Open LaurenceJJones opened 1 month ago
@LaurenceJJones: Thanks for opening an issue, it is currently awaiting triage.
In the meantime, you can:
@LaurenceJJones: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
/kind feature
/kind enhancement
/kind refactoring
/kind bug
/kind packaging
Preface
When a user is creating a whitelist that depends on other properties created in
s02
stage if they name the file /name
property of the yaml so that alphabetically it occurs beforecrowdsecurity/geoip-enrich
it means they could have a failed whitelist and it isn't really explained anywhereExample
My name is
bob
I createbob/country-whitelist
which depends onevt.Meta.iso_code
since my name isbob
alphabetically it comes beforecrowdsecurity
so in the ordering process my whitelist is placed before thegeoip-enrich
meaning my whitelist always fails.Potential solutions
Force
method
items to topThis is solely based on
geoip-enrich
so might not be a good idea, but any static that contain amethod
func should be pushed to top of items list as most likely other stage items are based on what this providesCreate a
s03
from docs POVInstead of trying to achieve it via code, we could update our docs to introduce a new
s03-whitelist
stage since it happens afters02
stage. The only issue you have since this stage will not have anysuccessful
stage items there is currently a bug that if no items in a stage succeeds it classes the whole stage as unsuccessful meaning there has to be at least one item that succeeds.Create a hierarchy based on expresssions
This is more involved and most likely will not be an option. Basically when we parse through the expression we detect which
meta
properties the expression is based on and create a hierarchy based on this meaning if an expression is based onevt.Meta.iso_code
we know this stage item needs to execute aftergeoip-enrich
itemThe example above is for
geoip-enrich
, however, we have multiple enrichers function that should also be handled such ahttp
based events