System test to validate resuming from registry

elastic · Jan 27, 2018 · 80b86af · 80b86af
1 parent d1ca13c
commit 80b86af
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 4 deletions.
diff --git a/winlogbeat/tests/system/test_eventlogging.py b/winlogbeat/tests/system/test_eventlogging.py
@@ -1,3 +1,4 @@
+import os
 import sys
 import time
 import unittest
@@ -29,6 +30,27 @@ def test_read_one_event(self):
         self.assertTrue(len(evts), 1)
         self.assert_common_fields(evts[0], msg=msg)
 
+    def test_resume_reading_events(self):
+        """
+        eventlogging - Resume reading events
+        """
+        msg = "First event"
+        self.write_event_log(msg)
+        evts = self.read_events()
+        self.assertTrue(len(evts), 1)
+        self.assert_common_fields(evts[0], msg=msg)
+
+        # remove the output file, otherwise there is a race condition
+        # in read_events() below where it reads the results of the previous
+        # execution
+        os.unlink(os.path.join(self.working_dir, "output", self.beat_name))
+
+        msg = "Second event"
+        self.write_event_log(msg)
+        evts = self.read_events()
+        self.assertTrue(len(evts), 1)
+        self.assert_common_fields(evts[0], msg=msg)
+
     def test_read_unknown_event_id(self):
         """
         eventlogging - Read unknown event ID
@@ -178,7 +200,7 @@ def test_registry_data(self):
         evts = self.read_events()
         self.assertTrue(len(evts), 1)
 
-        event_logs = self.read_registry()
+        event_logs = self.read_registry(requireBookmark=False)
         self.assertTrue(len(event_logs.keys()), 1)
         self.assertIn(self.providerName, event_logs)
         record_number = event_logs[self.providerName]["record_number"]

diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py
@@ -1,3 +1,4 @@
+import os
 import sys
 import time
 import unittest
@@ -33,6 +34,33 @@ def test_read_one_event(self):
             "opcode": "Info",
         })
 
+    def test_resume_reading_events(self):
+        """
+        wineventlog - Resume reading events
+        """
+        msg = "First event"
+        self.write_event_log(msg)
+        evts = self.read_events()
+        self.assertTrue(len(evts), 1)
+        self.assert_common_fields(evts[0], msg=msg, extra={
+            "keywords": ["Classic"],
+            "opcode": "Info",
+        })
+
+        # remove the output file, otherwise there is a race condition
+        # in read_events() below where it reads the results of the previous
+        # execution
+        os.unlink(os.path.join(self.working_dir, "output", self.beat_name))
+
+        msg = "Second event"
+        self.write_event_log(msg)
+        evts = self.read_events()
+        self.assertTrue(len(evts), 1)
+        self.assert_common_fields(evts[0], msg=msg, extra={
+            "keywords": ["Classic"],
+            "opcode": "Info",
+        })
+
     def test_read_unknown_event_id(self):
         """
         wineventlog - Read unknown event ID
@@ -316,7 +344,7 @@ def test_registry_data(self):
         evts = self.read_events()
         self.assertTrue(len(evts), 1)
 
-        event_logs = self.read_registry()
+        event_logs = self.read_registry(requireBookmark=True)
         self.assertTrue(len(event_logs.keys()), 1)
         self.assertIn(self.providerName, event_logs)
         record_number = event_logs[self.providerName]["record_number"]

diff --git a/winlogbeat/tests/system/winlogbeat.py b/winlogbeat/tests/system/winlogbeat.py
@@ -93,10 +93,9 @@ def read_events(self, config=None, expected_events=1):
         proc = self.start_beat()
         self.wait_until(lambda: self.output_has(expected_events))
         proc.check_kill_and_wait()
-
         return self.read_output()
 
-    def read_registry(self):
+    def read_registry(self, requireBookmark=False):
         f = open(os.path.join(self.working_dir, "data", ".winlogbeat.yml"), "r")
         data = yaml.load(f)
         self.assertIn("update_time", data)
@@ -107,6 +106,8 @@ def read_registry(self):
             self.assertIn("name", event_log)
             self.assertIn("record_number", event_log)
             self.assertIn("timestamp", event_log)
+            if requireBookmark:
+                self.assertIn("bookmark", event_log)
             name = event_log["name"]
             event_logs[name] = event_log
 
@@ -145,5 +146,6 @@ def assert_common_fields(self, evt, msg=None, eventID=10, sid=None,
         if extra != None:
             self.assertDictContainsSubset(extra, evt)
 
+
 def host_name(fqdn):
     return fqdn.split('.')[0]