Add network community ID ingest processor (#5347)

Author: stevejgordon

src/Nest/Ingest/ProcessorFormatter.cs

@@ -47,7 +47,8 @@ internal class ProcessorFormatter : IJsonFormatter<IProcessor>
 			{ "enrich", 31 },
 			{ "csv", 32 },
 			{ "uri_parts", 33 },
-			{ "fingerprint", 34 }
+			{ "fingerprint", 34 },
+			{ "community_id", 35 }
 		};
 
 		public IProcessor Deserialize(ref JsonReader reader, IJsonFormatterResolver formatterResolver)
@@ -173,6 +174,9 @@ public IProcessor Deserialize(ref JsonReader reader, IJsonFormatterResolver form
 					case 34:
 						processor = Deserialize<FingerprintProcessor>(ref reader, formatterResolver);
 						break;
+					case 35:
+						processor = Deserialize<NetworkCommunityIdProcessor>(ref reader, formatterResolver);
+						break;
 				}
 			}
 			else
@@ -299,6 +303,9 @@ public void Serialize(ref JsonWriter writer, IProcessor value, IJsonFormatterRes
 				case "fingerprint":
 					Serialize<IFingerprintProcessor>(ref writer, value, formatterResolver);
 					break;
+				case "community_id":
+					Serialize<INetworkCommunityIdProcessor>(ref writer, value, formatterResolver);
+					break;
 				default:
 					var formatter = DynamicObjectResolver.ExcludeNullCamelCase.GetFormatter<IProcessor>();
 					formatter.Serialize(ref writer, value, formatterResolver);

src/Nest/Ingest/Processors/NetworkCommunityIdProcessor.cs

@@ -0,0 +1,171 @@
+using System;
+using System.Linq.Expressions;
+using System.Runtime.Serialization;
+using Elasticsearch.Net.Utf8Json;
+
+namespace Nest
+{
+	[InterfaceDataContract]
+	public interface INetworkCommunityIdProcessor : IProcessor
+	{
+		[DataMember(Name = "destination_ip")]
+		Field DestinationIp { get; set; }
+
+		[DataMember(Name = "destination_port")]
+		Field DestinationPort { get; set; }
+
+		[DataMember(Name = "iana_number")]
+		Field IanaNumber { get; set; }
+
+		[DataMember(Name = "icmp_type")]
+		Field IcmpType { get; set; }
+
+		[DataMember(Name = "icmp_code")]
+		Field IcmpCode { get; set; }
+
+		[DataMember(Name = "ignore_missing")]
+		bool? IgnoreMissing { get; set; }
+
+		[DataMember(Name = "seed")]
+		int? Seed { get; set; }
+
+		[DataMember(Name = "source_ip")]
+		Field SourceIp { get; set; }
+
+		[DataMember(Name = "source_port")]
+		Field SourcePort { get; set; }
+
+		[DataMember(Name = "target_field")]
+		Field TargetField { get; set; }
+
+		[DataMember(Name = "transport")]
+		Field Transport { get; set; }
+	}
+
+	public class NetworkCommunityIdProcessor : ProcessorBase, INetworkCommunityIdProcessor
+	{
+		protected override string Name => "community_id";
+
+		/// <inheritdoc />
+		public Field DestinationIp { get; set; }
+		/// <inheritdoc />
+		public Field DestinationPort { get; set; }
+		/// <inheritdoc />
+		public Field IanaNumber { get; set; }
+		/// <inheritdoc />
+		public Field IcmpType { get; set; }
+		/// <inheritdoc />
+		public Field IcmpCode { get; set; }
+		/// <inheritdoc />
+		public bool? IgnoreMissing { get; set; }
+		/// <inheritdoc />
+		public int? Seed { get; set; }
+		/// <inheritdoc />
+		public Field SourceIp { get; set; }
+		/// <inheritdoc />
+		public Field SourcePort { get; set; }
+		/// <inheritdoc />
+		public Field TargetField { get; set; }
+		/// <inheritdoc />
+		public Field Transport { get; set; }
+	}
+
+	/// <inheritdoc cref="IFingerprintProcessor" />
+	public class NetworkCommunityIdProcessorDescriptor<T>
+		: ProcessorDescriptorBase<NetworkCommunityIdProcessorDescriptor<T>, INetworkCommunityIdProcessor>, INetworkCommunityIdProcessor
+		where T : class
+	{
+		protected override string Name => "community_id";
+
+		Field INetworkCommunityIdProcessor.DestinationIp { get; set; }
+
+		Field INetworkCommunityIdProcessor.DestinationPort { get; set; }
+
+		Field INetworkCommunityIdProcessor.IanaNumber { get; set; }
+
+		Field INetworkCommunityIdProcessor.IcmpType { get; set; }
+
+		Field INetworkCommunityIdProcessor.IcmpCode { get; set; }
+
+		bool? INetworkCommunityIdProcessor.IgnoreMissing { get; set; }
+
+		int? INetworkCommunityIdProcessor.Seed { get; set; }
+
+		Field INetworkCommunityIdProcessor.SourceIp { get; set; }
+
+		Field INetworkCommunityIdProcessor.SourcePort { get; set; }
+
+		Field INetworkCommunityIdProcessor.TargetField { get; set; }
+
+		Field INetworkCommunityIdProcessor.Transport { get; set; }
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.DestinationIp" />
+		public NetworkCommunityIdProcessorDescriptor<T> DestinationIp(Field field) => Assign(field, (a, v) => a.DestinationIp = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.DestinationIp" />
+		public NetworkCommunityIdProcessorDescriptor<T> DestinationIp<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.DestinationIp = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.DestinationPort" />
+		public NetworkCommunityIdProcessorDescriptor<T> DestinationPort(Field field) => Assign(field, (a, v) => a.DestinationPort = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.DestinationPort" />
+		public NetworkCommunityIdProcessorDescriptor<T> DestinationPort<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.DestinationPort = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.IanaNumber" />
+		public NetworkCommunityIdProcessorDescriptor<T> IanaNumber(Field field) => Assign(field, (a, v) => a.IanaNumber = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.IanaNumber" />
+		public NetworkCommunityIdProcessorDescriptor<T> IanaNumber<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.IanaNumber = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.IcmpType" />
+		public NetworkCommunityIdProcessorDescriptor<T> IcmpType(Field field) => Assign(field, (a, v) => a.IcmpType = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.IcmpType" />
+		public NetworkCommunityIdProcessorDescriptor<T> IcmpType<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.IcmpType = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.IcmpCode" />
+		public NetworkCommunityIdProcessorDescriptor<T> IcmpCode(Field field) => Assign(field, (a, v) => a.IcmpCode = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.IcmpType" />
+		public NetworkCommunityIdProcessorDescriptor<T> IcmpCode<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.IcmpCode = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.IgnoreMissing" />
+		public NetworkCommunityIdProcessorDescriptor<T> IgnoreMissing(bool? ignoreMissing = true) => Assign(ignoreMissing, (a, v) => a.IgnoreMissing = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.Seed" />
+		public NetworkCommunityIdProcessorDescriptor<T> Seed(int? seed = null) => Assign(seed, (a, v) => a.Seed = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.SourceIp" />
+		public NetworkCommunityIdProcessorDescriptor<T> SourceIp(Field field) => Assign(field, (a, v) => a.SourceIp = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.SourceIp" />
+		public NetworkCommunityIdProcessorDescriptor<T> SourceIp<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.SourceIp = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.SourcePort" />
+		public NetworkCommunityIdProcessorDescriptor<T> SourcePort(Field field) => Assign(field, (a, v) => a.SourcePort = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.SourcePort" />
+		public NetworkCommunityIdProcessorDescriptor<T> SourcePort<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.SourcePort = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.TargetField" />
+		public NetworkCommunityIdProcessorDescriptor<T> TargetField(Field field) => Assign(field, (a, v) => a.TargetField = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.TargetField" />
+		public NetworkCommunityIdProcessorDescriptor<T> TargetField<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.TargetField = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.Transport" />
+		public NetworkCommunityIdProcessorDescriptor<T> Transport(Field field) => Assign(field, (a, v) => a.Transport = v);
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor.Transport" />
+		public NetworkCommunityIdProcessorDescriptor<T> Transport<TValue>(Expression<Func<T, TValue>> objectPath) =>
+			Assign(objectPath, (a, v) => a.Transport = v);
+	}
+}

src/Nest/Ingest/ProcessorsDescriptor.cs

@@ -185,5 +185,9 @@ public ProcessorsDescriptor UriParts<T>(Func<UriPartsProcessorDescriptor<T>, IUr
 		/// <inheritdoc cref="IFingerprintProcessor"/>
 		public ProcessorsDescriptor Fingerprint<T>(Func<FingerprintProcessorDescriptor<T>, IFingerprintProcessor> selector) where T : class =>
 			Assign(selector, (a, v) => a.AddIfNotNull(v?.Invoke(new FingerprintProcessorDescriptor<T>())));
+
+		/// <inheritdoc cref="INetworkCommunityIdProcessor"/>
+		public ProcessorsDescriptor NetworkCommunityId<T>(Func<NetworkCommunityIdProcessorDescriptor<T>, INetworkCommunityIdProcessor> selector) where T : class =>
+			Assign(selector, (a, v) => a.AddIfNotNull(v?.Invoke(new NetworkCommunityIdProcessorDescriptor<T>())));
 	}
 }

tests/Tests/Ingest/ProcessorAssertions.cs

@@ -12,6 +12,7 @@
 using Tests.Core.Extensions;
 using Tests.Core.Xunit;
 using Tests.Domain;
+using static Nest.Infer;
 
 namespace Tests.Ingest
 {
@@ -189,7 +190,7 @@ public class Enrich : ProcessorAssertion
 			public override IProcessor Initializer => new EnrichProcessor
 			{
 				PolicyName = PolicyName,
-				Field = Infer.Field<Project>(f => f.Name),
+				Field = Field<Project>(f => f.Name),
 				TargetField = "target_field"
 			};
 
@@ -226,7 +227,7 @@ public class Foreach : ProcessorAssertion
 
 			public override IProcessor Initializer => new ForeachProcessor
 			{
-				Field = Infer.Field<Project>(p => p.Tags),
+				Field = Field<Project>(p => p.Tags),
 				Processor = new UppercaseProcessor
 				{
 					Field = "_value.name"
@@ -360,7 +361,7 @@ public class Set : ProcessorAssertion
 			public override Func<ProcessorsDescriptor, IPromise<IList<IProcessor>>> Fluent =>
 				d => d.Set<Project>(s => s.Field(p => p.Name).Value("foo"));
 
-			public override IProcessor Initializer => new SetProcessor { Field = Infer.Field<Project>(p => p.Name), Value = "foo" };
+			public override IProcessor Initializer => new SetProcessor { Field = Field<Project>(p => p.Name), Value = "foo" };
 
 			public override object Json => new { field = "name", value = "foo" };
 			public override string Key => "set";
@@ -732,5 +733,55 @@ public class Fingerprint : ProcessorAssertion
 			public override object Json => new { fields =  new[] { "labels" }, method = "MD5", salt = "ThisIsASalt!", target_field = "description", ignore_missing = true };
 			public override string Key => "fingerprint";
 		}
+
+		[SkipVersion("<7.12.0", "Uses the network community ID processor which was introduced in 7.12.0")]
+		public class NetworkCommunityId : ProcessorAssertion
+		{
+			public override Func<ProcessorsDescriptor, IPromise<IList<IProcessor>>> Fluent => d => d
+				.NetworkCommunityId<Project>(ud => ud
+					.DestinationIp(f => f.LeadDeveloper.IpAddress)
+					.DestinationPort("leadDeveloper.portNumber")
+					.IanaNumber(f => f.Name)
+					.IcmpType(f => f.Name)
+					.IcmpCode(f => f.Name)
+					.IgnoreMissing()
+					.Seed(100)
+					.SourceIp(f => f.LeadDeveloper.IpAddress)
+					.SourcePort("leadDeveloper.portNumber")
+					.TargetField(f => f.Description)
+					.Transport(f => f.Name));
+
+			public override IProcessor Initializer => new NetworkCommunityIdProcessor
+			{
+				DestinationIp = Field<Project>(f => f.LeadDeveloper.IpAddress),
+				DestinationPort = "leadDeveloper.portNumber",
+				IanaNumber = "name",
+				IcmpType = "name",
+				IcmpCode = "name",
+				IgnoreMissing = true,
+				Seed = 100,
+				SourceIp = Field<Project>(f => f.LeadDeveloper.IpAddress),
+				SourcePort = "leadDeveloper.portNumber",
+				TargetField = "description",
+				Transport = "name"
+			};
+
+			public override object Json => new
+			{
+				destination_ip = "leadDeveloper.ipAddress",
+				destination_port = "leadDeveloper.portNumber",
+				iana_number = "name",
+				icmp_code = "name",
+				icmp_type = "name",
+				ignore_missing = true,
+				seed = 100,
+				source_ip = "leadDeveloper.ipAddress",
+				source_port = "leadDeveloper.portNumber",
+				target_field = "description",
+				transport = "name"
+			};
+
+			public override string Key => "community_id";
+		}
 	}
 }