-
Notifications
You must be signed in to change notification settings - Fork 164
Editing existing tests
- We're going to assume that we have a change on an existing parser : postfix.
▶ git diff parsers/s01-parse/crowdsecurity/postfix-logs.yaml
onsuccess: next_stage
-filter: "evt.Parsed.program == 'postfix/smtpd'"
+filter: "evt.Parsed.program in ['postfix/smtpd','postfix/smtps/smtpd','postfix/submission/smtpd']"
name: crowdsecurity/postfix-logs
...
- Identify & modify the relevant tests
▶ cat parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml
parser_input: parser_input.yaml
parser_results: parser_results.yaml
index: "./config/hub/.index.json"
configurations:
parsers:
- crowdsecurity/postfix-logs
In our case, we're going to edit the parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml
file to reflect the change : simply ensure that the new progname are properly taken into account. I'm adding new events to parser_input.yaml with updated progname :
- ExpectMode: 1
Stage: s01-parse
Line:
Raw: 'Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]'
Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
time: 2020-12-11T15:42:01.205470513+01:00
Labels:
type: syslog
process: true
Parsed:
facility: ""
logsource: syslog
message: connect from unknown[45.142.120.90]
pid: "21260"
priority: ""
program: postfix/smtps/smtpd
timestamp: Dec 7 23:23:41
timestamp8601: ""
Time: 2020-12-11T15:42:01.205699752+01:00
StrTime: Dec 7 23:23:41
Process: true
- ExpectMode: 1
Stage: s01-parse
Line:
Raw: 'Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]'
Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log
time: 2020-12-11T15:42:01.205470513+01:00
Labels:
type: syslog
process: true
Parsed:
facility: ""
logsource: syslog
message: connect from unknown[45.142.120.90]
pid: "21260"
priority: ""
program: postfix/submission/smtpd
timestamp: Dec 7 23:23:41
timestamp8601: ""
Time: 2020-12-11T15:42:01.205699752+01:00
StrTime: Dec 7 23:23:41
Process: true
- Identify the changes
We can now run our tests (that are going to fail) :
▶ ./tests.sh --single ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml
...
ERRO[0000] Diff error: mismatch diff (-want +got): []types.Event{
+ {
+ ExpectMode: 1,
+ Stage: "s01-parse",
+ Line: types.Line{
+ Raw: "Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown["...,
+ Src: "./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log",
...
The test fails because it got unexpected results : our "new" lines lead to results that weren't accounted for in parser_results.yaml
.
We can review the difference by checking difference between our parser_results.yaml
and the freshly generated parser_results.yaml.fail
.
We can either (lazy way) replace the parser_results.yaml
with the parser_results.yaml.fail
after reviewing the differences (lazy way), or just add the relevant entries in the parser_results.yaml
.
After adding the missing lines in parser_results.yaml
, running the tests yell no errors :
▶ ./tests.sh --single ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml
INFO[0000] built against -
INFO[0000] Acquisition file : parsers/s01-parse/crowdsecurity/.tests/postfix-logs/acquis.yaml
...
INFO[0000] 8/8 matched results
INFO[0000] parsers tests are finished
INFO[0000] 8/8 matched results
INFO[0000] parsers tests are finished
INFO[0000] tests are finished.
And we're done, we can now open a MR with the updated tests !