Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule field validation during IndexRule Action #80

Merged
merged 18 commits into from
Nov 3, 2022
Merged

Rule field validation during IndexRule Action #80

merged 18 commits into from
Nov 3, 2022

Conversation

petardz
Copy link
Contributor

@petardz petardz commented Oct 26, 2022
edited
Loading

Description

Added new API ValidateRules which, for a given indexName and list of ruleIds, will return list of non-applicable ruleIds to given index

Issues Resolved

#90

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@petardz
added rule validator
012c433 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
reverted rule IT
7dd0bd8 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz petardz requested a review from a team October 26, 2022 18:03
@petardz petardz changed the title Customrule field validation Rule field validation during IndexRule Action Oct 26, 2022
@petardz
merge from main
3163fff 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
added ITs
44bd2d5 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
IT fix
8bbfdec 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
fixed gradle check
4a9bba4 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
IT fixes
eac234c 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
more IT fixes
a3358fb 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@codecov-commenter
Copy link

codecov-commenter commented Oct 29, 2022
edited
Loading

Codecov Report

Merging #80 (4f9a85e) into main (e477a09) will decrease coverage by 0.24%.
The diff coverage is 0.00%.

@@             Coverage Diff              @@
##               main      #80      +/-   ##
============================================
- Coverage     43.20%   42.95%   -0.25%     
- Complexity      858      859       +1     
============================================
  Files           167      167              
  Lines          5826     5862      +36     
  Branches        734      736       +2     
============================================
+ Hits           2517     2518       +1     
- Misses         3076     3112      +36     
+ Partials        233      232       -1
Impacted Files Coverage Δ
...ensearch/securityanalytics/mapper/MapperUtils.java 60.93% <0.00%> (-8.71%) ⬇️
...g/opensearch/securityanalytics/model/Detector.java 71.27% <ø> (+0.36%) ⬆️
...a/org/opensearch/securityanalytics/model/Rule.java 0.00% <ø> (ø)
...yanalytics/transport/TransportIndexRuleAction.java 0.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@petardz
IT assert change
ea67748 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
IT assert change
4f9a85e 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
getsaurabh02
getsaurabh02 requested changes Oct 29, 2022
View reviewed changes
src/main/java/org/opensearch/securityanalytics/transport/TransportIndexRuleAction.java Outdated
Rule ruleDoc = new Rule(NO_ID, NO_VERSION, parsedRule, category, queries.stream().map(Object::toString).collect(Collectors.toList()), rule);
indexRule(ruleDoc);
//verify rule
verifyRule(backend.getQueryFields().keySet(), DetectorMonitorConfig.getRuleIndex(category), new ActionListener<>() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the custom rule is created using the fields not part of the rule alias mapping, but using some additional fields from the Source Index. That still is a valid use case.
Should we revisit the approach, where the fields in rule could also be present in the source index mapping?

@getsaurabh02
Copy link
Member

Hi @petardz are we on it with the plan as we discussed ?

@petardz
new rule validation endpoint; added query fields to rule
cdf7b42 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
added new endpoint ValidateRules
88e1ad4 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
renamed var
e89e285 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
licence header
7b3b556 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
licence hdr fix
a884346 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
empty commit
3a6676c 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
getsaurabh02
getsaurabh02 previously approved these changes Nov 2, 2022
View reviewed changes
@getsaurabh02 getsaurabh02 dismissed their stale review November 2, 2022 03:54

Build/Test failures

@petardz
removed toUpperCase in FindingsIT
10bfb61 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
@petardz
Merge branch 'main' of https://github.com/petardz/security-analytics
c55be12 
…into customrule-field-validation
@sbcd90 sbcd90 merged commit bfb2b23 into opensearch-project:main Nov 3, 2022
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 3, 2022
@petardz @github-actions
Rule field validation during IndexRule Action (#80)
708376e 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit bfb2b23)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Nov 3, 2022
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 3, 2022
@petardz @github-actions
Rule field validation during IndexRule Action (#80)
2f92260 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit bfb2b23)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Nov 3, 2022
Merged
eirsep pushed a commit that referenced this pull request Nov 3, 2022
@opensearch-trigger-bot @petardz
Rule field validation during IndexRule Action (#80) (#106)
9d6e1c5 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit bfb2b23)

Co-authored-by: Petar Dzepina <petar.dzepina@gmail.com>
eirsep pushed a commit that referenced this pull request Nov 3, 2022
@opensearch-trigger-bot @petardz
Rule field validation during IndexRule Action (#80) (#107)
e877aad 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
(cherry picked from commit bfb2b23)

Co-authored-by: Petar Dzepina <petar.dzepina@gmail.com>
phaseshiftg pushed a commit to phaseshiftg/security-analytics that referenced this pull request Nov 5, 2022
@petardz @phaseshiftg
Rule field validation during IndexRule Action (opensearch-project#80)
640d96e 
Signed-off-by: Petar Dzepina <petar.dzepina@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbcd90 sbcd90 sbcd90 approved these changes

@eirsep eirsep eirsep approved these changes

@getsaurabh02 getsaurabh02 getsaurabh02 left review comments

Assignees
No one assigned
Labels
backport 2.x backport 2.4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@petardz @codecov-commenter @getsaurabh02 @sbcd90 @eirsep