Skip to content

Commit

Permalink
Merge pull request #14 from UKHomeOffice/270-es-indexes
Browse files Browse the repository at this point in the history
Elasticsearch githubintegration index mappings are created at runtime
  • Loading branch information
techjacker authored Jul 17, 2017
2 parents 17da7b9 + 2eaf3b7 commit 851e724
Show file tree
Hide file tree
Showing 7 changed files with 151 additions and 32 deletions.
9 changes: 9 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,12 @@
sha: cab517ac1132ea76603bd51ba5a95305f81bb2ba
hooks:
- id: gofmt

- repo: local
hooks:
- id: kubeval
name: kubeval
description: Lint kube files with system.
entry: kubeval
language: system
files: kube\/(?!secrets\.yml)
35 changes: 16 additions & 19 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,41 +49,38 @@ these/pems/are/ok/*.pem
## Notifications
Work in progress.


### Local Testing

#### Set environment variables needed
Create `env` file and update environment variables.
```
cp .env{.example,}
vi .env
$ cp .env{.example,}
# update .env values
$ vi .env
$ source .env
```

#### Launch containers
```
# launch server first
. .env && docker-compose up -d server
# Elastalert expects the elasticsearch index it is monitoring to exist otherwise it will error. The server creates the index in elasticsearch the first time it writes a log.
make test-run-offenses
# launch elastalert
docker-compose up elastalert
$ docker-compose up -d
```

#### Debugging
#### Run test offenses
```
$ make test-run-offenses
```
docker exec -it <elastalert_container_hash> sh

# run elastalert test rule utility within elastalert container
elastalert-test-rule --config $ELASTALERT_CONFIG --count-only "$RULES_DIRECTORY/new_violation.yaml"
elastalert-test-rule --alert --config $ELASTALERT_CONFIG "$RULES_DIRECTORY/new_violation.yaml"

### Debugging Elastalert
```
$ docker exec -it <elastalert_container_hash> sh
# run elastalert test rule utility within elastalert container
$ elastalert-test-rule --config $ELASTALERT_CONFIG --count-only "$RULES_DIRECTORY/new_violation.yaml"
$ elastalert-test-rule --alert --config $ELASTALERT_CONFIG "$RULES_DIRECTORY/new_violation.yaml"
# run elastalert in debug mode
elastalert --config "$ELASTALERT_CONFIG" --rule "$RULES_DIRECTORY/new_violation.yaml" --debug
$ elastalert --config "$ELASTALERT_CONFIG" --rule "$RULES_DIRECTORY/new_violation.yaml" --debug
```

#### Logs
```
tail -f /log/elastalert_new_violation_rule.log
$ tail -f /log/elastalert_new_violation_rule.log
```
6 changes: 2 additions & 4 deletions elastalert/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ ENV CONTAINER_TIMEZONE Europe/London
WORKDIR /opt
RUN apk update && \
apk upgrade && \
apk add ca-certificates openssl-dev libffi-dev python-dev gcc musl-dev tzdata openntpd && \
apk add ca-certificates openssl-dev libffi-dev python-dev gcc musl-dev tzdata openntpd curl && \
rm -rf /var/cache/apk/* && \
# Install pip - required for installation of Elastalert.
wget https://bootstrap.pypa.io/get-pip.py && \
Expand Down Expand Up @@ -38,9 +38,7 @@ ENV ELASTALERT_CONFIG /opt/elastalert_config.yaml
COPY elastalert_config.yaml ${ELASTALERT_CONFIG}
COPY modules ${ELASTALERT_ROOT}/elastalert_modules




COPY elasticsearch_mappings.json /tmp
COPY start-elastalert.sh /opt/
RUN chmod +x /opt/start-elastalert.sh
CMD ["/opt/start-elastalert.sh"]
104 changes: 104 additions & 0 deletions elastalert/elasticsearch_mappings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
{
"mappings": {
"log": {
"properties": {
"Data": {
"properties": {
"filename": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"index": false,
"ignore_above": 256
}
},
"fielddata": false
},
"organisation": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"index": false,
"ignore_above": 256
}
},
"fielddata": false
},
"reason": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"index": false,
"ignore_above": 256
}
},
"fielddata": false
},
"repo": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"index": false,
"ignore_above": 256
}
},
"fielddata": false
},
"url": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"index": false,
"ignore_above": 256
}
},
"fielddata": false
}
}
},
"Host": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"index": false,
"ignore_above": 256
}
},
"fielddata": false
},
"Level": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"index": false,
"ignore_above": 256
}
},
"fielddata": false
},
"Message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"index": false,
"ignore_above": 256
}
},
"fielddata": false
},
"Timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
}
}
}
}
}
11 changes: 11 additions & 0 deletions elastalert/start-elastalert.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
#!/bin/sh
set -e

####################
# create elasticsearch mappings for index monitoring
# elastlaert will throw an error if these do not already exist
####################
curl -s "$ELASTICSEARCH_HOST:$ELASTICSEARCH_PORT/githubintegration/_search"
if [[ $? != 0 ]]; then
curl \
--upload-file /tmp/elasticsearch_mappings.json \
"$ELASTICSEARCH_HOST:$ELASTICSEARCH_PORT/githubintegration" | python -m json.tool
fi

####################
# Set the timezone
####################
Expand Down
14 changes: 7 additions & 7 deletions handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ import (
)

const (
msgHealthOk = "ok"
msgBadRequest = "bad request"
msgIgnore = "Not a push evt; ignoring"
msgSuccess = "Push contains no offenses"
msgFail = "TODO: email list of recipients to be notified of violations"
msgHealthOk = "ok"
msgBadRequest = "bad request"
msgIgnore = "Not a push evt; ignoring"
msgNoViolationsFound = "Push contains no offenses"
msgViolationFound = "Push contains violations"
)

// GithubHandler is a github integration HTTP handler
Expand Down Expand Up @@ -43,7 +43,7 @@ func GithubHandler(dc diffence.Checker, dg DiffGetterHTTP, log Log) http.Handler
}

if results.Matches() < 1 {
fmt.Fprintf(w, "%s\n", msgSuccess)
fmt.Fprintf(w, "%s\n", msgNoViolationsFound)
return
}

Expand All @@ -57,7 +57,7 @@ func GithubHandler(dc diffence.Checker, dg DiffGetterHTTP, log Log) http.Handler
)
}
}
fmt.Fprintf(w, "%s\n", msgFail)
fmt.Fprintf(w, "%s\n", msgViolationFound)
})
}

Expand Down
4 changes: 2 additions & 2 deletions handlers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func TestGithubHandler(t *testing.T) {
diffPath: "test/fixtures/no_offenses.diff",
},
wantStatusCode: http.StatusOK,
wantResBody: msgSuccess,
wantResBody: msgNoViolationsFound,
},
{
name: "1 offense in diff",
Expand All @@ -74,7 +74,7 @@ func TestGithubHandler(t *testing.T) {
diffPath: "test/fixtures/offenses_x1.diff",
},
wantStatusCode: http.StatusOK,
wantResBody: msgFail,
wantResBody: msgViolationFound,
},
}
for _, tt := range tests {
Expand Down

0 comments on commit 851e724

Please sign in to comment.