2626
2727@pytest .mark .integration
2828def test_list_and_get_cases_workflow ():
29- """Test listing and getting cases workflow."""
29+ """Test listing and getting cases workflow.
30+
31+ TODO: Remove 401 skip logic once SOAR IAM role issue is fixed.
32+ """
3033 client = SecOpsClient (service_account_info = SERVICE_ACCOUNT_JSON )
3134 chronicle = client .chronicle (** CHRONICLE_CONFIG )
3235
33- # Test basic list
34- result = chronicle .list_cases (page_size = 5 )
35- assert isinstance (result , dict )
36- assert "cases" in result
37- assert isinstance (result ["cases" ], list )
38- assert "totalSize" in result
39-
40- # Test with as_list=False (default)
41- result_dict = chronicle .list_cases (page_size = 3 , as_list = False )
42- assert isinstance (result_dict , dict )
43- assert "cases" in result_dict
44- assert "nextPageToken" in result_dict or "totalSize" in result_dict
45-
46- # Test with as_list=True
47- result_list = chronicle .list_cases (page_size = 3 , as_list = True )
48- assert isinstance (result_list , list )
49- if result_list :
50- assert "name" in result_list [0 ]
51-
52- # Test list with filter
53- filtered = chronicle .list_cases (
54- page_size = 5 , filter_query = 'status = "OPENED"'
55- )
56- assert isinstance (filtered , dict )
57- assert "cases" in filtered
58-
59- # Test get case by ID
60- if result .get ("cases" ):
61- case_data = result ["cases" ][0 ]
62- case_id = case_data .get ("name" , "" ).split ("/" )[- 1 ]
63-
64- if case_id :
65- case = chronicle .get_case (case_id )
66- assert case is not None
67- assert hasattr (case , "id" )
68- assert hasattr (case , "display_name" )
69- assert hasattr (case , "priority" )
70- assert hasattr (case , "status" )
71- else :
72- pytest .skip ("No cases available for testing" )
36+ try :
37+ # Test basic list
38+ result = chronicle .list_cases (page_size = 5 )
39+ assert isinstance (result , dict )
40+ assert "cases" in result
41+ assert isinstance (result ["cases" ], list )
42+ assert "totalSize" in result
43+
44+ # Test with as_list=False (default)
45+ result_dict = chronicle .list_cases (page_size = 3 , as_list = False )
46+ assert isinstance (result_dict , dict )
47+ assert "cases" in result_dict
48+ assert "nextPageToken" in result_dict or "totalSize" in result_dict
49+
50+ # Test with as_list=True
51+ result_list = chronicle .list_cases (page_size = 3 , as_list = True )
52+ assert isinstance (result_list , list )
53+ if result_list :
54+ assert "name" in result_list [0 ]
55+
56+ # Test list with filter
57+ filtered = chronicle .list_cases (
58+ page_size = 5 , filter_query = 'status = "OPENED"'
59+ )
60+ assert isinstance (filtered , dict )
61+ assert "cases" in filtered
62+
63+ # Test get case by ID
64+ if result .get ("cases" ):
65+ case_data = result ["cases" ][0 ]
66+ case_id = case_data .get ("name" , "" ).split ("/" )[- 1 ]
67+
68+ if case_id :
69+ case = chronicle .get_case (case_id )
70+ assert case is not None
71+ assert hasattr (case , "id" )
72+ assert hasattr (case , "display_name" )
73+ assert hasattr (case , "priority" )
74+ assert hasattr (case , "status" )
75+ else :
76+ pytest .skip ("No cases available for testing" )
77+
78+ except APIError as e :
79+ error_msg = str (e )
80+ if "401" in error_msg or "Unauthorized" in error_msg :
81+ pytest .skip (f"Skipping due to SOAR IAM issue (401): { e } )
82+ raise
7383
7484
7585@pytest .mark .integration
7686def test_case_update_workflow ():
7787 """Test case update (patch) workflow.
7888
7989 Tests patching a case's priority and verifying the change.
90+
91+ TODO: Remove 401 skip logic once SOAR IAM role issue is fixed.
8092 """
8193 client = SecOpsClient (service_account_info = SERVICE_ACCOUNT_JSON )
8294 chronicle = client .chronicle (** CHRONICLE_CONFIG )
8395
8496 # Use dedicated test case ID
8597 case_id = "7418669"
8698
87- # Get original case state
88- original_case = chronicle .get_case (case_id )
89- original_priority = original_case .priority
90-
91- # Determine new priority (toggle between HIGH and MEDIUM)
92- new_priority = (
93- "PRIORITY_MEDIUM"
94- if original_priority == "PRIORITY_HIGH"
95- else "PRIORITY_HIGH"
96- )
97-
9899 try :
99- # Update the case
100- updated_case = chronicle .patch_case (
101- case_id , {"priority" : new_priority }, update_mask = "priority"
100+ # Get original case state
101+ original_case = chronicle .get_case (case_id )
102+ original_priority = original_case .priority
103+
104+ # Determine new priority (toggle between HIGH and MEDIUM)
105+ new_priority = (
106+ "PRIORITY_MEDIUM"
107+ if original_priority == "PRIORITY_HIGH"
108+ else "PRIORITY_HIGH"
102109 )
103110
104- assert updated_case is not None
105- assert updated_case .priority == new_priority
106-
107- # Verify by fetching again
108- verified_case = chronicle .get_case (case_id )
109- assert verified_case .priority == new_priority
110-
111- finally :
112- # Cleanup: Restore original priority
113111 try :
114- chronicle .patch_case (
112+ # Update the case
113+ updated_case = chronicle .patch_case (
115114 case_id ,
116- {"priority" : original_priority },
115+ {"priority" : new_priority },
117116 update_mask = "priority" ,
118117 )
119- except Exception as e :
120- print (f"Cleanup warning: Failed to restore priority - { e } )
118+
119+ assert updated_case is not None
120+ assert updated_case .priority == new_priority
121+
122+ # Verify by fetching again
123+ verified_case = chronicle .get_case (case_id )
124+ assert verified_case .priority == new_priority
125+
126+ finally :
127+ # Cleanup: Restore original priority
128+ try :
129+ chronicle .patch_case (
130+ case_id ,
131+ {"priority" : original_priority },
132+ update_mask = "priority" ,
133+ )
134+ except Exception as e :
135+ print (f"Cleanup warning: Failed to restore priority - { e } )
136+
137+ except APIError as e :
138+ error_msg = str (e )
139+ if "401" in error_msg or "Unauthorized" in error_msg :
140+ pytest .skip (f"Skipping due to SOAR IAM issue (401): { e } )
141+ raise
121142
122143
123144@pytest .mark .integration
124145def test_bulk_operations_workflow ():
125- """Test bulk operations workflow including tag, priority, stage."""
146+ """Test bulk operations workflow including tag, priority, stage.
147+
148+ TODO: Remove 401 skip logic once SOAR IAM role issue is fixed.
149+ """
126150 client = SecOpsClient (service_account_info = SERVICE_ACCOUNT_JSON )
127151 chronicle = client .chronicle (** CHRONICLE_CONFIG )
128152
@@ -131,26 +155,39 @@ def test_bulk_operations_workflow():
131155
132156 print (f"\n Testing bulk operations on cases: { case_ids } )
133157
134- # Test bulk add tag
158+ try :
159+ # Test bulk add tag
160+ result = chronicle .execute_bulk_add_tag (
161+ case_ids , ["integration-test-tag" ]
162+ )
163+ assert isinstance (result , dict )
164+ print ("Bulk add tag: SUCCESS" )
135165
136- result = chronicle .execute_bulk_add_tag (case_ids , ["integration-test-tag" ])
137- assert isinstance (result , dict )
138- print ("Bulk add tag: SUCCESS" )
166+ # Test bulk change priority
167+ result = chronicle .execute_bulk_change_priority (
168+ case_ids , "PRIORITY_MEDIUM"
169+ )
170+ assert isinstance (result , dict )
171+ print ("Bulk change priority: SUCCESS" )
139172
140- # Test bulk change priority
141- result = chronicle .execute_bulk_change_priority (case_ids , "PRIORITY_MEDIUM " )
142- assert isinstance (result , dict )
143- print ("Bulk change priority : SUCCESS" )
173+ # Test bulk change stage
174+ result = chronicle .execute_bulk_change_stage (case_ids , "Triage " )
175+ assert isinstance (result , dict )
176+ print ("Bulk change stage : SUCCESS" )
144177
145- # Test bulk change stage
146- result = chronicle .execute_bulk_change_stage (case_ids , "Triage" )
147- assert isinstance (result , dict )
148- print ("Bulk change stage: SUCCESS" )
178+ except APIError as e :
179+ error_msg = str (e )
180+ if "401" in error_msg or "Unauthorized" in error_msg :
181+ pytest .skip (f"Skipping due to SOAR IAM issue (401): { e } )
182+ raise
149183
150184
151185@pytest .mark .integration
152186def test_bulk_assign ():
153- """Test bulk assign operation."""
187+ """Test bulk assign operation.
188+
189+ TODO: Remove 401 skip logic once SOAR IAM role issue is fixed.
190+ """
154191 client = SecOpsClient (service_account_info = SERVICE_ACCOUNT_JSON )
155192 chronicle = client .chronicle (** CHRONICLE_CONFIG )
156193
@@ -163,6 +200,9 @@ def test_bulk_assign():
163200 print ("Bulk assign: SUCCESS" )
164201 except APIError as e :
165202 error_msg = str (e )
203+ # Skip if API returns 401/Unauthorized error
204+ if "401" in error_msg or "Unauthorized" in error_msg :
205+ pytest .skip (f"Skipping due to SOAR IAM issue (401): { e } )
166206 # Skip if API returns INTERNAL/500 error
167207 if "INTERNAL" in error_msg or "500" in error_msg :
168208 pytest .skip (f"Bulk assign API returned INTERNAL error: { e } )
@@ -175,6 +215,8 @@ def test_bulk_close_reopen_workflow():
175215 """Test bulk close and reopen workflow.
176216
177217 This test closes cases and then reopens them.
218+
219+ TODO: Remove 401 skip logic once SOAR IAM role issue is fixed.
178220 """
179221 client = SecOpsClient (service_account_info = SERVICE_ACCOUNT_JSON )
180222 chronicle = client .chronicle (** CHRONICLE_CONFIG )
@@ -185,35 +227,43 @@ def test_bulk_close_reopen_workflow():
185227 print (f"\n Testing close/reopen workflow on cases: { case_ids } )
186228
187229 try :
188- # Close the cases
189- close_result = chronicle .execute_bulk_close (
190- case_ids = case_ids ,
191- close_reason = "MAINTENANCE" ,
192- root_cause = "Integration test - closing for testing" ,
193- )
194- assert isinstance (close_result , dict )
195- print ("Bulk close: SUCCESS" )
196-
197- # Verify cases are closed by fetching one
198- if case_ids :
199- case = chronicle .get_case (str (case_ids [0 ]))
200- assert case .status == "CLOSED"
201- print (f"Verified case { case_ids [0 ]} )
202-
203- finally :
204- # Cleanup: Reopen the cases
205230 try :
206- reopen_result = chronicle .execute_bulk_reopen (
207- case_ids , "Integration test - reopening after test"
231+ # Close the cases
232+ close_result = chronicle .execute_bulk_close (
233+ case_ids = case_ids ,
234+ close_reason = "MAINTENANCE" ,
235+ root_cause = "Integration test - closing for testing" ,
208236 )
209- assert isinstance (reopen_result , dict )
210- print ("Bulk reopen (cleanup) : SUCCESS" )
237+ assert isinstance (close_result , dict )
238+ print ("Bulk close : SUCCESS" )
211239
212- # Verify case is reopened
240+ # Verify cases are closed by fetching one
213241 if case_ids :
214242 case = chronicle .get_case (str (case_ids [0 ]))
215- assert case .status == "OPENED"
216- print (f"Verified case { case_ids [0 ]} )
243+ assert case .status == "CLOSED"
244+ print (f"Verified case { case_ids [0 ]} )
245+
246+ finally :
247+ # Cleanup: Reopen the cases
248+ try :
249+ reopen_result = chronicle .execute_bulk_reopen (
250+ case_ids ,
251+ "Integration test - reopening after test" ,
252+ )
253+ assert isinstance (reopen_result , dict )
254+ print ("Bulk reopen (cleanup): SUCCESS" )
255+
256+ # Verify case is reopened
257+ if case_ids :
258+ case = chronicle .get_case (str (case_ids [0 ]))
259+ assert case .status == "OPENED"
260+ print (f"Verified case { case_ids [0 ]} )
261+
262+ except Exception as e :
263+ print (f"Cleanup warning: Failed to reopen cases - { e } )
217264
218- except Exception as e :
219- print (f"Cleanup warning: Failed to reopen cases - { e } )
265+ except APIError as e :
266+ error_msg = str (e )
267+ if "401" in error_msg or "Unauthorized" in error_msg :
268+ pytest .skip (f"Skipping due to SOAR IAM issue (401): { e } )
269+ raise
0 commit comments