From b5392b97c0bcf2356ef3ec4126c1eb47d6c42111 Mon Sep 17 00:00:00 2001 From: wanjunlei Date: Tue, 28 Jul 2020 12:08:49 +0800 Subject: [PATCH] add ns and ws query parameter to es query body Signed-off-by: wanjunlei --- pkg/models/auditing/events.go | 36 ++++++++++--------- pkg/models/tenant/tenant.go | 2 +- .../auditing/elasticsearch/elasticsearch.go | 34 ++++++++++++++++-- pkg/simple/client/auditing/interface.go | 36 ++++++++++--------- 4 files changed, 73 insertions(+), 35 deletions(-) diff --git a/pkg/models/auditing/events.go b/pkg/models/auditing/events.go index 36530e763..fe21ed682 100644 --- a/pkg/models/auditing/events.go +++ b/pkg/models/auditing/events.go @@ -38,19 +38,23 @@ func NewEventsOperator(client auditing.Client) Interface { func (eo *eventsOperator) Events(queryParam *v1alpha1.Query, MutateFilterFunc func(*auditing.Filter)) (*v1alpha1.APIResponse, error) { filter := &auditing.Filter{ - ObjectRefNames: stringutils.Split(queryParam.ObjectRefNameFilter, ","), - ObjectRefNameFuzzy: stringutils.Split(queryParam.ObjectRefNameSearch, ","), - Levels: stringutils.Split(queryParam.LevelFilter, ","), - Verbs: stringutils.Split(queryParam.VerbFilter, ","), - Users: stringutils.Split(queryParam.UserFilter, ","), - UserFuzzy: stringutils.Split(queryParam.UserSearch, ","), - GroupFuzzy: stringutils.Split(queryParam.GroupSearch, ","), - SourceIpFuzzy: stringutils.Split(queryParam.SourceIpSearch, ","), - ObjectRefResources: stringutils.Split(queryParam.ObjectRefResourceFilter, ","), - ObjectRefSubresources: stringutils.Split(queryParam.ObjectRefSubresourceFilter, ","), - ResponseStatus: stringutils.Split(queryParam.ResponseStatusFilter, ","), - StartTime: queryParam.StartTime, - EndTime: queryParam.EndTime, + ObjectRefNamespaces: stringutils.Split(queryParam.ObjectRefNamespaceFilter, ","), + ObjectRefNamespaceFuzzy: stringutils.Split(queryParam.ObjectRefNamespaceSearch, ","), + Workspaces: stringutils.Split(queryParam.WorkspaceFilter, ","), + WorkspaceFuzzy: stringutils.Split(queryParam.WorkspaceSearch, ","), + ObjectRefNames: stringutils.Split(queryParam.ObjectRefNameFilter, ","), + ObjectRefNameFuzzy: stringutils.Split(queryParam.ObjectRefNameSearch, ","), + Levels: stringutils.Split(queryParam.LevelFilter, ","), + Verbs: stringutils.Split(queryParam.VerbFilter, ","), + Users: stringutils.Split(queryParam.UserFilter, ","), + UserFuzzy: stringutils.Split(queryParam.UserSearch, ","), + GroupFuzzy: stringutils.Split(queryParam.GroupSearch, ","), + SourceIpFuzzy: stringutils.Split(queryParam.SourceIpSearch, ","), + ObjectRefResources: stringutils.Split(queryParam.ObjectRefResourceFilter, ","), + ObjectRefSubresources: stringutils.Split(queryParam.ObjectRefSubresourceFilter, ","), + ResponseStatus: stringutils.Split(queryParam.ResponseStatusFilter, ","), + StartTime: queryParam.StartTime, + EndTime: queryParam.EndTime, } if MutateFilterFunc != nil { MutateFilterFunc(filter) @@ -70,19 +74,19 @@ func (eo *eventsOperator) Events(queryParam *v1alpha1.Query, var err error switch queryParam.Operation { case "histogram": - if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.ObjectRefWorkspaceMap) == 0 { + if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.WorkspaceMap) == 0 { ar.Histogram = &auditing.Histogram{} } else { ar.Histogram, err = eo.client.CountOverTime(filter, queryParam.Interval) } case "statistics": - if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.ObjectRefWorkspaceMap) == 0 { + if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.WorkspaceMap) == 0 { ar.Statistics = &auditing.Statistics{} } else { ar.Statistics, err = eo.client.StatisticsOnResources(filter) } default: - if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.ObjectRefWorkspaceMap) == 0 { + if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.WorkspaceMap) == 0 { ar.Events = &auditing.Events{} } else { ar.Events, err = eo.client.SearchAuditingEvent(filter, queryParam.From, queryParam.Size, queryParam.Sort) diff --git a/pkg/models/tenant/tenant.go b/pkg/models/tenant/tenant.go index 9608de1b1..c7a9fd814 100644 --- a/pkg/models/tenant/tenant.go +++ b/pkg/models/tenant/tenant.go @@ -922,7 +922,7 @@ func (t *tenantOperator) Auditing(user user.Info, queryParam *auditingv1alpha1.Q return t.auditing.Events(queryParam, func(filter *auditingclient.Filter) { filter.ObjectRefNamespaceMap = namespaceCreateTimeMap - filter.ObjectRefWorkspaceMap = workspaceCreateTimeMap + filter.WorkspaceMap = workspaceCreateTimeMap }) } diff --git a/pkg/simple/client/auditing/elasticsearch/elasticsearch.go b/pkg/simple/client/auditing/elasticsearch/elasticsearch.go index 82a6c45dc..2d39fda5a 100644 --- a/pkg/simple/client/auditing/elasticsearch/elasticsearch.go +++ b/pkg/simple/client/auditing/elasticsearch/elasticsearch.go @@ -305,7 +305,7 @@ func parseToQueryPart(f *auditing.Filter) interface{} { "bool": &b, } - if len(f.ObjectRefNamespaceMap) > 0 || len(f.ObjectRefWorkspaceMap) > 0 { + if len(f.ObjectRefNamespaceMap) > 0 || len(f.WorkspaceMap) > 0 { bi := BoolBody{MinimumShouldMatch: &mini} for k, v := range f.ObjectRefNamespaceMap { bi.Should = append(bi.Should, map[string]interface{}{ @@ -323,7 +323,7 @@ func parseToQueryPart(f *auditing.Filter) interface{} { }) } - for k, v := range f.ObjectRefWorkspaceMap { + for k, v := range f.WorkspaceMap { bi.Should = append(bi.Should, map[string]interface{}{ "bool": &BoolBody{ Filter: []map[string]interface{}{{ @@ -360,6 +360,36 @@ func parseToQueryPart(f *auditing.Filter) interface{} { return &bi } + if len(f.ObjectRefNamespaces) > 0 { + if bi := shouldBoolbody("match_phrase_prefix", "ObjectRef.Namespace.keyword", + f.ObjectRefNamespaces, nil); bi != nil { + b.Filter = append(b.Filter, map[string]interface{}{"bool": bi}) + } + } + if len(f.ObjectRefNamespaceFuzzy) > 0 { + if bi := shouldBoolbody("wildcard", "ObjectRef.Namespace", + f.ObjectRefNamespaceFuzzy, func(s string) string { + return fmt.Sprintf("*" + s + "*") + }); bi != nil { + b.Filter = append(b.Filter, map[string]interface{}{"bool": bi}) + } + } + + if len(f.Workspaces) > 0 { + if bi := shouldBoolbody("match_phrase_prefix", "Workspace.keyword", + f.Workspaces, nil); bi != nil { + b.Filter = append(b.Filter, map[string]interface{}{"bool": bi}) + } + } + if len(f.WorkspaceFuzzy) > 0 { + if bi := shouldBoolbody("wildcard", "Workspace", + f.WorkspaceFuzzy, func(s string) string { + return fmt.Sprintf("*" + s + "*") + }); bi != nil { + b.Filter = append(b.Filter, map[string]interface{}{"bool": bi}) + } + } + if len(f.ObjectRefNames) > 0 { if bi := shouldBoolbody("match_phrase_prefix", "ObjectRef.Name.keyword", f.ObjectRefNames, nil); bi != nil { diff --git a/pkg/simple/client/auditing/interface.go b/pkg/simple/client/auditing/interface.go index 1a55a6991..48e1907f2 100644 --- a/pkg/simple/client/auditing/interface.go +++ b/pkg/simple/client/auditing/interface.go @@ -27,22 +27,26 @@ type Client interface { } type Filter struct { - ObjectRefNamespaceMap map[string]time.Time - ObjectRefWorkspaceMap map[string]time.Time - ObjectRefNames []string - ObjectRefNameFuzzy []string - Levels []string - Verbs []string - Users []string - UserFuzzy []string - GroupFuzzy []string - SourceIpFuzzy []string - ObjectRefResources []string - ObjectRefSubresources []string - ResponseCodes []int32 - ResponseStatus []string - StartTime *time.Time - EndTime *time.Time + ObjectRefNamespaceMap map[string]time.Time + WorkspaceMap map[string]time.Time + ObjectRefNamespaces []string + ObjectRefNamespaceFuzzy []string + Workspaces []string + WorkspaceFuzzy []string + ObjectRefNames []string + ObjectRefNameFuzzy []string + Levels []string + Verbs []string + Users []string + UserFuzzy []string + GroupFuzzy []string + SourceIpFuzzy []string + ObjectRefResources []string + ObjectRefSubresources []string + ResponseCodes []int32 + ResponseStatus []string + StartTime *time.Time + EndTime *time.Time } type Event map[string]interface{}