Example 1 with Stage
use of org.graylog.plugins.pipelineprocessor.ast.Stage in project graylog2-server by Graylog2.
the class PipelineFacadeTest method resolve.
@Test
@MongoDBFixtures("PipelineFacadeTest/pipelines.json")
public void resolve() {
final Stage stage = Stage.builder().stage(0).match(Stage.Match.EITHER).ruleReferences(ImmutableList.of("debug", "no-op")).build();
RuleDao ruleDao1 = RuleDao.builder().id("2342353045938450345").title("debug").source("rule \\\"debug\\\"\\nrule \\\"no-op\\\"\\nend\"").build();
org.graylog.plugins.pipelineprocessor.ast.Rule rule1 = org.graylog.plugins.pipelineprocessor.ast.Rule.builder().id("1").name("debug").when(mock(LogicalExpression.class)).then(Collections.emptyList()).build();
RuleDao ruleDao2 = RuleDao.builder().id("2342353045938450346").title("no-op").source("rule \\\"debug\\\"\\nrule \\\"no-op\\\"\\nend\"").build();
org.graylog.plugins.pipelineprocessor.ast.Rule rule2 = org.graylog.plugins.pipelineprocessor.ast.Rule.builder().id("2").name("no-op").when(mock(LogicalExpression.class)).then(Collections.emptyList()).build();
stage.setRules(ImmutableList.of(rule1, rule2));
final Pipeline pipeline = Pipeline.builder().id("5a85c4854b900afd5d662be3").name("Test").stages(ImmutableSortedSet.of(stage)).build();
when(pipelineRuleParser.parsePipeline(eq("dummy"), anyString())).thenReturn(pipeline);
when(ruleService.findByName("no-op")).thenReturn(Optional.of(ruleDao1));
when(ruleService.findByName("debug")).thenReturn(Optional.of(ruleDao2));
final EntityDescriptor pipelineEntity = EntityDescriptor.create("5a85c4854b900afd5d662be3", ModelTypes.PIPELINE_V1);
final Graph<EntityDescriptor> graph = facade.resolveNativeEntity(pipelineEntity);
final EntityDescriptor streamEntity = EntityDescriptor.create("5adf23894b900a0fdb4e517d", ModelTypes.STREAM_V1);
final EntityDescriptor ruleEntity1 = EntityDescriptor.create("2342353045938450345", ModelTypes.PIPELINE_RULE_V1);
final EntityDescriptor ruleEntity2 = EntityDescriptor.create("2342353045938450346", ModelTypes.PIPELINE_RULE_V1);
assertThat(graph.nodes()).containsOnly(pipelineEntity, streamEntity, ruleEntity1, ruleEntity2);
}
Also used :
RuleDao(org.graylog.plugins.pipelineprocessor.db.RuleDao)
LogicalExpression(org.graylog.plugins.pipelineprocessor.ast.expressions.LogicalExpression)
EntityDescriptor(org.graylog2.contentpacks.model.entities.EntityDescriptor)
Stage(org.graylog.plugins.pipelineprocessor.ast.Stage)
Pipeline(org.graylog.plugins.pipelineprocessor.ast.Pipeline)
MongoDBFixtures(org.graylog.testing.mongodb.MongoDBFixtures)
Test(org.junit.Test)
Example 2 with Stage
use of org.graylog.plugins.pipelineprocessor.ast.Stage in project graylog2-server by Graylog2.
the class PipelineFacadeTest method resolveEntityDescriptor.
@Test
@MongoDBFixtures("PipelineFacadeTest/pipelines.json")
public void resolveEntityDescriptor() {
final Stage stage = Stage.builder().stage(0).match(Stage.Match.EITHER).ruleReferences(Collections.singletonList("no-op")).build();
final Pipeline pipeline = Pipeline.builder().id("5a85c4854b900afd5d662be3").name("Test").stages(ImmutableSortedSet.of(stage)).build();
when(pipelineRuleParser.parsePipeline("dummy", "pipeline \"Test\"\nstage 0 match either\nrule \"debug\"\nrule \"no-op\"\nend")).thenReturn(pipeline);
RuleDao ruleDao = RuleDao.builder().id("2342353045938450345").title("no-op").source("rule \\\"debug\\\"\\nrule \\\"no-op\\\"\\nend\"").build();
when(ruleService.findByName("no-op")).thenReturn(Optional.of(ruleDao));
final EntityDescriptor descriptor = EntityDescriptor.create("5a85c4854b900afd5d662be3", ModelTypes.PIPELINE_V1);
final Graph<EntityDescriptor> graph = facade.resolveNativeEntity(descriptor);
assertThat(graph.nodes()).containsOnly(descriptor, EntityDescriptor.create("5adf23894b900a0fdb4e517d", ModelTypes.STREAM_V1), EntityDescriptor.create("2342353045938450345", ModelTypes.PIPELINE_RULE_V1));
}
Also used :
RuleDao(org.graylog.plugins.pipelineprocessor.db.RuleDao)
EntityDescriptor(org.graylog2.contentpacks.model.entities.EntityDescriptor)
Stage(org.graylog.plugins.pipelineprocessor.ast.Stage)
Pipeline(org.graylog.plugins.pipelineprocessor.ast.Pipeline)
MongoDBFixtures(org.graylog.testing.mongodb.MongoDBFixtures)
Test(org.junit.Test)
Example 3 with Stage
use of org.graylog.plugins.pipelineprocessor.ast.Stage in project graylog2-server by Graylog2.
the class PipelineInterpreter method processForResolvedPipelines.
// Public access is required due to use in the Illuminate processor.
public List<Message> processForResolvedPipelines(Message message, String msgId, Set<Pipeline> pipelines, InterpreterListener interpreterListener, State state) {
final List<Message> result = new ArrayList<>();
// record execution of pipeline in metrics
pipelines.forEach(Pipeline::markExecution);
final StageIterator stages = state.getStageIterator(pipelines);
final Set<Pipeline> pipelinesToSkip = Sets.newHashSet();
// pipeline execution ordering is not guaranteed
while (stages.hasNext()) {
// remaining stages.
if (message.getFilterOut()) {
break;
}
final List<Stage> stageSet = stages.next();
for (final Stage stage : stageSet) {
evaluateStage(stage, message, msgId, result, pipelinesToSkip, interpreterListener);
}
}
// 7. return the processed messages
return result;
}Example 4 with Stage
use of org.graylog.plugins.pipelineprocessor.ast.Stage in project graylog2-server by Graylog2.
the class PipelineRuleParserTest method pipelineDeclaration.
@Test
public void pipelineDeclaration() throws Exception {
final List<Pipeline> pipelines = parser.parsePipelines(ruleForTest());
assertEquals(1, pipelines.size());
final Pipeline pipeline = Iterables.getOnlyElement(pipelines);
assertEquals("cisco", pipeline.name());
assertEquals(2, pipeline.stages().size());
final Stage stage1 = pipeline.stages().first();
final Stage stage2 = pipeline.stages().last();
assertEquals(Stage.Match.ALL, stage1.match());
assertEquals(1, stage1.stage());
assertArrayEquals(new Object[] { "check_ip_whitelist", "cisco_device" }, stage1.ruleReferences().toArray());
assertEquals(Stage.Match.EITHER, stage2.match());
assertEquals(2, stage2.stage());
assertArrayEquals(new Object[] { "parse_cisco_time", "extract_src_dest", "normalize_src_dest", "lookup_ips", "resolve_ips" }, stage2.ruleReferences().toArray());
}
Also used :
Stage(org.graylog.plugins.pipelineprocessor.ast.Stage)
Pipeline(org.graylog.plugins.pipelineprocessor.ast.Pipeline)
BaseParserTest(org.graylog.plugins.pipelineprocessor.BaseParserTest)
Test(org.junit.Test)
Example 5 with Stage
use of org.graylog.plugins.pipelineprocessor.ast.Stage in project graylog2-server by Graylog2.
the class StageIteratorTest method singlePipelineNoStage.
@Test
public void singlePipelineNoStage() {
final ImmutableSet<Pipeline> input = ImmutableSet.of(Pipeline.builder().name("hallo").stages(of(Stage.builder().stage(0).match(Stage.Match.ALL).ruleReferences(Collections.emptyList()).build())).build());
final StageIterator iterator = new StageIterator(input);
assertTrue(iterator.hasNext());
final List<Stage> nextStages = iterator.next();
assertEquals(1, nextStages.size());
final Stage stage = Iterables.getOnlyElement(nextStages);
assertEquals(0, stage.ruleReferences().size());
}Aggregations
Pipeline (org.graylog.plugins.pipelineprocessor.ast.Pipeline)5
Stage (org.graylog.plugins.pipelineprocessor.ast.Stage)5
Test (org.junit.Test)4
RuleDao (org.graylog.plugins.pipelineprocessor.db.RuleDao)2
MongoDBFixtures (org.graylog.testing.mongodb.MongoDBFixtures)2
EntityDescriptor (org.graylog2.contentpacks.model.entities.EntityDescriptor)2
ArrayList (java.util.ArrayList)1
BaseParserTest (org.graylog.plugins.pipelineprocessor.BaseParserTest)1
LogicalExpression (org.graylog.plugins.pipelineprocessor.ast.expressions.LogicalExpression)1
Message (org.graylog2.plugin.Message)1
