streamalert icon indicating copy to clipboard operation
streamalert copied to clipboard

Published 20 hours ago verified publisher icon airbnb

Feature: Designate which 'outputs' to live test

Open ryandeivert opened this issue 7 years ago • 2 comments

Background

The live-test CLI command supports sending to defined outputs for a rule being tested. By default, this command will not mock out any of the outputs and will try to send the test alert to each one (aws/slack/pagerduty/etc).

Desired Change

Make it easier to send to only one type of service when invoking the live-test command. This would allow testing services like Slack without having to test AWS services. This would have to perform some selective mocking of outputs (see here and here).

ryandeivert avatar Oct 20 '17 16:10 ryandeivert

Note as mentioned in the Slack https://streamalert.slack.com/archives/C3BHE2Z0S/p1508539616000067 HTTPS requests are converted to HTTP due to moto using httpretty, which has this issue: https://github.com/gabrielfalcao/HTTPretty/issues/35

The workaround I've personally used is before making my HTTPS requests, I call:

from httpretty import HTTPretty
HTTPretty.disable()

0xdabbad00 avatar Oct 23 '17 14:10 0xdabbad00

Some other things I did to test this:

  • Set required=False at https://github.com/airbnb/streamalert/blob/6a52f6a7950d51f85411e70f7e84f18de5320449/manage.py#L155
  • Set pass # self.setup_outputs(alert) at https://github.com/airbnb/streamalert/blob/a9e7d3c2724a86970576bde3db3e7f2e64ec22bc/stream_alert_cli/test.py#L621
  • Comment out https://github.com/airbnb/streamalert/blob/0b1ad9f689b8d045eb1a079d5ec5c88c4a64c68a/stream_alert/alert_processor/outputs.py#L470 and set creds to my Slack webhook.

0xdabbad00 avatar Oct 26 '17 21:10 0xdabbad00