howler-api 4.0.0.dev1019__tar.gz → 4.0.0.dev1020__tar.gz

{howler_api-4.0.0.dev1019 → howler_api-4.0.0.dev1020}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: howler-api
-Version: 4.0.0.dev1019
+Version: 4.0.0.dev1020
 Summary: Howler - API server
 License: MIT
 Keywords: howler,alerting,gc,canada,cse-cst,cse,cst,cyber,cccs

{howler_api-4.0.0.dev1019 → howler_api-4.0.0.dev1020}/howler/api/v1/action.py

@@ -4,6 +4,7 @@ from flask import Response, request
 
 import howler.actions as actions
 from howler.api import bad_request, created, forbidden, internal_error, make_subapi_blueprint, no_content, not_found, ok
+from howler.api.v1.utils.params import parse_parameters, parse_refresh
 from howler.common.exceptions import HowlerException
 from howler.common.loader import datastore
 from howler.common.logging.audit import audit
@@ -48,14 +49,16 @@ def get_actions(**_) -> Response:
 @generate_swagger_docs()
 @action_api.route("/", methods=["POST"])
 @api_login(audit=False, check_xsrf_token=False, required_type=["admin", "automation_basic", "automation_advanced"])
-def add_action(user: User, **_) -> Response:
+@parse_parameters(refresh=parse_refresh)
+def add_action(user: User, **kwargs) -> Response:
     """Create a new action
 
     Variables:
     None
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Data Block:
     {
@@ -79,6 +82,8 @@ def add_action(user: User, **_) -> Response:
     if new_action is None:
         return bad_request(err="You must specify an action")
 
+    refresh = kwargs.get("refresh")
+
     if error := action_service.validate_action(new_action):
         return error
 
@@ -88,8 +93,7 @@ def add_action(user: User, **_) -> Response:
         action_obj = Action(new_action)
 
         ds = datastore()
-        ds.action.save(action_obj.action_id, action_obj)
-        ds.action.commit()
+        ds.action.save(action_obj.action_id, action_obj, refresh=refresh)
     except HowlerException as e:
         return bad_request(err=str(e))
 
@@ -103,14 +107,16 @@ def add_action(user: User, **_) -> Response:
     check_xsrf_token=False,
     required_type=["admin", "automation_basic", "automation_advanced"],
 )
-def update_action(id: str, user: User, **_) -> Response:
+@parse_parameters(refresh=parse_refresh)
+def update_action(id: str, user: User, **kwargs) -> Response:
     """Update an existing action
 
     Variables:
     id  => id of the aciton to update
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Data Block:
     {
@@ -133,6 +139,8 @@ def update_action(id: str, user: User, **_) -> Response:
     if not isinstance(updated_action, dict):
         return bad_request(err="Incorrect data structure!")
 
+    refresh = kwargs.get("refresh")
+
     ds = datastore()
 
     existing_action = ds.action.get(id, as_obj=False)
@@ -158,8 +166,7 @@ def update_action(id: str, user: User, **_) -> Response:
         action_obj = Action(updated_action)
         action_obj.action_id = id
 
-        ds.action.save(action_obj.action_id, action_obj)
-        ds.action.commit()
+        ds.action.save(action_obj.action_id, action_obj, refresh=refresh)
     except HowlerException as e:
         return bad_request(err=str(e))
 
@@ -169,6 +176,7 @@ def update_action(id: str, user: User, **_) -> Response:
 @generate_swagger_docs()
 @action_api.route("/<id>", methods=["DELETE"])
 @api_login(audit=True, check_xsrf_token=False, required_type=["admin", "automation_basic", "automation_advanced"])
+@parse_parameters(refresh=parse_refresh)
 def delete_action(id: str, user: User, **kwargs) -> Response:
     """Delete an existing action
 
@@ -176,11 +184,14 @@ def delete_action(id: str, user: User, **kwargs) -> Response:
     id  => The id of the action to delete
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Result Example:
     None
     """
+    refresh = kwargs.get("refresh")
+
     ds = datastore()
 
     result = ds.action.search(f"action_id:{id}", rows=1)
@@ -194,8 +205,7 @@ def delete_action(id: str, user: User, **kwargs) -> Response:
         return forbidden(err="You do not have the permissions necessary to delete this action.")
 
     try:
-        ds.action.delete(id)
-        ds.action.commit()
+        ds.action.delete(id, refresh=refresh)
 
         return no_content()
     except HowlerException as e:

{howler_api-4.0.0.dev1019 → howler_api-4.0.0.dev1020}/howler/api/v1/analytic.py

@@ -11,6 +11,7 @@ from howler.api import (
     not_found,
     ok,
 )
+from howler.api.v1.utils.params import parse_parameters, parse_refresh
 from howler.common.exceptions import HowlerException
 from howler.common.loader import datastore
 from howler.common.logging import get_logger
@@ -83,6 +84,7 @@ def get_analytic(id, **kwargs):
 @generate_swagger_docs()
 @analytic_api.route("/<id>", methods=["PUT"])
 @api_login(required_priv=["R", "W"])
+@parse_parameters(refresh=parse_refresh)
 def update_analytic(id: str, user: User, **kwargs):
     """Update an analytic
 
@@ -90,7 +92,8 @@ def update_analytic(id: str, user: User, **kwargs):
     id => The id of the analytic to modify
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Data Block:
     {
@@ -102,6 +105,8 @@ def update_analytic(id: str, user: User, **kwargs):
         ...analytic     # The updated analytic data
     }
     """
+    refresh = kwargs.get("refresh")
+
     storage = datastore()
 
     if not storage.analytic.exists(id):
@@ -135,7 +140,7 @@ def update_analytic(id: str, user: User, **kwargs):
             existing_analytic.rule = new_data.get("rule", existing_analytic.rule)
             existing_analytic.rule_crontab = new_data.get("rule_crontab", existing_analytic.rule_crontab)
 
-        storage.analytic.save(existing_analytic.analytic_id, existing_analytic)
+        storage.analytic.save(existing_analytic.analytic_id, existing_analytic, refresh=refresh)
 
         if updated_rule:
             # The registration process automatically deletes and resets the rule cronjob
@@ -149,6 +154,7 @@ def update_analytic(id: str, user: User, **kwargs):
 @generate_swagger_docs()
 @analytic_api.route("/rules", methods=["POST"])
 @api_login(required_priv=["R", "W"])
+@parse_parameters(refresh=parse_refresh)
 def create_rule(user: User, **kwargs):
     """Create a rule analytic
 
@@ -156,7 +162,8 @@ def create_rule(user: User, **kwargs):
     None
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Data Block:
     {
@@ -169,6 +176,8 @@ def create_rule(user: User, **kwargs):
         ...analytic     # The created analytic rule
     }
     """
+    refresh = kwargs.get("refresh")
+
     storage = datastore()
 
     new_data: Optional[dict[str, Any]] = request.json
@@ -215,12 +224,12 @@ def create_rule(user: User, **kwargs):
     )
 
     try:
-        storage.analytic.save(new_analytic.analytic_id, new_analytic)
-        # Have to commit so the analytic is available during registration
-        storage.analytic.commit()
+        storage.analytic.save(new_analytic.analytic_id, new_analytic, refresh=refresh)
+
+        # note that passing a rule will only register that rule without querying for all existing rules
         register_rules(new_analytic)
 
-        storage.template.save(new_template.template_id, new_template)
+        storage.template.save(new_template.template_id, new_template, refresh=refresh)
 
         return ok(new_analytic)
     except HowlerException as e:
@@ -230,6 +239,7 @@ def create_rule(user: User, **kwargs):
 @generate_swagger_docs()
 @analytic_api.route("/<id>", methods=["DELETE"])
 @api_login(audit=False, required_priv=["W"])
+@parse_parameters(refresh=parse_refresh)
 def delete_rule(id: str, user: User, **kwargs):
     """Delete a rule
 
@@ -237,7 +247,8 @@ def delete_rule(id: str, user: User, **kwargs):
     id  => id of the analytic whose comments we are deleting
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Data Block:
     [
@@ -248,6 +259,8 @@ def delete_rule(id: str, user: User, **kwargs):
     {
     }
     """
+    refresh = kwargs.get("refresh")
+
     if not analytic_service.does_analytic_exist(id):
         return not_found(err=f"Analytic {id} does not exist")
 
@@ -260,7 +273,7 @@ def delete_rule(id: str, user: User, **kwargs):
         return forbidden(err="You cannot delete this analytic.")
 
     try:
-        datastore().analytic.delete(analytic.analytic_id)
+        datastore().analytic.delete(analytic.analytic_id, refresh=refresh)
     except DataStoreException as e:
         return bad_request(err=str(e))
 
@@ -517,6 +530,7 @@ def delete_comments(id: str, user: User, **kwargs):
 @generate_swagger_docs()
 @analytic_api.route("/<id>/owner", methods=["POST"])
 @api_login(required_priv=["W"])
+@parse_parameters(refresh=parse_refresh)
 def set_analytic_owner(id: str, user: dict[str, Any], **kwargs):
     """Set the analytic's owner
 
@@ -526,6 +540,10 @@ def set_analytic_owner(id: str, user: dict[str, Any], **kwargs):
     Arguments:
     None
 
+    Optional Arguments:
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
+
     Data Block:
     {
         "username": "admin"     # The username to set the owner as
@@ -536,6 +554,8 @@ def set_analytic_owner(id: str, user: dict[str, Any], **kwargs):
         ...analytic            # The claimed analytic
     }
     """
+    refresh = kwargs.get("refresh")
+
     if not analytic_service.does_analytic_exist(id):
         return not_found(err=f"Analytic {id} does not exist")
 
@@ -548,8 +568,7 @@ def set_analytic_owner(id: str, user: dict[str, Any], **kwargs):
     analytic.owner = data["username"]
 
     ds = datastore()
-    ds.analytic.save(analytic.analytic_id, analytic)
-    ds.analytic.commit()
+    ds.analytic.save(analytic.analytic_id, analytic, refresh=refresh)
 
     return ok(analytic)
 

{howler_api-4.0.0.dev1019 → howler_api-4.0.0.dev1020}/howler/api/v1/dossier.py

@@ -1,7 +1,13 @@
 from flask import request
 
 from howler.api import bad_request, created, forbidden, internal_error, make_subapi_blueprint, no_content, not_found, ok
-from howler.common.exceptions import ForbiddenException, HowlerException, InvalidDataException, NotFoundException
+from howler.api.v1.utils.params import parse_parameters, parse_refresh
+from howler.common.exceptions import (
+    ForbiddenException,
+    HowlerException,
+    InvalidDataException,
+    NotFoundException,
+)
 from howler.common.loader import datastore
 from howler.common.logging import get_logger
 from howler.common.swagger import generate_swagger_docs
@@ -49,6 +55,7 @@ def get_dossiers(user: User, **kwargs):
 @generate_swagger_docs()
 @dossier_api.route("/", methods=["POST"])
 @api_login(required_priv=["R", "W"])
+@parse_parameters(refresh=parse_refresh)
 def create_dossier(**kwargs):
     """Create a new dossier
 
@@ -56,7 +63,8 @@ def create_dossier(**kwargs):
     None
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Data Block:
     {
@@ -72,8 +80,10 @@ def create_dossier(**kwargs):
     """
     dossier_data = request.json
 
+    refresh = kwargs.get("refresh")
+
     try:
-        return created(dossier_service.create_dossier(dossier_data, username=kwargs["user"]["uname"]))
+        return created(dossier_service.create_dossier(dossier_data, username=kwargs["user"]["uname"], refresh=refresh))
     except InvalidDataException as e:
         return bad_request(err=str(e))
     except HowlerException:
@@ -147,6 +157,7 @@ def get_dossier_for_hit(id: str, user: User, **kwargs):
 @generate_swagger_docs()
 @dossier_api.route("/<id>", methods=["DELETE"])
 @api_login(required_priv=["W"])
+@parse_parameters(refresh=parse_refresh)
 def delete_dossier(id: str, user: User, **kwargs):
     """Delete a dossier
 
@@ -154,7 +165,8 @@ def delete_dossier(id: str, user: User, **kwargs):
     id => The id of the dossier to delete
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Data Block:
     None
@@ -164,6 +176,8 @@ def delete_dossier(id: str, user: User, **kwargs):
         "success": true     # Did the deletion succeed?
     }
     """
+    refresh = kwargs.get("refresh")
+
     storage = datastore()
 
     existing_dossier: Dossier = storage.dossier.get_if_exists(id)
@@ -173,9 +187,7 @@ def delete_dossier(id: str, user: User, **kwargs):
     if existing_dossier.owner != user.uname and "admin" not in user.type:
         return forbidden(err="You cannot delete a dossier unless you are an administrator, or the owner.")
 
-    success = storage.dossier.delete(id)
-
-    storage.dossier.commit()
+    success = storage.dossier.delete(id, refresh=refresh)
 
     return no_content({"success": success})
 
@@ -183,6 +195,7 @@ def delete_dossier(id: str, user: User, **kwargs):
 @generate_swagger_docs()
 @dossier_api.route("/<id>", methods=["PUT"])
 @api_login(required_priv=["R", "W"])
+@parse_parameters(refresh=parse_refresh)
 def update_dossier(id: str, user: User, **kwargs):
     """Update a dossier
 
@@ -190,7 +203,8 @@ def update_dossier(id: str, user: User, **kwargs):
     id => The id of the dossier to modify
 
     Optional Arguments:
-    None
+    refresh =>  ('true' | 'false' | 'wait_for') Whether to refresh the datastore before returning.
+        'wait_for' will wait for the change to be visible in search.
 
     Data Block:
     {
@@ -207,8 +221,10 @@ def update_dossier(id: str, user: User, **kwargs):
     if not isinstance(new_data, dict):
         return bad_request(err="Invalid data format")
 
+    refresh = kwargs.get("refresh")
+
     try:
-        updated_dossier = dossier_service.update_dossier(id, new_data, user)
+        updated_dossier = dossier_service.update_dossier(id, new_data, user, refresh=refresh)
 
         return ok(updated_dossier)
     except ForbiddenException as e: