cribl-control-plane 0.0.13__py3-none-any.whl

cribl_control_plane/models/inputwef.py

@@ -0,0 +1,498 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane import utils
+from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
+from enum import Enum
+import pydantic
+from pydantic.functional_validators import PlainValidator
+from typing import Any, List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class InputWefType(str, Enum, metaclass=utils.OpenEnumMeta):
+    WEF = "wef"
+
+
+class InputWefConnectionTypedDict(TypedDict):
+    output: str
+    pipeline: NotRequired[str]
+
+
+class InputWefConnection(BaseModel):
+    output: str
+
+    pipeline: Optional[str] = None
+
+
+class InputWefMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    SMART = "smart"
+    ALWAYS = "always"
+
+
+class InputWefCompression(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Codec to use to compress the persisted data"""
+
+    NONE = "none"
+    GZIP = "gzip"
+
+
+class InputWefPqTypedDict(TypedDict):
+    mode: NotRequired[InputWefMode]
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+    max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    commit_frequency: NotRequired[float]
+    r"""The number of events to send downstream before committing that Stream has read them"""
+    max_file_size: NotRequired[str]
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+    max_size: NotRequired[str]
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+    path: NotRequired[str]
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+    compress: NotRequired[InputWefCompression]
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputWefPq(BaseModel):
+    mode: Annotated[
+        Optional[InputWefMode], PlainValidator(validate_open_enum(False))
+    ] = InputWefMode.ALWAYS
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="maxBufferSize")
+    ] = 1000
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    commit_frequency: Annotated[
+        Optional[float], pydantic.Field(alias="commitFrequency")
+    ] = 42
+    r"""The number of events to send downstream before committing that Stream has read them"""
+
+    max_file_size: Annotated[Optional[str], pydantic.Field(alias="maxFileSize")] = (
+        "1 MB"
+    )
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+
+    max_size: Annotated[Optional[str], pydantic.Field(alias="maxSize")] = "5GB"
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+
+    path: Optional[str] = "$CRIBL_HOME/state/queues"
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+
+    compress: Annotated[
+        Optional[InputWefCompression], PlainValidator(validate_open_enum(False))
+    ] = InputWefCompression.NONE
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputWefAuthenticationMethod(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""How to authenticate incoming client connections"""
+
+    CLIENT_CERT = "clientCert"
+    KERBEROS = "kerberos"
+
+
+class InputWefMinimumTLSVersion(str, Enum, metaclass=utils.OpenEnumMeta):
+    TL_SV1 = "TLSv1"
+    TL_SV1_1 = "TLSv1.1"
+    TL_SV1_2 = "TLSv1.2"
+    TL_SV1_3 = "TLSv1.3"
+
+
+class InputWefMaximumTLSVersion(str, Enum, metaclass=utils.OpenEnumMeta):
+    TL_SV1 = "TLSv1"
+    TL_SV1_1 = "TLSv1.1"
+    TL_SV1_2 = "TLSv1.2"
+    TL_SV1_3 = "TLSv1.3"
+
+
+class MTLSSettingsTypedDict(TypedDict):
+    priv_key_path: str
+    r"""Path on server containing the private key to use. PEM format. Can reference $ENV_VARS."""
+    cert_path: str
+    r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
+    ca_path: str
+    r"""Server path containing CA certificates (in PEM format) to use. Can reference $ENV_VARS. If multiple certificates are present in a .pem, each must directly certify the one preceding it."""
+    disabled: NotRequired[bool]
+    r"""Enable TLS"""
+    reject_unauthorized: NotRequired[bool]
+    r"""Required for WEF certificate authentication"""
+    request_cert: NotRequired[bool]
+    r"""Required for WEF certificate authentication"""
+    certificate_name: NotRequired[str]
+    r"""Name of the predefined certificate"""
+    passphrase: NotRequired[str]
+    r"""Passphrase to use to decrypt private key"""
+    common_name_regex: NotRequired[str]
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
+    min_version: NotRequired[InputWefMinimumTLSVersion]
+    max_version: NotRequired[InputWefMaximumTLSVersion]
+    ocsp_check: NotRequired[bool]
+    r"""Enable OCSP check of certificate"""
+    keytab: NotRequired[Any]
+    principal: NotRequired[Any]
+    ocsp_check_fail_close: NotRequired[bool]
+    r"""If enabled, checks will fail on any OCSP error. Otherwise, checks will fail only when a certificate is revoked, ignoring other errors."""
+
+
+class MTLSSettings(BaseModel):
+    priv_key_path: Annotated[str, pydantic.Field(alias="privKeyPath")]
+    r"""Path on server containing the private key to use. PEM format. Can reference $ENV_VARS."""
+
+    cert_path: Annotated[str, pydantic.Field(alias="certPath")]
+    r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
+
+    ca_path: Annotated[str, pydantic.Field(alias="caPath")]
+    r"""Server path containing CA certificates (in PEM format) to use. Can reference $ENV_VARS. If multiple certificates are present in a .pem, each must directly certify the one preceding it."""
+
+    disabled: Optional[bool] = False
+    r"""Enable TLS"""
+
+    reject_unauthorized: Annotated[
+        Optional[bool], pydantic.Field(alias="rejectUnauthorized")
+    ] = True
+    r"""Required for WEF certificate authentication"""
+
+    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = True
+    r"""Required for WEF certificate authentication"""
+
+    certificate_name: Annotated[
+        Optional[str], pydantic.Field(alias="certificateName")
+    ] = None
+    r"""Name of the predefined certificate"""
+
+    passphrase: Optional[str] = None
+    r"""Passphrase to use to decrypt private key"""
+
+    common_name_regex: Annotated[
+        Optional[str], pydantic.Field(alias="commonNameRegex")
+    ] = "/.*/"
+    r"""Regex matching allowable common names in peer certificates' subject attribute"""
+
+    min_version: Annotated[
+        Annotated[
+            Optional[InputWefMinimumTLSVersion],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="minVersion"),
+    ] = None
+
+    max_version: Annotated[
+        Annotated[
+            Optional[InputWefMaximumTLSVersion],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="maxVersion"),
+    ] = None
+
+    ocsp_check: Annotated[Optional[bool], pydantic.Field(alias="ocspCheck")] = False
+    r"""Enable OCSP check of certificate"""
+
+    keytab: Optional[Any] = None
+
+    principal: Optional[Any] = None
+
+    ocsp_check_fail_close: Annotated[
+        Optional[bool], pydantic.Field(alias="ocspCheckFailClose")
+    ] = False
+    r"""If enabled, checks will fail on any OCSP error. Otherwise, checks will fail only when a certificate is revoked, ignoring other errors."""
+
+
+class InputWefFormat(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Content format in which the endpoint should deliver events"""
+
+    RAW = "Raw"
+    RENDERED_TEXT = "RenderedText"
+
+
+class QueryBuilderMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    SIMPLE = "simple"
+    XML = "xml"
+
+
+class SubscriptionMetadatumTypedDict(TypedDict):
+    name: str
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class SubscriptionMetadatum(BaseModel):
+    name: str
+
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class SubscriptionTypedDict(TypedDict):
+    subscription_name: str
+    targets: List[str]
+    r"""The DNS names of the endpoints that should forward these events. You may use wildcards, such as *.mydomain.com"""
+    version: NotRequired[str]
+    r"""Version UUID for this subscription. If any subscription parameters are modified, this value will change."""
+    content_format: NotRequired[InputWefFormat]
+    r"""Content format in which the endpoint should deliver events"""
+    heartbeat_interval: NotRequired[float]
+    r"""Maximum time (in seconds) between endpoint checkins before considering it unavailable"""
+    batch_timeout: NotRequired[float]
+    r"""Interval (in seconds) over which the endpoint should collect events before sending them to Stream"""
+    read_existing_events: NotRequired[bool]
+    r"""Newly subscribed endpoints will send previously existing events. Disable to receive new events only."""
+    send_bookmarks: NotRequired[bool]
+    r"""Keep track of which events have been received, resuming from that point after a re-subscription. This setting takes precedence over 'Read existing events'. See [Cribl Docs](https://docs.cribl.io/stream/sources-wef/#subscriptions) for more details."""
+    compress: NotRequired[bool]
+    r"""Receive compressed events from the source"""
+    locale: NotRequired[str]
+    r"""The RFC-3066 locale the Windows clients should use when sending events. Defaults to \"en-US\"."""
+    query_selector: NotRequired[QueryBuilderMode]
+    metadata: NotRequired[List[SubscriptionMetadatumTypedDict]]
+    r"""Fields to add to events ingested under this subscription"""
+
+
+class Subscription(BaseModel):
+    subscription_name: Annotated[str, pydantic.Field(alias="subscriptionName")]
+
+    targets: List[str]
+    r"""The DNS names of the endpoints that should forward these events. You may use wildcards, such as *.mydomain.com"""
+
+    version: Optional[str] = None
+    r"""Version UUID for this subscription. If any subscription parameters are modified, this value will change."""
+
+    content_format: Annotated[
+        Annotated[Optional[InputWefFormat], PlainValidator(validate_open_enum(False))],
+        pydantic.Field(alias="contentFormat"),
+    ] = InputWefFormat.RAW
+    r"""Content format in which the endpoint should deliver events"""
+
+    heartbeat_interval: Annotated[
+        Optional[float], pydantic.Field(alias="heartbeatInterval")
+    ] = 60
+    r"""Maximum time (in seconds) between endpoint checkins before considering it unavailable"""
+
+    batch_timeout: Annotated[Optional[float], pydantic.Field(alias="batchTimeout")] = 60
+    r"""Interval (in seconds) over which the endpoint should collect events before sending them to Stream"""
+
+    read_existing_events: Annotated[
+        Optional[bool], pydantic.Field(alias="readExistingEvents")
+    ] = False
+    r"""Newly subscribed endpoints will send previously existing events. Disable to receive new events only."""
+
+    send_bookmarks: Annotated[Optional[bool], pydantic.Field(alias="sendBookmarks")] = (
+        True
+    )
+    r"""Keep track of which events have been received, resuming from that point after a re-subscription. This setting takes precedence over 'Read existing events'. See [Cribl Docs](https://docs.cribl.io/stream/sources-wef/#subscriptions) for more details."""
+
+    compress: Optional[bool] = True
+    r"""Receive compressed events from the source"""
+
+    locale: Optional[str] = "en-US"
+    r"""The RFC-3066 locale the Windows clients should use when sending events. Defaults to \"en-US\"."""
+
+    query_selector: Annotated[
+        Annotated[
+            Optional[QueryBuilderMode], PlainValidator(validate_open_enum(False))
+        ],
+        pydantic.Field(alias="querySelector"),
+    ] = QueryBuilderMode.SIMPLE
+
+    metadata: Optional[List[SubscriptionMetadatum]] = None
+    r"""Fields to add to events ingested under this subscription"""
+
+
+class InputWefMetadatumTypedDict(TypedDict):
+    name: str
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputWefMetadatum(BaseModel):
+    name: str
+
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputWefTypedDict(TypedDict):
+    type: InputWefType
+    subscriptions: List[SubscriptionTypedDict]
+    r"""Subscriptions to events on forwarding endpoints"""
+    id: NotRequired[str]
+    r"""Unique ID for this input"""
+    disabled: NotRequired[bool]
+    pipeline: NotRequired[str]
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+    send_to_routes: NotRequired[bool]
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+    environment: NotRequired[str]
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+    pq_enabled: NotRequired[bool]
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+    streamtags: NotRequired[List[str]]
+    r"""Tags for filtering and grouping in @{product}"""
+    connections: NotRequired[List[InputWefConnectionTypedDict]]
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+    pq: NotRequired[InputWefPqTypedDict]
+    host: NotRequired[str]
+    r"""Address to bind on. Defaults to 0.0.0.0 (all addresses)."""
+    port: NotRequired[float]
+    r"""Port to listen on"""
+    auth_method: NotRequired[InputWefAuthenticationMethod]
+    r"""How to authenticate incoming client connections"""
+    tls: NotRequired[MTLSSettingsTypedDict]
+    max_active_req: NotRequired[float]
+    r"""Maximum number of active requests allowed per Worker Process. Set to 0 for unlimited. Caution: Increasing the limit above the default value, or setting it to unlimited, may degrade performance and reduce throughput."""
+    max_requests_per_socket: NotRequired[int]
+    r"""Maximum number of requests per socket before @{product} instructs the client to close the connection. Default is 0 (unlimited)."""
+    enable_proxy_header: NotRequired[bool]
+    r"""Preserve the client’s original IP address in the __srcIpPort field when connecting through an HTTP proxy that supports the X-Forwarded-For header. This does not apply to TCP-layer Proxy Protocol v1/v2."""
+    capture_headers: NotRequired[bool]
+    r"""Add request headers to events in the __headers field"""
+    keep_alive_timeout: NotRequired[float]
+    r"""After the last response is sent, @{product} will wait this long for additional data before closing the socket connection. Minimum 1 second, maximum 600 seconds (10 minutes)."""
+    enable_health_check: NotRequired[bool]
+    r"""Expose the /cribl_health endpoint, which returns 200 OK when this Source is healthy"""
+    ip_allowlist_regex: NotRequired[str]
+    r"""Messages from matched IP addresses will be processed, unless also matched by the denylist"""
+    ip_denylist_regex: NotRequired[str]
+    r"""Messages from matched IP addresses will be ignored. This takes precedence over the allowlist."""
+    socket_timeout: NotRequired[float]
+    r"""How long @{product} should wait before assuming that an inactive socket has timed out. To wait forever, set to 0."""
+    ca_fingerprint: NotRequired[str]
+    r"""SHA1 fingerprint expected by the client, if it does not match the first certificate in the configured CA chain"""
+    keytab: NotRequired[str]
+    r"""Path to the keytab file containing the service principal credentials. @{product} will use `/etc/krb5.keytab` if not provided."""
+    principal: NotRequired[str]
+    r"""Kerberos principal used for authentication, typically in the form HTTP/<hostname>@<REALM>"""
+    allow_machine_id_mismatch: NotRequired[bool]
+    r"""Allow events to be ingested even if their MachineID does not match the client certificate CN"""
+    metadata: NotRequired[List[InputWefMetadatumTypedDict]]
+    r"""Fields to add to events from this input"""
+    description: NotRequired[str]
+    log_fingerprint_mismatch: NotRequired[bool]
+    r"""Log a warning if the client certificate authority (CA) fingerprint does not match the expected value. A mismatch prevents Cribl from receiving events from the Windows Event Forwarder."""
+
+
+class InputWef(BaseModel):
+    type: Annotated[InputWefType, PlainValidator(validate_open_enum(False))]
+
+    subscriptions: List[Subscription]
+    r"""Subscriptions to events on forwarding endpoints"""
+
+    id: Optional[str] = None
+    r"""Unique ID for this input"""
+
+    disabled: Optional[bool] = False
+
+    pipeline: Optional[str] = None
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+
+    send_to_routes: Annotated[Optional[bool], pydantic.Field(alias="sendToRoutes")] = (
+        True
+    )
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+
+    environment: Optional[str] = None
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+
+    pq_enabled: Annotated[Optional[bool], pydantic.Field(alias="pqEnabled")] = False
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+
+    streamtags: Optional[List[str]] = None
+    r"""Tags for filtering and grouping in @{product}"""
+
+    connections: Optional[List[InputWefConnection]] = None
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+
+    pq: Optional[InputWefPq] = None
+
+    host: Optional[str] = "0.0.0.0"
+    r"""Address to bind on. Defaults to 0.0.0.0 (all addresses)."""
+
+    port: Optional[float] = 5986
+    r"""Port to listen on"""
+
+    auth_method: Annotated[
+        Annotated[
+            Optional[InputWefAuthenticationMethod],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="authMethod"),
+    ] = InputWefAuthenticationMethod.CLIENT_CERT
+    r"""How to authenticate incoming client connections"""
+
+    tls: Optional[MTLSSettings] = None
+
+    max_active_req: Annotated[Optional[float], pydantic.Field(alias="maxActiveReq")] = (
+        256
+    )
+    r"""Maximum number of active requests allowed per Worker Process. Set to 0 for unlimited. Caution: Increasing the limit above the default value, or setting it to unlimited, may degrade performance and reduce throughput."""
+
+    max_requests_per_socket: Annotated[
+        Optional[int], pydantic.Field(alias="maxRequestsPerSocket")
+    ] = 0
+    r"""Maximum number of requests per socket before @{product} instructs the client to close the connection. Default is 0 (unlimited)."""
+
+    enable_proxy_header: Annotated[
+        Optional[bool], pydantic.Field(alias="enableProxyHeader")
+    ] = False
+    r"""Preserve the client’s original IP address in the __srcIpPort field when connecting through an HTTP proxy that supports the X-Forwarded-For header. This does not apply to TCP-layer Proxy Protocol v1/v2."""
+
+    capture_headers: Annotated[
+        Optional[bool], pydantic.Field(alias="captureHeaders")
+    ] = False
+    r"""Add request headers to events in the __headers field"""
+
+    keep_alive_timeout: Annotated[
+        Optional[float], pydantic.Field(alias="keepAliveTimeout")
+    ] = 90
+    r"""After the last response is sent, @{product} will wait this long for additional data before closing the socket connection. Minimum 1 second, maximum 600 seconds (10 minutes)."""
+
+    enable_health_check: Annotated[
+        Optional[bool], pydantic.Field(alias="enableHealthCheck")
+    ] = False
+    r"""Expose the /cribl_health endpoint, which returns 200 OK when this Source is healthy"""
+
+    ip_allowlist_regex: Annotated[
+        Optional[str], pydantic.Field(alias="ipAllowlistRegex")
+    ] = "/.*/"
+    r"""Messages from matched IP addresses will be processed, unless also matched by the denylist"""
+
+    ip_denylist_regex: Annotated[
+        Optional[str], pydantic.Field(alias="ipDenylistRegex")
+    ] = "/^$/"
+    r"""Messages from matched IP addresses will be ignored. This takes precedence over the allowlist."""
+
+    socket_timeout: Annotated[
+        Optional[float], pydantic.Field(alias="socketTimeout")
+    ] = 0
+    r"""How long @{product} should wait before assuming that an inactive socket has timed out. To wait forever, set to 0."""
+
+    ca_fingerprint: Annotated[Optional[str], pydantic.Field(alias="caFingerprint")] = (
+        None
+    )
+    r"""SHA1 fingerprint expected by the client, if it does not match the first certificate in the configured CA chain"""
+
+    keytab: Optional[str] = None
+    r"""Path to the keytab file containing the service principal credentials. @{product} will use `/etc/krb5.keytab` if not provided."""
+
+    principal: Optional[str] = None
+    r"""Kerberos principal used for authentication, typically in the form HTTP/<hostname>@<REALM>"""
+
+    allow_machine_id_mismatch: Annotated[
+        Optional[bool], pydantic.Field(alias="allowMachineIdMismatch")
+    ] = False
+    r"""Allow events to be ingested even if their MachineID does not match the client certificate CN"""
+
+    metadata: Optional[List[InputWefMetadatum]] = None
+    r"""Fields to add to events from this input"""
+
+    description: Optional[str] = None
+
+    log_fingerprint_mismatch: Annotated[
+        Optional[bool], pydantic.Field(alias="logFingerprintMismatch")
+    ] = False
+    r"""Log a warning if the client certificate authority (CA) fingerprint does not match the expected value. A mismatch prevents Cribl from receiving events from the Windows Event Forwarder."""