Allow provided location DB

jotak · jotak · commit 45c33484cbcb · 2025-05-23T15:32:56.000+02:00
Fixes #947
diff --git a/README.md b/README.md
@@ -446,11 +446,7 @@ service name of `dstPort` port and `protocol` protocol. Unrecognized ports are i
 > Note: optionally supports custom network services resolution by defining configuration parameters 
 > `servicesFile` and `protocolsFile` with paths to custom services/protocols files respectively  
 
-The rule `add_location` generates new fields with the geo-location information retrieved 
-from DB [ip2location](https://lite.ip2location.com/) based on `dstIP` IP. 
-All the geo-location fields will be named by appending `output` value 
-(`dstLocation` in the example above) to their names in the [ip2location](https://lite.ip2location.com/ DB 
-(e.g., `CountryName`, `CountryLongName`, `RegionName`, `CityName` , `Longitude` and `Latitude`)
+The rule `add_location` generates new fields with the geo-location information. It uses the [IP2Location LITE database](https://lite.ip2location.com/) in that purpose. All the geo-location fields will be named by prefixing the `output` value to their names in the IP2Location DB (e.g., `CountryName`, `CountryLongName`, `RegionName`, `CityName` , `Longitude` and `Latitude`).
 
 The rule `add_kubernetes` generates new fields with kubernetes information by
 matching the `ipField` value (`srcIP` in the example above) with kubernetes `nodes`, `pods` and `services` IPs.
@@ -703,8 +699,6 @@ we can assume that it is the second step of the TCP handshake,
 the direction is from the server (source) to the client (destination) and we can swap them in the connection so the client will be the source and the server will be the destination.  
 
 
-
-
 ### Timebased TopK
 
 It is sometimes desirable to return only a subset of records, such as those connections that use the most bandwidth.
diff --git a/docs/api.md b/docs/api.md
@@ -271,6 +271,7 @@ Following is the supported API format for network transformations:
                  add_location: Add location rule configuration
                      input: entry input field
                      output: entry output field
+                     file_path: path of the location DB file (zip archive), from ip2location.com (Lite DB9); leave unset to try downloading the file at startup
                  add_subnet_label: Add subnet label rule configuration
                      input: entry input field
                      output: entry output field
diff --git a/pkg/api/transform_network.go b/pkg/api/transform_network.go
@@ -67,7 +67,7 @@ type NetworkTransformRule struct {
 	KubernetesInfra *K8sInfraRule                 `yaml:"kubernetes_infra,omitempty" json:"kubernetes_infra,omitempty" doc:"Kubernetes infra rule configuration"`
 	Kubernetes      *K8sRule                      `yaml:"kubernetes,omitempty" json:"kubernetes,omitempty" doc:"Kubernetes rule configuration"`
 	AddSubnet       *NetworkAddSubnetRule         `yaml:"add_subnet,omitempty" json:"add_subnet,omitempty" doc:"Add subnet rule configuration"`
-	AddLocation     *NetworkGenericRule           `yaml:"add_location,omitempty" json:"add_location,omitempty" doc:"Add location rule configuration"`
+	AddLocation     *NetworkAddLocationRule       `yaml:"add_location,omitempty" json:"add_location,omitempty" doc:"Add location rule configuration"`
 	AddSubnetLabel  *NetworkAddSubnetLabelRule    `yaml:"add_subnet_label,omitempty" json:"add_subnet_label,omitempty" doc:"Add subnet label rule configuration"`
 	AddService      *NetworkAddServiceRule        `yaml:"add_service,omitempty" json:"add_service,omitempty" doc:"Add service rule configuration"`
 	DecodeTCPFlags  *NetworkGenericRule           `yaml:"decode_tcp_flags,omitempty" json:"decode_tcp_flags,omitempty" doc:"Decode bitwise TCP flags into a string"`
@@ -112,6 +112,12 @@ type NetworkAddSubnetRule struct {
 	SubnetMask string `yaml:"subnet_mask,omitempty" json:"subnet_mask,omitempty" doc:"subnet mask field"`
 }
 
+type NetworkAddLocationRule struct {
+	Input    string `yaml:"input,omitempty" json:"input,omitempty" doc:"entry input field"`
+	Output   string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"`
+	FilePath string `yaml:"file_path,omitempty" json:"file_path,omitempty" doc:"path of the location DB file (zip archive), from ip2location.com (Lite DB9); leave unset to try downloading the file at startup"`
+}
+
 type NetworkAddSubnetLabelRule struct {
 	Input  string `yaml:"input,omitempty" json:"input,omitempty" doc:"entry input field"`
 	Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"entry output field"`
diff --git a/pkg/pipeline/transform/location/location.go b/pkg/pipeline/transform/location/location.go
@@ -74,45 +74,52 @@ func init() {
 	locationDBMutex = &sync.Mutex{}
 }
 
-func InitLocationDB() error {
+func InitLocationDB(filepath string) error {
 	locationDBMutex.Lock()
 	defer locationDBMutex.Unlock()
 
 	if _, statErr := _osio.Stat(dbFileLocation); errors.Is(statErr, os.ErrNotExist) {
-		log.Infof("Downloading location DB into local file %s ", dbFileLocation)
-		out, createErr := _osio.Create(dbZIPFileLocation)
-		if createErr != nil {
-			return fmt.Errorf("failed os.Create %w ", createErr)
-		}
+		if filepath == "" {
+			log.Infof("Downloading location DB into local file %s ", dbFileLocation)
+			out, createErr := _osio.Create(dbZIPFileLocation)
+			if createErr != nil {
+				return fmt.Errorf("failed os.Create %w ", createErr)
+			}
 
-		timeout := time.Minute
-		tr := &http.Transport{IdleConnTimeout: timeout}
-		client := &http.Client{Transport: tr, Timeout: timeout}
-		resp, getErr := client.Get(_dbURL)
-		if getErr != nil {
-			return fmt.Errorf("failed http.Get %w ", getErr)
-		}
+			timeout := time.Minute
+			tr := &http.Transport{IdleConnTimeout: timeout}
+			client := &http.Client{Transport: tr, Timeout: timeout}
+			resp, getErr := client.Get(_dbURL)
+			if getErr != nil {
+				return fmt.Errorf("failed http.Get %w ", getErr)
+			}
 
-		log.Infof("Got response %s", resp.Status)
+			log.Infof("Got response %s", resp.Status)
 
-		written, copyErr := io.Copy(out, resp.Body)
-		if copyErr != nil {
-			return fmt.Errorf("failed io.Copy %w ", copyErr)
-		}
+			written, copyErr := io.Copy(out, resp.Body)
+			if copyErr != nil {
+				return fmt.Errorf("failed io.Copy %w ", copyErr)
+			}
 
-		log.Infof("Wrote %d bytes to %s", written, dbZIPFileLocation)
+			log.Infof("Wrote %d bytes to %s", written, dbZIPFileLocation)
 
-		bodyCloseErr := resp.Body.Close()
-		if bodyCloseErr != nil {
-			return fmt.Errorf("failed resp.Body.Close %w ", bodyCloseErr)
-		}
+			bodyCloseErr := resp.Body.Close()
+			if bodyCloseErr != nil {
+				return fmt.Errorf("failed resp.Body.Close %w ", bodyCloseErr)
+			}
+
+			outCloseErr := out.Close()
+			if outCloseErr != nil {
+				return fmt.Errorf("failed out.Close %w ", outCloseErr)
+			}
 
-		outCloseErr := out.Close()
-		if outCloseErr != nil {
-			return fmt.Errorf("failed out.Close %w ", outCloseErr)
+			filepath = dbZIPFileLocation
+			log.Infof("Download completed successfully")
+		} else {
+			log.Infof("Using provided location DB: %s", filepath)
 		}
 
-		unzipErr := unzip(dbZIPFileLocation, dbFileLocation)
+		unzipErr := unzip(filepath, dbFileLocation)
 		if unzipErr != nil {
 			file, openErr := os.Open(dbFileLocation + "/" + dbFilename)
 			if openErr == nil {
@@ -136,8 +143,8 @@ func InitLocationDB() error {
 
 			return fmt.Errorf("failed unzip %w ", unzipErr)
 		}
-
-		log.Infof("Download completed successfully")
+	} else {
+		log.Infof("Location DB already exists in %s, using it", dbFileLocation)
 	}
 
 	log.Debugf("Loading location DB")
@@ -150,6 +157,10 @@ func InitLocationDB() error {
 	return nil
 }
 
+func CleanupLocationDB() error {
+	return os.RemoveAll(dbFileLocation)
+}
+
 func GetLocation(ip string) (*Info, error) {
 
 	if locationDB == nil {
diff --git a/pkg/pipeline/transform/location/location_test.go b/pkg/pipeline/transform/location/location_test.go
@@ -35,7 +35,7 @@ func Test_InitLocationDB(t *testing.T) {
 	// fail in os.Create
 	_osio.Stat = func(_ string) (os.FileInfo, error) { return nil, os.ErrNotExist }
 	_osio.Create = func(_ string) (*os.File, error) { return nil, fmt.Errorf("test") }
-	err := InitLocationDB()
+	err := InitLocationDB("")
 	require.Contains(t, err.Error(), "os.Create")
 	_osio.Stat = os.Stat
 	_osio.Create = os.Create
@@ -44,7 +44,7 @@ func Test_InitLocationDB(t *testing.T) {
 	_osio.Stat = func(_ string) (os.FileInfo, error) { return nil, os.ErrNotExist }
 	_osio.Create = func(_ string) (*os.File, error) { return nil, nil }
 	_dbURL = "test_fake"
-	err = InitLocationDB()
+	err = InitLocationDB("")
 	require.Contains(t, err.Error(), "http.Get")
 	_dbURL = dbURL
 	_osio.Stat = os.Stat
@@ -57,7 +57,7 @@ func Test_InitLocationDB(t *testing.T) {
 		_, _ = res.Write([]byte("test"))
 	}))
 	_dbURL = testServer.URL
-	err = InitLocationDB()
+	err = InitLocationDB("")
 	require.Contains(t, err.Error(), "io.Copy")
 	testServer.Close()
 	_dbURL = dbURL
@@ -71,7 +71,7 @@ func Test_InitLocationDB(t *testing.T) {
 		res.WriteHeader(http.StatusOK)
 	}))
 	_dbURL = testServer.URL
-	err = InitLocationDB()
+	err = InitLocationDB("")
 	require.Contains(t, err.Error(), "io.Copy")
 	testServer.Close()
 	_dbURL = dbURL
@@ -85,7 +85,7 @@ func Test_InitLocationDB(t *testing.T) {
 		res.WriteHeader(http.StatusOK)
 	}))
 	_dbURL = testServer.URL
-	err = InitLocationDB()
+	err = InitLocationDB("")
 	require.Contains(t, err.Error(), "failed unzip")
 	testServer.Close()
 	_dbURL = dbURL
@@ -102,7 +102,7 @@ func Test_InitLocationDB(t *testing.T) {
 		res.WriteHeader(http.StatusOK)
 	}))
 	_dbURL = testServer.URL
-	err = InitLocationDB()
+	err = InitLocationDB("")
 	require.Error(t, err)
 	testServer.Close()
 	_dbURL = dbURL
@@ -111,7 +111,7 @@ func Test_InitLocationDB(t *testing.T) {
 	// NOTE:: Downloading the DB is a long operation, about 30 seconds, and this delays the tests
 	// TODO: Consider remove this test
 	os.RemoveAll(dbFileLocation)
-	initLocationDBErr := InitLocationDB()
+	initLocationDBErr := InitLocationDB("")
 	require.Nil(t, initLocationDBErr)
 }
 
diff --git a/pkg/pipeline/transform/transform_network.go b/pkg/pipeline/transform/transform_network.go
@@ -70,10 +70,6 @@ func (n *Network) Transform(inputEntry config.GenericMap) (config.GenericMap, bo
 				outputEntry[rule.AddSubnet.Output] = ipv4Net.String()
 			}
 		case api.NetworkAddLocation:
-			if rule.AddLocation == nil {
-				log.Errorf("Missing add location configuration")
-				continue
-			}
 			var locationInfo *location.Info
 			locationInfo, err := location.GetLocation(util.ConvertToString(outputEntry[rule.AddLocation.Input]))
 			if err != nil {
@@ -175,7 +171,7 @@ func (n *Network) applySubnetLabel(strIP string) string {
 //
 //nolint:cyclop
 func NewTransformNetwork(params config.StageParam, opMetrics *operational.Metrics) (Transformer, error) {
-	var needToInitLocationDB = false
+	var locationDBConfig *api.NetworkAddLocationRule
 	var needToInitKubeData = false
 	var needToInitNetworkServices = false
 
@@ -186,7 +182,10 @@ func NewTransformNetwork(params config.StageParam, opMetrics *operational.Metric
 	for _, rule := range jsonNetworkTransform.Rules {
 		switch rule.Type {
 		case api.NetworkAddLocation:
-			needToInitLocationDB = true
+			if rule.AddLocation == nil {
+				return nil, fmt.Errorf("missing configuration for '%s' rule", api.NetworkAddLocation)
+			}
+			locationDBConfig = rule.AddLocation
 		case api.NetworkAddKubernetes:
 			needToInitKubeData = true
 		case api.NetworkAddKubernetesInfra:
@@ -206,8 +205,8 @@ func NewTransformNetwork(params config.StageParam, opMetrics *operational.Metric
 		}
 	}
 
-	if needToInitLocationDB {
-		err := location.InitLocationDB()
+	if locationDBConfig != nil {
+		err := location.InitLocationDB(locationDBConfig.FilePath)
 		if err != nil {
 			log.Debugf("location.InitLocationDB error: %v", err)
 		}
diff --git a/pkg/pipeline/transform/transform_network_test.go b/pkg/pipeline/transform/transform_network_test.go
@@ -82,7 +82,7 @@ func getMockNetworkTransformRules() api.NetworkTransformRules {
 		},
 		api.NetworkTransformRule{
 			Type: "add_location",
-			AddLocation: &api.NetworkGenericRule{
+			AddLocation: &api.NetworkAddLocationRule{
 				Input:  "8888IP",
 				Output: "8888IP_location",
 			},
@@ -142,7 +142,29 @@ func Test_Transform(t *testing.T) {
 		svcNames: getServicesDB(t),
 	}
 
-	err := location.InitLocationDB()
+	err := location.InitLocationDB("")
+	require.NoError(t, err)
+
+	output, ok := networkTransform.Transform(entry)
+	require.True(t, ok)
+	require.Equal(t, expectedOutput, output)
+}
+
+func Test_TransformProvidedLocationDB(t *testing.T) {
+	entry := test.GetIngestMockEntry(false)
+	rules := getMockNetworkTransformRules()
+	expectedOutput := getExpectedOutput()
+	err := location.CleanupLocationDB()
+	require.NoError(t, err)
+
+	var networkTransform = Network{
+		TransformNetwork: api.TransformNetwork{
+			Rules: rules,
+		},
+		svcNames: getServicesDB(t),
+	}
+
+	err = location.InitLocationDB("../../../contrib/location/location.db")
 	require.NoError(t, err)
 
 	output, ok := networkTransform.Transform(entry)
@@ -166,7 +188,7 @@ func Test_TransformAddSubnetParseCIDRFailure(t *testing.T) {
 		svcNames: getServicesDB(t),
 	}
 
-	err := location.InitLocationDB()
+	err := location.InitLocationDB("")
 	require.NoError(t, err)
 
 	output, ok := networkTransform.Transform(entry)
