Remove unused field aggregation_stream - #53

Author: VincentD06

.gitignore

@@ -2,7 +2,7 @@
 /node/
 /node_modules/
 
-# For the runtime dockre-compose
+# For the runtime docker-compose
 /runtime/graylog/plugin/
 /runtime/.env
 

src/main/java/com/airbus_cyber_security/graylog/events/config/LoggingAlertConfig.java

@@ -77,7 +77,6 @@ public abstract class LoggingAlertConfig {
     public static LoggingAlertConfig create(
             @JsonProperty("separator") String separator,
             @JsonProperty("log_body") String logBody,
-            @JsonProperty("aggregation_stream") String aggregationStream,
             @JsonProperty("aggregation_time") int aggregationTime,
             @JsonProperty("limit_overflow") int limitOverflow,
             @JsonProperty("field_alert_id") String fieldAlertId,
@@ -86,7 +85,6 @@ public static LoggingAlertConfig create(
         return builder()
                 .accessSeparator(separator)
                 .accessLogBody(logBody)
-                .accessAggregationStream(aggregationStream)
                 .accessAggregationTime(aggregationTime)
                 .accessLimitOverflow(limitOverflow)
                 .accessFieldAlertId(fieldAlertId)
@@ -99,7 +97,6 @@ public static LoggingAlertConfig createDefault() {
         return builder()
                 .accessSeparator(" | ")
                 .accessLogBody(BODY_TEMPLATE)
-                .accessAggregationStream(DEFAULT_STREAM_ID)
                 .accessAggregationTime(0)
                 .accessLimitOverflow(0)
                 .accessFieldAlertId(FIELD_ALERT_ID)
@@ -112,7 +109,6 @@ public static Builder builder() {
         return new AutoValue_LoggingAlertConfig.Builder();
     }
 
-
     public abstract Builder toBuilder();
 
     @AutoValue.Builder

src/main/java/com/airbus_cyber_security/graylog/events/notifications/types/MessageBodyBuilder.java

@@ -73,11 +73,10 @@ String getAlertIdentifier(int aggregationTime, LoggingAlertConfig generalConfig,
         String suffix = "-" + getHashFromString(events_definition_id + "-" + key);
 
         String loggingAlertID = null;
-        String aggregationStream = generalConfig.accessAggregationStream();
 
-        if (aggregationTime > 0 && aggregationStream != null && !aggregationStream.isEmpty()) {
+        if (aggregationTime > 0) {
             String alertIdentifierFieldName = generalConfig.accessFieldAlertId();
-            loggingAlertID = this.searches.getAggregationAlertIdentifier(aggregationTime, alertIdentifierFieldName, aggregationStream, suffix);
+            loggingAlertID = this.searches.getAggregationAlertIdentifier(aggregationTime, alertIdentifierFieldName, suffix);
         }
 
         if (loggingAlertID == null || loggingAlertID.isEmpty()) {

src/main/java/com/airbus_cyber_security/graylog/events/storage/MessagesSearches.java

@@ -42,7 +42,7 @@ public MessagesSearches(Searches searches) {
         this.searches = searches;
     }
 
-    public String getAggregationAlertIdentifier(int aggregationTime, String alertIdentifierFieldName, String aggregationStream, String suffixID) {
+    public String getAggregationAlertIdentifier(int aggregationTime, String alertIdentifierFieldName, String suffixID) {
         LOGGER.debug("Start of getAggregationAlertID...");
         try {
             RelativeRange relativeRange = RelativeRange.create(aggregationTime * 60);
@@ -52,12 +52,8 @@ public String getAggregationAlertIdentifier(int aggregationTime, String alertIde
             String query = messageFormat.format(new Object[]{alertIdentifierFieldName, suffixID});
             LOGGER.debug("Alert Query: {}", query);
 
-            // Add stream filter
-            String filter = "streams:" + aggregationStream;
-            LOGGER.debug("Alert filter: {}", filter);
-
             // Execute query
-            SearchResult result = this.searches.search(query, filter, range, 1, 0, new Sorting(Message.FIELD_TIMESTAMP, Sorting.Direction.DESC));
+            SearchResult result = this.searches.search(query, range, 1, 0, new Sorting(Message.FIELD_TIMESTAMP, Sorting.Direction.DESC));
 
             if (result != null) {
                 LOGGER.debug("{} alert found", result.getResults().size());

src/test/java/com/airbus_cyber_security/graylog/events/notifications/types/MessageBodyBuilderTest.java

@@ -66,7 +66,7 @@ public class MessageBodyBuilderTest {
 
     @Test
     public void testGetAlertIdentifierWithoutAlert() {
-        when(messagesSearches.getAggregationAlertIdentifier(anyInt(), anyString(), anyString(), anyString())).thenReturn(null);
+        when(messagesSearches.getAggregationAlertIdentifier(anyInt(), anyString(), anyString())).thenReturn(null);
         MessageBodyBuilder messageBodyBuilder = new MessageBodyBuilder(objectMapper, messagesSearches, notificationService);
 
         LoggingAlertConfig generalConfig = buildLoggingAlertConfig();
@@ -79,7 +79,7 @@ public void testGetAlertIdentifierWithoutAlert() {
 
     @Test
     public void testGetAlertIdentifierWithExistingAlert() {
-        when(messagesSearches.getAggregationAlertIdentifier(anyInt(), anyString(), anyString(), anyString())).thenReturn(EVENT_ID_1);
+        when(messagesSearches.getAggregationAlertIdentifier(anyInt(), anyString(), anyString())).thenReturn(EVENT_ID_1);
         MessageBodyBuilder messageBodyBuilder = new MessageBodyBuilder(objectMapper, messagesSearches, notificationService);
 
         LoggingAlertConfig generalConfig = buildLoggingAlertConfig();
@@ -92,7 +92,6 @@ public void testGetAlertIdentifierWithExistingAlert() {
 
     private static LoggingAlertConfig buildLoggingAlertConfig() {
         return LoggingAlertConfig.builder()
-                .accessAggregationStream(AGGREGATION_STREAM)
                 .accessFieldAlertId(ALERT_ID_FIELD)
                 .accessSeparator("|")
                 .accessLogBody("")

src/web/components/LoggingAlertConfig.jsx

@@ -23,14 +23,8 @@
 // * components/pipelines/ProcessingTimelineComponent.tsx (with useEffect for StreamsStore
 // * threatintel/components/ThreatIntelPluginConfig.jsx
 import React, { useState } from 'react';
-import { useStore } from 'stores/connect';
-import { StreamsStore } from 'views/stores/StreamsStore';
-import { defaultCompare } from 'logic/DefaultCompare'
-
 import { BootstrapModalForm, Button, Input } from 'components/bootstrap';
 import IfPermitted from 'components/common/IfPermitted';
-import Select from 'components/common/Select';
-import Spinner from 'components/common/Spinner';
 
 export const DEFAULT_BODY_TEMPLATE = "type: alert"  + "\n" +
     "id: ${logging_alert.id}"  + "\n" +
@@ -52,10 +46,6 @@ const DEFAULT_CONFIG = {
     overflow_tag: 'LoggingOverflow',
 };
 
-const _formatOption = (key, value) => {
-    return { value: value, label: key };
-};
-
 const _displayOptionalConfigurationValue = (value) => {
     if (!value) {
         return '[not set]';
@@ -66,7 +56,6 @@ const _displayOptionalConfigurationValue = (value) => {
 const LoggingAlertConfig = ({ config = DEFAULT_CONFIG, updateConfig }) => {
     const [nextConfiguration, setNextConfiguration] = useState(config);
     const [showModal, setShowModal] = useState(false);
-    const { streams: streamList = [] } = useStore(StreamsStore);
 
     const _openModal = () => {
         setShowModal(true);
@@ -76,16 +65,10 @@ const LoggingAlertConfig = ({ config = DEFAULT_CONFIG, updateConfig }) => {
         setShowModal(false);
     };
 
-/* TODO is this necessary?
-    useEffect(() => {
-        setNextConfiguration({ ...config });
-    }, [config]);
-*/
-
     const _saveConfiguration = () => {
         updateConfig(nextConfiguration).then(() => {
             _closeModal();
-        })
+        });
     };
 
     const _resetConfiguration = () => {
@@ -108,18 +91,6 @@ const LoggingAlertConfig = ({ config = DEFAULT_CONFIG, updateConfig }) => {
         };
     };
 
-    const _onAggregationStreamSelect = (value) => {
-        _updateConfigurationField('aggregation_stream', value);
-    };
-
-    if (!streamList) {
-        return <Spinner />;
-    }
-
-    const formattedStreams = streamList
-        .map(stream => _formatOption(stream.title, stream.id))
-        .sort((s1, s2) => defaultCompare(s1.label.toLowerCase(), s2.label.toLowerCase()));
-
     return (
         <div>
             <h3>Logging Alert Notification Configuration</h3>
@@ -148,12 +119,6 @@ const LoggingAlertConfig = ({ config = DEFAULT_CONFIG, updateConfig }) => {
                     {_displayOptionalConfigurationValue(config.aggregation_time)}
                 </dd>
             </dl>
-            <dl className="deflist">
-                <dt>Alerts Stream: </dt>
-                <dd>
-                    {_displayOptionalConfigurationValue(config.aggregation_stream)}
-                </dd>
-            </dl>
             <dl className="deflist">
                 <dt>Alert ID Field: </dt>
                 <dd>
@@ -220,16 +185,6 @@ const LoggingAlertConfig = ({ config = DEFAULT_CONFIG, updateConfig }) => {
                         value={nextConfiguration.aggregation_time}
                         onChange={_onUpdate('aggregation_time')}
                     />
-                    <Input  id="aggregation-stream"
-                            label="Alerts Stream"
-                            help="Stream receiving the logged alerts that allows to aggregate alerts"
-                            name="aggregation_stream">
-                        <Select placeholder="Select the stream for the aggregation"
-                                options={formattedStreams}
-                                matchProp="value"
-                                value={nextConfiguration.aggregation_stream}
-                                onChange={_onAggregationStreamSelect} />
-                    </Input>
                     <Input
                         id="field_alert_id"
                         type="text"

src/web/index.jsx

@@ -31,7 +31,7 @@ export { DEFAULT_BODY_TEMPLATE } from 'components/LoggingAlertConfig';
 
 const metadata = {
   name: packageJson.name
-}
+};
 
 PluginStore.register(new PluginManifest(metadata, {
   systemConfigurations: [