add ns and ws query parameter to es query body
Signed-off-by: wanjunlei <wanjunlei@yunify.com>
This commit is contained in:
wanjunlei
@@ -305,7 +305,7 @@ func parseToQueryPart(f *auditing.Filter) interface{} {
|
||||
"bool": &b,
|
||||
}
|
||||
|
||||
if len(f.ObjectRefNamespaceMap) > 0 || len(f.ObjectRefWorkspaceMap) > 0 {
|
||||
if len(f.ObjectRefNamespaceMap) > 0 || len(f.WorkspaceMap) > 0 {
|
||||
bi := BoolBody{MinimumShouldMatch: &mini}
|
||||
for k, v := range f.ObjectRefNamespaceMap {
|
||||
bi.Should = append(bi.Should, map[string]interface{}{
|
||||
@@ -323,7 +323,7 @@ func parseToQueryPart(f *auditing.Filter) interface{} {
|
||||
})
|
||||
}
|
||||
|
||||
for k, v := range f.ObjectRefWorkspaceMap {
|
||||
for k, v := range f.WorkspaceMap {
|
||||
bi.Should = append(bi.Should, map[string]interface{}{
|
||||
"bool": &BoolBody{
|
||||
Filter: []map[string]interface{}{{
|
||||
@@ -360,6 +360,36 @@ func parseToQueryPart(f *auditing.Filter) interface{} {
|
||||
return &bi
|
||||
}
|
||||
|
||||
if len(f.ObjectRefNamespaces) > 0 {
|
||||
if bi := shouldBoolbody("match_phrase_prefix", "ObjectRef.Namespace.keyword",
|
||||
f.ObjectRefNamespaces, nil); bi != nil {
|
||||
b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
|
||||
}
|
||||
}
|
||||
if len(f.ObjectRefNamespaceFuzzy) > 0 {
|
||||
if bi := shouldBoolbody("wildcard", "ObjectRef.Namespace",
|
||||
f.ObjectRefNamespaceFuzzy, func(s string) string {
|
||||
return fmt.Sprintf("*" + s + "*")
|
||||
}); bi != nil {
|
||||
b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
|
||||
}
|
||||
}
|
||||
|
||||
if len(f.Workspaces) > 0 {
|
||||
if bi := shouldBoolbody("match_phrase_prefix", "Workspace.keyword",
|
||||
f.Workspaces, nil); bi != nil {
|
||||
b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
|
||||
}
|
||||
}
|
||||
if len(f.WorkspaceFuzzy) > 0 {
|
||||
if bi := shouldBoolbody("wildcard", "Workspace",
|
||||
f.WorkspaceFuzzy, func(s string) string {
|
||||
return fmt.Sprintf("*" + s + "*")
|
||||
}); bi != nil {
|
||||
b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
|
||||
}
|
||||
}
|
||||
|
||||
if len(f.ObjectRefNames) > 0 {
|
||||
if bi := shouldBoolbody("match_phrase_prefix", "ObjectRef.Name.keyword",
|
||||
f.ObjectRefNames, nil); bi != nil {
|
||||
|
||||
@@ -27,22 +27,26 @@ type Client interface {
|
||||
}
|
||||
|
||||
type Filter struct {
|
||||
ObjectRefNamespaceMap map[string]time.Time
|
||||
ObjectRefWorkspaceMap map[string]time.Time
|
||||
ObjectRefNames []string
|
||||
ObjectRefNameFuzzy []string
|
||||
Levels []string
|
||||
Verbs []string
|
||||
Users []string
|
||||
UserFuzzy []string
|
||||
GroupFuzzy []string
|
||||
SourceIpFuzzy []string
|
||||
ObjectRefResources []string
|
||||
ObjectRefSubresources []string
|
||||
ResponseCodes []int32
|
||||
ResponseStatus []string
|
||||
StartTime *time.Time
|
||||
EndTime *time.Time
|
||||
ObjectRefNamespaceMap map[string]time.Time
|
||||
WorkspaceMap map[string]time.Time
|
||||
ObjectRefNamespaces []string
|
||||
ObjectRefNamespaceFuzzy []string
|
||||
Workspaces []string
|
||||
WorkspaceFuzzy []string
|
||||
ObjectRefNames []string
|
||||
ObjectRefNameFuzzy []string
|
||||
Levels []string
|
||||
Verbs []string
|
||||
Users []string
|
||||
UserFuzzy []string
|
||||
GroupFuzzy []string
|
||||
SourceIpFuzzy []string
|
||||
ObjectRefResources []string
|
||||
ObjectRefSubresources []string
|
||||
ResponseCodes []int32
|
||||
ResponseStatus []string
|
||||
StartTime *time.Time
|
||||
EndTime *time.Time
|
||||
}
|
||||
|
||||
type Event map[string]interface{}
|
||||
|
||||
Reference in New Issue
Block a user