add ns and ws query parameter to es query body

Signed-off-by: N wanjunlei <wanjunlei@yunify.com>

add ns and ws query parameter to es query body
Signed-off-by: N wanjunlei <wanjunlei@yunify.com>
b5392b97 · wanjunlei · b51a5c22 · b5392b97 · b5392b97 · b5392b97
4 changed file
--- a/pkg/models/auditing/events.go
+++ b/pkg/models/auditing/events.go
@@ -38,19 +38,23 @@ func NewEventsOperator(client auditing.Client) Interface {
 func (eo *eventsOperator) Events(queryParam *v1alpha1.Query,
 	MutateFilterFunc func(*auditing.Filter)) (*v1alpha1.APIResponse, error) {
 	filter := &auditing.Filter{
-		ObjectRefNames:        stringutils.Split(queryParam.ObjectRefNameFilter, ","),
-		ObjectRefNameFuzzy:    stringutils.Split(queryParam.ObjectRefNameSearch, ","),
-		Levels:                stringutils.Split(queryParam.LevelFilter, ","),
-		Verbs:                 stringutils.Split(queryParam.VerbFilter, ","),
-		Users:                 stringutils.Split(queryParam.UserFilter, ","),
-		UserFuzzy:             stringutils.Split(queryParam.UserSearch, ","),
-		GroupFuzzy:            stringutils.Split(queryParam.GroupSearch, ","),
-		SourceIpFuzzy:         stringutils.Split(queryParam.SourceIpSearch, ","),
-		ObjectRefResources:    stringutils.Split(queryParam.ObjectRefResourceFilter, ","),
-		ObjectRefSubresources: stringutils.Split(queryParam.ObjectRefSubresourceFilter, ","),
-		ResponseStatus:        stringutils.Split(queryParam.ResponseStatusFilter, ","),
-		StartTime:             queryParam.StartTime,
-		EndTime:               queryParam.EndTime,
+		ObjectRefNamespaces:     stringutils.Split(queryParam.ObjectRefNamespaceFilter, ","),
+		ObjectRefNamespaceFuzzy: stringutils.Split(queryParam.ObjectRefNamespaceSearch, ","),
+		Workspaces:              stringutils.Split(queryParam.WorkspaceFilter, ","),
+		WorkspaceFuzzy:          stringutils.Split(queryParam.WorkspaceSearch, ","),
+		ObjectRefNames:          stringutils.Split(queryParam.ObjectRefNameFilter, ","),
+		ObjectRefNameFuzzy:      stringutils.Split(queryParam.ObjectRefNameSearch, ","),
+		Levels:                  stringutils.Split(queryParam.LevelFilter, ","),
+		Verbs:                   stringutils.Split(queryParam.VerbFilter, ","),
+		Users:                   stringutils.Split(queryParam.UserFilter, ","),
+		UserFuzzy:               stringutils.Split(queryParam.UserSearch, ","),
+		GroupFuzzy:              stringutils.Split(queryParam.GroupSearch, ","),
+		SourceIpFuzzy:           stringutils.Split(queryParam.SourceIpSearch, ","),
+		ObjectRefResources:      stringutils.Split(queryParam.ObjectRefResourceFilter, ","),
+		ObjectRefSubresources:   stringutils.Split(queryParam.ObjectRefSubresourceFilter, ","),
+		ResponseStatus:          stringutils.Split(queryParam.ResponseStatusFilter, ","),
+		StartTime:               queryParam.StartTime,
+		EndTime:                 queryParam.EndTime,
 	}
 	if MutateFilterFunc != nil {
 		MutateFilterFunc(filter)
@@ -70,19 +74,19 @@ func (eo *eventsOperator) Events(queryParam *v1alpha1.Query,
 	var err error
 	switch queryParam.Operation {
 	case "histogram":
-		if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.ObjectRefWorkspaceMap) == 0 {
+		if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.WorkspaceMap) == 0 {
 			ar.Histogram = &auditing.Histogram{}
 		} else {
 			ar.Histogram, err = eo.client.CountOverTime(filter, queryParam.Interval)
 		}
 	case "statistics":
-		if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.ObjectRefWorkspaceMap) == 0 {
+		if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.WorkspaceMap) == 0 {
 			ar.Statistics = &auditing.Statistics{}
 		} else {
 			ar.Statistics, err = eo.client.StatisticsOnResources(filter)
 		}
 	default:
-		if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.ObjectRefWorkspaceMap) == 0 {
+		if len(filter.ObjectRefNamespaceMap) == 0 && len(filter.WorkspaceMap) == 0 {
 			ar.Events = &auditing.Events{}
 		} else {
 			ar.Events, err = eo.client.SearchAuditingEvent(filter, queryParam.From, queryParam.Size, queryParam.Sort)

--- a/pkg/models/tenant/tenant.go
+++ b/pkg/models/tenant/tenant.go
@@ -922,7 +922,7 @@ func (t *tenantOperator) Auditing(user user.Info, queryParam *auditingv1alpha1.Q

 	return t.auditing.Events(queryParam, func(filter *auditingclient.Filter) {
 		filter.ObjectRefNamespaceMap = namespaceCreateTimeMap
-		filter.ObjectRefWorkspaceMap = workspaceCreateTimeMap
+		filter.WorkspaceMap = workspaceCreateTimeMap
 	})
 }


--- a/pkg/simple/client/auditing/elasticsearch/elasticsearch.go
+++ b/pkg/simple/client/auditing/elasticsearch/elasticsearch.go
@@ -305,7 +305,7 @@ func parseToQueryPart(f *auditing.Filter) interface{} {
 		"bool": &b,
 	}

-	if len(f.ObjectRefNamespaceMap) > 0 || len(f.ObjectRefWorkspaceMap) > 0 {
+	if len(f.ObjectRefNamespaceMap) > 0 || len(f.WorkspaceMap) > 0 {
 		bi := BoolBody{MinimumShouldMatch: &mini}
 		for k, v := range f.ObjectRefNamespaceMap {
 			bi.Should = append(bi.Should, map[string]interface{}{
@@ -323,7 +323,7 @@ func parseToQueryPart(f *auditing.Filter) interface{} {
 			})
 		}

-		for k, v := range f.ObjectRefWorkspaceMap {
+		for k, v := range f.WorkspaceMap {
 			bi.Should = append(bi.Should, map[string]interface{}{
 				"bool": &BoolBody{
 					Filter: []map[string]interface{}{{
@@ -360,6 +360,36 @@ func parseToQueryPart(f *auditing.Filter) interface{} {
 		return &bi
 	}

+	if len(f.ObjectRefNamespaces) > 0 {
+		if bi := shouldBoolbody("match_phrase_prefix", "ObjectRef.Namespace.keyword",
+			f.ObjectRefNamespaces, nil); bi != nil {
+			b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
+		}
+	}
+	if len(f.ObjectRefNamespaceFuzzy) > 0 {
+		if bi := shouldBoolbody("wildcard", "ObjectRef.Namespace",
+			f.ObjectRefNamespaceFuzzy, func(s string) string {
+				return fmt.Sprintf("*" + s + "*")
+			}); bi != nil {
+			b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
+		}
+	}
+
+	if len(f.Workspaces) > 0 {
+		if bi := shouldBoolbody("match_phrase_prefix", "Workspace.keyword",
+			f.Workspaces, nil); bi != nil {
+			b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
+		}
+	}
+	if len(f.WorkspaceFuzzy) > 0 {
+		if bi := shouldBoolbody("wildcard", "Workspace",
+			f.WorkspaceFuzzy, func(s string) string {
+				return fmt.Sprintf("*" + s + "*")
+			}); bi != nil {
+			b.Filter = append(b.Filter, map[string]interface{}{"bool": bi})
+		}
+	}
+
 	if len(f.ObjectRefNames) > 0 {
 		if bi := shouldBoolbody("match_phrase_prefix", "ObjectRef.Name.keyword",
 			f.ObjectRefNames, nil); bi != nil {

--- a/pkg/simple/client/auditing/interface.go
+++ b/pkg/simple/client/auditing/interface.go
@@ -27,22 +27,26 @@ type Client interface {
 }

 type Filter struct {
-	ObjectRefNamespaceMap map[string]time.Time
-	ObjectRefWorkspaceMap map[string]time.Time
-	ObjectRefNames        []string
-	ObjectRefNameFuzzy    []string
-	Levels                []string
-	Verbs                 []string
-	Users                 []string
-	UserFuzzy             []string
-	GroupFuzzy            []string
-	SourceIpFuzzy         []string
-	ObjectRefResources    []string
-	ObjectRefSubresources []string
-	ResponseCodes         []int32
-	ResponseStatus        []string
-	StartTime             *time.Time
-	EndTime               *time.Time
+	ObjectRefNamespaceMap   map[string]time.Time
+	WorkspaceMap            map[string]time.Time
+	ObjectRefNamespaces     []string
+	ObjectRefNamespaceFuzzy []string
+	Workspaces              []string
+	WorkspaceFuzzy          []string
+	ObjectRefNames          []string
+	ObjectRefNameFuzzy      []string
+	Levels                  []string
+	Verbs                   []string
+	Users                   []string
+	UserFuzzy               []string
+	GroupFuzzy              []string
+	SourceIpFuzzy           []string
+	ObjectRefResources      []string
+	ObjectRefSubresources   []string
+	ResponseCodes           []int32
+	ResponseStatus          []string
+	StartTime               *time.Time
+	EndTime                 *time.Time
 }

 type Event map[string]interface{}