Documentation
¶
Index ¶
- Constants
- Variables
- func ExecuteParsedTemplate(ruleID string, tplName string, parsedTpl libtemplate.ParsedTemplate, ...) (string, error)
- func ResolveIntervals(ef *Rule, rrule *rrule.RRule, now time.Time, location *time.Location)
- type Action
- type ActionProcessor
- type Container
- type EventCounter
- type ExternalDataContainer
- type ExternalDataGetter
- type ExternalDataParameters
- type Failure
- type FailureService
- type ParsedAction
- type ParsedExternalDataParameters
- type ParsedRule
- type ParsedRuleConfig
- type RegexMatch
- type Rule
- type RuleAdapter
- type RuleApplicator
- func NewBreakApplicator() RuleApplicator
- func NewChangeEntityApplicator(externalDataContainer *ExternalDataContainer, failureService FailureService, ...) RuleApplicator
- func NewDropApplicator() RuleApplicator
- func NewEnrichmentApplicator(externalDataContainer *ExternalDataContainer, processor ActionProcessor, ...) RuleApplicator
- type RuleApplicatorContainer
- type RuleChangesWatcher
- type RuleConfig
- type Service
- type Template
Constants ¶
View Source
const ( FailureTypeInvalidPattern = iota FailureTypeInvalidTemplate FailureTypeExternalDataMongo FailureTypeExternalDataApi FailureTypeOther )
View Source
const ( OutcomePass = "pass" OutcomeDrop = "drop" OutcomeBreak = "break" )
outcome constant values
View Source
const ( RuleTypeChangeEntity = "change_entity" RuleTypeBreak = "break" RuleTypeDrop = "drop" RuleTypeEnrichment = "enrichment" )
View Source
const ( ActionSetField = "set_field" // ActionSetFieldFromTemplate is a type of action that sets a string field of an // event using a template. ActionSetFieldFromTemplate = "set_field_from_template" // ActionSetEntityInfoFromTemplate is a type of action that sets an information // of an entity using a template. ActionSetEntityInfoFromTemplate = "set_entity_info_from_template" // ActionSetEntityInfo is a type of action that sets an information // of an entity using a constant. ActionSetEntityInfo = "set_entity_info" // ActionCopyToEntityInfo is a type of action that copies a value from a field to // an information of an entity. ActionCopyToEntityInfo = "copy_to_entity_info" // ActionCopy is a type of action that copies a value from a field to another. ActionCopy = "copy" // ActionSetTags is a type of action that sets tags of an event using a regex from // selected field. ActionSetTags = "set_tags" // ActionSetTagsFromTemplate is a type of action that sets tags of an event // using a regex applied to template result. ActionSetTagsFromTemplate = "set_tags_from_template" )
Variables ¶
View Source
var ErrDropOutcome = errors.New("drop event")
View Source
var ErrShouldBeAString = fmt.Errorf("value should be a string")
Functions ¶
func ExecuteParsedTemplate ¶
func ExecuteParsedTemplate( ruleID string, tplName string, parsedTpl libtemplate.ParsedTemplate, tplData any, event *types.Event, failureService FailureService, templateExecutor libtemplate.Executor, ) (string, error)
Types ¶
type ActionProcessor ¶
type ActionProcessor interface {
Process(ctx context.Context, ruleID string, action ParsedAction, event *types.Event, regexMatch RegexMatch, externalData map[string]interface{}) (bool, error)
}
func NewActionProcessor ¶
func NewActionProcessor( configProvider config.AlarmConfigProvider, failureService FailureService, templateExecutor template.Executor, sender techmetrics.Sender, ) ActionProcessor
type Container ¶
type Container struct {
// contains filtered or unexported fields
}
func NewRuleApplicatorContainer ¶
func NewRuleApplicatorContainer() *Container
func (*Container) Set ¶
func (c *Container) Set(ruleType string, service RuleApplicator)
type EventCounter ¶
type EventCounter interface {
Run(ctx context.Context)
Add(id string, lastUpdated datetime.CpsTime)
}
func NewEventCounter ¶
type ExternalDataContainer ¶
type ExternalDataContainer struct {
// contains filtered or unexported fields
}
func NewExternalDataGetterContainer ¶
func NewExternalDataGetterContainer() *ExternalDataContainer
func (*ExternalDataContainer) Get ¶
func (c *ExternalDataContainer) Get(dataType string) (ExternalDataGetter, bool)
func (*ExternalDataContainer) Has ¶
func (c *ExternalDataContainer) Has(dataType string) bool
func (*ExternalDataContainer) Set ¶
func (c *ExternalDataContainer) Set(dataType string, service ExternalDataGetter)
type ExternalDataGetter ¶
type ExternalDataParameters ¶
type ExternalDataParameters struct {
Type string `json:"type" bson:"type"`
// are used in mongo external data
Collection string `json:"collection,omitempty" bson:"collection,omitempty"`
Select map[string]string `json:"select,omitempty" bson:"select,omitempty"`
Regexp map[string]string `json:"regexp,omitempty" bson:"regexp,omitempty"`
SortBy string `json:"sort_by,omitempty" bson:"sort_by,omitempty"`
Sort string `json:"sort,omitempty" bson:"sort,omitempty" binding:"oneoforempty=asc desc"`
// are used in api external data
RequestParameters *request.Parameters `bson:"request,omitempty" json:"request,omitempty"`
}
type Failure ¶
type Failure struct {
ID string `bson:"_id" json:"_id"`
Rule string `bson:"rule" json:"rule"`
Type int64 `bson:"type" json:"type"`
Timestamp datetime.CpsTime `bson:"t" json:"t"`
Message string `bson:"message" json:"message"`
Event *types.Event `bson:"event,omitempty" json:"event"`
Unread bool `bson:"unread,omitempty" json:"unread"`
}
type FailureService ¶
type FailureService interface {
Run(ctx context.Context)
Add(ruleID string, failureType int64, message string, event *types.Event)
}
func NewFailureService ¶
type ParsedAction ¶
type ParsedAction struct {
Index int
Type string
Name string
Description string
Value any
ParsedValue libtemplate.ParsedTemplate
}
type ParsedExternalDataParameters ¶
type ParsedExternalDataParameters struct {
Type string
Collection string
Select map[string]libtemplate.ParsedTemplate
Regexp map[string]libtemplate.ParsedTemplate
SortBy string
Sort string
RequestParameters *request.ParsedParameters
}
type ParsedRule ¶
type ParsedRule struct {
ID string
Type string
Config ParsedRuleConfig
ExternalData map[string]ParsedExternalDataParameters
Created *datetime.CpsTime
Updated *datetime.CpsTime
EventPattern pattern.Event
savedpattern.EntityPatternFields
ResolvedStart *datetime.CpsTime
ResolvedStop *datetime.CpsTime
NextResolvedStart *datetime.CpsTime
NextResolvedStop *datetime.CpsTime
ResolvedExdates []types.Exdate
}
func ParseRule ¶
func ParseRule(rule Rule, tplExecutor libtemplate.Executor) ParsedRule
type ParsedRuleConfig ¶
type ParsedRuleConfig struct {
Resource libtemplate.ParsedTemplate
Component libtemplate.ParsedTemplate
Connector libtemplate.ParsedTemplate
ConnectorName libtemplate.ParsedTemplate
Actions []ParsedAction
OnSuccess string
OnFailure string
}
type RegexMatch ¶
type RegexMatch struct {
match.EventRegexMatches
Entity match.EntityRegexMatches
}
type Rule ¶
type Rule struct {
ID string `bson:"_id" json:"_id" binding:"id"`
Author string `bson:"author" json:"author" swaggerignore:"true"`
Description string `bson:"description" json:"description" binding:"required,max=255"`
Type string `bson:"type" json:"type" binding:"required,oneof=break drop enrichment change_entity"`
Priority int64 `bson:"priority" json:"priority"`
Enabled bool `bson:"enabled" json:"enabled"`
Config RuleConfig `bson:"config" json:"config"`
ExternalData map[string]ExternalDataParameters `bson:"external_data" json:"external_data,omitempty"`
Created *datetime.CpsTime `bson:"created,omitempty" json:"created,omitempty" swaggertype:"integer"`
Updated *datetime.CpsTime `bson:"updated,omitempty" json:"updated,omitempty" swaggertype:"integer"`
EventsCount int64 `bson:"events_count,omitempty" json:"events_count,omitempty"`
EventPattern pattern.Event `json:"event_pattern" bson:"event_pattern"`
savedpattern.EntityPatternFields `bson:",inline"`
RRule string `json:"rrule" bson:"rrule"`
Start *datetime.CpsTime `json:"start,omitempty" bson:"start,omitempty"`
Stop *datetime.CpsTime `json:"stop,omitempty" bson:"stop,omitempty"`
//ResolvedStart and ResolvedStop shows the current or the next time interval, where eventfilter rule is enabled
ResolvedStart *datetime.CpsTime `json:"-" bson:"resolved_start,omitempty"`
ResolvedStop *datetime.CpsTime `json:"-" bson:"resolved_stop,omitempty"`
//NextResolvedStart and NextResolvedStop shows the next time interval after the one which is defined by ResolvedStart and ResolvedStop
NextResolvedStart *datetime.CpsTime `json:"-" bson:"next_resolved_start,omitempty"`
NextResolvedStop *datetime.CpsTime `json:"-" bson:"next_resolved_stop,omitempty"`
Exdates []types.Exdate `json:"exdates" bson:"exdates"`
Exceptions []string `json:"exceptions" bson:"exceptions"`
// ResolvedExdates shows exdates if their interval intersects with [now(); now() + 2 che periodical processes] interval
ResolvedExdates []types.Exdate `json:"-" bson:"resolved_exdates"`
}
type RuleAdapter ¶
type RuleAdapter interface {
GetAll(context.Context) ([]Rule, error)
GetByTypes(context.Context, []string) ([]Rule, error)
}
func NewRuleAdapter ¶
func NewRuleAdapter(dbClient mongo.DbClient) RuleAdapter
type RuleApplicator ¶
type RuleApplicator interface {
// Apply eventfilter rule, the first return value(string) should be one of the outcome constant values
Apply(context.Context, ParsedRule, *types.Event, RegexMatch) (string, bool, error)
}
func NewBreakApplicator ¶
func NewBreakApplicator() RuleApplicator
func NewChangeEntityApplicator ¶
func NewChangeEntityApplicator( externalDataContainer *ExternalDataContainer, failureService FailureService, templateExecutor template.Executor, ) RuleApplicator
func NewDropApplicator ¶
func NewDropApplicator() RuleApplicator
func NewEnrichmentApplicator ¶
func NewEnrichmentApplicator( externalDataContainer *ExternalDataContainer, processor ActionProcessor, failureService FailureService, ) RuleApplicator
type RuleApplicatorContainer ¶
type RuleApplicatorContainer interface {
Get(string) (RuleApplicator, bool)
Set(string, RuleApplicator)
}
type RuleChangesWatcher ¶
func NewRulesChangesWatcher ¶
func NewRulesChangesWatcher(client mongo.DbClient, service Service) RuleChangesWatcher
type RuleConfig ¶
type RuleConfig struct {
Resource string `bson:"resource,omitempty" json:"resource,omitempty"`
Component string `bson:"component,omitempty" json:"component,omitempty"`
Connector string `bson:"connector,omitempty" json:"connector,omitempty"`
ConnectorName string `bson:"connector_name,omitempty" json:"connector_name,omitempty"`
// enrichment fields
Actions []Action `bson:"actions,omitempty" json:"actions,omitempty" binding:"dive,required_if=Type enrichment"`
OnSuccess string `bson:"on_success,omitempty" json:"on_success,omitempty"`
OnFailure string `bson:"on_failure,omitempty" json:"on_failure,omitempty"`
}
type Service ¶
type Service interface {
ProcessEvent(context.Context, *types.Event) (bool, error)
LoadRules(context.Context, []string) error
}
func NewRuleService ¶
func NewRuleService( ruleAdapter RuleAdapter, container RuleApplicatorContainer, eventCounter EventCounter, failureService FailureService, templateExecutor template.Executor, logger zerolog.Logger, ) Service
Source Files
¶
Click to show internal directories.
Click to hide internal directories.