Modify cloudtrail plugin to handle details.responseelements.endpoint

2018-02-15 13:32:35 -06:00 · 2018-02-15 13:32:35 -06:00 · b5e118c0c0
--- a/mq/plugins/cloudtrail.py
+++ b/mq/plugins/cloudtrail.py
@ -83,6 +83,14 @@ class message(object):
                        'raw_value': subnets_str
                    }

+            # Handle details.responseelements.endpoint strings
+            if 'endpoint' in message['details']['responseelements']:
+                endpoint_str = message['details']['responseelements']['endpoint']
+                if type(endpoint_str) is not dict:
+                    message['details']['responseelements']['endpoint'] = {
+                        'raw_value': endpoint_str
+                    }
+
        # Handle details.additionaleventdata strings
        if 'additionaleventdata' in message['details']:
            additionaleventdata_str = message['details']['additionaleventdata']
--- a/tests/mq/plugins/test_cloudtrail.py
+++ b/tests/mq/plugins/test_cloudtrail.py
@ -236,3 +236,27 @@ class TestCloudtrailPlugin():
        }
        assert retmessage == expected_message
        assert retmeta == {}
+
+    def test_endpoint(self):
+        msg = {
+            'source': 'cloudtrail',
+            'details': {
+                'responseelements': {
+                    'endpoint': 'astringvalue',
+                }
+            }
+        }
+        (retmessage, retmeta) = self.plugin.onMessage(msg, {})
+
+        expected_message = {
+            'source': 'cloudtrail',
+            'details': {
+                'responseelements': {
+                    'endpoint': {
+                        'raw_value': 'astringvalue',
+                    }
+                }
+            }
+        }
+        assert retmessage == expected_message
+        assert retmeta == {}