|
|
|
@ -260,7 +260,15 @@ class NotificationRuleData(object):
|
|
|
|
|
hash_matches = self.object.match.get(index) == match
|
|
|
|
|
return hash_matches
|
|
|
|
|
|
|
|
|
|
return self.object.match.get(index)
|
|
|
|
|
returned_match = self.object.match.get(index, None)
|
|
|
|
|
if type(returned_match) == int:
|
|
|
|
|
# We are getting a hash from the database,
|
|
|
|
|
# but we have nothing to check it against.
|
|
|
|
|
# In this instance, we are checking if we got a match
|
|
|
|
|
# at all last time. We can confidently say that since
|
|
|
|
|
# we have a hash, we did.
|
|
|
|
|
returned_match = True
|
|
|
|
|
return returned_match
|
|
|
|
|
|
|
|
|
|
def format_aggs(self, aggs):
|
|
|
|
|
"""
|
|
|
|
@ -393,31 +401,26 @@ class NotificationRuleData(object):
|
|
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
current_match = self.get_match(index)
|
|
|
|
|
log.debug(f"Rule not matched: {index} - current match: {current_match}")
|
|
|
|
|
log.debug(f"Rule not matched: {index} - current match: {current_match}: {message}")
|
|
|
|
|
|
|
|
|
|
last_run_had_matches = current_match is True
|
|
|
|
|
if self.policy in ["change", "default"]:
|
|
|
|
|
print("policy in change or default")
|
|
|
|
|
# Change or Default policy, notifying only on new results
|
|
|
|
|
if not last_run_had_matches:
|
|
|
|
|
print("last run did not have matches")
|
|
|
|
|
# Last run did not have matches, nor did this one
|
|
|
|
|
# We don't need to notify
|
|
|
|
|
return
|
|
|
|
|
initial = current_match is None
|
|
|
|
|
|
|
|
|
|
elif self.policy == "always":
|
|
|
|
|
print("policy is always")
|
|
|
|
|
# Only here for completeness, we notify below by default
|
|
|
|
|
pass
|
|
|
|
|
self.store_match(index, False)
|
|
|
|
|
|
|
|
|
|
if self.policy != "always":
|
|
|
|
|
# We hit the return above if we don't need to notify
|
|
|
|
|
if self.policy in ["change", "default"]:
|
|
|
|
|
if not last_run_had_matches and not initial:
|
|
|
|
|
# We don't need to notify if the last run didn't have matches
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
# Matched before, but not now
|
|
|
|
|
if self.policy in ["change", "always"]:
|
|
|
|
|
print("policy in change or always")
|
|
|
|
|
if self.policy in ["always", "change"]:
|
|
|
|
|
# Never notify for empty matches on default policy
|
|
|
|
|
rule_notify(self.object, index, "no_match", None)
|
|
|
|
|
self.store_match(index, False)
|
|
|
|
|
await self.ingest_matches(
|
|
|
|
|
index=index, matches=[{"msg": None}], meta={"msg": message}, mode="schedule"
|
|
|
|
|
)
|
|
|
|
|
await self.ingest_matches(
|
|
|
|
|
index=index, matches=[{"msg": None}], meta={"msg": message}, mode="schedule"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
async def run_schedule(self):
|
|
|
|
|
"""
|
|
|
|
@ -428,12 +431,13 @@ class NotificationRuleData(object):
|
|
|
|
|
response = await self.db.schedule_query_results(self)
|
|
|
|
|
if not response:
|
|
|
|
|
# No results in the result_map
|
|
|
|
|
print("No results in result_map")
|
|
|
|
|
await self.rule_no_match(message="No response from database")
|
|
|
|
|
return
|
|
|
|
|
for index, (meta, results) in response.items():
|
|
|
|
|
if not results:
|
|
|
|
|
# Falsy results, no matches
|
|
|
|
|
await self.rule_no_match(index, message="No results for index")
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
# Add the match values of all aggregations to a list
|
|
|
|
|
aggs_for_index = []
|
|
|
|
|