proxes 0.9.13 → 0.10.1

data/lib/proxes/middleware/security.rb

@@ -13,7 +13,7 @@ module ProxES
 
       def initialize(app, logger = nil)
         @app = app
-        @logger = logger || ::Ditty::Services::Logger.instance
+        @logger = logger || ::Ditty::Services::Logger
       end
 
       def call(env)
@@ -22,8 +22,8 @@ module ProxES
 
         check_basic request
         authorize request
-
         request.index = policy_scope(request) if request.indices?
+
         log(request, 'AFTER')
 
         @app.call env
@@ -35,7 +35,8 @@ module ProxES
 
         identity = ::Ditty::Identity.find(username: auth.credentials[0])
         identity ||= ::Ditty::Identity.find(username: CGI.unescape(auth.credentials[0]))
-        return false unless identity && identity.authenticate(auth.credentials[1])
+        return false unless identity&.authenticate(auth.credentials[1])
+
         request.env['rack.session'] ||= {}
         request.env['rack.session']['user_id'] = identity.user_id
       end

data/lib/proxes/models/permission.rb

@@ -3,6 +3,7 @@
 require 'ditty/models/base'
 require 'ditty/models/user'
 require 'ditty/models/role'
+require 'active_support/core_ext/object/blank'
 
 module ProxES
   class Permission < ::Sequel::Model
@@ -12,27 +13,57 @@ module ProxES
     many_to_one :user, class: ::Ditty::User
 
     dataset_module do
-      def for_user(a_user, action)
-        where(verb: action).where { Sequel.|({ role: a_user.roles }, { user_id: a_user.id }) }
+      def for_user(usr)
+        return where(id: -1) if usr.nil?
+
+        # TODO: Injection of user fields into regex
+        # permission.pattern.gsub(/\{user.(.*)\}/) { |_match| user.send(Regexp.last_match[1].to_sym) }
+        where { Sequel.|({ role: usr.roles }, { user_id: usr.id }) }
+      end
+
+      def for_request(request)
+        where(verb: request.request_method).all.select { |perm| perm.pattern_regex.match request.path }
       end
     end
 
     def validate
+      super
       validates_presence %i[verb pattern]
       validates_presence :role_id unless user_id
       validates_presence :user_id unless role_id
       validates_includes self.class.verbs, :verb
     end
 
+    def pattern_regex
+      regex pattern
+    end
+
+    def index_regex
+      regex index
+    end
+
+    private
+
+    def regex(str)
+      str ||= ''
+      return Regexp.new(str) if str.blank? || (str[0] == '|' && str[-1] == '|')
+
+      str = str.gsub(/([^.])\*/, '\1.*')
+      str = '.*' if str == '*' # My regex foo is not strong enough to combine the previous line and this one
+      Regexp.new '^' + str
+    end
+
     class << self
       def verbs
-        %w[GET POST PUT DELETE HEAD OPTIONS TRACE INDEX]
+        %w[GET POST PUT DELETE HEAD OPTIONS TRACE]
       end
 
       def from_audit_log(audit_log)
         return {} if audit_log.details.nil?
+
         match = audit_log.details.match(/^(\w)+ (\S+)/)
         return {} if match.nil?
+
         {
           verb: match[1],
           path: match[2]
@@ -53,3 +84,16 @@ module Ditty
     one_to_many :permissions, class: ::ProxES::Permission
   end
 end
+
+# Table: permissions
+# Columns:
+#  id         | integer      | PRIMARY KEY AUTOINCREMENT
+#  verb       | varchar(255) |
+#  pattern    | varchar(255) |
+#  created_at | timestamp    |
+#  role_id    | integer      |
+#  user_id    | integer      |
+#  index      | varchar(255) | NOT NULL DEFAULT '*'
+# Foreign key constraints:
+#  (role_id) REFERENCES roles
+#  (user_id) REFERENCES users

data/lib/proxes/models/status_check.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require 'proxes/services/es'
+
+module ProxES
+  class StatusCheck < Sequel::Model
+    plugin :single_table_inheritance, :type
+
+    extend ProxES::Services::ES
+
+    SOURCE_CALLS = {
+      health: %i[cluster health],
+      node_stats: %i[nodes stats]
+    }.freeze
+
+    def validate
+      super
+      validates_presence %i[name source]
+    end
+
+    def check
+      raise 'Unimplemented'
+    end
+
+    def value
+      raise 'Unimplemented'
+    end
+
+    def passed?
+      return @result if defined? @result
+
+      check
+    end
+
+    def source_result
+      self.class.source_result(source)
+    end
+
+    def children; end
+
+    def formatted(val = nil)
+      val || value
+    end
+
+    def policy_class
+      StatusCheckPolicy
+    end
+
+    class << self
+      def source_result(source)
+        @source_result ||= Hash.new do |h, k|
+          h[k] = client
+          SOURCE_CALLS[source.to_sym].each do |call|
+            h[k] = h[k].send(call)
+          end
+          h[k]
+        end
+      end
+    end
+  end
+
+  Dir.glob(File.expand_path('./status_checks', __dir__) + '/*.rb').each { |f| require f }
+end
+
+# Table: status_checks
+# Columns:
+#  id             | integer      | PRIMARY KEY AUTOINCREMENT
+#  type           | varchar(255) |
+#  name           | varchar(255) |
+#  source         | varchar(255) |
+#  required_value | varchar(255) |
+#  order          | integer      | DEFAULT 1
+#  created_at     | timestamp    | DEFAULT datetime(CURRENT_TIMESTAMP, 'localtime')
+#  updated_at     | timestamp    | DEFAULT datetime(CURRENT_TIMESTAMP, 'localtime')
+# Indexes:
+#  sqlite_autoindex_status_checks_1 | UNIQUE (name)

data/lib/proxes/models/status_checks/cluster_health_status_check.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module ProxES
+  class ClusterHealthStatusCheck < StatusCheck
+    def value
+      source_result['status']['status']
+    end
+
+    def check
+      return true if required_value.blank?
+
+      value == required_value
+    end
+
+    def formatted(val = nil)
+      (val || value).titlecase
+    end
+  end
+end

data/lib/proxes/models/status_checks/cpu_status_check.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module ProxES
+  class CPUStatusCheck < StatusCheck
+    def value
+      children.values.inject(0.0) { |sum, el| sum + el } / children.count
+    end
+
+    def children
+      @children ||= source_result['nodes']['nodes'].values.map do |node|
+        value = node['os']['cpu_percent'] || node['os']['cpu']['percent']
+        [
+          node['name'],
+          value.to_f
+        ]
+      end.to_h
+    end
+
+    def check
+      return true if required_value.blank?
+
+      value < required_value.to_f
+    end
+
+    def formatted(val = nil)
+      format('%.4f%% Average Usage', val || value)
+    end
+  end
+end

data/lib/proxes/models/status_checks/file_system_status_check.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module ProxES
+  class FileSystemStatusCheck < StatusCheck
+    def value
+      children.values.min
+    end
+
+    def children
+      @children ||= source_result['nodes']['nodes'].values.map do |node|
+        next if node['attributes'] && node['attributes']['data'] == 'false'
+        next if node['roles'] && node['roles'].include?('data') == false
+
+        stats = node['fs']['total']
+        [
+          node['name'],
+          stats['available_in_bytes'] / stats['total_in_bytes'].to_f * 100
+        ]
+      end.compact.to_h
+    end
+
+    def check
+      return true if required_value.blank?
+
+      value > required_value.to_f
+    end
+
+    def formatted(val = nil)
+      format('%.4f%% Minimum Free', val || value)
+    end
+  end
+end

data/lib/proxes/models/status_checks/jvm_heap_status_check.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ProxES
+  class JVMHeapStatusCheck < StatusCheck
+    def value
+      children.values.inject(0.0) { |sum, el| sum + el } / children.count
+    end
+
+    def children
+      @children ||= source_result['nodes']['nodes'].values.map do |node|
+        [
+          node['name'],
+          node['jvm']['mem']['heap_used_percent'].to_f
+        ]
+      end.to_h
+    end
+
+    def check
+      return true if required_value.blank?
+
+      value < required_value.to_f
+    end
+
+    def formatted(val = nil)
+      format('%.4f%% Average Usage', val || value)
+    end
+  end
+end

data/lib/proxes/models/status_checks/memory_status_check.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module ProxES
+  class MemoryStatusCheck < StatusCheck
+    def value
+      # Currently checks the average. Can change it to check per node too
+      children.values.inject(0.0) { |sum, el| sum + el } / children.count
+    end
+
+    def children
+      @children ||= source_result['nodes']['nodes'].values.map do |node|
+        [
+          node['name'],
+          node['os']['mem']['used_percent'].to_f
+        ]
+      end.to_h
+    end
+
+    def check
+      return true if required_value.blank?
+
+      value < required_value.to_f
+    end
+
+    def formatted(val = nil)
+      format('%.4f%% Average Usage', val || value)
+    end
+  end
+end

data/lib/proxes/models/status_checks/nodes_status_check.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module ProxES
+  class NodesStatusCheck < StatusCheck
+    def node_type
+      raise 'Unimplemented'
+    end
+
+    def value
+      children.count
+    end
+
+    def check_node(node)
+      node['roles']&.include?(node_type) ||
+        node['attributes'] && node.dig('attributes', node_type) != 'false' ||
+        node.dig('settings', 'node') && node.dig('settings', 'node', node_type) != 'false'
+    end
+
+    def children
+      @children ||= source_result['nodes']['nodes'].map do |_id, node|
+        [node['name'], 1] if check_node(node)
+      end.compact.to_h
+    end
+
+    def check
+      return true if required_value.blank?
+
+      required_value.to_i == value
+    end
+
+    def formatted(val = nil)
+      (val || value).to_i == 1 ? '1 Node' : "#{val || value} Nodes"
+    end
+  end
+
+  class MasterNodesStatusCheck < NodesStatusCheck
+    def node_type
+      'master'
+    end
+  end
+
+  class DataNodesStatusCheck < NodesStatusCheck
+    def node_type
+      'data'
+    end
+  end
+
+  class IngestNodesStatusCheck < NodesStatusCheck
+    def node_type
+      'ingest'
+    end
+  end
+end

data/lib/proxes/policies/permission_policy.rb

@@ -5,7 +5,7 @@ require 'ditty/policies/application_policy'
 module ProxES
   class PermissionPolicy < Ditty::ApplicationPolicy
     def create?
-      user && user.super_admin?
+      user&.super_admin?
     end
 
     def list?
@@ -25,12 +25,12 @@ module ProxES
     end
 
     def permitted_attributes
-      %i[verb pattern role_id user_id]
+      %i[verb pattern index role_id user_id]
     end
 
     class Scope < Ditty::ApplicationPolicy::Scope
       def resolve
-        user && user.super_admin? ? scope : scope.where(id: -1)
+        user&.super_admin? ? scope : scope.where(id: -1)
       end
     end
   end

data/lib/proxes/policies/request/bulk_policy.rb

@@ -1,22 +1,10 @@
 # frozen_string_literal: true
 
-require 'active_support'
-require 'active_support/core_ext/object/blank'
 require 'proxes/policies/request_policy'
 
 module ProxES
   class Request
     class BulkPolicy < RequestPolicy
-      def post?
-        return false if user.nil? ||
-                        (request.index && !index_allowed?) ||
-                        (request.bulk_indices == '' || patterns.blank?)
-
-        patterns.find do |pattern|
-          request.bulk_indices.find { |idx| idx !~ /#{pattern}/ }
-        end.nil?
-      end
-
       class Scope < RequestPolicy::Scope
       end
     end

data/lib/proxes/policies/request/create_policy.rb

@@ -6,9 +6,6 @@ module ProxES
   class Request
     class CreatePolicy < RequestPolicy
       class Scope < RequestPolicy::Scope
-        def resolve
-          super.count > 0 ? request.index : []
-        end
       end
     end
   end