search

wazuh / wazuh-indexer-plugins

GNU Affero General Public License v3.0
1 stars 3 forks source link

Add command management endpoints #72

Closed f-galland closed 2 months ago

f-galland commented 2 months ago

Description

This PR adds HTTP endpoints to the Command Manager plugin that will be used to queue/schedule tasks.

Issues Resolved

Resolves #69

f-galland commented 2 months ago

I added validation inspired by the opensearch-job-scheduler plugin repository model.

I'm currently getting an error when indexing:

$ curl -XPOST "http://127.0.0.1:9200/_plugins/_commandmanager/1234" -H 'Content-Type: application/json' -d'
{
  "command_order_id": "value",
  "command_request_id": "value",
  "command_source": "value",
  "command_target": "value",
  "command_timeout": "value",
  "command_type": "value",
  "command_user": "value",
  "command_action": {"field":"value"},
  "command_result": {"field":"value"}
}'

{"response":"failed"}

The engine logs are showing the following error:

java.lang.NullPointerException: Cannot read field "commandOrderId" because "copyCommandDetails" is null
    at com.wazuh.commandmanager.model.CommandDetails.<init>(CommandDetails.java:159) ~[?:?]
f-galland commented 2 months ago

I removed the document update functionality off the plugin after discussion with Alex, with this change, the endpoint now works as expected:


$ curl -XPOST "http://127.0.0.1:9200/command-manager/_search?pretty" -H 'Content-Type: application/json' -d'
{
   "size": 1,
   "query": {
      "match_all": {}
   }
}'
{
  "took" : 2,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "command-manager",
        "_id" : "JEChD5IBPt7qjCU0RVfs",
        "_score" : 1.0,
        "_source" : {
          "command_order_id" : "value",
          "command_request_id" : "value",
          "command_source" : "value",
          "command_target" : "value",
          "command_timeout" : "value",
          "command_type" : "value",
          "command_user" : "value",
          "command_action" : {
            "field" : "value"
          },
          "command_result" : {
            "field" : "value"
          }
        }
      }
    ]
  }
}
f-galland commented 2 months ago

The order and request IDs are generated randomly (for tests purposes) and the document ID is a concatenation of both:

$ 
curl -XPOST "http://127.0.0.1:9200/_plugins/_commandmanager" -H 'Content-Type: application/json' -d'
{
  "command_order_id": "value",
  "command_request_id": "value",
  "command_source": "value",
  "command_target": "value",
  "command_timeout": "value",
  "command_type": "value",
  "command_user": "value",
  "command_action": {"field":"value"},
  "command_result": {"field":"value"}
}'
{"response":"success","document_id":"pBjePGfvgm"}

fede@tyner:~
$ curl -XPOST "http://127.0.0.1:9200/command-manager/_search?pretty" -H 'Content-Type: application/json' -d'
{
   "size": 1,
   "query": {
      "match_all": {}
   }
}'

{
  "took" : 40,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "command-manager",
        "_id" : "pBjePGfvgm",
        "_score" : 1.0,
        "_source" : {
          "command_order_id" : "pBjeP",
          "command_request_id" : "Gfvgm",
          "command_source" : "value",
          "command_target" : "value",
          "command_timeout" : "value",
          "command_type" : "value",
          "command_user" : "value",
          "command_action" : {
            "field" : "value"
          },
          "command_result" : {
            "field" : "value"
          }
        }
      }
    ]
  }
}