From 231e11d6fe70065486c61c3ca8a328ba44da84d3 Mon Sep 17 00:00:00 2001
From: Darshan Varasani <dvarasani@splunk.com>
Date: Mon, 12 Aug 2024 16:45:32 +0530
Subject: [PATCH 1/7] feat: generate requirement tests for other_mappings

---
 pytest_splunk_addon/fields_tests/test_generator.py     | 10 ++++++----
 pytest_splunk_addon/sample_generation/sample_stanza.py | 10 ++++++++++
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/pytest_splunk_addon/fields_tests/test_generator.py b/pytest_splunk_addon/fields_tests/test_generator.py
index 85374d4b2..46b4ef4bb 100644
--- a/pytest_splunk_addon/fields_tests/test_generator.py
+++ b/pytest_splunk_addon/fields_tests/test_generator.py
@@ -250,17 +250,19 @@ def generate_requirements_tests(self):
             }
 
             cim_fields = event.requirement_test_data.get("cim_fields", {})
+            other_fields = event.requirement_test_data.get("other_fields", {})
+            requirement_fields = {**cim_fields, **other_fields}
 
-            if cim_fields:
-                cim_fields = {
+            if requirement_fields:
+                requirement_fields = {
                     field: value
-                    for field, value in cim_fields.items()
+                    for field, value in requirement_fields.items()
                     if field not in exceptions
                 }
                 yield pytest.param(
                     {
                         "escaped_event": escaped_event,
-                        "fields": cim_fields,
+                        "fields": requirement_fields,
                         "modinput_params": modinput_params,
                     },
                     id=f"sample_name::{event.sample_name}::host::{event.metadata.get('host')}",
diff --git a/pytest_splunk_addon/sample_generation/sample_stanza.py b/pytest_splunk_addon/sample_generation/sample_stanza.py
index 55d7cfce9..941d24614 100644
--- a/pytest_splunk_addon/sample_generation/sample_stanza.py
+++ b/pytest_splunk_addon/sample_generation/sample_stanza.py
@@ -398,6 +398,16 @@ def populate_requirement_test_data(event):
         """
         requirement_test_data = {}
         cim = event.get("cim")
+        other_mappings = event.get("other_mappings")
+        if other_mappings:
+            other_fields = {}
+            fields = other_mappings["field"]
+            if type(fields) == list:
+                for field in fields:
+                    other_fields[field["@name"]] = field["@value"]
+            elif type(fields) == dict:
+                other_fields[fields["@name"]] = fields["@value"]
+            requirement_test_data["other_fields"] = other_fields
         if cim:
             requirement_test_data["cim_version"] = cim.get("@version", "latest")
             requirement_test_data["datamodels"] = cim.get("models") or {}

From 2338cd6c83c31a36747330cec3e4f07d4a6b31dc Mon Sep 17 00:00:00 2001
From: Darshan Varasani <dvarasani@splunk.com>
Date: Mon, 12 Aug 2024 17:19:51 +0530
Subject: [PATCH 2/7] test: add e2e test for other_mappings

---
 .../addons/TA_req_broken/default/props.conf   |  2 +
 .../TA_req_broken/samples/sample_modinput.xml | 40 +++++++++++++++++++
 tests/e2e/constants.py                        |  1 +
 3 files changed, 43 insertions(+)

diff --git a/tests/e2e/addons/TA_req_broken/default/props.conf b/tests/e2e/addons/TA_req_broken/default/props.conf
index e69de29bb..9414130cd 100644
--- a/tests/e2e/addons/TA_req_broken/default/props.conf
+++ b/tests/e2e/addons/TA_req_broken/default/props.conf
@@ -0,0 +1,2 @@
+[test:data:1]
+EVAL-vendor_product = "Pytest Splunk Addon"
\ No newline at end of file
diff --git a/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml b/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
index ccd341d48..ffc3163fa 100644
--- a/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
+++ b/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
@@ -27,6 +27,9 @@
                 <field>src_user</field>
             </missing_recommended_fields>
         </cim>
+        <other_mappings>
+            <field name="vendor_product" value="Pytest Splunk Addon"/>
+        </other_mappings>
     </event>
     <event code="" name="MissingField" format="">
         <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
@@ -51,6 +54,9 @@
                 <field>src_user</field>
             </missing_recommended_fields>
         </cim>
+        <other_mappings>
+            <field name="vendor_product" value="Pytest Splunk Addon"/>
+        </other_mappings>
     </event>
     <event code="" name="CorrectEvent" format="">
         <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
@@ -76,6 +82,9 @@
                 <field>src_user</field>
             </missing_recommended_fields>
         </cim>
+        <other_mappings>
+            <field name="vendor_product" value="Pytest Splunk Addon"/>
+        </other_mappings>
     </event>
     <event code="" name="WrongFieldValue" format="">
         <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
@@ -101,5 +110,36 @@
                 <field>src_user</field>
             </missing_recommended_fields>
         </cim>
+        <other_mappings>
+            <field name="vendor_product" value="Pytest Splunk Addon"/>
+        </other_mappings>
+    </event>
+    <event code="" name="WrongValueForOtherMapping" format="">
+        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
+        <source>
+            <jira id=""/>
+            <comment>lab</comment>
+        </source>
+        <raw>
+            <![CDATA[2021-12-31 15:15:30,340+0000 action=success app=psa user=admin status=success dest=10.0.0.1 src=10.0.0.2]]></raw>
+        <cim>
+            <models>
+                <model>Authentication</model>
+            </models>
+            <cim_fields>
+                <field name="action" value="success"/>
+                <field name="status" value="success"/>
+                <field name="app" value="psa"/>
+                <field name="src" value="10.0.0.2"/>
+                <field name="user" value="admin"/>
+                <field name="dest" value="10.0.0.1"/>
+            </cim_fields>
+            <missing_recommended_fields>
+                <field>src_user</field>
+            </missing_recommended_fields>
+        </cim>
+        <other_mappings>
+            <field name="vendor_product" value="PSA"/>
+        </other_mappings>
     </event>
 </device>
diff --git a/tests/e2e/constants.py b/tests/e2e/constants.py
index 3e6be5345..c1d13be9c 100644
--- a/tests/e2e/constants.py
+++ b/tests/e2e/constants.py
@@ -913,6 +913,7 @@
     '*test_splunk_app_req_broken.py::Test_App::test_cim_required_fields[eventtype="net"::All_Traffic::src_zone* FAILED*',
     '*test_splunk_app_req_broken.py::Test_App::test_cim_required_fields[eventtype="net"::Blocked_Traffic* FAILED*',
     "*test_splunk_app_req_broken.py::Test_App::test_requirements_fields[sample_name::sample_modinput.xml::host::so13* FAILED*",
+    "*test_splunk_app_req_broken.py::Test_App::test_requirements_fields[sample_name::sample_modinput.xml::host::so14* FAILED*",
     "*test_splunk_app_req_broken.py::Test_App::test_cim_fields_recommended[Authentication-::sample_name::sample_modinput.xml::host::so11* FAILED*",
     "*test_splunk_app_req_broken.py::Test_App::test_datamodels[Network_Traffic::sample_name::syslog.xml::host::10.0.0.31* FAILED*",
 ]

From 9cf4154792de14ed9e12d502aeab5f0fc0c9b964 Mon Sep 17 00:00:00 2001
From: Darshan Varasani <dvarasani@splunk.com>
Date: Mon, 12 Aug 2024 17:48:44 +0530
Subject: [PATCH 3/7] chore: update sourcetype in req tests

---
 tests/e2e/addons/TA_req_broken/default/props.conf      |  2 +-
 .../addons/TA_req_broken/samples/sample_modinput.xml   | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/e2e/addons/TA_req_broken/default/props.conf b/tests/e2e/addons/TA_req_broken/default/props.conf
index 9414130cd..f188390ee 100644
--- a/tests/e2e/addons/TA_req_broken/default/props.conf
+++ b/tests/e2e/addons/TA_req_broken/default/props.conf
@@ -1,2 +1,2 @@
-[test:data:1]
+[req:test:broken]
 EVAL-vendor_product = "Pytest Splunk Addon"
\ No newline at end of file
diff --git a/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml b/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
index ffc3163fa..7ead40c70 100644
--- a/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
+++ b/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
@@ -4,7 +4,7 @@
     <product>Jira Data Center</product>
     <version id="8.21.0"/>
     <event code="" name="CorrectEvent" format="">
-        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
@@ -32,7 +32,7 @@
         </other_mappings>
     </event>
     <event code="" name="MissingField" format="">
-        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
@@ -59,7 +59,7 @@
         </other_mappings>
     </event>
     <event code="" name="CorrectEvent" format="">
-        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
@@ -87,7 +87,7 @@
         </other_mappings>
     </event>
     <event code="" name="WrongFieldValue" format="">
-        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
@@ -115,7 +115,7 @@
         </other_mappings>
     </event>
     <event code="" name="WrongValueForOtherMapping" format="">
-        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>

From 1f8f01a1b341a8412b1fe11d55c2613f63525adf Mon Sep 17 00:00:00 2001
From: Darshan Varasani <dvarasani@splunk.com>
Date: Mon, 12 Aug 2024 20:18:48 +0530
Subject: [PATCH 4/7] chore: updated e2e tests requirement tests

---
 .../addons/TA_req_broken/default/props.conf   |  2 --
 .../TA_req_broken/samples/sample_modinput.xml | 24 +++++--------------
 .../TA_transition_from_req/default/props.conf |  3 ++-
 .../samples/sample_modinput.xml               |  3 +++
 4 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/tests/e2e/addons/TA_req_broken/default/props.conf b/tests/e2e/addons/TA_req_broken/default/props.conf
index f188390ee..e69de29bb 100644
--- a/tests/e2e/addons/TA_req_broken/default/props.conf
+++ b/tests/e2e/addons/TA_req_broken/default/props.conf
@@ -1,2 +0,0 @@
-[req:test:broken]
-EVAL-vendor_product = "Pytest Splunk Addon"
\ No newline at end of file
diff --git a/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml b/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
index 7ead40c70..20911af1f 100644
--- a/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
+++ b/tests/e2e/addons/TA_req_broken/samples/sample_modinput.xml
@@ -4,7 +4,7 @@
     <product>Jira Data Center</product>
     <version id="8.21.0"/>
     <event code="" name="CorrectEvent" format="">
-        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
@@ -27,12 +27,9 @@
                 <field>src_user</field>
             </missing_recommended_fields>
         </cim>
-        <other_mappings>
-            <field name="vendor_product" value="Pytest Splunk Addon"/>
-        </other_mappings>
     </event>
     <event code="" name="MissingField" format="">
-        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
@@ -54,12 +51,9 @@
                 <field>src_user</field>
             </missing_recommended_fields>
         </cim>
-        <other_mappings>
-            <field name="vendor_product" value="Pytest Splunk Addon"/>
-        </other_mappings>
     </event>
     <event code="" name="CorrectEvent" format="">
-        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
@@ -82,12 +76,9 @@
                 <field>src_user</field>
             </missing_recommended_fields>
         </cim>
-        <other_mappings>
-            <field name="vendor_product" value="Pytest Splunk Addon"/>
-        </other_mappings>
     </event>
     <event code="" name="WrongFieldValue" format="">
-        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
+        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
@@ -110,12 +101,9 @@
                 <field>src_user</field>
             </missing_recommended_fields>
         </cim>
-        <other_mappings>
-            <field name="vendor_product" value="Pytest Splunk Addon"/>
-        </other_mappings>
     </event>
-    <event code="" name="WrongValueForOtherMapping" format="">
-        <transport type="modinput" sourcetype="req:test:broken" source="test_data.1" host="so1"/>
+    <event code="" name="WrongFieldValueOtherMappings" format="">
+        <transport type="modinput" sourcetype="test:data:1" source="test_data.1" host="so1"/>
         <source>
             <jira id=""/>
             <comment>lab</comment>
diff --git a/tests/e2e/addons/TA_transition_from_req/default/props.conf b/tests/e2e/addons/TA_transition_from_req/default/props.conf
index 61c9b087a..ee1bf418e 100644
--- a/tests/e2e/addons/TA_transition_from_req/default/props.conf
+++ b/tests/e2e/addons/TA_transition_from_req/default/props.conf
@@ -10,4 +10,5 @@ FIELDALIAS-action = result AS action
 EVAL-app = "psa"
 FIELDALIAS-user = tester AS user
 FIELDALIAS-src = ip AS src
-EVAL-status = case(action=="success", "PASS", action=="failure", "FAIL", 0==0, "OTHER")
\ No newline at end of file
+EVAL-status = case(action=="success", "PASS", action=="failure", "FAIL", 0==0, "OTHER")
+EVAL-vendor_product = "Pytest Splunk Addon"
\ No newline at end of file
diff --git a/tests/e2e/addons/TA_transition_from_req/samples/sample_modinput.xml b/tests/e2e/addons/TA_transition_from_req/samples/sample_modinput.xml
index 0f4a83286..1a1b2369a 100644
--- a/tests/e2e/addons/TA_transition_from_req/samples/sample_modinput.xml
+++ b/tests/e2e/addons/TA_transition_from_req/samples/sample_modinput.xml
@@ -26,5 +26,8 @@
         <field>src_user</field>
       </missing_recommended_fields>
     </cim>
+    <other_mappings>
+      <field name="vendor_product" value="Pytest Splunk Addon"/>
+    </other_mappings>
   </event>
 </device>
\ No newline at end of file

From 9dd47370bcd9bda9d3145079d41f16679ddc0256 Mon Sep 17 00:00:00 2001
From: Darshan Varasani <dvarasani@splunk.com>
Date: Mon, 12 Aug 2024 20:43:50 +0530
Subject: [PATCH 5/7] chore: added new tests in const for e2e

---
 tests/e2e/constants.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/e2e/constants.py b/tests/e2e/constants.py
index c1d13be9c..403c1910b 100644
--- a/tests/e2e/constants.py
+++ b/tests/e2e/constants.py
@@ -798,6 +798,7 @@
     "*test_splunk_app_req.py::Test_App::test_props_fields[test:data:1::field::status* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_props_fields[test:data:1::field::tester* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_props_fields[test:data:1::field::user* PASSED*",
+    "*test_splunk_app_req.py::Test_App::test_props_fields[test:data:1::field::vendor_product* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_requirements_fields[sample_name::sample_modinput.xml::host::so1-4* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_requirements_fields[sample_name::sample_modinput.xml::host::so1-5* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_requirements_fields[sample_name::sample_modinput.xml::host::so1-6* PASSED*",
@@ -811,6 +812,7 @@
     "*test_splunk_app_req.py::Test_App::test_props_fields_no_dash_not_empty[test:data:1::field::status* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_props_fields_no_dash_not_empty[test:data:1::field::tester* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_props_fields_no_dash_not_empty[test:data:1::field::user* PASSED*",
+    "*test_splunk_app_req.py::Test_App::test_props_fields_no_dash_not_empty[test:data:1::field::vendor_product* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_datamodels[Authentication::sample_name::sample_modinput.xml::host::so1-4* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_datamodels[Authentication::sample_name::sample_modinput.xml::host::so1-5* PASSED*",
     "*test_splunk_app_req.py::Test_App::test_datamodels[Authentication::sample_name::sample_modinput.xml::host::so1-6* PASSED*",
@@ -836,6 +838,7 @@
     "*test_splunk_app_req_broken.py::Test_App::test_indextime_time[req:test:broken::so11* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_indextime_time[req:test:broken::so12* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_indextime_time[req:test:broken::so13* PASSED*",
+    "*test_splunk_app_req_broken.py::Test_App::test_indextime_time[req:test:broken::so14* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_indextime_line_breaker[juniper:junos:firewall::syslog.xml* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_indextime_line_breaker[req:test:broken::sample_modinput.xml* PASSED*",
     '*test_splunk_app_req_broken.py::Test_App::test_cim_required_fields[eventtype="net"::All_Traffic* PASSED*',
@@ -882,6 +885,7 @@
     "*test_splunk_app_req_broken.py::Test_App::test_cim_fields_recommended[Authentication-::sample_name::sample_modinput.xml::host::so10* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_cim_fields_recommended[Authentication-::sample_name::sample_modinput.xml::host::so12* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_cim_fields_recommended[Authentication-::sample_name::sample_modinput.xml::host::so13* PASSED*",
+    "*test_splunk_app_req_broken.py::Test_App::test_cim_fields_recommended[Authentication-::sample_name::sample_modinput.xml::host::so14* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_cim_fields_recommended[Network_Traffic-::sample_name::syslog.xml::host::10.0.0.30* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_cim_fields_recommended[Network_Traffic-::sample_name::syslog.xml::host::10.0.0.31* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_splunk_internal_errors PASSED*",
@@ -897,6 +901,7 @@
     "*test_splunk_app_req_broken.py::Test_App::test_datamodels[Authentication::sample_name::sample_modinput.xml::host::so11* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_datamodels[Authentication::sample_name::sample_modinput.xml::host::so12* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_datamodels[Authentication::sample_name::sample_modinput.xml::host::so13* PASSED*",
+    "*test_splunk_app_req_broken.py::Test_App::test_datamodels[Authentication::sample_name::sample_modinput.xml::host::so14* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_datamodels[Network_Traffic::sample_name::syslog.xml::host::10.0.0.30* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_eventtype[eventtype::net* PASSED*",
     "*test_splunk_app_req_broken.py::Test_App::test_eventtype[eventtype::test_auth* PASSED*",

From 5b9d7750d44d96640a0b70da8e7c03a09170b6c5 Mon Sep 17 00:00:00 2001
From: Darshan Varasani <dvarasani@splunk.com>
Date: Tue, 13 Aug 2024 18:13:47 +0530
Subject: [PATCH 6/7] test: added unit tests for requirement_test_generation

---
 .../test_fields_tests/test_test_generator.py  | 209 ++++++++++++++++++
 .../test_sample_stanza.py                     |  45 ++++
 2 files changed, 254 insertions(+)

diff --git a/tests/unit/tests_standard_lib/test_fields_tests/test_test_generator.py b/tests/unit/tests_standard_lib/test_fields_tests/test_test_generator.py
index c0508166c..8d1290411 100644
--- a/tests/unit/tests_standard_lib/test_fields_tests/test_test_generator.py
+++ b/tests/unit/tests_standard_lib/test_fields_tests/test_test_generator.py
@@ -3,6 +3,10 @@
 from pytest_splunk_addon.fields_tests.test_generator import (
     FieldTestGenerator,
 )
+from pytest_splunk_addon.sample_generation.sample_event import SampleEvent
+from pytest_splunk_addon.utilities import (
+    xml_event_parser
+)
 
 
 def field_1():
@@ -71,6 +75,14 @@ def test_field_test_generator_instantiation(addon_parser_mock):
             "splunk_searchtime_fields_savedsearches",
             "GENERATE_SAVEDSEARCHES_TESTS_RETURN_VALUE",
         ),
+        (
+            "splunk_searchtime_fields_requirements",
+            "GENERATE_REQUIREMENT_TESTS_RETURN_VALUE",
+        ),
+        (
+            "splunk_searchtime_fields_datamodels",
+            "GENERATE_REQUIREMENT_DATAMODEL_TESTS_RETURN_VALUE",
+        ),
     ],
 )
 def test_generate_tests(addon_parser_mock, fixture_name, expected_ouptput):
@@ -90,6 +102,14 @@ def test_generate_tests(addon_parser_mock, fixture_name, expected_ouptput):
         FieldTestGenerator,
         "generate_savedsearches_tests",
         return_value=(["GENERATE_SAVEDSEARCHES_TESTS_RETURN_VALUE"]),
+    ), patch.object(
+        FieldTestGenerator,
+        "generate_requirements_tests",
+        return_value=(["GENERATE_REQUIREMENT_TESTS_RETURN_VALUE"]),
+    ), patch.object(
+        FieldTestGenerator,
+        "generate_requirements_datamodels_tests",
+        return_value=(["GENERATE_REQUIREMENT_DATAMODEL_TESTS_RETURN_VALUE"]),
     ):
         assert list(
             FieldTestGenerator(
@@ -391,3 +411,192 @@ def test_generate_field_tests(
         )
         assert out == expected_output
         assert param_mock.call_count == len(expected_output)
+
+
+@pytest.mark.parametrize(
+    "tokenised_events, expected_output",
+    [
+        (
+            [
+                SampleEvent(
+                    event_string="escaped_event",
+                    metadata={
+                        "input_type": "modinput",
+                        "sourcetype_to_search": "dummy_sourcetype",
+                        "host": "dummy_host"
+                    },
+                    sample_name="file1.xml",
+                    requirement_test_data={
+                        "cim_fields": {
+                            "dest": "192.168.0.1",
+                            "severity": "low",
+                            "signature_id": "405001",
+                            "src": "192.168.0.1",
+                            "type": "event",
+                        },
+                        "exceptions": {"mane_1": "value_1", "dest": "192.168.0.1"},
+                        "other_fields": {
+                            "vendor_product": "Pytest Splunk Addon",
+                            "target_users": "dummy.user@splunk.com"
+                        }
+                    }
+                ),
+                SampleEvent(
+                    event_string="escaped_event",
+                    metadata={
+                        "input_type": "syslog_tcp",
+                        "sourcetype_to_search": "dummy_sourcetype",
+                        "host": "dummy_host_syslog"
+                    },
+                    sample_name="file1.xml",
+                    requirement_test_data={}
+                ),
+                SampleEvent(
+                    event_string="escaped_event",
+                    metadata={
+                        "input_type": "syslog_tcp",
+                        "sourcetype_to_search": "dummy_sourcetype",
+                        "host": "dummy_host_syslog"
+                    },
+                    sample_name="file1.xml",
+                    requirement_test_data={
+                        "cim_fields": {
+                            "src": "192.168.0.1",
+                            "type": "event",
+                        },
+                        "exceptions": {},
+                        "other_fields": {
+                            "vendor_product": "Pytest Splunk Addon",
+                            "target_users": "dummy.user@splunk.com"
+                        }
+                    }
+                )
+            ],
+            [
+                (
+                    {
+                        "escaped_event": "escaped_event",
+                        "fields": {
+                            "severity": "low",
+                            "signature_id": "405001",
+                            "src": "192.168.0.1",
+                            "type": "event",
+                            "vendor_product": "Pytest Splunk Addon",
+                            "target_users": "dummy.user@splunk.com"
+                        },
+                        "modinput_params": {
+                            "sourcetype": "dummy_sourcetype"
+                        },
+                    },
+                    "sample_name::file1.xml::host::dummy_host"
+                ),
+                (
+                    {
+                        "escaped_event": "escaped_event",
+                        "fields": {
+                            "src": "192.168.0.1",
+                            "type": "event",
+                            "vendor_product": "Pytest Splunk Addon",
+                            "target_users": "dummy.user@splunk.com"
+                        },
+                        "modinput_params": {
+                            "sourcetype": "dummy_sourcetype"
+                        },
+                    },
+                    "sample_name::file1.xml::host::dummy_host_syslog"
+                )
+            ],
+        ),
+    ],
+)
+def test_generate_requirement_tests(tokenised_events, expected_output):
+    with patch.object(
+        xml_event_parser, "strip_syslog_header", return_value="escaped_event"
+    ), patch.object(
+        xml_event_parser, "escape_char_event", return_value="escaped_event"
+    ), patch.object(pytest, "param", side_effect=lambda x, id: (x, id)) as param_mock:
+        out = list(
+            FieldTestGenerator(
+                "app_path",
+                tokenised_events,
+                "field_bank",
+            ).generate_requirements_tests()
+        )
+        assert out == expected_output
+        assert param_mock.call_count == len(expected_output)
+
+
+@pytest.mark.parametrize(
+    "tokenised_events, expected_output",
+    [
+        (
+            [
+                SampleEvent(
+                    event_string="escaped_event",
+                    metadata={
+                        "input_type": "modinput",
+                        "sourcetype_to_search": "dummy_sourcetype",
+                        "host": "dummy_host"
+                    },
+                    sample_name="file1.xml",
+                    requirement_test_data={
+                        "datamodels": {"model": "Alerts"}
+                    }
+                ),
+                SampleEvent(
+                    event_string="escaped_event",
+                    metadata={
+                        "input_type": "syslog_tcp",
+                        "sourcetype_to_search": "dummy_sourcetype",
+                        "host": "dummy_host_syslog"
+                    },
+                    sample_name="file1.xml",
+                    requirement_test_data={}
+                ),
+                SampleEvent(
+                    event_string="escaped_event",
+                    metadata={
+                        "input_type": "syslog_tcp",
+                        "sourcetype_to_search": "dummy_sourcetype",
+                        "host": "dummy_host_syslog"
+                    },
+                    sample_name="file1.xml",
+                    requirement_test_data={
+                        "datamodels": {"model": ["Change", "Account Management"]}
+                    }
+                )
+            ],
+            [
+                (
+                    {
+                        "datamodels": ["Alerts"],
+                        "stanza": "escaped_event",
+                    },
+                    "Alerts::sample_name::file1.xml::host::dummy_host"
+                ),
+                (
+                    {
+                        "datamodels": ["Change", "Account_Management"],
+                        "stanza": "escaped_event",
+                    },
+                    "Change-Account_Management::sample_name::file1.xml::host::dummy_host_syslog"
+                )
+            ],
+        ),
+    ],
+)
+def test_generate_requirement_datamodel_tests(tokenised_events, expected_output):
+    with patch.object(
+        xml_event_parser, "strip_syslog_header", return_value="escaped_event"
+    ), patch.object(
+        xml_event_parser, "escape_char_event", return_value="escaped_event"
+    ), patch.object(pytest, "param", side_effect=lambda x, id: (x, id)) as param_mock:
+        out = list(
+            FieldTestGenerator(
+                "app_path",
+                tokenised_events,
+                "field_bank",
+            ).generate_requirements_datamodels_tests()
+        )
+        assert out == expected_output
+        assert param_mock.call_count == len(expected_output)
diff --git a/tests/unit/tests_standard_lib/tests_sample_generation/test_sample_stanza.py b/tests/unit/tests_standard_lib/tests_sample_generation/test_sample_stanza.py
index e8429f7b2..84f6e6244 100644
--- a/tests/unit/tests_standard_lib/tests_sample_generation/test_sample_stanza.py
+++ b/tests/unit/tests_standard_lib/tests_sample_generation/test_sample_stanza.py
@@ -358,12 +358,57 @@ def test_break_events_exception(self, sample_stanza, caplog):
                     "missing_recommended_fields": [],
                 },
             ),
+            (
+                {
+                    "cim": {
+                        "@version": "4.20.2",
+                        "models": {"model": "Alerts"},
+                        "cim_fields": {
+                            "field": [
+                                {"@name": "dest", "@value": "192.168.0.1"},
+                                {"@name": "signature_id", "@value": "405001"},
+                                {"@name": "severity", "@value": "low"},
+                                {"@name": "src", "@value": "192.168.0.1"},
+                                {"@name": "type", "@value": "event"},
+                            ]
+                        },
+                        "missing_recommended_fields": {
+                            "field": ["app", "id", "user", "user_name"]
+                        },
+                        "exceptions": {},
+                    },
+                    "other_mappings": {
+                        "field": [
+                            {"@name": "vendor_product", "@value": "Pytest Splunk Addon"},
+                            {"@name": "target_users", "@value": "dummy.user@splunk.com"},
+                        ]
+                    }
+                },
+                {
+                    "cim_version": "4.20.2",
+                    "cim_fields": {
+                        "dest": "192.168.0.1",
+                        "severity": "low",
+                        "signature_id": "405001",
+                        "src": "192.168.0.1",
+                        "type": "event",
+                    },
+                    "datamodels": {"model": "Alerts"},
+                    "exceptions": {},
+                    "missing_recommended_fields": ["app", "id", "user", "user_name"],
+                    "other_fields": {
+                        "vendor_product": "Pytest Splunk Addon",
+                        "target_users": "dummy.user@splunk.com"
+                    }
+                },
+            ),
         ],
         ids=[
             "event-empty-directory",
             "event-no-cim",
             "event-full-cim",
             "event-with-exceptions",
+            "event-with-other-mappings"
         ],
     )
     def test_populate_requirement_test_data(self, sample_stanza, event, expected):

From ac049529866fc95641fed7a7d454ae1c11ee00ee Mon Sep 17 00:00:00 2001
From: Darshan Varasani <dvarasani@splunk.com>
Date: Tue, 13 Aug 2024 18:16:31 +0530
Subject: [PATCH 7/7] chore: fix linting

---
 .../test_fields_tests/test_test_generator.py  | 74 +++++++++----------
 .../test_sample_stanza.py                     | 18 +++--
 2 files changed, 47 insertions(+), 45 deletions(-)

diff --git a/tests/unit/tests_standard_lib/test_fields_tests/test_test_generator.py b/tests/unit/tests_standard_lib/test_fields_tests/test_test_generator.py
index 8d1290411..e57daefa5 100644
--- a/tests/unit/tests_standard_lib/test_fields_tests/test_test_generator.py
+++ b/tests/unit/tests_standard_lib/test_fields_tests/test_test_generator.py
@@ -4,9 +4,7 @@
     FieldTestGenerator,
 )
 from pytest_splunk_addon.sample_generation.sample_event import SampleEvent
-from pytest_splunk_addon.utilities import (
-    xml_event_parser
-)
+from pytest_splunk_addon.utilities import xml_event_parser
 
 
 def field_1():
@@ -423,7 +421,7 @@ def test_generate_field_tests(
                     metadata={
                         "input_type": "modinput",
                         "sourcetype_to_search": "dummy_sourcetype",
-                        "host": "dummy_host"
+                        "host": "dummy_host",
                     },
                     sample_name="file1.xml",
                     requirement_test_data={
@@ -437,26 +435,26 @@ def test_generate_field_tests(
                         "exceptions": {"mane_1": "value_1", "dest": "192.168.0.1"},
                         "other_fields": {
                             "vendor_product": "Pytest Splunk Addon",
-                            "target_users": "dummy.user@splunk.com"
-                        }
-                    }
+                            "target_users": "dummy.user@splunk.com",
+                        },
+                    },
                 ),
                 SampleEvent(
                     event_string="escaped_event",
                     metadata={
                         "input_type": "syslog_tcp",
                         "sourcetype_to_search": "dummy_sourcetype",
-                        "host": "dummy_host_syslog"
+                        "host": "dummy_host_syslog",
                     },
                     sample_name="file1.xml",
-                    requirement_test_data={}
+                    requirement_test_data={},
                 ),
                 SampleEvent(
                     event_string="escaped_event",
                     metadata={
                         "input_type": "syslog_tcp",
                         "sourcetype_to_search": "dummy_sourcetype",
-                        "host": "dummy_host_syslog"
+                        "host": "dummy_host_syslog",
                     },
                     sample_name="file1.xml",
                     requirement_test_data={
@@ -467,10 +465,10 @@ def test_generate_field_tests(
                         "exceptions": {},
                         "other_fields": {
                             "vendor_product": "Pytest Splunk Addon",
-                            "target_users": "dummy.user@splunk.com"
-                        }
-                    }
-                )
+                            "target_users": "dummy.user@splunk.com",
+                        },
+                    },
+                ),
             ],
             [
                 (
@@ -482,13 +480,11 @@ def test_generate_field_tests(
                             "src": "192.168.0.1",
                             "type": "event",
                             "vendor_product": "Pytest Splunk Addon",
-                            "target_users": "dummy.user@splunk.com"
-                        },
-                        "modinput_params": {
-                            "sourcetype": "dummy_sourcetype"
+                            "target_users": "dummy.user@splunk.com",
                         },
+                        "modinput_params": {"sourcetype": "dummy_sourcetype"},
                     },
-                    "sample_name::file1.xml::host::dummy_host"
+                    "sample_name::file1.xml::host::dummy_host",
                 ),
                 (
                     {
@@ -497,14 +493,12 @@ def test_generate_field_tests(
                             "src": "192.168.0.1",
                             "type": "event",
                             "vendor_product": "Pytest Splunk Addon",
-                            "target_users": "dummy.user@splunk.com"
-                        },
-                        "modinput_params": {
-                            "sourcetype": "dummy_sourcetype"
+                            "target_users": "dummy.user@splunk.com",
                         },
+                        "modinput_params": {"sourcetype": "dummy_sourcetype"},
                     },
-                    "sample_name::file1.xml::host::dummy_host_syslog"
-                )
+                    "sample_name::file1.xml::host::dummy_host_syslog",
+                ),
             ],
         ),
     ],
@@ -514,7 +508,9 @@ def test_generate_requirement_tests(tokenised_events, expected_output):
         xml_event_parser, "strip_syslog_header", return_value="escaped_event"
     ), patch.object(
         xml_event_parser, "escape_char_event", return_value="escaped_event"
-    ), patch.object(pytest, "param", side_effect=lambda x, id: (x, id)) as param_mock:
+    ), patch.object(
+        pytest, "param", side_effect=lambda x, id: (x, id)
+    ) as param_mock:
         out = list(
             FieldTestGenerator(
                 "app_path",
@@ -536,35 +532,33 @@ def test_generate_requirement_tests(tokenised_events, expected_output):
                     metadata={
                         "input_type": "modinput",
                         "sourcetype_to_search": "dummy_sourcetype",
-                        "host": "dummy_host"
+                        "host": "dummy_host",
                     },
                     sample_name="file1.xml",
-                    requirement_test_data={
-                        "datamodels": {"model": "Alerts"}
-                    }
+                    requirement_test_data={"datamodels": {"model": "Alerts"}},
                 ),
                 SampleEvent(
                     event_string="escaped_event",
                     metadata={
                         "input_type": "syslog_tcp",
                         "sourcetype_to_search": "dummy_sourcetype",
-                        "host": "dummy_host_syslog"
+                        "host": "dummy_host_syslog",
                     },
                     sample_name="file1.xml",
-                    requirement_test_data={}
+                    requirement_test_data={},
                 ),
                 SampleEvent(
                     event_string="escaped_event",
                     metadata={
                         "input_type": "syslog_tcp",
                         "sourcetype_to_search": "dummy_sourcetype",
-                        "host": "dummy_host_syslog"
+                        "host": "dummy_host_syslog",
                     },
                     sample_name="file1.xml",
                     requirement_test_data={
                         "datamodels": {"model": ["Change", "Account Management"]}
-                    }
-                )
+                    },
+                ),
             ],
             [
                 (
@@ -572,15 +566,15 @@ def test_generate_requirement_tests(tokenised_events, expected_output):
                         "datamodels": ["Alerts"],
                         "stanza": "escaped_event",
                     },
-                    "Alerts::sample_name::file1.xml::host::dummy_host"
+                    "Alerts::sample_name::file1.xml::host::dummy_host",
                 ),
                 (
                     {
                         "datamodels": ["Change", "Account_Management"],
                         "stanza": "escaped_event",
                     },
-                    "Change-Account_Management::sample_name::file1.xml::host::dummy_host_syslog"
-                )
+                    "Change-Account_Management::sample_name::file1.xml::host::dummy_host_syslog",
+                ),
             ],
         ),
     ],
@@ -590,7 +584,9 @@ def test_generate_requirement_datamodel_tests(tokenised_events, expected_output)
         xml_event_parser, "strip_syslog_header", return_value="escaped_event"
     ), patch.object(
         xml_event_parser, "escape_char_event", return_value="escaped_event"
-    ), patch.object(pytest, "param", side_effect=lambda x, id: (x, id)) as param_mock:
+    ), patch.object(
+        pytest, "param", side_effect=lambda x, id: (x, id)
+    ) as param_mock:
         out = list(
             FieldTestGenerator(
                 "app_path",
diff --git a/tests/unit/tests_standard_lib/tests_sample_generation/test_sample_stanza.py b/tests/unit/tests_standard_lib/tests_sample_generation/test_sample_stanza.py
index 84f6e6244..92da36e37 100644
--- a/tests/unit/tests_standard_lib/tests_sample_generation/test_sample_stanza.py
+++ b/tests/unit/tests_standard_lib/tests_sample_generation/test_sample_stanza.py
@@ -379,10 +379,16 @@ def test_break_events_exception(self, sample_stanza, caplog):
                     },
                     "other_mappings": {
                         "field": [
-                            {"@name": "vendor_product", "@value": "Pytest Splunk Addon"},
-                            {"@name": "target_users", "@value": "dummy.user@splunk.com"},
+                            {
+                                "@name": "vendor_product",
+                                "@value": "Pytest Splunk Addon",
+                            },
+                            {
+                                "@name": "target_users",
+                                "@value": "dummy.user@splunk.com",
+                            },
                         ]
-                    }
+                    },
                 },
                 {
                     "cim_version": "4.20.2",
@@ -398,8 +404,8 @@ def test_break_events_exception(self, sample_stanza, caplog):
                     "missing_recommended_fields": ["app", "id", "user", "user_name"],
                     "other_fields": {
                         "vendor_product": "Pytest Splunk Addon",
-                        "target_users": "dummy.user@splunk.com"
-                    }
+                        "target_users": "dummy.user@splunk.com",
+                    },
                 },
             ),
         ],
@@ -408,7 +414,7 @@ def test_break_events_exception(self, sample_stanza, caplog):
             "event-no-cim",
             "event-full-cim",
             "event-with-exceptions",
-            "event-with-other-mappings"
+            "event-with-other-mappings",
         ],
     )
     def test_populate_requirement_test_data(self, sample_stanza, event, expected):