanced pattern: x%s+y%s+z in record['message']",
712 input = test_data .. "/siem/workload-full.data",
713 record = {
714 ["kubernetes"] = {
715 ["namespace"] = {
716 ["name"] = "your-namespace",
717 ["labels"] = {
718 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3809",
719 }
720 }
721 },
722 ["message"] = "abcx y zdef456",
723 ["severity"] = "INFO"
724 },
725 tag = "k8s_container.test-namespace_test-pod_test-container",
726 assert_func = function(t,result,bool)
727 t.equal(result["log_type"], "test")
728 t.equal(bool, true)
729 end
730 },
731 {
732 description = "check for advanced pattern: x%s+y%d+%s+z in record['message']",
733 input = test_data .. "/siem/workload-full.data",
734 record = {
735 ["kubernetes"] = {
736 ["namespace"] = {
737 ["name"] = "your-namespace",
738 ["labels"] = {
739 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3810",
740 }
741 }
742 },
743 ["message"] = "abcx y123313 zdef456",
744 ["severity"] = "INFO"
745 },
746 tag = "k8s_container.test-namespace_test-pod_test-container",
747 assert_func = function(t,result,bool)
748 t.equal(result["log_type"], "test")
749 t.equal(bool, true)
750 end
751 },
752 {
753 description = "check for advanced pattern: ^x%s+y%d+%s+z in record['message'] PASS",
754 input = test_data .. "/siem/workload-full.data",
755 record = {
756 ["kubernetes"] = {
757 ["namespace"] = {
758 ["name"] = "your-namespace",
759 ["labels"] = {
760 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3811",
761 }
762 }
763 },
764 ["message"] = "x y123313 zdef456",
765 ["severity"] = "INFO"
766 },
767 tag = "k8s_container.test-namespace_test-pod_test-container",
768 assert_func = function(t,result,bool)
769 t.equal(result["log_type"], "test")
770 t.equal(bool, true)
771 end
772 },
773 {
774 description = "check for advanced pattern: ^x%s+y%d+%-%s+z in record['message'] FAIL",
775 input = test_data .. "/siem/workload-full.data",
776 record = {
777 ["kubernetes"] = {
778 ["namespace"] = {
779 ["name"] = "your-namespace",
780 ["labels"] = {
781 ["siem.edge.ncr.com/helm-edge-id"] = "68f1e7b3-0609-4b20-a9b6-6d365bed3812",
782 }
783 }
784 },
785 ["message"] = "abcx y123313- zdef456",
786 ["severity"] = "INFO"
787 },
788 tag = "k8s_container.test-namespace_test-pod_test-container",
789 assert_func = function(t,result,bool)
790 t.equal(result["log_type"], nil)
791 t.equal(bool, false)
792 end
793 }
794}
795
796-- PARSING TESTS RUN
797print("---------------------------------------")
798print("edge_siem_config_map_test_cases started")
799print("---------------------------------------")
800for _, case in ipairs(edge_siem_config_map_test_cases) do
801 test(case.description, function(t)
802 local result = siem.parse_configmap(case.input)
803 case.assert_func(t, result)
804 end)
805end
806
807print("----------------------------------------------")
808print("third_party_siem_config_map_test_cases started")
809print("----------------------------------------------")
810for _, case in ipairs(third_party_siem_config_map_test_cases) do
811 test(case.description, function(t)
812 local result = siem.parse_configmap(case.input)
813 case.assert_func(t, result)
814 end)
815end
816
817-- ADD RECORD RUNS
818print("-----------------------------------------")
819print("add_siem_record_test_cases_static started")
820print("-----------------------------------------")
821for _, case in ipairs(add_siem_record_test_cases_static) do
822 test(case.description, function(t)
823 local temp = siem.parse_configmap(case.input)
824 local bool, result = siem.add_siem_record(case.tag, case.record, temp, "edge")
825 case.assert_func(t, result, bool)
826 end)
827end
828
829print("------------------------------------------")
830print("add_siem_record_test_cases_dynamic started")
831print("------------------------------------------")
832for _, case in ipairs(add_siem_record_test_cases_dynamic) do
833 test(case.description, function(t)
834 local temp = siem.parse_configmap(case.input)
835 local bool, result = siem.add_siem_record(case.tag, case.record, temp, "workload")
836 case.assert_func(t, result, bool)
837 end)
838endView as plain text