Hi Nick, Something like GetProfileTest is exactly what I am looking for. Although following this test case is good enough at this step, It would be great if a test-framework can be implemented to make that easier. Probably it is not a very critical requirement, but it would be nice to have it.
Cheers, Ali On Sat, Jul 8, 2017 at 1:02 AM, Nick Allen <[email protected]> wrote: > > > > Is there any other approach to check > > that through writing Java test-cases? Righting test-cases would be easier > > for keeping track of changes. > > > While the Shell is great, it does not serve as an automated, repeatable > test case. > > An alternative approach along these lines, is to create your own JUnit test > cases that leverage a Stellar executor to execute arbitrary expressions and > validate the result. This is what we do in any unit tests for Stellar > functions. For example, see `GetProfileTest` that tests the Profiler's > `PROFILE_GET` function. > > Do you think these examples get you 80% there? > > > > > > > > On Fri, Jul 7, 2017 at 10:54 AM, Nick Allen <[email protected]> wrote: > > > For experimenting or validating specific Stellar expressions, the Stellar > > Shell is perfect. To do this, you just have to remember than when your > > Stellar expressions execute all of the fields of the message are > in-scope. > > > > For example, here is a quick session where I mock-up some logic that > sends > > a message to Triage if a hypothetical "count" field is greater than 22. > In > > this example, I expect my telemetry to look-like the following. > > > > { > > "ip_src_addr": "10.0.0.2", > > "ip_dst_addr": "10.0.0.3", > > "ip_src_port": "22", > > "ip_dst_port": "12345", > > "source.type": "bro", > > "count": "22" > > } > > > > > > Like I said, when my Stellar expression executes each of the fields from > > the message are in-scope as variables. To replicate this in the shell, > all > > I have to do is create those variables as I would expect them to exist in > > the telemetry. > > > > [Stellar]>>> > > [Stellar]>>> ip_src_addr := "10.0.0.2" > > [Stellar]>>> ip_dst_addr := "10.0.0.3" > > [Stellar]>>> ip_src_port := 22 > > [Stellar]>>> ip_dst_port := 12345 > > [Stellar]>>> source.type := "bro" > > [Stellar]>>> count := 22 > > [Stellar]>>> is_alert := if count > 22 then true else false > > [Stellar]>>> is_alert > > > > false > > > > This session helped me validate the `is_alert` expression that I will add > > as an enrichment expression. > > > > Hope that answered at least some of your questions. > > > > > > > > > > On Tue, Jul 4, 2017 at 10:23 AM, Ali Nazemian <[email protected]> > > wrote: > > > >> Hi Simon, > >> > >> Yeah, it does, but we are looking for a way to mock a specific message > and > >> check some post-parse/enrichments stuff. Is that achievable via Stellar > >> shell? Right now we are checking that either through end-to-end testing, > >> or > >> changing flux files to check them section by section. Unfortunately, > both > >> approaches are time-consuming. We are using the Stellar shell for only > >> checking the validity of Stellar functions one by one right now. > >> > >> Suppose there is an approach we can define a JSON object as an output > of a > >> parser. Then, we can apply a set of post-parsing and enrichment process > on > >> that JSON object and check the output. Is that achievable via Stellar > >> shell? Do you have any sample that we can follow to understand Stellar > >> shell capabilities for this scenario? Is there any other approach to > check > >> that through writing Java test-cases? Righting test-cases would be > easier > >> for keeping track of changes. > >> > >> Cheers, > >> Ali > >> > >> > >> On Wed, Jul 5, 2017 at 12:06 AM, Simon Elliston Ball < > >> [email protected]> wrote: > >> > >> > You should probably use the Stellar REPL (../metron/bin/stellar -z > $ZK) > >> > which gives you a kind of Stellar playground. > >> > > >> > Simon > >> > > >> > > On 4 Jul 2017, at 15:02, Ali Nazemian <[email protected]> > wrote: > >> > > > >> > > Hi all, > >> > > > >> > > I was wondering if there is a test framework we can use for Stellar > >> > > post-parsing and enrichment use cases. It is very time-consuming to > >> > verify > >> > > use cases end-to-end. Therefore, I am looking for a way of mocking > use > >> > > cases step by step to speed up our development. > >> > > > >> > > Regards, > >> > > Ali > >> > > >> > > >> > >> > >> -- > >> A.Nazemian > >> > > > > > -- A.Nazemian
