Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Integratord tests #3362

Closed
wants to merge 5 commits into from
Closed

Fix Integratord tests #3362

wants to merge 5 commits into from

Conversation

mauromalara
Copy link
Contributor

@mauromalara mauromalara commented Sep 23, 2022
edited by damarisg
Loading

Related issue
#3298

Description

After a change was made in a message, we had to change a callback from ERROR to WARNING.
Also, we have to change the test case IDs to be capable of running tests and selecting them by their IDs.
Finally, we made changes to the current documentation.

Refs: wazuh/wazuh#14431

Updated

  • test_integratord_change_json_inode: The sleep time was reduced to 1 second because wazuh-integratord has a one-second delay
  • deps/wazuh_testing/wazuh_testing/modules/integratord/__init__.py: A callback was changed.

Testing performed

Tester Test path Jenkins Local OS Commit Notes
@mauromalara (Developer) test_integratord/ 🟢 🟢 🟢 🟢 🟢 🔴 Ubuntu 962915c test_integratord_change_inode_alert.py is unstable, and it cause is being researched
@damarisg (Reviewer) test_integratord/ 🟢🟢🟢 🚫 🚫 🚫 Ubuntu 962915c Nothing to highlight

@mauromalara
fix(#3298): fix integratord tests.
41e47ce 
After a change made in a message, we had to change a callback from ERROR
to WARNING.
Also, we have to change the test cases IDs for us to be capable of
running tests selecting them by theirs IDs.
Finally, we made changes to the current documentation.

Refs: wazuh/wazuh#14431
@mauromalara mauromalara self-assigned this Sep 23, 2022
@mauromalara mauromalara changed the title Fix wazuh-integratord tests Fix Integratord tests Sep 26, 2022
@damarisg damarisg removed the request for review from jmv74211 September 26, 2022 20:06
damarisg
damarisg requested changes Sep 26, 2022
View reviewed changes
tests/integration/test_integratord/data/test_cases/cases_integratord_change_inode_alert.yaml Outdated Show resolved Hide resolved
tests/integration/test_integratord/test_integratord_change_inode_alert.py Outdated Show resolved Hide resolved
tests/integration/test_integratord/test_integratord_change_inode_alert.py Outdated
# Read Response in ossec.log
check_integratord_event(file_monitor=wazuh_monitor, timeout=global_parameters.default_timeout,
check_integratord_event(file_monitor=wazuh_monitor, timeout=global_parameters.default_timeout + 2,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you add +2 hardcoded?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@damarisg Because after multiple executions that was the time in which Wazuh managed to process the alert and display the expected message in the log.

@mauromalara mauromalara linked an issue Sep 26, 2022 that may be closed by this pull request
The integration test test_integratord_read_json_file_deleted is failing #3298
Closed
@mauromalara
refactor(#3298): change the restart fixture.
b08ae17 
Detect when analysisd has finished its initialization.
Set analysisd in debug mode to detect its initialization.
Restart fixture changed to restart a list of daemons and stop them in order.
@mauromalara
Copy link
Contributor Author

mauromalara commented Sep 28, 2022
edited
Loading

Update 27/09/2022

The tests are failing: 🔴

After modifying the test so that only the necessary daemons are restarted, the test started to run faster.
This causes it to fail and this is because more requests are made per minute than allowed by the VirusTotal API (free).

This message appeared in the ossec.log:

DEBUG: integratord: Tue Sep 27 15:30:32 -03 2022: 1:virustotal:{"virustotal": {"error": 204, "description": "Error: Public API request rate limit reached"}, "integration": "virustotal"}

I see 2 possible solutions:

  1. Upgrade to VirusTotal PRO plan.
  2. Make another integration that does not require a subscription (ex: Slack).

Update: The second alternative will be applied.

@mauromalara
refactor(#3298): replace the Virustotal integration with the Slack one.
f39717a 
Some timeouts were replaced with the default timeout.
Somo minor changes in the test documentation were applied.
@mauromalara
style(#3298): add a new line after import and delete extra new line.
962915c
This was referenced Oct 21, 2022
Closed
Merged
@Rebits
Copy link
Member

Rebits commented Oct 27, 2022

Duplicated #3499

@Rebits Rebits closed this Oct 27, 2022
@Rebits Rebits removed a link to an issue Oct 27, 2022
The integration test test_integratord_read_json_file_deleted is failing #3298
Closed
@fedepacher fedepacher mentioned this pull request Oct 31, 2022
Merged
@mauromalara mauromalara deleted the 3298-fix-integratord-tests branch August 3, 2023 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@damarisg damarisg damarisg requested changes

Assignees

@mauromalara mauromalara

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mauromalara @Rebits @damarisg