Package org.forgerock.audit.handlers.elasticsearch

Class ElasticsearchAuditEventHandler

    • Constructor Detail

      • ElasticsearchAuditEventHandler

        public ElasticsearchAuditEventHandler​(ElasticsearchAuditEventHandlerConfiguration configuration,
                                      EventTopicsMetaData eventTopicsMetaData,
                                      Client client)
        Create a new ElasticsearchAuditEventHandler instance.
        Parameters:
        configuration - Configuration parameters that can be adjusted by system administrators.
        eventTopicsMetaData - Meta-data for all audit event topics.
        client - HTTP client or null to use default client.

    • Method Detail

      • startup

        public void startup()
             throws ResourceException
        Description copied from interface: AuditEventHandler
        Instruct this object that it is safe to initialize file handles and network connections.

        Reconfiguration of the AuditService and its handlers is achieved by replacing rather than modifying the existing objects. Therefore, it's essential that the replacements do not perform any I/O that would interfere with the operation of the objects they are replacing until the old objects are shutdown. For example, when shutting down an old instance of a file-based AuditEventHandler, the old instance may need to flush buffers, apply file rotation or retention policies, or even add line or block signatures as part of tamper evident logging. Any of these operations could be broken if two handler instances are operating on the same set of files simultaneously.

        Specified by:
        startup in interface AuditEventHandler
        Throws:
        ResourceException - if starting the AuditEventHandler fails

      • readEvent

        public Promise<ResourceResponse,​ResourceException> readEvent​(Context context,
                                                                   String topic,
                                                                   String resourceId)
        Description copied from interface: AuditEventHandler
        Reads an event with the provided resource id from the provided topic.
        Specified by:
        readEvent in interface AuditEventHandler
        Parameters:
        context - The context chain that initiated the event.
        topic - The topic where event is read.
        resourceId - The identifier of the event.
        Returns:
        a promise with either a response or an exception

      • publishEvent

        public Promise<ResourceResponse,​ResourceException> publishEvent​(Context context,
                                                                      String topic,
                                                                      JsonValue event)
        Description copied from interface: AuditEventHandler
        Publishes an event to the provided topic.

        Note for implementors, it is imperative that the supplied event is not modified in any way as this may cause undesirable behaviour where multiple handlers are configured. If the event must be modified, then make a copy of it and work with that.

        Specified by:
        publishEvent in interface AuditEventHandler
        Parameters:
        context - The context chain that initiated the event.
        topic - The topic where to publish the event.
        event - The event to publish - which should be considered immutable.
        Returns:
        a promise with either a response or an exception

      • publishSingleEvent

        protected Promise<ResourceResponse,​ResourceException> publishSingleEvent​(String topic,
                                                                               JsonValue event)
        Publishes a single event to the provided topic.
        Parameters:
        topic - The topic where to publish the event.
        event - The event to publish.
        Returns:
        a promise with either a response or an exception

      • buildBasicAuthHeaderValue

        protected String buildBasicAuthHeaderValue()
        Builds a basic authentication header-value, if username and password are provided in configuration.
        Returns:
        Basic authentication header-value or null if not configured

      • buildEventUri

        protected String buildEventUri​(String topic,
                               String eventId)
        Builds an Elasticsearch API URI for operating on a single event (e.g., index, get, etc.).
        Parameters:
        topic - Audit topic
        eventId - Event ID
        Returns:
        URI

      • buildBulkUri

        protected String buildBulkUri()
        Builds an Elasticsearch API URI for Bulk API.
        Returns:
        URI

      • buildSearchUri

        protected String buildSearchUri​(String topic,
                                int pageSize,
                                int offset)
        Builds an Elasticsearch API URI for Search API.
        Parameters:
        topic - The audit topic to search.
        pageSize - The number of results to return.
        offset - The number of results to skip.
        Returns:
        The search uri.

      • buildBaseUri

        protected String buildBaseUri()
        Builds an Elasticsearch API base URI. The format is, 
        http[s]://host:port/indexName
        Returns:
        Base URI

      • resourceException

        protected static ResourceException resourceException​(String indexName,
                                                     String topic,
                                                     String resourceId,
                                                     Response response)
        Gets an Exception Promise containing an Elasticsearch HTTP response status and payload.
        Parameters:
        indexName - Index name
        topic - Event topic
        resourceId - Event ID
        response - HTTP response
        Returns:
        Exception Promise