Documentation ¶
Index ¶
- Constants
- Variables
- func ExecuteParsedTemplate(ruleID string, tplName string, parsedTpl libtemplate.ParsedTemplate, ...) (string, error)
- func ResolveIntervals(ef *Rule, rrule *rrule.RRule, now time.Time, location *time.Location)
- type Action
- type ActionProcessor
- type Container
- type EventCounter
- type ExternalDataContainer
- type ExternalDataGetter
- type ExternalDataParameters
- type Failure
- type FailureService
- type ParsedAction
- type ParsedExternalDataParameters
- type ParsedRule
- type ParsedRuleConfig
- type RegexMatch
- type Rule
- type RuleAdapter
- type RuleApplicator
- func NewBreakApplicator() RuleApplicator
- func NewChangeEntityApplicator(externalDataContainer *ExternalDataContainer, failureService FailureService, ...) RuleApplicator
- func NewDropApplicator() RuleApplicator
- func NewEnrichmentApplicator(externalDataContainer *ExternalDataContainer, processor ActionProcessor, ...) RuleApplicator
- type RuleApplicatorContainer
- type RuleChangesWatcher
- type RuleConfig
- type Service
- type Template
Constants ¶
View Source
const ( FailureTypeInvalidPattern = iota FailureTypeInvalidTemplate FailureTypeExternalDataMongo FailureTypeExternalDataApi FailureTypeOther )
View Source
const ( OutcomePass = "pass" OutcomeDrop = "drop" OutcomeBreak = "break" )
outcome constant values
View Source
const ( RuleTypeChangeEntity = "change_entity" RuleTypeBreak = "break" RuleTypeDrop = "drop" RuleTypeEnrichment = "enrichment" )
View Source
const ( ActionSetField = "set_field" // ActionSetFieldFromTemplate is a type of action that sets a string field of an // event using a template. ActionSetFieldFromTemplate = "set_field_from_template" // ActionSetEntityInfoFromTemplate is a type of action that sets an information // of an entity using a template. ActionSetEntityInfoFromTemplate = "set_entity_info_from_template" // ActionSetEntityInfo is a type of action that sets an information // of an entity using a constant. ActionSetEntityInfo = "set_entity_info" // ActionCopyToEntityInfo is a type of action that copies a value from a field to // an information of an entity. ActionCopyToEntityInfo = "copy_to_entity_info" // ActionCopy is a type of action that copies a value from a field to another. ActionCopy = "copy" // ActionSetTags is a type of action that sets tags of an event using a regex from // selected field. ActionSetTags = "set_tags" // ActionSetTagsFromTemplate is a type of action that sets tags of an event // using a regex applied to template result. ActionSetTagsFromTemplate = "set_tags_from_template" )
Variables ¶
View Source
var ErrDropOutcome = errors.New("drop event")
View Source
var ErrShouldBeAString = fmt.Errorf("value should be a string")
Functions ¶
func ExecuteParsedTemplate ¶
func ExecuteParsedTemplate( ruleID string, tplName string, parsedTpl libtemplate.ParsedTemplate, tplData any, event *types.Event, failureService FailureService, templateExecutor libtemplate.Executor, ) (string, error)
Types ¶
type ActionProcessor ¶
type ActionProcessor interface {
Process(ctx context.Context, ruleID string, action ParsedAction, event *types.Event, regexMatch RegexMatch, externalData map[string]interface{}) (bool, error)
}
func NewActionProcessor ¶
func NewActionProcessor( configProvider config.AlarmConfigProvider, failureService FailureService, templateExecutor template.Executor, sender techmetrics.Sender, ) ActionProcessor
type Container ¶
type Container struct {
// contains filtered or unexported fields
}
func NewRuleApplicatorContainer ¶
func NewRuleApplicatorContainer() *Container
func (*Container) Set ¶
func (c *Container) Set(ruleType string, service RuleApplicator)
type EventCounter ¶
type EventCounter interface { Run(ctx context.Context) Add(id string, lastUpdated datetime.CpsTime) }
func NewEventCounter ¶
type ExternalDataContainer ¶
type ExternalDataContainer struct {
// contains filtered or unexported fields
}
func NewExternalDataGetterContainer ¶
func NewExternalDataGetterContainer() *ExternalDataContainer
func (*ExternalDataContainer) Get ¶
func (c *ExternalDataContainer) Get(dataType string) (ExternalDataGetter, bool)
func (*ExternalDataContainer) Has ¶
func (c *ExternalDataContainer) Has(dataType string) bool
func (*ExternalDataContainer) Set ¶
func (c *ExternalDataContainer) Set(dataType string, service ExternalDataGetter)
type ExternalDataGetter ¶
type ExternalDataParameters ¶
type ExternalDataParameters struct { Type string `json:"type" bson:"type"` // are used in mongo external data Collection string `json:"collection,omitempty" bson:"collection,omitempty"` Select map[string]string `json:"select,omitempty" bson:"select,omitempty"` Regexp map[string]string `json:"regexp,omitempty" bson:"regexp,omitempty"` SortBy string `json:"sort_by,omitempty" bson:"sort_by,omitempty"` Sort string `json:"sort,omitempty" bson:"sort,omitempty" binding:"oneoforempty=asc desc"` // are used in api external data RequestParameters *request.Parameters `bson:"request,omitempty" json:"request,omitempty"` }
type Failure ¶
type Failure struct { ID string `bson:"_id" json:"_id"` Rule string `bson:"rule" json:"rule"` Type int64 `bson:"type" json:"type"` Timestamp datetime.CpsTime `bson:"t" json:"t"` Message string `bson:"message" json:"message"` Event *types.Event `bson:"event,omitempty" json:"event"` Unread bool `bson:"unread,omitempty" json:"unread"` }
type FailureService ¶
type FailureService interface { Run(ctx context.Context) Add(ruleID string, failureType int64, message string, event *types.Event) }
func NewFailureService ¶
type ParsedAction ¶
type ParsedAction struct { Index int Type string Name string Description string Value any ParsedValue libtemplate.ParsedTemplate }
type ParsedExternalDataParameters ¶
type ParsedExternalDataParameters struct { Type string Collection string Select map[string]libtemplate.ParsedTemplate Regexp map[string]libtemplate.ParsedTemplate SortBy string Sort string RequestParameters *request.ParsedParameters }
type ParsedRule ¶
type ParsedRule struct { ID string Type string Config ParsedRuleConfig ExternalData map[string]ParsedExternalDataParameters Created *datetime.CpsTime Updated *datetime.CpsTime EventPattern pattern.Event savedpattern.EntityPatternFields ResolvedStart *datetime.CpsTime ResolvedStop *datetime.CpsTime NextResolvedStart *datetime.CpsTime NextResolvedStop *datetime.CpsTime ResolvedExdates []types.Exdate }
func ParseRule ¶
func ParseRule(rule Rule, tplExecutor libtemplate.Executor) ParsedRule
type ParsedRuleConfig ¶
type ParsedRuleConfig struct { Resource libtemplate.ParsedTemplate Component libtemplate.ParsedTemplate Connector libtemplate.ParsedTemplate ConnectorName libtemplate.ParsedTemplate Actions []ParsedAction OnSuccess string OnFailure string }
type RegexMatch ¶
type RegexMatch struct { match.EventRegexMatches Entity match.EntityRegexMatches }
type Rule ¶
type Rule struct { ID string `bson:"_id" json:"_id" binding:"id"` Author string `bson:"author" json:"author" swaggerignore:"true"` Description string `bson:"description" json:"description" binding:"required,max=255"` Type string `bson:"type" json:"type" binding:"required,oneof=break drop enrichment change_entity"` Priority int64 `bson:"priority" json:"priority"` Enabled bool `bson:"enabled" json:"enabled"` Config RuleConfig `bson:"config" json:"config"` ExternalData map[string]ExternalDataParameters `bson:"external_data" json:"external_data,omitempty"` Created *datetime.CpsTime `bson:"created,omitempty" json:"created,omitempty" swaggertype:"integer"` Updated *datetime.CpsTime `bson:"updated,omitempty" json:"updated,omitempty" swaggertype:"integer"` EventsCount int64 `bson:"events_count,omitempty" json:"events_count,omitempty"` EventPattern pattern.Event `json:"event_pattern" bson:"event_pattern"` savedpattern.EntityPatternFields `bson:",inline"` RRule string `json:"rrule" bson:"rrule"` Start *datetime.CpsTime `json:"start,omitempty" bson:"start,omitempty"` Stop *datetime.CpsTime `json:"stop,omitempty" bson:"stop,omitempty"` //ResolvedStart and ResolvedStop shows the current or the next time interval, where eventfilter rule is enabled ResolvedStart *datetime.CpsTime `json:"-" bson:"resolved_start,omitempty"` ResolvedStop *datetime.CpsTime `json:"-" bson:"resolved_stop,omitempty"` //NextResolvedStart and NextResolvedStop shows the next time interval after the one which is defined by ResolvedStart and ResolvedStop NextResolvedStart *datetime.CpsTime `json:"-" bson:"next_resolved_start,omitempty"` NextResolvedStop *datetime.CpsTime `json:"-" bson:"next_resolved_stop,omitempty"` Exdates []types.Exdate `json:"exdates" bson:"exdates"` Exceptions []string `json:"exceptions" bson:"exceptions"` // ResolvedExdates shows exdates if their interval intersects with [now(); now() + 2 che periodical processes] interval ResolvedExdates []types.Exdate `json:"-" bson:"resolved_exdates"` }
type RuleAdapter ¶
type RuleAdapter interface { GetAll(context.Context) ([]Rule, error) GetByTypes(context.Context, []string) ([]Rule, error) }
func NewRuleAdapter ¶
func NewRuleAdapter(dbClient mongo.DbClient) RuleAdapter
type RuleApplicator ¶
type RuleApplicator interface { // Apply eventfilter rule, the first return value(string) should be one of the outcome constant values Apply(context.Context, ParsedRule, *types.Event, RegexMatch) (string, bool, error) }
func NewBreakApplicator ¶
func NewBreakApplicator() RuleApplicator
func NewChangeEntityApplicator ¶
func NewChangeEntityApplicator( externalDataContainer *ExternalDataContainer, failureService FailureService, templateExecutor template.Executor, ) RuleApplicator
func NewDropApplicator ¶
func NewDropApplicator() RuleApplicator
func NewEnrichmentApplicator ¶
func NewEnrichmentApplicator( externalDataContainer *ExternalDataContainer, processor ActionProcessor, failureService FailureService, ) RuleApplicator
type RuleApplicatorContainer ¶
type RuleApplicatorContainer interface { Get(string) (RuleApplicator, bool) Set(string, RuleApplicator) }
type RuleChangesWatcher ¶
func NewRulesChangesWatcher ¶
func NewRulesChangesWatcher(client mongo.DbClient, service Service) RuleChangesWatcher
type RuleConfig ¶
type RuleConfig struct { Resource string `bson:"resource,omitempty" json:"resource,omitempty"` Component string `bson:"component,omitempty" json:"component,omitempty"` Connector string `bson:"connector,omitempty" json:"connector,omitempty"` ConnectorName string `bson:"connector_name,omitempty" json:"connector_name,omitempty"` // enrichment fields Actions []Action `bson:"actions,omitempty" json:"actions,omitempty" binding:"dive,required_if=Type enrichment"` OnSuccess string `bson:"on_success,omitempty" json:"on_success,omitempty"` OnFailure string `bson:"on_failure,omitempty" json:"on_failure,omitempty"` }
type Service ¶
type Service interface { ProcessEvent(context.Context, *types.Event) (bool, error) LoadRules(context.Context, []string) error }
func NewRuleService ¶
func NewRuleService( ruleAdapter RuleAdapter, container RuleApplicatorContainer, eventCounter EventCounter, failureService FailureService, templateExecutor template.Executor, logger zerolog.Logger, ) Service
Source Files ¶
Click to show internal directories.
Click to hide internal directories.