requires: document per-check requires with a test conversion

diff --git a/README.md b/README.md
index d738c44e60135df59a24a4d6e64b599acb7ccde8..e038603334def12882e4b8b4d9536a515ee3810a 100644 (file)
--- a/README.md
+++ b/README.md
@@ -101,8 +101,12 @@ checks:
   # A verification filter that is run over the eve.json. Multiple
   # filters may exist and all must pass for the test to pass.
   - filter:
-      # Additional feature needed to run this specific filter
-      feature: HTTP2_DECOMPRESSION
+
+      # Requires that apply just to this check. Has all the same options
+      # as the test level requires above.
+      requires:
+        features:
+          - HTTP2_DECOMPRESSION
 
       # The number of records this filter should match.
       count: 1

diff --git a/tests/http2-bugfixes/test.yaml b/tests/http2-bugfixes/test.yaml
index 85602dcc15ff6a2ff682d7d85f1d223e404beb04..8e1ccd9fbcc51c03f294e6a1fe626806e0dcacc7 100644 (file)
--- a/tests/http2-bugfixes/test.yaml
+++ b/tests/http2-bugfixes/test.yaml
@@ -16,14 +16,16 @@ checks:
         event_type: anomaly
 # check gzip decompresser
   - filter:
-      feature: HTTP2_DECOMPRESSION
+      requires:
+        features: [HTTP2_DECOMPRESSION]
       count: 1
       match:
         event_type: fileinfo
         fileinfo.size: 639
 # check brotli decompresser
   - filter:
-      feature: HTTP2_DECOMPRESSION
+      requires:
+        features: [HTTP2_DECOMPRESSION]
       count: 1
       match:
         event_type: fileinfo