From 686955a4b47087986ce737041f06aee7d725bb53 Mon Sep 17 00:00:00 2001 From: Abin Simon Date: Thu, 21 Apr 2022 20:12:40 +0530 Subject: [PATCH] Fix audit log format --- main.go | 6 ++--- pkg/service/audit_log_query.go | 34 +++++++++++++-------------- pkg/service/relay_audit_query.go | 40 ++++++++++++++++---------------- 3 files changed, 39 insertions(+), 41 deletions(-) diff --git a/main.go b/main.go index e91ef0b..3ec3467 100644 --- a/main.go +++ b/main.go @@ -189,9 +189,9 @@ func setup() { // audit viper.SetDefault(esEndPointEnv, "http://127.0.0.1:9200") - viper.SetDefault(esIndexPrefixEnv, "events-core") - viper.SetDefault(relayAuditESIndexPrefixEnv, "relay-audits") - viper.SetDefault(relayCommandESIndexPrefix, "relay-commands") + viper.SetDefault(esIndexPrefixEnv, "ralogs-system") + viper.SetDefault(relayAuditESIndexPrefixEnv, "ralogs-relay") + viper.SetDefault(relayCommandESIndexPrefix, "ralogs-prompt") viper.SetDefault(auditFileEnv, "audit.log") // cd relay diff --git a/pkg/service/audit_log_query.go b/pkg/service/audit_log_query.go index c725ed3..e58e4ff 100644 --- a/pkg/service/audit_log_query.go +++ b/pkg/service/audit_log_query.go @@ -36,10 +36,10 @@ func (a *AuditLogService) GetAuditLog(req *v1.AuditLogSearchRequest) (res *v1.Au func validateQueryString(queryString string) error { if strings.Contains(queryString, "*") { - return fmt.Errorf("Sorry. '*' is not supported in search query") + return fmt.Errorf("'*' is not supported in search query") } if len(queryString) > 0 && len(queryString) < 3 { - return fmt.Errorf("Search string has to be atleast 3 characters") + return fmt.Errorf("search string has to be atleast 3 characters") } return nil } @@ -48,13 +48,12 @@ func getPrjectIdFromUrlScope(urlScope string) (string, error) { s := strings.Split(urlScope, "/") if len(s) != 2 { _log.Errorw("Unable to retrieve projectID from urlScope", "urlScope", urlScope) - return "", fmt.Errorf("Unable to retrieve projectID from urlScope") + return "", fmt.Errorf("unable to retrieve projectID from urlScope") } return s[1], nil } func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) (res *v1.AuditLogSearchResponse, err error) { - // No embedding in golang/protoc (https://github.com/golang/protobuf/issues/192) err = validateQueryString(req.GetFilter().QueryString) if err != nil { return nil, err @@ -65,34 +64,33 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) ( var buf bytes.Buffer var r map[string]interface{} query := map[string]interface{}{ - "_source": true, + "_source": []string{"json"}, "size": 500, "query": map[string]interface{}{ "bool": map[string]interface{}{ "must": []map[string]interface{}{ - // Add org and partner filter once we have to support multi-org { "term": map[string]interface{}{ - "category": "AUDIT", + "json.category": "AUDIT", }, }, }, }, }, "sort": map[string]interface{}{ - "timestamp": map[string]interface{}{ + "json.timestamp": map[string]interface{}{ "order": "desc", }, }, "aggs": map[string]interface{}{ "group_by_username": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "actor.account.username", + "field": "json.actor.account.username", }, }, "group_by_type": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "type", + "field": "json.type", }, }, }, @@ -103,19 +101,19 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) ( if req.GetFilter().DashboardData { agg["group_by_project"] = map[string]interface{}{ "terms": map[string]interface{}{ - "field": "project_id", + "field": "json.project_id", "size": 1000, }, "aggs": map[string]interface{}{ "group_by_username": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "actor.account.username", + "field": "json.actor.account.username", "size": 1000, }, }, "group_by_type": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "type", + "field": "json.type", "size": 1000, }, }, @@ -136,7 +134,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) ( if req.GetFilter().Timefrom != "" { b["filter"] = map[string]interface{}{ "range": map[string]interface{}{ - "timestamp": map[string]interface{}{ + "json.timestamp": map[string]interface{}{ "gte": req.GetFilter().Timefrom, "lt": "now", }, @@ -147,7 +145,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) ( if req.GetFilter().Type != "" { t := map[string]interface{}{ "term": map[string]interface{}{ - "type": req.GetFilter().Type, + "json.type": req.GetFilter().Type, }, } m = append(m, t) @@ -156,7 +154,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) ( if req.GetFilter().User != "" { t := map[string]interface{}{ "term": map[string]interface{}{ - "actor.account.username": req.GetFilter().User, + "json.actor.account.username": req.GetFilter().User, }, } m = append(m, t) @@ -165,7 +163,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) ( if req.GetFilter().Client != "" { t := map[string]interface{}{ "term": map[string]interface{}{ - "client.type": req.GetFilter().Client, + "json.client.type": req.GetFilter().Client, }, } m = append(m, t) @@ -174,7 +172,7 @@ func (a *AuditLogService) GetAuditLogByProjects(req *v1.AuditLogSearchRequest) ( if len(req.GetFilter().ProjectIds) > 0 { t := map[string]interface{}{ "terms": map[string]interface{}{ - "project_id": req.GetFilter().ProjectIds, + "json.project_id": req.GetFilter().ProjectIds, }, } m = append(m, t) diff --git a/pkg/service/relay_audit_query.go b/pkg/service/relay_audit_query.go index dbd1af2..615a901 100644 --- a/pkg/service/relay_audit_query.go +++ b/pkg/service/relay_audit_query.go @@ -44,53 +44,53 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq res = &v1.RelayAuditSearchResponse{} //Handle defaults value query := map[string]interface{}{ - "_source": true, + "_source": []string{"json"}, "size": 500, "query": map[string]interface{}{ "bool": map[string]interface{}{ "must": []map[string]interface{}{ { "term": map[string]interface{}{ - "o": oid, + "json.o": oid, }, }, { "term": map[string]interface{}{ - "p": pid, + "json.p": pid, }, }, }, }, }, "sort": map[string]interface{}{ - "ts": map[string]interface{}{ + "json.ts": map[string]interface{}{ "order": "desc", }, }, "aggs": map[string]interface{}{ "group_by_username": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "un", + "field": "json.un", }, }, "group_by_cluster": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "cn", + "field": "json.cn", }, }, "group_by_namespace": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "ns", + "field": "json.ns", }, }, "group_by_kind": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "k", + "field": "json.k", }, }, "group_by_method": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "m", + "field": "json.m", }, }, }, @@ -101,19 +101,19 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq if req.GetFilter().DashboardData { agg["group_by_cluster"] = map[string]interface{}{ "terms": map[string]interface{}{ - "field": "cn", + "field": "json.cn", "size": 1000, }, "aggs": map[string]interface{}{ "group_by_username": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "un", + "field": "json.un", "size": 1000, }, }, "group_by_namespace": map[string]interface{}{ "terms": map[string]interface{}{ - "field": "ns", + "field": "json.ns", "size": 1000, }, }, @@ -142,7 +142,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq if req.Filter.Timefrom != "" { b["filter"] = map[string]interface{}{ "range": map[string]interface{}{ - "ts": map[string]interface{}{ + "json.ts": map[string]interface{}{ "gte": req.Filter.Timefrom, "lt": "now", }, @@ -153,7 +153,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq if req.Filter.User != "" { t := map[string]interface{}{ "term": map[string]interface{}{ - "un": req.Filter.User, + "json.un": req.Filter.User, }, } m = append(m, t) @@ -162,7 +162,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq if req.Filter.Cluster != "" { t := map[string]interface{}{ "term": map[string]interface{}{ - "cn": req.Filter.Cluster, + "json.cn": req.Filter.Cluster, }, } m = append(m, t) @@ -171,7 +171,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq if req.Filter.Namespace != "" { t := map[string]interface{}{ "term": map[string]interface{}{ - "ns": req.Filter.Namespace, + "json.ns": req.Filter.Namespace, }, } m = append(m, t) @@ -180,7 +180,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq if req.Filter.Kind != "" { t := map[string]interface{}{ "term": map[string]interface{}{ - "k": req.Filter.Kind, + "json.k": req.Filter.Kind, }, } m = append(m, t) @@ -189,7 +189,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq if req.Filter.Method != "" { t := map[string]interface{}{ "term": map[string]interface{}{ - "m": req.Filter.Method, + "json.m": req.Filter.Method, }, } m = append(m, t) @@ -201,7 +201,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq req.Filter.ClusterNames != nil && len(req.Filter.ClusterNames) > 0 { t := map[string]interface{}{ "terms": map[string]interface{}{ - "cn": req.Filter.ClusterNames, + "json.cn": req.Filter.ClusterNames, }, } m = append(m, t) @@ -209,7 +209,7 @@ func (ra *RelayAuditService) GetRelayAuditByProjects(req *v1.RelayAuditSearchReq t := map[string]interface{}{ "terms": map[string]interface{}{ - "project_id": req.Filter.ProjectIds, + "json.project_id": req.Filter.ProjectIds, }, } m = append(m, t)