Make notification rules queryable

2023-02-02 20:41:19 +00:00
parent df1e82c5f2
commit 81c8e34211
11 changed files with 76 additions and 9 deletions
--- a/core/db/elastic.py
+++ b/core/db/elastic.py
@@ -14,6 +14,7 @@ from core.lib.parsing import (
    QueryError,
    parse_date_time,
    parse_index,
+    parse_rule,
    parse_sentiment,
    parse_size,
    parse_sort,
@@ -32,6 +33,7 @@ mapping = {
            "ts": {"type": "date", "format": "epoch_second"},
            "match_ts": {"type": "date", "format": "iso8601"},
            "file_tim": {"type": "date", "format": "epoch_millis"},
+            "rule_uuid": {"type": "keyword"},
        }
    }
 }
@@ -271,7 +273,6 @@ class ElasticsearchBackend(StorageBackend):
        if self.async_client is None:
            await self.async_initialise()
        for match in matches:
-            print("INDEXING", match)
            result = await self.async_client.index(
                index=settings.INDEX_RULE_STORAGE, body=match
            )
@@ -439,10 +440,18 @@ class ElasticsearchBackend(StorageBackend):
            if isinstance(size, dict):
                return size

-        # I - Index
-        index = parse_index(request.user, query_params)
-        if isinstance(index, dict):
-            return index
+        rule_object = parse_rule(request.user, query_params)
+        if isinstance(rule_object, dict):
+            return rule_object
+
+        if rule_object is not None:
+            index = settings.INDEX_RULE_STORAGE
+            add_bool.append({"rule_uuid": str(rule_object.id)})
+        else:
+            # I - Index
+            index = parse_index(request.user, query_params)
+            if isinstance(index, dict):
+                return index

        # Q/T - Query/Tags
        search_query = self.parse_query(