Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Delete threat intel source config API #1066

Merged
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -112,28 +112,30 @@
import org.opensearch.securityanalytics.resthandler.RestValidateRulesAction;
import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings;
import org.opensearch.securityanalytics.threatIntel.action.PutTIFJobAction;
import org.opensearch.securityanalytics.threatIntel.action.SADeleteTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.action.SAGetTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.action.SAIndexTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.model.TIFJobParameter;
import org.opensearch.securityanalytics.threatIntel.service.SATIFSourceConfigService;
import org.opensearch.securityanalytics.threatIntel.jobscheduler.TIFSourceConfigRunner;
import org.opensearch.securityanalytics.threatIntel.action.monitor.DeleteThreatIntelMonitorAction;
import org.opensearch.securityanalytics.threatIntel.action.monitor.IndexThreatIntelMonitorAction;
import org.opensearch.securityanalytics.threatIntel.action.monitor.SearchThreatIntelMonitorAction;
import org.opensearch.securityanalytics.threatIntel.common.TIFLockService;
import org.opensearch.securityanalytics.threatIntel.feedMetadata.BuiltInTIFMetadataLoader;
import org.opensearch.securityanalytics.threatIntel.jobscheduler.TIFJobRunner;
import org.opensearch.securityanalytics.threatIntel.jobscheduler.TIFSourceConfigRunner;
import org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfig;
import org.opensearch.securityanalytics.threatIntel.resthandler.RestDeleteTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.resthandler.RestGetTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.resthandler.RestIndexTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.resthandler.monitor.RestDeleteThreatIntelMonitorAction;
import org.opensearch.securityanalytics.threatIntel.resthandler.monitor.RestIndexThreatIntelMonitorAction;
import org.opensearch.securityanalytics.threatIntel.resthandler.monitor.RestSearchThreatIntelMonitorAction;
import org.opensearch.securityanalytics.threatIntel.service.DetectorThreatIntelService;
import org.opensearch.securityanalytics.threatIntel.service.SATIFSourceConfigManagementService;
import org.opensearch.securityanalytics.threatIntel.service.SATIFSourceConfigService;
import org.opensearch.securityanalytics.threatIntel.service.TIFJobParameterService;
import org.opensearch.securityanalytics.threatIntel.service.TIFJobUpdateService;
import org.opensearch.securityanalytics.threatIntel.service.ThreatIntelFeedDataService;
import org.opensearch.securityanalytics.threatIntel.transport.TransportDeleteTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.transport.TransportGetTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.transport.TransportIndexTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.transport.TransportPutTIFJobAction;
Expand Down Expand Up @@ -329,6 +331,7 @@ public List<RestHandler> getRestHandlers(Settings settings,
new RestDeleteCustomLogTypeAction(),
new RestIndexTIFSourceConfigAction(),
new RestGetTIFSourceConfigAction(),
new RestDeleteTIFSourceConfigAction(),
new RestIndexThreatIntelMonitorAction(),
new RestDeleteThreatIntelMonitorAction(),
new RestSearchThreatIntelMonitorAction()
Expand Down Expand Up @@ -471,7 +474,8 @@ public List<Setting<?>> getSettings() {
new ActionHandler<>(DeleteThreatIntelMonitorAction.INSTANCE, TransportDeleteThreatIntelMonitorAction.class),
new ActionHandler<>(SearchThreatIntelMonitorAction.INSTANCE, TransportSearchThreatIntelMonitorAction.class),
new ActionHandler<>(SAIndexTIFSourceConfigAction.INSTANCE, TransportIndexTIFSourceConfigAction.class),
new ActionHandler<>(SAGetTIFSourceConfigAction.INSTANCE, TransportGetTIFSourceConfigAction.class)
new ActionHandler<>(SAGetTIFSourceConfigAction.INSTANCE, TransportGetTIFSourceConfigAction.class),
new ActionHandler<>(SADeleteTIFSourceConfigAction.INSTANCE, TransportDeleteTIFSourceConfigAction.class)
);
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/

package org.opensearch.securityanalytics.threatIntel.action;

import org.opensearch.action.ActionType;

import static org.opensearch.securityanalytics.threatIntel.sacommons.IndexTIFSourceConfigAction.DELETE_TIF_SOURCE_CONFIG_ACTION_NAME;

/**
* Delete TIF Source Config Action
*/
public class SADeleteTIFSourceConfigAction extends ActionType<SADeleteTIFSourceConfigResponse> {

public static final SADeleteTIFSourceConfigAction INSTANCE = new SADeleteTIFSourceConfigAction();
public static final String NAME = DELETE_TIF_SOURCE_CONFIG_ACTION_NAME;
private SADeleteTIFSourceConfigAction() {
super(NAME, SADeleteTIFSourceConfigResponse::new);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/

package org.opensearch.securityanalytics.threatIntel.action;

import org.opensearch.action.ActionRequest;
import org.opensearch.action.ActionRequestValidationException;
import org.opensearch.core.common.io.stream.StreamInput;
import org.opensearch.core.common.io.stream.StreamOutput;

import java.io.IOException;
import java.util.Locale;

import static org.opensearch.action.ValidateActions.addValidationError;

/**
* Delete threat intel feed source config request
*/
public class SADeleteTIFSourceConfigRequest extends ActionRequest {
private final String id;
public SADeleteTIFSourceConfigRequest(String id) {
super();
this.id = id;
}

public SADeleteTIFSourceConfigRequest(StreamInput sin) throws IOException {
this(sin.readString()); // id
}

@Override
public void writeTo(StreamOutput out) throws IOException {
out.writeString(id);
}

public String getId() {
return id;
}


@Override
public ActionRequestValidationException validate() {
return null;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should there be a check here to assert that the id is not null or empty?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a check to ensure id exists

}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
package org.opensearch.securityanalytics.threatIntel.action;

import org.opensearch.core.action.ActionResponse;
import org.opensearch.core.common.io.stream.StreamInput;
import org.opensearch.core.common.io.stream.StreamOutput;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.core.xcontent.ToXContentObject;
import org.opensearch.core.xcontent.XContentBuilder;
import org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfigDto;

import java.io.IOException;

import static org.opensearch.securityanalytics.util.RestHandlerUtils._ID;
import static org.opensearch.securityanalytics.util.RestHandlerUtils._VERSION;

public class SADeleteTIFSourceConfigResponse extends ActionResponse implements ToXContentObject {
private final String id;
private final RestStatus status;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what status implies deleted?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if the delete response is OK then the document is deleted successfully.


public SADeleteTIFSourceConfigResponse(String id, RestStatus status) {
super();
this.id = id;
this.status = status;
}

public SADeleteTIFSourceConfigResponse(StreamInput sin) throws IOException {
this(
sin.readString(), // id
sin.readEnum(RestStatus.class) // status
);
}

@Override
public void writeTo(StreamOutput out) throws IOException {
out.writeString(id);
}

@Override
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
builder.startObject()
.field(_ID, id);
return builder.endObject();
}

public String getId() {
return id;
}


public RestStatus getStatus() {
return status;
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,14 @@
import java.util.Locale;

import static org.opensearch.action.ValidateActions.addValidationError;
import static org.opensearch.securityanalytics.threatIntel.common.Constants.SOURCE_CONFIG_ID;

/**
* Get threat intel feed source config request
*/
public class SAGetTIFSourceConfigRequest extends ActionRequest {
private final String id;
private final Long version;
public static final String TIF_SOURCE_CONFIG_ID = "tif_source_config_id";

public SAGetTIFSourceConfigRequest(String id, Long version) {
super();
Expand Down Expand Up @@ -53,7 +53,7 @@ public Long getVersion() {
public ActionRequestValidationException validate() {
ActionRequestValidationException validationException = null;
if (id == null || id.isEmpty()) {
validationException = addValidationError(String.format(Locale.getDefault(), "%s is missing", TIF_SOURCE_CONFIG_ID), validationException);
validationException = addValidationError(String.format(Locale.getDefault(), "%s is missing", SOURCE_CONFIG_ID), validationException);
}
return validationException;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,6 @@
public class Constants {
public static final String USER_AGENT_KEY = "User-Agent";
public static final String USER_AGENT_VALUE = String.format(Locale.ROOT, "OpenSearch/%s vanilla", Version.CURRENT.toString());
public static final String SOURCE_CONFIG_ID = "source_config_id";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MEGA-NIT: threat_intel_source_config_id?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed to threat_intel_source_config_id


}
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package org.opensearch.securityanalytics.threatIntel.resthandler;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.client.node.NodeClient;
import org.opensearch.rest.BaseRestHandler;
import org.opensearch.rest.RestRequest;
import org.opensearch.rest.action.RestToXContentListener;
import org.opensearch.securityanalytics.SecurityAnalyticsPlugin;
import org.opensearch.securityanalytics.threatIntel.action.SADeleteTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.action.SADeleteTIFSourceConfigRequest;
import org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfigDto;

import java.io.IOException;
import java.util.List;
import java.util.Locale;

import static org.opensearch.securityanalytics.threatIntel.common.Constants.SOURCE_CONFIG_ID;

public class RestDeleteTIFSourceConfigAction extends BaseRestHandler {

private static final Logger log = LogManager.getLogger(RestDeleteTIFSourceConfigAction.class);

@Override
public String getName() {
return "delete_tif_config_action";
}

@Override
public List<Route> routes() {
return List.of(new Route(RestRequest.Method.DELETE, String.format(Locale.getDefault(), "%s/{%s}", SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI, SOURCE_CONFIG_ID)));
}

@Override
protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
String SaTifSourceConfigId = request.param(SOURCE_CONFIG_ID, SATIFSourceConfigDto.NO_ID);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lower case letter to begin variable name

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed


if (SaTifSourceConfigId == null || SaTifSourceConfigId.isEmpty()) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Stringutils.isBlank() instead

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed

throw new IllegalArgumentException("missing id");
}

SADeleteTIFSourceConfigRequest req = new SADeleteTIFSourceConfigRequest(SaTifSourceConfigId);

return channel -> client.execute(
SADeleteTIFSourceConfigAction.INSTANCE,
req,
new RestToXContentListener<>(channel)
);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import java.util.Locale;

import static org.opensearch.rest.RestRequest.Method.GET;
import static org.opensearch.securityanalytics.threatIntel.common.Constants.SOURCE_CONFIG_ID;

public class RestGetTIFSourceConfigAction extends BaseRestHandler {

Expand All @@ -29,12 +30,12 @@ public String getName() {

@Override
public List<Route> routes() {
return List.of(new Route(GET, String.format(Locale.getDefault(), "%s/{%s}", SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI, SAGetTIFSourceConfigRequest.TIF_SOURCE_CONFIG_ID)));
return List.of(new Route(GET, String.format(Locale.getDefault(), "%s/{%s}", SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI, SOURCE_CONFIG_ID)));
}

@Override
protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
String SaTifSourceConfigId = request.param(SAGetTIFSourceConfigRequest.TIF_SOURCE_CONFIG_ID, SATIFSourceConfigDto.NO_ID);
String SaTifSourceConfigId = request.param(SOURCE_CONFIG_ID, SATIFSourceConfigDto.NO_ID);

if (SaTifSourceConfigId == null || SaTifSourceConfigId.isEmpty()) {
throw new IllegalArgumentException("missing id");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.action.support.WriteRequest;
import org.opensearch.client.node.NodeClient;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.core.xcontent.ToXContent;
Expand All @@ -19,18 +18,17 @@
import org.opensearch.rest.RestResponse;
import org.opensearch.rest.action.RestResponseListener;
import org.opensearch.securityanalytics.SecurityAnalyticsPlugin;
import org.opensearch.securityanalytics.threatIntel.action.SAGetTIFSourceConfigRequest;
import org.opensearch.securityanalytics.threatIntel.action.SAIndexTIFSourceConfigAction;
import org.opensearch.securityanalytics.threatIntel.action.SAIndexTIFSourceConfigRequest;
import org.opensearch.securityanalytics.threatIntel.action.SAIndexTIFSourceConfigResponse;
import org.opensearch.securityanalytics.threatIntel.model.SATIFSourceConfigDto;
import org.opensearch.securityanalytics.util.RestHandlerUtils;

import java.io.IOException;
import java.time.Instant;
import java.util.List;
import java.util.Locale;

import static org.opensearch.securityanalytics.threatIntel.common.Constants.SOURCE_CONFIG_ID;

public class RestIndexTIFSourceConfigAction extends BaseRestHandler {
private static final Logger log = LogManager.getLogger(RestIndexTIFSourceConfigAction.class);
@Override
Expand All @@ -42,7 +40,7 @@ public List<Route> routes() {
return List.of(
new Route(RestRequest.Method.POST, SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI),
new Route(RestRequest.Method.PUT, String.format(Locale.getDefault(), "%s/{%s}",
SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI, SAGetTIFSourceConfigRequest.TIF_SOURCE_CONFIG_ID))
SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI, SOURCE_CONFIG_ID))
);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@
public class IndexTIFSourceConfigAction {
public static final String INDEX_TIF_SOURCE_CONFIG_ACTION_NAME = "cluster:admin/security_analytics/tifSource/write";
public static final String GET_TIF_SOURCE_CONFIG_ACTION_NAME = "cluster:admin/security_analytics/tifSource/get";
public static final String DELETE_TIF_SOURCE_CONFIG_ACTION_NAME = "cluster:admin/security_analytics/tifSource/delete";
}
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ public void deleteTIFSourceConfig(
final String SaTifSourceConfigId,
final ActionListener<DeleteResponse> listener
) {
// TODO: Delete all IOCs associated with source config
getTIFSourceConfig(SaTifSourceConfigId, ActionListener.wrap(
SaTifSourceConfigDto -> {
if (SaTifSourceConfigDto == null) {
Expand All @@ -158,7 +159,8 @@ public void deleteTIFSourceConfig(
SATIFSourceConfig SaTifSourceConfig = convertToSATIFConfig(SaTifSourceConfigDto);
SaTifSourceConfigService.deleteTIFSourceConfig(SaTifSourceConfig, ActionListener.wrap(
deleteResponse -> {
log.debug("Successfully deleted threat intel source config");
log.debug("Successfully deleted threat intel source config [{}]", SaTifSourceConfig.getId());
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not blocking, but should we consider making this an info-level log?

listener.onResponse(deleteResponse);
}, e -> {
log.error("Failed to delete threat intel source config [{}]", SaTifSourceConfigId);
if (previousState.equals(SaTifSourceConfigDto.getState()) == false) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
import org.opensearch.ResourceAlreadyExistsException;
import org.opensearch.action.StepListener;
import org.opensearch.action.admin.indices.create.CreateIndexRequest;
import org.opensearch.action.admin.indices.create.CreateIndexResponse;
import org.opensearch.action.delete.DeleteRequest;
import org.opensearch.action.delete.DeleteResponse;
import org.opensearch.action.get.GetRequest;
Expand All @@ -30,7 +29,6 @@
import org.opensearch.core.xcontent.NamedXContentRegistry;
import org.opensearch.core.xcontent.ToXContent;
import org.opensearch.core.xcontent.XContentParser;
import org.opensearch.extensions.AcknowledgedResponse;
import org.opensearch.jobscheduler.spi.LockModel;
import org.opensearch.securityanalytics.SecurityAnalyticsPlugin;
import org.opensearch.securityanalytics.threatIntel.common.StashedThreadContext;
Expand Down Expand Up @@ -248,7 +246,7 @@ public void deleteTIFSourceConfig(
client.delete(request, ActionListener.wrap(
deleteResponse -> {
if (deleteResponse.status().equals(RestStatus.OK)) {
log.info("Deleted threat intel source config [{}] successfully", SaTifSourceConfig.getId());
log.debug("Deleted threat intel source config [{}] successfully", SaTifSourceConfig.getId());
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same question as above.

actionListener.onResponse(deleteResponse);
} else if (deleteResponse.status().equals(RestStatus.NOT_FOUND)) {
throw SecurityAnalyticsException.wrap(new OpenSearchStatusException(String.format(Locale.getDefault(), "Threat intel source config with id [{%s}] not found", SaTifSourceConfig.getId()), RestStatus.NOT_FOUND));
Expand Down
Loading