Don't fire the ldap_group alert when the LDAP operation involved remo…

…ving a user from a group (#1640)
mozilla · Jun 4, 2020 · 6a1ae1e · 6a1ae1e
1 parent 0b10f83
commit 6a1ae1e
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/alerts/ldap_group.py b/alerts/ldap_group.py
@@ -22,6 +22,7 @@ def main(self):
         # ignore test accounts and attempts to create accounts that already exist.
         search_query.add_must_not([
             WildcardMatch('details.actor', '*bind*'),
+            WildcardMatch('details.changepairs', '*delete:member*')
         ])
 
         self.filtersManual(search_query)

diff --git a/tests/alerts/test_ldap_group.py b/tests/alerts/test_ldap_group.py
@@ -90,3 +90,17 @@ class TestldapGroupModify(AlertTestSuite):
             events=[event],
         )
     )
+
+    event = AlertTestSuite.create_event(default_event)
+    event['_source']['details']['changepairs'] = [
+        [
+            'delete:member',
+            'cn=test@mozilla.com,ou=distribution_lists,dc=mozilla'
+        ]
+    ]
+    test_cases.append(
+        NegativeAlertTestCase(
+            description='Negative test case that describes a user being deleted from a group',
+            events=[event],
+        )
+    )