def _buildFilter(self, uid, params, specificEventUuids=None): """ Construct a dictionary that can be converted into an EventFilter protobuf. @type params: dictionary @param params: (optional) Key-value pair of filters for this search. (default: None) @type uid: string @param uid: (optional) Context for the query (default: None) """ if params: log.debug('logging params for building filter: %s', params) if isinstance(params, basestring): params = loads(params) # params comes from the grid's filtering column - # some of these properties are normal properties on an event # while others are considered event details. Separate the # two here. params, details = self.zep.parseParameterDetails(params) filterEventUuids = [] # No specific event uuids passed in- # check for event ids from the grid parameters if specificEventUuids is None: log.debug('No specific event uuids were passed in.') # The evid's from params only ever mean anything for filtering - if # specific uuids are passed in, this filter will ignore the grid # parameters and just act on or filter using these specific event uuids. evid = params.get('evid') if evid: if not isinstance(evid, (list, tuple)): evid = [evid] filterEventUuids.extend(evid) # Specific event uuids were passed in, use those for this filter. else: log.debug('Specific event uuids passed in: %s', specificEventUuids) if not isinstance(specificEventUuids, (list, tuple)): filterEventUuids = [specificEventUuids] else: filterEventUuids = specificEventUuids log.debug('FilterEventUuids is: %s', filterEventUuids) # 'tags' comes from managed object guids. # see Zuul/security/security.py param_tags = params.get('tags') if params.get('excludeNonActionables') and not Zuul.checkPermission(ZEN_MANAGE_EVENTS, self.context): if not param_tags: us = self.context.dmd.ZenUsers.getUserSettings() param_tags = [IGlobalIdentifier(ar.managedObject()).getGUID() for ar in us.getAllAdminRoles()] if param_tags: param_tags = [tag for tag in param_tags if Zuul.checkPermission(ZEN_MANAGE_EVENTS, self.manager.getObject(tag))] if not param_tags: param_tags = ['dne'] # Filter everything (except "does not exist'). An empty tag list would be ignored. filter_params = { 'severity': params.get('severity'), 'status': [i for i in params.get('eventState', [])], 'event_class': filter(None, [params.get('eventClass')]), 'first_seen': params.get('firstTime') and self._timeRange(params.get('firstTime')), 'last_seen': params.get('lastTime') and self._timeRange(params.get('lastTime')), 'status_change': params.get('stateChange') and self._timeRange(params.get('stateChange')), 'uuid': filterEventUuids, 'count_range': params.get('count'), 'element_title': params.get('device'), 'element_sub_title': params.get('component'), 'event_summary': params.get('summary'), 'current_user_name': params.get('ownerid'), 'agent': params.get('agent'), 'monitor': params.get('monitor'), 'fingerprint': params.get('dedupid'), 'tags': param_tags, 'details': details, 'event_key': params.get('eventKey'), 'event_class_key': params.get('eventClassKey'), 'event_group': params.get('eventGroup'), 'message': params.get('message'), } parsed_params = self._filterParser.parseParams(params) filter_params.update(parsed_params) parsed_details = self._filterParser.parseDetails(details) if len(parsed_details) > 0: filter_params['details'].update(parsed_details) event_filter = self.zep.createEventFilter(**filter_params) log.debug('Found params for building filter, ended up building the following:') log.debug(event_filter) elif specificEventUuids: # if they passed in specific uuids but not other params event_filter = self.zep.createEventFilter( uuid=specificEventUuids ) else: log.debug('Did not get parameters, using empty filter.') event_filter = {} if uid is None: uid = self.context context = resolve_context(uid) if context and context.id not in ('Events', 'dmd'): try: # make a specific instance of tag_filter just for the context tag. context_tag_filter = { 'tag_uuids': [IGlobalIdentifier(context).getGUID()] } # if it exists, filter['tag_filter'] will be a list. just append the special # context tag filter to whatever that list is. tag_filter = event_filter.setdefault('tag_filter', []) tag_filter.append(context_tag_filter) except TypeError: if isinstance(context, EventClass): event_filter['event_class'] = [context.getDmdKey()] else: raise Exception('Unknown context %s' % context) log.debug('Final filter will be:') log.debug(event_filter) return event_filter
def _buildFilter(self, uids, params, specificEventUuids=None): """ Construct a dictionary that can be converted into an EventFilter protobuf. @type params: dictionary @param params: (optional) Key-value pair of filters for this search. (default: None) @type uid: string @param uid: (optional) Context for the query (default: None) """ if params: log.debug('logging params for building filter: %s', params) if isinstance(params, basestring): params = loads(params) # params comes from the grid's filtering column - # some of these properties are normal properties on an event # while others are considered event details. Separate the # two here. params, details = self.zep.parseParameterDetails(params) filterEventUuids = [] # No specific event uuids passed in- # check for event ids from the grid parameters if specificEventUuids is None: log.debug('No specific event uuids were passed in.') # The evid's from params only ever mean anything for filtering - if # specific uuids are passed in, this filter will ignore the grid # parameters and just act on or filter using these specific event uuids. evid = params.get('evid') if evid: if not isinstance(evid,(list, tuple)): evid = [evid] filterEventUuids.extend(evid) # Specific event uuids were passed in, use those for this filter. else: log.debug('Specific event uuids passed in: %s', specificEventUuids) if not isinstance(specificEventUuids,(list, tuple)): filterEventUuids = [specificEventUuids] else: filterEventUuids = specificEventUuids log.debug('FilterEventUuids is: %s', filterEventUuids) event_filter = self.zep.createEventFilter( severity = params.get('severity'), status = [i for i in params.get('eventState', [])], event_class = filter(None, [params.get('eventClass')]), first_seen = params.get('firstTime') and self._timeRange(params.get('firstTime')), last_seen = params.get('lastTime') and self._timeRange(params.get('lastTime')), status_change = params.get('stateChange') and self._timeRange(params.get('stateChange')), uuid = filterEventUuids, count_range = params.get('count'), element_title = params.get('device'), element_sub_title = params.get('component'), event_summary = params.get('summary'), current_user_name = params.get('ownerid'), agent = params.get('agent'), monitor = params.get('monitor'), fingerprint = params.get('dedupid'), # 'tags' comes from managed object guids. # see Zuul/security/security.py tags = params.get('tags'), details = details, event_key = params.get('eventKey'), event_class_key = params.get('eventClassKey'), event_group = params.get('eventGroup'), message = params.get('message'), ) log.debug('Found params for building filter, ended up building the following:') log.debug(event_filter) elif specificEventUuids: # if they passed in specific uuids but not other params event_filter = self.zep.createEventFilter( uuid = specificEventUuids ) else: log.debug('Did not get parameters, using empty filter.') event_filter = {} if not uids and isinstance(self.context, EventClass): uids = [self.context] contexts = (resolve_context(uid) for uid in uids) context_uuids = [] for context in contexts: if context and context.id not in ('Events', 'dmd'): try: # make a specific instance of tag_filter just for the context tag. if not context_uuids: context_tag_filter = { 'tag_uuids': context_uuids } # if it exists, filter['tag_filter'] will be a list. just append the special # context tag filter to whatever that list is. tag_filter = event_filter.setdefault('tag_filter', []) tag_filter.append(context_tag_filter) context_uuids.append(IGlobalIdentifier(context).getGUID()) except TypeError: if isinstance(context, EventClass): event_filter['event_class'] = [context.getDmdKey()] else: raise Exception('Unknown context %s' % context) log.debug('Final filter will be:') log.debug(event_filter) return event_filter
def _buildFilter(self, uids, params, specificEventUuids=None, includeContextInUid=True): """ Construct a dictionary that can be converted into an EventFilter protobuf. @type params: dictionary @param params: (optional) Key-value pair of filters for this search. (default: None) @type uids: iterable(string) @param uids: (optional) Contexts for the query (default: None) """ if not uids: uids = [] elif isinstance(uids, basestring): uids = [uids] if params: log.debug('logging params for building filter: %s', params) if isinstance(params, basestring): params = loads(params) # params comes from the grid's filtering column - # some of these properties are normal properties on an event # while others are considered event details. Separate the # two here. params, details = self.zep.parseParameterDetails(params) filterEventUuids = [] # No specific event uuids passed in- # check for event ids from the grid parameters if specificEventUuids is None: log.debug('No specific event uuids were passed in.') # The evid's from params only ever mean anything for filtering - if # specific uuids are passed in, this filter will ignore the grid # parameters and just act on or filter using these specific event uuids. evid = params.get('evid') if evid: if not isinstance(evid, (list, tuple)): evid = [evid] filterEventUuids.extend(evid) # Specific event uuids were passed in, use those for this filter. else: log.debug('Specific event uuids passed in: %s', specificEventUuids) if not isinstance(specificEventUuids, (list, tuple)): filterEventUuids = [specificEventUuids] else: filterEventUuids = specificEventUuids log.debug('FilterEventUuids is: %s', filterEventUuids) # 'tags' comes from managed object guids. # see Zuul/security/security.py param_tags = params.get('tags') if params.get( 'excludeNonActionables') and not Zuul.checkPermission( ZEN_MANAGE_EVENTS, self.context): if not param_tags: us = self.context.dmd.ZenUsers.getUserSettings() param_tags = [ IGlobalIdentifier(ar.managedObject()).getGUID() for ar in us.getAllAdminRoles() ] if param_tags: param_tags = [ tag for tag in param_tags if Zuul.checkPermission( ZEN_MANAGE_EVENTS, self.manager.getObject(tag)) ] if not param_tags: param_tags = [ 'dne' ] # Filter everything (except "does not exist'). An empty tag list would be ignored. filter_params = { 'severity': params.get('severity'), 'status': [i for i in params.get('eventState', [])], 'event_class': filter(None, [params.get('eventClass')]), 'first_seen': params.get('firstTime') and self._timeRange(params.get('firstTime')), 'last_seen': params.get('lastTime') and self._timeRange(params.get('lastTime')), 'status_change': params.get('stateChange') and self._timeRange(params.get('stateChange')), 'uuid': filterEventUuids, 'count_range': params.get('count'), 'element_title': params.get('device'), 'element_sub_title': params.get('component'), 'event_summary': params.get('summary'), 'current_user_name': params.get('ownerid'), 'agent': params.get('agent'), 'monitor': params.get('monitor'), 'fingerprint': params.get('dedupid'), 'tags': param_tags, 'details': details, 'event_key': params.get('eventKey'), 'event_class_key': params.get('eventClassKey'), 'event_group': params.get('eventGroup'), 'message': params.get('message'), } parsed_params = self._filterParser.parseParams(params) filter_params.update(parsed_params) parsed_details = self._filterParser.parseDetails(details) if len(parsed_details) > 0: filter_params['details'].update(parsed_details) event_filter = self.zep.createEventFilter(**filter_params) log.debug( 'Found params for building filter, ended up building the following:' ) log.debug(event_filter) elif specificEventUuids: # if they passed in specific uuids but not other params event_filter = self.zep.createEventFilter(uuid=specificEventUuids) else: log.debug('Did not get parameters, using empty filter.') event_filter = {} if not uids and includeContextInUid: uids = [self.context] contexts = (resolve_context(uid) for uid in uids) context_uuids = [] for context in contexts: if context and context.id not in ('Events', 'dmd'): try: # make a specific instance of tag_filter just for the context tag. if not context_uuids: context_tag_filter = {'tag_uuids': context_uuids} # if it exists, filter['tag_filter'] will be a list. just append the special # context tag filter to whatever that list is. tag_filter = event_filter.setdefault('tag_filter', []) tag_filter.append(context_tag_filter) context_uuids.append(IGlobalIdentifier(context).getGUID()) except TypeError: if isinstance(context, EventClass): event_filter['event_class'] = [context.getDmdKey()] else: raise Exception('Unknown context %s' % context) log.debug('Final filter will be:') log.debug(event_filter) return event_filter
def _buildFilter(self, uids, params, specificEventUuids=None): """ Construct a dictionary that can be converted into an EventFilter protobuf. @type params: dictionary @param params: (optional) Key-value pair of filters for this search. (default: None) @type uids: iterable(string) @param uids: (optional) Contexts for the query (default: None) """ if not uids: uids=[] elif isinstance(uids, basestring): uids = [uids] if params: log.debug('logging params for building filter: %s', params) if isinstance(params, basestring): params = loads(params) # params comes from the grid's filtering column - # some of these properties are normal properties on an event # while others are considered event details. Separate the # two here. params, details = self.zep.parseParameterDetails(params) filterEventUuids = [] # No specific event uuids passed in- # check for event ids from the grid parameters if specificEventUuids is None: log.debug('No specific event uuids were passed in.') # The evid's from params only ever mean anything for filtering - if # specific uuids are passed in, this filter will ignore the grid # parameters and just act on or filter using these specific event uuids. evid = params.get('evid') if evid: if not isinstance(evid,(list, tuple)): evid = [evid] filterEventUuids.extend(evid) # Specific event uuids were passed in, use those for this filter. else: log.debug('Specific event uuids passed in: %s', specificEventUuids) if not isinstance(specificEventUuids,(list, tuple)): filterEventUuids = [specificEventUuids] else: filterEventUuids = specificEventUuids log.debug('FilterEventUuids is: %s', filterEventUuids) event_filter = self.zep.createEventFilter( severity = params.get('severity'), status = [i for i in params.get('eventState', [])], event_class = filter(None, [params.get('eventClass')]), first_seen = params.get('firstTime') and self._timeRange(params.get('firstTime')), last_seen = params.get('lastTime') and self._timeRange(params.get('lastTime')), status_change = params.get('stateChange') and self._timeRange(params.get('stateChange')), uuid = filterEventUuids, count_range = params.get('count'), element_title = params.get('device'), element_sub_title = params.get('component'), event_summary = params.get('summary'), current_user_name = params.get('ownerid'), agent = params.get('agent'), monitor = params.get('monitor'), fingerprint = params.get('dedupid'), # 'tags' comes from managed object guids. # see Zuul/security/security.py tags = params.get('tags'), details = details, event_key = params.get('eventKey'), event_class_key = params.get('eventClassKey'), event_group = params.get('eventGroup'), message = params.get('message'), ) log.debug('Found params for building filter, ended up building the following:') log.debug(event_filter) elif specificEventUuids: # if they passed in specific uuids but not other params event_filter = self.zep.createEventFilter( uuid = specificEventUuids ) else: log.debug('Did not get parameters, using empty filter.') event_filter = {} if not uids and isinstance(self.context, EventClass): uids = [self.context] contexts = (resolve_context(uid) for uid in uids) context_uuids = [] for context in contexts: if context and context.id not in ('Events', 'dmd'): try: # make a specific instance of tag_filter just for the context tag. if not context_uuids: context_tag_filter = { 'tag_uuids': context_uuids } # if it exists, filter['tag_filter'] will be a list. just append the special # context tag filter to whatever that list is. tag_filter = event_filter.setdefault('tag_filter', []) tag_filter.append(context_tag_filter) context_uuids.append(IGlobalIdentifier(context).getGUID()) except TypeError: if isinstance(context, EventClass): event_filter['event_class'] = [context.getDmdKey()] else: raise Exception('Unknown context %s' % context) log.debug('Final filter will be:') log.debug(event_filter) return event_filter