Documentation ¶
Index ¶
- type Action
- type ActionBase
- type ActionParameters
- type ActionProcessor
- type ActionType
- type Adapter
- type CopyProcessor
- type CopyToEntityInfoProcessor
- type DataSource
- type DataSourceBase
- type DataSourceFactory
- type DataSourceGetter
- type DataSourceGetterParameters
- type DropError
- type EnrichmentRule
- type EntityDataSourceFactory
- type EntityDataSourceGetter
- type Outcome
- type Report
- type Rule
- type RuleUnpacker
- type Service
- type SetEntityInfoFromTemplateProcessor
- type SetEntityInfoProcessor
- type SetFieldFromTemplateProcessor
- type SetFieldProcessor
- type Type
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action struct { ActionBase ActionProcessor }
Action is a type that represents an action that can be applied to an event by an enrichment rule.
func (Action) MarshalJSON ¶
func (*Action) UnmarshalBSONValue ¶
func (*Action) UnmarshalJSON ¶
type ActionBase ¶
type ActionBase struct {
Type ActionType `bson:"type"`
}
ActionBase is a type containing the fields that are common to all actions.
type ActionParameters ¶
type ActionParameters struct { // Event is the event for which the data needs to be fetched. Event types.Event // RegexMatch contains the values of the sub-expressions of the regular // expressions used in the pattern. RegexMatch pattern.EventRegexMatches // ExternalData contains the data of external sources. ExternalData map[string]interface{} }
ActionParameters is a type containing the parameters that can be used by an action.
type ActionProcessor ¶
type ActionProcessor interface { // Apply applies the action to the event using the provided parameters. It // returns the modified event, and can return an error, swhich will be used // to determine the outcome of the enrichment rule. Apply(event types.Event, parameters ActionParameters, report *Report) (types.Event, error) // Validate returns an error if the action is invalid. Validate() error }
ActionProcessor is an interface for types that apply an action to an event.
type ActionType ¶
type ActionType string
ActionType is a type representing the type of an enrichment rule's action.
const ( // UnsetAction is a const used for actions whose type is not set. UnsetAction ActionType = "" // SetField is a type of action that sets a field of an event to a // constant. SetField ActionType = "set_field" // SetFieldFromTemplate is a type of action that sets a string field of an // event using a template. SetFieldFromTemplate ActionType = "set_field_from_template" // SetEntityInfoFromTemplate is a type of action that sets an information // of an entity using a template. SetEntityInfoFromTemplate ActionType = "set_entity_info_from_template" // SetEntityInfo is a type of action that sets an information // of an entity using a constant. SetEntityInfo ActionType = "set_entity_info" // CopyToEntityInfo is a type of action that copies a value from a field to // an information of an entity. CopyToEntityInfo ActionType = "copy_to_entity_info" // Copy is a type of action that copies a value from a field to another. Copy ActionType = "copy" )
func (*ActionType) UnmarshalBSONValue ¶
func (t *ActionType) UnmarshalBSONValue(valueType bsontype.Type, b []byte) error
type Adapter ¶
Adapter is a type that provides access to the MongoDB collection containing the event filter's rules
func NewAdapter ¶
NewAdapter returns an adapter to a rules collection.
type CopyProcessor ¶
type CopyProcessor struct { // From is the name of the field of the ActionParameters the value will be // copied from. From utils.OptionalString `bson:"from"` // To is the name of the field of the event the value will be copied to. To utils.OptionalString `bson:"to"` // When unmarshalling a BSON document, the fields of this document that are // not defined in this struct are added to UnexpectedFields. UnexpectedFields map[string]interface{} `bson:",inline"` }
CopyProcessor is an ActionProcessor that copies a value from a field to another.
func (CopyProcessor) Apply ¶
func (p CopyProcessor) Apply(event types.Event, parameters ActionParameters, report *Report) (types.Event, error)
Apply applies the action to the event using the provided parameters. It returns the modified event, and returns an error if the field does not exist or if the type of the value is not compatible with the field.
func (CopyProcessor) Validate ¶
func (p CopyProcessor) Validate() error
Validate returns an error if the action is invalid.
type CopyToEntityInfoProcessor ¶
type CopyToEntityInfoProcessor struct { // Name is the name of the information that is modified. Name utils.OptionalString `bson:"name"` // Description is the description of the information. Description utils.OptionalString `bson:"description"` // From is the name of the field of the ActionParameters the value will be // copied from. From utils.OptionalString `bson:"from"` // When unmarshalling a BSON document, the fields of this document that are // not defined in this struct are added to UnexpectedFields. UnexpectedFields map[string]interface{} `bson:",inline"` }
CopyToEntityInfoProcessor is an ActionProcessor that sets of a information of an entity.
func (CopyToEntityInfoProcessor) Apply ¶
func (p CopyToEntityInfoProcessor) Apply(event types.Event, parameters ActionParameters, report *Report) (types.Event, error)
func (CopyToEntityInfoProcessor) Validate ¶
func (p CopyToEntityInfoProcessor) Validate() error
type DataSource ¶
type DataSource struct { DataSourceBase DataSourceGetter }
DataSource is a type that represents an external data source that can be used in an event filter rule.
func (*DataSource) UnmarshalBSONValue ¶
func (d *DataSource) UnmarshalBSONValue(_ bsontype.Type, b []byte) error
type DataSourceBase ¶
type DataSourceBase struct { // Type is the string used to determine the DataSourceFactory that should // be used to get a DataSourceGetter. Type string `bson:"type"` // Parameters contains the parameters of the data source. They will be used // as arguments to DataSourceFactory.Create. Parameters map[string]interface{} `bson:",inline"` }
DataSourceBase is a type containing the fields that are common to all data sources.
type DataSourceFactory ¶
type DataSourceFactory interface { // Create returns a new empty DataSourceGetter. Create(parameters map[string]interface{}) (DataSourceGetter, error) }
DataSourceFactory is an interface for plugins that provide a DataSource.
type DataSourceGetter ¶
type DataSourceGetter interface { // Get returns the data corresponding to a set of parameters. Get(ctx context.Context, parameters DataSourceGetterParameters, report *Report) (interface{}, error) }
DataSourceGetter is an interface for an external data source that can be used in an event filter rule.
type DataSourceGetterParameters ¶
type DataSourceGetterParameters struct { // Event is the event for which the data needs to be fetched. Event types.Event // RegexMatch contains the values of the sub-expressions of the regular // expressions used in the pattern. RegexMatch pattern.EventRegexMatches }
DataSourceGetterParameters is a type containing the parameters that can be used by a data source.
type DropError ¶
A DropError is an error that is returned by the eventfilter when an event should be dropped.
func DefaultDropError ¶
func DefaultDropError() DropError
DefaultDropError creates a new DropError with a default message.
func NewDropError ¶
NewDropError wraps an error into a DropError.
type EnrichmentRule ¶
type EnrichmentRule struct { // ExternalData contains external data sources that can be used by the // rule's actions ExternalData map[string]*DataSource `bson:"external_data" json:"external_data"` // Actions is a list of actions to be executed by the rule. Actions []Action `bson:"actions" json:"actions"` // OnSuccess is the outcome of the rule in case of success of all the // actions. OnSuccess Outcome `bson:"on_success" json:"on_success"` // OnFailure is the outcome of the rule in case of failure of one of the // actions. OnFailure Outcome `bson:"on_failure" json:"on_failure"` }
EnrichmentRule is a type that contains the rule's parameters that are specific to enrichment rules.
func (EnrichmentRule) Apply ¶
func (p EnrichmentRule) Apply(ctx context.Context, event types.Event, regexMatches pattern.EventRegexMatches, report *Report, logger zerolog.Logger, ruleId string) (types.Event, Outcome)
Apply applies the enrichment rule to an event.
func (EnrichmentRule) Empty ¶
func (p EnrichmentRule) Empty() bool
Empty returns true if the EnrichmentRule have not been changed.
func (EnrichmentRule) Valid ¶
func (p EnrichmentRule) Valid() bool
Valid returns true if the EnrichmentRule are valid.
type EntityDataSourceFactory ¶
type EntityDataSourceFactory struct {
// contains filtered or unexported fields
}
EntityDataSourceFactory is a factory for EntityDataSourceGetter. It implements the DataSourceFactory interface.
func NewEntityDataSourceFactory ¶
func NewEntityDataSourceFactory(enrichmentCenter libcontext.EnrichmentCenter, enrichFields libcontext.EnrichFields) EntityDataSourceFactory
NewEntityDataSourceFactory creates a new EntityDataSourceFactory.
func (EntityDataSourceFactory) Create ¶
func (p EntityDataSourceFactory) Create(parameters map[string]interface{}) (DataSourceGetter, error)
Create returns a new empty EntityDataSourceGetter.
type EntityDataSourceGetter ¶
type EntityDataSourceGetter struct { EnrichmentCenter libcontext.EnrichmentCenter EnrichFields libcontext.EnrichFields }
EntityDataSourceGetter is a DataSourceGetter that gets the entity corresponding to an event, and creates the related entities (resource, component and connector) if they do not exist.
func (EntityDataSourceGetter) Get ¶
func (g EntityDataSourceGetter) Get(ctx context.Context, parameters DataSourceGetterParameters, report *Report) (interface{}, error)
Get returns the entity corresponding to an event.
type Outcome ¶
type Outcome string
Outcome is a type representing the outcome of an event filter's rule. A value of type Outcome is returned when a rule is applied to indicate what should be done with the event.
const ( // UnsetOutcome is a const used for outcomes that have not been set. UnsetOutcome Outcome = "" // Pass indicates that the event should be passed to the next rule of the // event filter. Pass Outcome = "pass" // Break indicates that the event should skip the remaining rules of the // event filter. Break Outcome = "break" // Drop indicates that the event should be removed. Drop Outcome = "drop" )
type Report ¶
type Report struct { // EntityUpdate is a boolean indicating whether the event's entity was // updated. EntityUpdated bool // UpdatedEntityServices contains context graph update result if entity has been updated. UpdatedEntityServices libcontext.UpdatedEntityServices }
Report is a type containing informations about the modifications that were made to an event.
type Rule ¶
type Rule struct { // ID is a unique id for the rule. ID string `bson:"_id"` // Description contains a short description of the rule. Description string `bson:"description"` // Type is the rule's type. Type Type `bson:"type"` // Patterns is the pattern that select the events to which the rule should // be applied. Patterns pattern.EventPatternList `bson:"patterns"` // Priority is an integer used to determine the order in which the rules // will be executed. Priority int `bson:"priority"` // Enabled is a boolean indicating whether the rule is enabled or not. Enabled utils.OptionalBool `bson:"enabled"` // EnrichmentRule contains parameters that are specific to enrichment // rules. EnrichmentRule `bson:",inline"` Created *types.CpsTime `bson:"created"` Updated *types.CpsTime `bson:"updated"` Author string `bson:"author"` // When unmarshalling a BSON document, the fields of this document that are // not defined in this struct are added to UnexpectedFields. UnexpectedFields map[string]interface{} `bson:",inline"` }
Rule is a type representing a rule.
func (Rule) Apply ¶
func (r Rule) Apply(ctx context.Context, event types.Event, regexMatches pattern.EventRegexMatches, report *Report, logger zerolog.Logger) (types.Event, Outcome)
Apply applies the rule to an event. Note that Apply does not check that the rule is enabled or that its pattern match the event.
type RuleUnpacker ¶
type RuleUnpacker struct { Rule // Valid is a boolean indicating whether the rule is valid or not. It is // false when the rule failed to be unmarshalled. It is necessary because // returning an error in UnmarshalBSONValue would prevent from querying a MongoDB // collection containing invalid rules. Valid bool }
RuleUnpacker is a wrapper arround Rule that implements the bson.Setter interface.
func (*RuleUnpacker) UnmarshalBSONValue ¶
func (r *RuleUnpacker) UnmarshalBSONValue(_ bsontype.Type, b []byte) error
type Service ¶
type Service interface { // LoadRules loads the event filter rules from the database, and adds them // to the service. LoadRules() error // LoadDataSourceFactories loads the data source factories and adds them to // the service. LoadDataSourceFactories(enrichmentCenter libcontext.EnrichmentCenter, enrichFields libcontext.EnrichFields, dataSourceDirectory string) error // ProcessEvent processes an event with the rules of the event filter. It // returns a DropError if the event should be dropped by the eventfilter. ProcessEvent(ctx context.Context, event types.Event) (types.Event, Report, error) }
Service is an interface for the service that manages the event filter.
type SetEntityInfoFromTemplateProcessor ¶
type SetEntityInfoFromTemplateProcessor struct { // Name is the name of the information that is modified. Name utils.OptionalString `bson:"name"` // Value is the new value of the information. Value utils.OptionalTemplate `bson:"value"` // Description is the description of the information. Description utils.OptionalString `bson:"description"` // When unmarshalling a BSON document, the fields of this document that are // not defined in this struct are added to UnexpectedFields. UnexpectedFields map[string]interface{} `bson:",inline"` // contains filtered or unexported fields }
SetEntityInfoFromTemplateProcessor is an ActionProcessor that sets of a information of an entity.
func (SetEntityInfoFromTemplateProcessor) Apply ¶
func (p SetEntityInfoFromTemplateProcessor) Apply(event types.Event, parameters ActionParameters, report *Report) (types.Event, error)
Apply applies the action to the event using the provided parameters. It returns the modified event, and returns an error if the field does not exist or if the type of the value is not compatible with the field.
func (SetEntityInfoFromTemplateProcessor) Validate ¶
func (p SetEntityInfoFromTemplateProcessor) Validate() error
Validate returns an error if the action is invalid.
type SetEntityInfoProcessor ¶
type SetEntityInfoProcessor struct { // Name is the name of the information that is modified. Name utils.OptionalString `bson:"name"` // Description is the description of the information. Description utils.OptionalString `bson:"description"` // Value is the new value of the field. Value utils.OptionalInterface `bson:"value"` // When unmarshalling a BSON document, the fields of this document that are // not defined in this struct are added to UnexpectedFields. UnexpectedFields map[string]interface{} `bson:",inline"` }
SetEntityInfoProcessor is an ActionProcessor that sets of a information of an entity.
func (SetEntityInfoProcessor) Apply ¶
func (p SetEntityInfoProcessor) Apply(event types.Event, parameters ActionParameters, report *Report) (types.Event, error)
func (SetEntityInfoProcessor) Validate ¶
func (p SetEntityInfoProcessor) Validate() error
type SetFieldFromTemplateProcessor ¶
type SetFieldFromTemplateProcessor struct { // Name is the name of the field that is modified. Name utils.OptionalString `bson:"name"` // Value is the template used to set the new value of the field. Value utils.OptionalTemplate `bson:"value"` // When unmarshalling a BSON document, the fields of this document that are // not defined in this struct are added to UnexpectedFields. UnexpectedFields map[string]interface{} `bson:",inline"` // contains filtered or unexported fields }
SetFieldFromTemplateProcessor is an ActionProcessor that sets of a string field of an event using a template.
func (SetFieldFromTemplateProcessor) Apply ¶
func (p SetFieldFromTemplateProcessor) Apply(event types.Event, parameters ActionParameters, report *Report) (types.Event, error)
Apply applies the action to the event using the provided parameters. It returns the modified event, and returns an error if the field does not exist or if the type of the value is not compatible with the field.
func (SetFieldFromTemplateProcessor) Validate ¶
func (p SetFieldFromTemplateProcessor) Validate() error
Validate returns an error if the action is invalid.
type SetFieldProcessor ¶
type SetFieldProcessor struct { // Name is the name of the field that is modified. Name utils.OptionalString `bson:"name"` // Value is the new value of the field. Value utils.OptionalInterface `bson:"value"` // When unmarshalling a BSON document, the fields of this document that are // not defined in this struct are added to UnexpectedFields. UnexpectedFields map[string]interface{} `bson:",inline"` }
SetFieldProcessor is an ActionProcessor that sets of a field of an event to a constant.
func (SetFieldProcessor) Apply ¶
func (p SetFieldProcessor) Apply(event types.Event, parameters ActionParameters, report *Report) (types.Event, error)
Apply applies the action to the event using the provided parameters. It returns the modified event, and returns an error if the field does not exist or if the type of the value is not compatible with the field.
func (SetFieldProcessor) Validate ¶
func (p SetFieldProcessor) Validate() error
Validate returns an error if the action is invalid.
type Type ¶
type Type string
Type is a type representing the type of an event filter's rule.
const ( // RuleTypeUnset is a const used for rules whose type is not set. RuleTypeUnset Type = "" // RuleTypeBreak is a type of rule that break events out of the event // filter. RuleTypeBreak Type = "break" // RuleTypeDrop is a type of rule that delete events. RuleTypeDrop Type = "drop" // RuleTypeEnrichment is a type of rule that modify an event. RuleTypeEnrichment Type = "enrichment" )