Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create UML diagrams for the wazuh-indexer-setup plugin #11

Closed
2 tasks done
Tracked by #9
AlexRuiz7 opened this issue Jul 10, 2024 · 3 comments
Closed
2 tasks done
Tracked by #9

Create UML diagrams for the wazuh-indexer-setup plugin #11

AlexRuiz7 opened this issue Jul 10, 2024 · 3 comments
Assignees
Labels
level/task Task issue type/enhancement Enhancement issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Jul 10, 2024

Description

Create UML diagrams for the proposed design (#3) of the wazuh-indexer-setup plugin. We want to complement the new plugins with properly documented designs from the beginning of the development.

Tasks

  • Create a sequence diagram
  • Create a class diagram
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/enhancement Enhancement issue labels Jul 10, 2024
@AlexRuiz7 AlexRuiz7 self-assigned this Jul 10, 2024
@AlexRuiz7
Copy link
Member Author

AlexRuiz7 commented Jul 10, 2024

Sequence diagram

Note

Calls to Client are asynchronous.

sequenceDiagram
    actor Node
    participant SetupPlugin
    participant WazuhIndices
    participant Client
    Node->>SetupPlugin: plugin.onNodeStarted()
    activate SetupPlugin
    Note over Node,SetupPlugin: Invoked on Node::start()

    
    activate WazuhIndices
    SetupPlugin->>WazuhIndices: initialize()


    Note over SetupPlugin,WazuhIndices: Create index templates and indices
    loop i..n templates
        WazuhIndices-)Client: templateExists(i)
        Client--)WazuhIndices: response
        alt template i does not exist
            WazuhIndices-)Client: putTemplate(i)
            Client--)WazuhIndices: response
        end
    end
    loop i..n indices
        WazuhIndices-)Client: indexExists(i)
        Client--)WazuhIndices: response
        alt index i does not exist
            WazuhIndices-)Client: putIndex(i)
            Client--)WazuhIndices: response
        end
    end
    deactivate WazuhIndices
    deactivate SetupPlugin
Loading

Class diagram

---
title: Wazuh Indexer setup plugin
---
classDiagram
    direction LR
    SetupPlugin"1"-->WazuhIndices
    WazuhIndices"1"-->Client
    <<service>> Client

    SetupPlugin : -WazuhIndices indices
    SetupPlugin : +createComponents()
    SetupPlugin : +onNodeStarted()

    WazuhIndices : -Client client
    WazuhIndices : -ClusterService clusterService
    WazuhIndices : +WazuhIndices(Client client, ClusterService clusterService)
    WazuhIndices : +putTemplate(String template) void
    WazuhIndices : +putIndex(String index) void
    WazuhIndices : +indexExists(String index) bool
    WazuhIndices : +templateExists(String template) bool
    WazuhIndices : +initialize() void
Loading

Note

rev 0.1 - July 10, 2024: Add initial diagrams
rev 0.2 - July 11, 2024: Add index templates operations
rev 0.3 - August 29, 2024: Update diagrams to lastest design

@AlexRuiz7
Copy link
Member Author

AlexRuiz7 commented Jul 10, 2024

Closing notes

Having diagrammed the plugin, I wonder where it would make more sense to include the loop to create the indices. Creating an index consists of invoking client.admin().indices().create(indexRequest, actionListener), where actionListener is a callback and indexRequest contains the index's name, mappings and settings. These are read from separate YML files. This is a problem as the index templates we are defining on wazuh/wazuh-indexer#270 follow a different format (JSON, API compliant).

On the other hand, the filenames for these mappings and settings are currently included in the code of the WazuhIndices class as constants. Future updates to the indices will require updating this class manually. This could be avoided by automatically reading the resources' folder of the plugin. In this case, a matching strategy between the index name, its mappings filename and its settings filename needs to be created.

We need to explore how to create index templates (using the Index Management plugin), as a way to overcome the problems stated above. The strategy of creating single indices with mappings and settings only works for that particular index, and won't apply to rotated stream indices.

@wazuhci wazuhci moved this from In progress to Pending final review in XDR+SIEM/Release 5.0.0 Jul 10, 2024
@AlexRuiz7
Copy link
Member Author

AlexRuiz7 commented Jul 10, 2024

We need to explore how to create index templates (using the Index Management plugin), as a way to overcome the problems stated above. The strategy of creating single indices with mappings and settings only works for that particular index, and won't apply to rotated stream indices.

OpenSearch Playground has 2 composable index templates. Searching the name .opensearch-sap-detectors-queries-index-template, I found out there is an API at opensearch.admin.indices.template.put.

  1. playground.opensearch.org
  2. DetectorMonitorConfig.java#L22
  3. RuleTopicIndices.java#L16
  4. PutComposableIndexTemplateAction.java#L61

@wazuhci wazuhci moved this from Pending final review to Done in XDR+SIEM/Release 5.0.0 Jul 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
level/task Task issue type/enhancement Enhancement issue
Projects
Status: Done
Development

No branches or pull requests

1 participant