Adding support for field sslSubject

#104

Author: Chris Wiechmann

UPDATE.md

@@ -48,6 +48,7 @@ On the other hand, the API builder Docker image, as a central component of the s
 | 2.3.0 | [X](#api-builderlogstashmemcached) | -                                  | -                                  | -             | -               | -               | -               |-                   | 7.10.0  |            |
 | 2.4.0 | [X](#api-builderlogstashmemcached) | [X](#api-builderlogstashmemcached) | -                                  | -             | -               | -               | [X](#parameters)|-                   | 7.10.0  |            |
 | 2.4.1 | [X](#api-builderlogstashmemcached) | -                                  | -                                  | -             | -               | -               | -               |-                   | 7.10.0  |            |
+| 2.4.2 | [X](#api-builderlogstashmemcached) | -                                  | -                                  | -             | -               | -               | -               |[X](#elastic-config)| 7.10.0  |            |
 
 ### Update from Version 1.0.0
 

apibuilder4elastic/custom_flow_nodes/api-builder-plugin-traffic-monitor-api-utils/src/actions.js

@@ -42,6 +42,7 @@ async function handleFilterFields(parameters, options) {
 		{ fieldName: 'localAddr', queryType: 'match', queryLocation: 'http.localAddr' },
 		{ fieldName: 'status', queryType: 'match', queryLocation: addStatusFilter },
 		{ fieldName: 'subject', queryType: 'match', queryLocation: 'http.authSubjectId' },
+		{ fieldName: 'sslsubject', queryType: 'match', queryLocation: 'http.sslSubject' },
 		{ fieldName: 'operation', queryType: 'match', queryLocation: 'serviceContext.method' },
 		{ fieldName: 'localPort', queryType: 'match', queryLocation: 'http.localPort' },
 		{ fieldName: 'method', queryType: 'match', queryLocation: 'http.method' },

apibuilder4elastic/custom_flow_nodes/api-builder-plugin-traffic-monitor-api-utils/test/testHandleFilterQueries.js

@@ -49,6 +49,19 @@ describe('flow-node traffic-monitor-api-utils', () => {
 					]}});
 		});
 
+		// Example .../search?format=json&field=sslsubject&value=/CN=*.ngrok.io
+		it('should succeed with SSL-Subject field and proper value given', async () => {
+			const { value, output } = await flowNode.handleFilterFields({ params: { field: "sslsubject", value: "/CN=*.ngrok.io" }, serviceID: "instance-1" });
+
+			expect(output).to.equal('next');
+			expect(value).to.be.a('object');
+			expect(value).to.deep.equal({ "bool": { "must": [
+					  {"match": {"http.sslSubject": { "query": "/CN=*.ngrok.io" }}},
+					  {"exists": {"field": "http"}},
+					  {"term": {"processInfo.serviceId": "instance-1"}}
+					]}});
+		});
+
 		// Example .../search?field=uri&value=/v2/pet/findByStatus&field=method&value=GET
 		it('should succeed with valid argument', async () => {
 			const { value, output } = await flowNode.handleFilterFields({ params: { field: ["uri","method"], value: ["/v2/pet/findByStatus","GET"] }, serviceID: "instance-1" });

apibuilder4elastic/elasticsearch_config/traffic-summary/index_template.json

@@ -1,5 +1,5 @@
 {
-    "version": 4,
+    "version": 5,
     "index_patterns": [
         "apigw-traffic-summary-*"
     ],
@@ -121,6 +121,15 @@
                 },
                 "norms": false
             },
+            "http.sslSubject": {
+                "type": "text",
+                "fields": {
+                    "keyword": {
+                        "type": "keyword"
+                    }
+                },
+                "norms": false
+            },
             "protocol": {
                 "type": "keyword"
             },

apibuilder4elastic/flows/trafficMonitorApi-search.json

@@ -134,7 +134,7 @@
 				{
 					"name": "code",
 					"type": "string",
-					"value": "\"var result = {};\\n  var hits = data.elasticsearch.result.body.hits.hits;\\n  var protocol = data.params.protocol;\\n  result.processId = \\\"\\\";\\n  result.data = [];\\n  hits.map(function(entry) {\\n    var dataObject = {};\\n    var _source = entry._source;\\n    dataObject.correlationId = _source.correlationId;\\n    dataObject.timestamp = Date.parse(_source['@timestamp']);\\n    if(_source.serviceContext) {\\n      dataObject.serviceName = _source.serviceContext.service;\\n      dataObject.operation = _source.serviceContext.method;\\n    }\\n    dataObject.type = protocol;\\n    switch (protocol) {\\n      case \\\"http\\\":\\n        formatHttpFields(dataObject, _source);\\n        break;\\n      case \\\"fileTransfer\\\":\\n        formatFiletransferFields(dataObject, _source);\\n        break;\\n    }\\n    result.data.push(dataObject);\\n  });\\n  \\n  function formatHttpFields(dataObject, _source) {    \\n      dataObject.statustext = _source.http.statusText;\\n      dataObject.method = _source.http.method;\\n      dataObject.status = _source.http.status;\\n      dataObject.wafStatus = _source.http.wafStatus;\\n      dataObject.subject = _source.http.authSubjectId;\\n      dataObject.localPort = _source.http.localPort;\\n      dataObject.uri = _source.http.uri;\\n      dataObject.vhost = _source.http.vhost;\\n      dataObject.duration = _source.duration;\\n      dataObject.finalStatus = _source.finalStatus;\\n      dataObject.bytesReceived = _source.http.bytesReceived;\\n      dataObject.bytesSent = _source.http.bytesSent;\\n      dataObject.remoteName = _source.http.remoteName;\\n      dataObject.remoteAddr = _source.http.remoteAddr;\\n      dataObject.remotePort = _source.http.remotePort;\\n      dataObject.localAddr = _source.http.localAddr;\\n      dataObject.localPort = _source.http.localPort;\\n      dataObject.leg = 0;\\n  }\\n  \\n  function formatFiletransferFields(dataObject, _source) {\\n      dataObject.remoteAddr = _source.fileTransfer.remoteAddr;\\n      dataObject.uploadFile = _source.fileTransfer.uploadFile;\\n      dataObject.direction = _source.fileTransfer.direction;\\n      dataObject.servicetype = _source.fileTransfer.serviceType;\\n      dataObject.size = _source.fileTransfer.size;\\n      dataObject.duration = _source.duration;\\n      dataObject.subject = _source.fileTransfer.authSubjectId;\\n      dataObject.finalStatus = _source.finalStatus;\\n  }\\n\\n  \\n  return result;\"",
+					"value": "\"var result = {};\\n  var hits = data.elasticsearch.result.body.hits.hits;\\n  var protocol = data.params.protocol;\\n  result.processId = \\\"\\\";\\n  result.data = [];\\n  hits.map(function(entry) {\\n    var dataObject = {};\\n    var _source = entry._source;\\n    dataObject.correlationId = _source.correlationId;\\n    dataObject.timestamp = Date.parse(_source['@timestamp']);\\n    if(_source.serviceContext) {\\n      dataObject.serviceName = _source.serviceContext.service;\\n      dataObject.operation = _source.serviceContext.method;\\n    }\\n    if(!_source.http.sslSubject) {\\n      _source.http.sslSubject = \\\"null\\\";\\n    }\\n    dataObject.type = protocol;\\n    switch (protocol) {\\n      case \\\"http\\\":\\n        formatHttpFields(dataObject, _source);\\n        break;\\n      case \\\"fileTransfer\\\":\\n        formatFiletransferFields(dataObject, _source);\\n        break;\\n    }\\n    result.data.push(dataObject);\\n  });\\n  \\n  function formatHttpFields(dataObject, _source) {    \\n      dataObject.statustext = _source.http.statusText;\\n      dataObject.method = _source.http.method;\\n      dataObject.status = _source.http.status;\\n      dataObject.wafStatus = _source.http.wafStatus;\\n      dataObject.subject = _source.http.authSubjectId;\\n      dataObject.sslsubject = _source.http.sslSubject;\\n      dataObject.localPort = _source.http.localPort;\\n      dataObject.uri = _source.http.uri;\\n      dataObject.vhost = _source.http.vhost;\\n      dataObject.duration = _source.duration;\\n      dataObject.finalStatus = _source.finalStatus;\\n      dataObject.bytesReceived = _source.http.bytesReceived;\\n      dataObject.bytesSent = _source.http.bytesSent;\\n      dataObject.remoteName = _source.http.remoteName;\\n      dataObject.remoteAddr = _source.http.remoteAddr;\\n      dataObject.remotePort = _source.http.remotePort;\\n      dataObject.localAddr = _source.http.localAddr;\\n      dataObject.localPort = _source.http.localPort;\\n      dataObject.leg = 0;\\n  }\\n  \\n  function formatFiletransferFields(dataObject, _source) {\\n      dataObject.remoteAddr = _source.fileTransfer.remoteAddr;\\n      dataObject.uploadFile = _source.fileTransfer.uploadFile;\\n      dataObject.direction = _source.fileTransfer.direction;\\n      dataObject.servicetype = _source.fileTransfer.serviceType;\\n      dataObject.size = _source.fileTransfer.size;\\n      dataObject.duration = _source.duration;\\n      dataObject.subject = _source.fileTransfer.authSubjectId;\\n      dataObject.finalStatus = _source.finalStatus;\\n  }\\n\\n  \\n  return result;\"",
 					"metaName": "code",
 					"metaDescription": "A JavaScript function body. Supports `await` and returning promises."
 				}

apibuilder4elastic/test/documents/http/search_test_documents.js

@@ -69,7 +69,7 @@ module.exports = [
             "localAddr": "192.168.65.133",
             "remotePort": "60041",
             "localPort": "8065",
-            "sslSubject": null,
+            "sslSubject": "null",
             "authSubjectId": null
         }
     },
@@ -201,7 +201,8 @@ module.exports = [
             "localAddr" : "192.168.65.129",
             "remoteName" : "192.168.65.1",
             "remoteAddr": "192.168.65.1",
-            "remotePort" : 50982
+            "remotePort" : 50982, 
+            "sslSubject": "/CN=*.ngrok.io"
         }
       },
       // Slightly different API

apibuilder4elastic/test/trafficMonitorAPI/asAdmin/http/test_search_endpoint_AsAdmin.js

@@ -619,6 +619,26 @@ describe('Endpoints', function () {
 				expect(body.data[0].subject).to.equals('Chris-Test');
 			});
 		});
+
+		it('[Endpoint-0030] Should return a single result based on the given sslSubject', async () => {
+			return await requestAsync({
+				method: 'GET',
+				uri: `http://localhost:${server.apibuilder.port}/api/elk/v1/api/router/service/instance-1/ops/search?field=sslsubject&value=/CN=*.ngrok.io`,
+				headers: {
+					'cookie': 'VIDUSR=Search-0022-DAVID-1597468226-Z+qdRW4rGZnwzQ==', 
+					'csrf-token': '04F9F07E59F588CDE469FC367A12ED3A4B845FDA9A9AE2D9A77686823067CDDC'
+				},
+				json: true
+			}).then(({ response, body }) => {
+				expect(response.statusCode).to.equal(200);
+				expect(body).to.be.an('Object');
+				expect(body).to.have.property('data');
+				expect(body.data).to.have.lengthOf(1); // We expect ONE API as a result
+				expect(body.data[0].uri).to.equals('/petstore/v2/pet/findByStatus');
+				expect(body.data[0].correlationId).to.equals('682c0f5fbe23dc8e1d80efe2');
+				expect(body.data[0].sslsubject).to.equals('/CN=*.ngrok.io');
+			});
+		});
 	});
 });
 
@@ -640,6 +660,7 @@ function checkFields(data, hasServiceContext, hasVhost) {
 		expect(entry).to.have.property('remoteAddr');
 		expect(entry).to.have.property('remotePort');
 		expect(entry).to.have.property('localAddr');
+		expect(entry).to.have.property('sslsubject');
 		if(hasVhost) {
 			expect(entry).to.have.property('vhost');
 		}

logstash/test/http/test-opentrafficlog.json

@@ -710,6 +710,40 @@
         "{\"timestamp\":1619688909827,\"correlationId\":\"cd7d8a6097b7669f3d48c5b6\",\"processInfo\":{\"hostname\":\"api-front-11\",\"domainId\":\"8591ad8b-c13d-492a-83cd-c3f937bb91bd\",\"groupId\":\"group-3\",\"groupName\":\"Front\",\"serviceId\":\"instance-3\",\"serviceName\":\"api-front-11.prd.schenkerag.de.axway.cloud\",\"version\":\"7.7.20201130\"},\"transactionElement\":{\"leg\":0,\"duration\":26,\"serviceName\":\"MapService\",\"operation\":null,\"finalStatus\":null,\"protocolInfo\":{\"http\":{\"uri\":\"/mapservice/v1/data/v3/1/1/1.pbf\",\"status\":200,\"statusText\":\"OK\",\"method\":\"OPTIONS\",\"vhost\":null,\"wafStatus\":0,\"bytesSent\":617,\"bytesReceived\":723,\"remoteName\":\"localhost\",\"remoteAddr\":\"127.0.0.1\",\"localAddr\":\"127.0.0.1\",\"remotePort\":\"8065\",\"localPort\":\"55640\",\"sslSubject\":\"/CN=Change this for production\",\"authSubjectId\":null},\"recvHeader\":\"Any received header\",\"sentHeader\":\"Any sent header\",\"recvPayload\":\"file:\/\/\/Cloud\/shared\/Openlogs\/2021-04-29\/11.35\/cd7d8a6097b7669f3d48c5b6-1-received\",\"sentPayload\":null}}}"
       ],
       "expected": [
+        {
+          "@timestamp": "2020-09-15T15:37:36.487Z",
+          "correlationId": "cd7d8a6097b7669f3d48c5b6",
+          "type": "summaryIndex",
+          "tags": [],
+          "duration": 2,
+          "finalStatus": "Pass",
+          "processInfo": {
+            "hostname": "api-env",
+            "groupId": "group-2",
+            "groupName": "QuickStart Group",
+            "serviceId": "instance-1",
+            "version": "7.7.20200730",
+            "gatewayName": "API-Gateway 3", 
+            "gatewayRegion": "US"
+          },
+          "http": {
+            "status": 200,
+            "statusText": "OK",
+            "method": "OPTIONS",
+            "uri": "/WebShop.svc",
+            "vhost": null,
+            "wafStatus": 0,
+            "bytesSent": 212,
+            "bytesReceived": 477,
+            "remoteName": "192.168.65.1",
+            "remoteAddr": "192.168.65.1",
+            "localAddr": "192.168.65.133",
+            "remotePort": "60041",
+            "localPort": "8065",
+            "sslSubject": null,
+            "authSubjectId": null
+          }
+        },
         {
           "@timestamp": "2021-03-17T11:10:26.799Z",
           "correlationId": "cd7d8a6097b7669f3d48c5b6",