"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.getSearchQueryByPostureType = exports.getCloudSecurityUsageRecord = exports.getAggQueryByPostureType = void 0; var _constants = require("@kbn/cloud-security-posture-plugin/common/constants"); var _cloud_security_metering = require("./cloud_security_metering"); var _cloud_security_metering_task_config = require("./cloud_security_metering_task_config"); /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ const ASSETS_SAMPLE_GRANULARITY = '24h'; const queryParams = { [_constants.CSPM_POLICY_TEMPLATE]: { index: _constants.LATEST_FINDINGS_INDEX_PATTERN, assets_identifier: 'resource.id' }, [_constants.KSPM_POLICY_TEMPLATE]: { index: _constants.LATEST_FINDINGS_INDEX_PATTERN, assets_identifier: 'agent.id' }, [_constants.CNVM_POLICY_TEMPLATE]: { index: _constants.LATEST_VULNERABILITIES_INDEX_PATTERN, assets_identifier: 'cloud.instance.id' } }; const getCloudSecurityUsageRecord = async ({ esClient, projectId, logger, taskId, postureType, tier }) => { try { if (!postureType) { logger.error('posture type is missing'); return; } if (!(await indexHasDataInDateRange(esClient, postureType))) return; const response = await esClient.search(getAggQueryByPostureType(postureType)); if (!response.aggregations) { return; } const resourceCount = response.aggregations.unique_assets.value; if (resourceCount > _cloud_security_metering.AGGREGATION_PRECISION_THRESHOLD) { logger.warn(`The number of unique resources for {${postureType}} is ${resourceCount}, which is higher than the AGGREGATION_PRECISION_THRESHOLD of ${_cloud_security_metering.AGGREGATION_PRECISION_THRESHOLD}.`); } const minTimestamp = response.aggregations ? new Date(response.aggregations.min_timestamp.value_as_string).toISOString() : new Date().toISOString(); const creationTimestamp = new Date().toISOString(); const usageRecord = { id: `${_cloud_security_metering.CLOUD_SECURITY_TASK_TYPE}_${postureType}_${projectId}_${creationTimestamp}`, usage_timestamp: minTimestamp, creation_timestamp: creationTimestamp, usage: { type: _cloud_security_metering.CLOUD_SECURITY_TASK_TYPE, sub_type: postureType, quantity: resourceCount, period_seconds: _cloud_security_metering_task_config.cloudSecurityMetringTaskProperties.periodSeconds }, source: { id: taskId, instance_group_id: projectId, metadata: { tier } } }; logger.debug(`Fetched ${postureType} metring data`); return usageRecord; } catch (err) { logger.error(`Failed to fetch ${postureType} metering data ${err}`); } }; exports.getCloudSecurityUsageRecord = getCloudSecurityUsageRecord; const indexHasDataInDateRange = async (esClient, postureType) => { const response = await esClient.search({ index: queryParams[postureType].index, size: 1, _source: false, query: getSearchQueryByPostureType(postureType) }); return response.hits.hits.length > 0; }; const getSearchQueryByPostureType = postureType => { const mustFilters = []; mustFilters.push({ range: { '@timestamp': { gte: `now-${ASSETS_SAMPLE_GRANULARITY}` } } }); if (postureType === _constants.CSPM_POLICY_TEMPLATE || postureType === _constants.KSPM_POLICY_TEMPLATE) { mustFilters.push({ term: { 'rule.benchmark.posture_type': postureType } }); } return { bool: { must: mustFilters } }; }; exports.getSearchQueryByPostureType = getSearchQueryByPostureType; const getAggQueryByPostureType = postureType => { const query = { index: queryParams[postureType].index, query: getSearchQueryByPostureType(postureType), size: 0, aggs: { unique_assets: { cardinality: { field: queryParams[postureType].assets_identifier, precision_threshold: _cloud_security_metering.AGGREGATION_PRECISION_THRESHOLD } }, min_timestamp: { min: { field: '@timestamp' } } } }; return query; }; exports.getAggQueryByPostureType = getAggQueryByPostureType;