Skip to content

Getting started

This page will guide you through creating a unit test setup for your SOAR connector. It assumes you successfully installed the package in your projects virtual environment. It also assumes you have pytest installed.

Preparations

Create a tests directory in the root of your connector project if you have not already and create a conftest.py within that directory.

mkdir tests && cd tests
touch conftest.py

Loading the plugin in conftest

In your conftest.py add the plugin to your pytest_plugins definition

import pytest

# Load pytest-splunk-soar-connectors plugin
pytest_plugins = ("splunk-soar-connectors")

Create your Connector Fixture

Create a new pytest fixture for your connector. The example below uses the connector from the DNS App. We'll use the configure_connector utility function which takes the connector class and the desired asset settings as input.

from dns_connector import DNSConnector
from pytest_splunk_soar_connectors import configure_connector

@pytest.fixture(scope="function")
def configured_dns_connector():
    return configure_connector(DNSConnector, {
        "dns_server": "8.8.8.8",
        "host_name": "splunk.com"
    })

Write a simple test

Now, create a test file in your tests/ directory, eg. test_dns_connector.py. Pass the fixture (here: configured_dns_connector) as a parameter to your test. In order to call the action, the _handle_action method of the connector needs to be called with an InputJSON. The InputJSON is simply a dictionary structure that is initializing the connector run.

_handle_action returns the action results that were created during the run as a string, so they need to be parsed back into a python list before any asserts can be done.

import pytest
import json
import os
import sys
from pytest_splunk_soar_connectors.models import InputJSON

sys.path.insert(0, os.getcwd()) 

from dns_connector import DNSConnector

def test_lookup_domain(configured_dns_connector: DNSConnector):

    in_json: InputJSON = {
        "action": "lookup ip",
        "identifier": "forward_lookup",
        "config": {},
        "parameters": [
            {
                "domain": "splunk.com"
            }
        ],
        "environment_variables": {},
    }

    # Execute Action
    action_result_str = configured_connector._handle_action(json.dumps(in_json), None)
    action_result = json.loads(action_result_str)

    # Assertion
    assert action_result[0]["summary"]["record_info"] == "52.5.196.118"

What's next?

In the above example, the DNS server was accessible over the internet and could be called as part of a test without any authentication required. But how do you write tests where you don't have a live instance to test against? Using requests-mock you can write unittests that are fully offline. Read on in Using requests-mock