Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow updation/deletion of custom log type if custom rule index is missing #767

Merged
merged 4 commits into from
Dec 8, 2023
Merged

Allow updation/deletion of custom log type if custom rule index is missing #767

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d648ed3
Allow deletion of custom log type if custom rule index is missing
goyamegh Dec 4, 2023
8be2159
Allow custom log type name to be updated when custom rule index is mi…
goyamegh Dec 5, 2023
cc5c570
Adding changes for detector index missing
goyamegh Dec 8, 2023
1e31c99
Update log type when detector index is missing
goyamegh Dec 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
121 changes: 52 additions & 69 deletions ...n/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import org.opensearch.commons.authuser.User;
import org.opensearch.core.action.ActionListener;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.index.IndexNotFoundException;
import org.opensearch.index.query.QueryBuilder;
import org.opensearch.index.query.QueryBuilders;
import org.opensearch.search.builder.SearchSourceBuilder;
Expand All @@ -36,16 +37,15 @@
import org.opensearch.securityanalytics.logtype.LogTypeService;
import org.opensearch.securityanalytics.model.CustomLogType;
import org.opensearch.securityanalytics.model.Detector;
import org.opensearch.securityanalytics.model.Rule;
import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
import org.opensearch.securityanalytics.util.CustomLogTypeIndices;
import org.opensearch.securityanalytics.util.DetectorIndices;
import org.opensearch.securityanalytics.util.RuleIndices;
import org.opensearch.securityanalytics.util.SecurityAnalyticsException;
import org.opensearch.tasks.Task;
import org.opensearch.threadpool.ThreadPool;
import org.opensearch.transport.TransportService;

import java.io.IOException;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
Expand All @@ -65,6 +65,8 @@

private final DetectorIndices detectorIndices;

private final RuleIndices ruleIndices;

private final CustomLogTypeIndices customLogTypeIndices;

private volatile Boolean filterByEnabled;
Expand All @@ -77,6 +79,7 @@
ActionFilters actionFilters,
ClusterService clusterService,
DetectorIndices detectorIndices,
RuleIndices ruleIndices,
CustomLogTypeIndices customLogTypeIndices,
Settings settings,
ThreadPool threadPool) {
Expand All @@ -86,6 +89,7 @@
this.threadPool = threadPool;
this.settings = settings;
this.detectorIndices = detectorIndices;
this.ruleIndices = ruleIndices;

Check warning on line 92 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L92 

Added line #L92 was not covered by tests
this.customLogTypeIndices = customLogTypeIndices;
this.filterByEnabled = SecurityAnalyticsSettings.FILTER_BY_BACKEND_ROLES.get(this.settings);
this.indexTimeout = SecurityAnalyticsSettings.INDEX_TIMEOUT.get(this.settings);
Expand Down Expand Up @@ -183,44 +187,36 @@
return;
}

searchRules(logType.getName(), new ActionListener<>() {
@Override
public void onResponse(SearchResponse response) {
if (response.isTimedOut()) {
onFailures(new OpenSearchStatusException(String.format(Locale.getDefault(), "Search request timed out. Log Type with id %s cannot be deleted", logType.getId()), RestStatus.REQUEST_TIMEOUT));
return;
}

if (response.getHits().getTotalHits().value > 0) {
onFailures(new OpenSearchStatusException(String.format(Locale.getDefault(), "Log Type with id %s cannot be deleted because active rules exist", logType.getId()), RestStatus.BAD_REQUEST));
return;
}
if (ruleIndices.ruleIndexExists(false)) {
ruleIndices.searchRules(logType.getName(), new ActionListener<>() {

Check warning on line 191 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L191 

Added line #L191 was not covered by tests
@Override
public void onResponse(SearchResponse response) {
if (response.isTimedOut()) {
onFailures(new OpenSearchStatusException(String.format(Locale.getDefault(), "Search request timed out. Log Type with id %s cannot be deleted", logType.getId()), RestStatus.REQUEST_TIMEOUT));
return;

Check warning on line 196 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L195-L196 

Added lines #L195 - L196 were not covered by tests
}

DeleteRequest deleteRequest = new DeleteRequest(LogTypeService.LOG_TYPE_INDEX, logType.getId())
.setRefreshPolicy(request.getRefreshPolicy())
.timeout(indexTimeout);

client.delete(deleteRequest, new ActionListener<>() {
@Override
public void onResponse(DeleteResponse response) {
if (response.status() != RestStatus.OK) {
onFailures(new OpenSearchStatusException(String.format(Locale.getDefault(), "Log Type with id %s cannot be deleted", logType.getId()), RestStatus.INTERNAL_SERVER_ERROR));
}
onOperation(response);
if (response.getHits().getTotalHits().value > 0) {
onFailures(new OpenSearchStatusException(String.format(Locale.getDefault(), "Log Type with id %s cannot be deleted because active rules exist", logType.getId()), RestStatus.BAD_REQUEST));
return;

Check warning on line 201 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L200-L201 

Added lines #L200 - L201 were not covered by tests
}
deleteLogType(logType);
}

Check warning on line 204 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L203-L204 

Added lines #L203 - L204 were not covered by tests

@Override
public void onFailure(Exception e) {
@Override
public void onFailure(Exception e) {
if (e instanceof IndexNotFoundException) {
// let log type deletion to go through if the rule index is missing
deleteLogType(logType);

Check warning on line 210 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L210 

Added line #L210 was not covered by tests
} else {
onFailures(e);
}
});
}

@Override
public void onFailure(Exception e) {
onFailures(e);
}
});
}

Check warning on line 214 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L214 

Added line #L214 was not covered by tests
});
} else {
log.warn("Custom rule index missing, allowing updation of custom log type {} to go through", logType.getId());
deleteLogType(logType);

Check warning on line 218 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L217-L218 

Added lines #L217 - L218 were not covered by tests
}
}

@Override
Expand All @@ -229,25 +225,29 @@
}
});
} else {
DeleteRequest deleteRequest = new DeleteRequest(LogTypeService.LOG_TYPE_INDEX, logType.getId())
.setRefreshPolicy(request.getRefreshPolicy())
.timeout(indexTimeout);
deleteLogType(logType);

Check warning on line 228 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L228 

Added line #L228 was not covered by tests
}
}

Check warning on line 230 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L230 

Added line #L230 was not covered by tests

client.delete(deleteRequest, new ActionListener<>() {
@Override
public void onResponse(DeleteResponse response) {
if (response.status() != RestStatus.OK) {
onFailures(new OpenSearchStatusException(String.format(Locale.getDefault(), "Log Type with id %s cannot be deleted", logType.getId()), RestStatus.INTERNAL_SERVER_ERROR));
}
onOperation(response);
}
private void deleteLogType(CustomLogType logType) {
DeleteRequest deleteRequest = new DeleteRequest(LogTypeService.LOG_TYPE_INDEX, logType.getId())
.setRefreshPolicy(request.getRefreshPolicy())
.timeout(indexTimeout);

Check warning on line 235 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L233-L235 

Added lines #L233 - L235 were not covered by tests

@Override
public void onFailure(Exception e) {
onFailures(e);
client.delete(deleteRequest, new ActionListener<>() {

Check warning on line 237 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L237 

Added line #L237 was not covered by tests
@Override
public void onResponse(DeleteResponse response) {
if (response.status() != RestStatus.OK) {
onFailures(new OpenSearchStatusException(String.format(Locale.getDefault(), "Log Type with id %s cannot be deleted", logType.getId()), RestStatus.INTERNAL_SERVER_ERROR));

Check warning on line 241 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L241 

Added line #L241 was not covered by tests
}
});
}
onOperation(response);
}

Check warning on line 244 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L243-L244 

Added lines #L243 - L244 were not covered by tests

@Override
public void onFailure(Exception e) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

log exception with custom message

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The function is calling the onFailures() call which is logging this exception. So, skipping it here.

onFailures(e);
}

Check warning on line 249 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L248-L249 

Added lines #L248 - L249 were not covered by tests
});
}

private void searchDetectors(String logTypeName, ActionListener<SearchResponse> listener) {
Expand All @@ -267,23 +267,6 @@
client.search(searchRequest, listener);
}

private void searchRules(String logTypeName, ActionListener<SearchResponse> listener) {
QueryBuilder queryBuilder =
QueryBuilders.nestedQuery("rule",
QueryBuilders.boolQuery().must(
QueryBuilders.matchQuery("rule.category", logTypeName)
), ScoreMode.Avg);

SearchRequest searchRequest = new SearchRequest(Rule.CUSTOM_RULES_INDEX)
.source(new SearchSourceBuilder()
.seqNoAndPrimaryTerm(true)
.version(true)
.query(queryBuilder)
.size(0));

client.search(searchRequest, listener);
}

private void onOperation(DeleteResponse response) {
this.response.set(response);
if (counter.compareAndSet(false, true)) {
Expand All @@ -292,7 +275,7 @@
}

private void onFailures(Exception t) {
log.error(String.format(Locale.ROOT, "Failed to delete detector"));
log.error(String.format(Locale.ROOT, "Failed to delete log type"), t);

Check warning on line 278 in src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteCustomLogTypeAction.java#L278 

Added line #L278 was not covered by tests
if (counter.compareAndSet(false, true)) {
finishHim(null, t);
}
Expand Down
Loading
Loading