Skip to content

README.md

Latest commit

 

History

History
280 lines (189 loc) · 9.46 KB

README.md

File metadata and controls

280 lines (189 loc) · 9.46 KB

query Package Documentation

Simplified version of package openSearchQuery

package osquery provides a query builder for OpenSearch.

Usage example:

q := openSearchQuery.NewBoolQueryBuilder(&openSearchQuery.QuerySettings{ /* ... */ })

if err := q.AddFilterRequest(filterRequest); err != nil {
    return nil, err
}

request, err := esquery.Search().

Query(q.Build()).
MarshalJSON()

if err != nil {
    return nil, err
}

responseBody, err := v.openSearchClient.Search(openSearchModels.VulnerabilityIndexName, request)

if err != nil {
    return nil, err
}

osquery

import "github.com/greenbone/opensight-golang-libraries/pkg/openSearch/osquery"

package osquery provides a query builder for OpenSearch.

Index

func HandleCompareOperatorBeginsWith

func HandleCompareOperatorBeginsWith(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorBeginsWith handles begins with

func HandleCompareOperatorBetweenDates

func HandleCompareOperatorBetweenDates(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorBetweenDates constructs an OpenSearch range query for a given date field. It accepts a field name and a field value, which must be a slice of exactly 2 elements, representing the start and end of range. Accepted slice types: - []time.Time, - []string of two RFC3339Nano-formatted strings, - []any, containing any combination of time.Time and RFC3339Nano-formatted string.

The generated range query is inclusive of both the lower and upper bounds. If a document’s timestamp is exactly equal to the start or end date, it will still match the query.

func HandleCompareOperatorContains

func HandleCompareOperatorContains(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorContains handles contains. In the index mapping the given field must be a string of type `keyword`.

func HandleCompareOperatorExists

func HandleCompareOperatorExists(fieldName string, _ any) (esquery.Mappable, error)

func HandleCompareOperatorIsEqualTo

func HandleCompareOperatorIsEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorIsEqualTo handles is equal to

func HandleCompareOperatorIsGreaterThan

func HandleCompareOperatorIsGreaterThan(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorIsGreaterThan handles is greater than

func HandleCompareOperatorIsGreaterThanOrEqualTo

func HandleCompareOperatorIsGreaterThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorIsGreaterThanOrEqualTo handles is greater than or equal to

func HandleCompareOperatorIsLessThan

func HandleCompareOperatorIsLessThan(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorIsLessThan handles is less than

func HandleCompareOperatorIsLessThanOrEqualTo

func HandleCompareOperatorIsLessThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorIsLessThanOrEqualTo handles is less than or equal to

func HandleCompareOperatorTextContains

func HandleCompareOperatorTextContains(fieldName string, fieldValue any) (esquery.Mappable, error)

HandleCompareOperatorTextContains performs a full text search on the given field. In the index mapping it must be a string of type `text`.

type BoolQueryBuilder

BoolQueryBuilder is a builder for an OpenSearch bool query. Use NewBoolQueryBuilder or NewBoolQueryBuilderWith for proper initialization.

type BoolQueryBuilder struct {
    Must    []esquery.Mappable
    MustNot []esquery.Mappable
    // contains filtered or unexported fields
}

func NewBoolQueryBuilder

func NewBoolQueryBuilder(querySettings *QuerySettings) *BoolQueryBuilder

NewBoolQueryBuilder creates a new BoolQueryBuilder and returns it. It uses the default set of CompareOperator.

querySettings is used to configure the query builder.

func NewBoolQueryBuilderWith

func NewBoolQueryBuilderWith(query *esquery.BoolQuery, querySettings *QuerySettings) *BoolQueryBuilder

NewBoolQueryBuilderWith creates a new BoolQueryBuilder and returns it. It uses the default set of CompareOperator.

query is the initial bool query to use. querySettings is used to configure the query builder.

func (*BoolQueryBuilder) AddFilterRequest

func (q *BoolQueryBuilder) AddFilterRequest(request *filter.Request) error

AddFilterRequest adds a filter request to this query. The filter request is translated into a bool query.

func (*BoolQueryBuilder) AddTermFilter

func (q *BoolQueryBuilder) AddTermFilter(fieldName string, value any) error

AddTermFilter adds a term filter to this query.

value is the value to filter for.

func (*BoolQueryBuilder) AddTermsFilter

func (q *BoolQueryBuilder) AddTermsFilter(fieldName string, values ...any) error

AddTermsFilter adds a terms filter to this query.

values is the list of values to filter for.

func (*BoolQueryBuilder) Build

func (q *BoolQueryBuilder) Build() *esquery.BoolQuery

Build returns the built query.

type CompareOperator

CompareOperator defines a mapping between a filter.CompareOperator and a function to generate an appropriate query condition in form of a CompareOperatorHandler.

type CompareOperator struct {
    Operator filter.CompareOperator
    Handler  CompareOperatorHandler
    // MustCondition defines whether the condition should be added to the must (true) or must_not clause (false).
    MustCondition bool
}

type CompareOperatorHandler

CompareOperatorHandler is a function that generates an appropriate query condition for the given field.

type CompareOperatorHandler func(fieldName string, fieldValue any) (esquery.Mappable, error)

type QuerySettings

QuerySettings is used to configure the query builder.

type QuerySettings struct {
    FilterFieldMapping map[string]string
}

Generated by gomarkdoc

License

Copyright (C) 2022-2023 [Greenbone AG][Greenbone AG]

Licensed under the GNU General Public License v3.0 or later.