README
¶
query Package Documentation
Simplified version of package
openSearchQuery
package osquery provides a query builder for OpenSearch.
Usage example:
q := openSearchQuery.NewBoolQueryBuilder(&openSearchQuery.QuerySettings{ /* ... */ })
if err := q.AddFilterRequest(filterRequest); err != nil {
return nil, err
}
request, err := esquery.Search().
Query(q.Build()).
MarshalJSON()
if err != nil {
return nil, err
}
responseBody, err := v.openSearchClient.Search(openSearchModels.VulnerabilityIndexName, request)
if err != nil {
return nil, err
}
osquery
import "github.com/greenbone/opensight-golang-libraries/pkg/openSearch/osquery"
package osquery provides a query builder for OpenSearch.
Index
- func HandleCompareOperatorBeginsWith(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorBetweenDates(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorContains(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorExists(fieldName string, _ any) (esquery.Mappable, error)
- func HandleCompareOperatorIsEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorIsGreaterThan(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorIsGreaterThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorIsLessThan(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorIsLessThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorTextContains(fieldName string, fieldValue any) (esquery.Mappable, error)
- type BoolQueryBuilder
- func NewBoolQueryBuilder(querySettings *QuerySettings) *BoolQueryBuilder
- func NewBoolQueryBuilderWith(query *esquery.BoolQuery, querySettings *QuerySettings) *BoolQueryBuilder
- func (q *BoolQueryBuilder) AddFilterRequest(request *filter.Request) error
- func (q *BoolQueryBuilder) AddTermFilter(fieldName string, value any) error
- func (q *BoolQueryBuilder) AddTermsFilter(fieldName string, values ...any) error
- func (q *BoolQueryBuilder) Build() *esquery.BoolQuery
- type CompareOperator
- type CompareOperatorHandler
- type QuerySettings
func HandleCompareOperatorBeginsWith
func HandleCompareOperatorBeginsWith(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorBeginsWith handles begins with
func HandleCompareOperatorBetweenDates
func HandleCompareOperatorBetweenDates(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorBetweenDates constructs an OpenSearch range query for a given date field. It accepts a field name and a field value, which must be a slice of exactly 2 elements, representing the start and end of range. Accepted slice types: - []time.Time, - []string of two RFC3339Nano-formatted strings, - []any, containing any combination of time.Time and RFC3339Nano-formatted string.
The generated range query is inclusive of both the lower and upper bounds. If a document’s timestamp is exactly equal to the start or end date, it will still match the query.
func HandleCompareOperatorContains
func HandleCompareOperatorContains(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorContains handles contains. In the index mapping the given field must be a string of type `keyword`.
func HandleCompareOperatorExists
func HandleCompareOperatorExists(fieldName string, _ any) (esquery.Mappable, error)
func HandleCompareOperatorIsEqualTo
func HandleCompareOperatorIsEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorIsEqualTo handles is equal to
func HandleCompareOperatorIsGreaterThan
func HandleCompareOperatorIsGreaterThan(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorIsGreaterThan handles is greater than
func HandleCompareOperatorIsGreaterThanOrEqualTo
func HandleCompareOperatorIsGreaterThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorIsGreaterThanOrEqualTo handles is greater than or equal to
func HandleCompareOperatorIsLessThan
func HandleCompareOperatorIsLessThan(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorIsLessThan handles is less than
func HandleCompareOperatorIsLessThanOrEqualTo
func HandleCompareOperatorIsLessThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorIsLessThanOrEqualTo handles is less than or equal to
func HandleCompareOperatorTextContains
func HandleCompareOperatorTextContains(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorTextContains performs a full text search on the given field. In the index mapping it must be a string of type `text`.
type BoolQueryBuilder
BoolQueryBuilder is a builder for an OpenSearch bool query. Use NewBoolQueryBuilder or NewBoolQueryBuilderWith for proper initialization.
type BoolQueryBuilder struct {
Must []esquery.Mappable
MustNot []esquery.Mappable
// contains filtered or unexported fields
}
func NewBoolQueryBuilder
func NewBoolQueryBuilder(querySettings *QuerySettings) *BoolQueryBuilder
NewBoolQueryBuilder creates a new BoolQueryBuilder and returns it. It uses the default set of CompareOperator.
querySettings is used to configure the query builder.
func NewBoolQueryBuilderWith
func NewBoolQueryBuilderWith(query *esquery.BoolQuery, querySettings *QuerySettings) *BoolQueryBuilder
NewBoolQueryBuilderWith creates a new BoolQueryBuilder and returns it. It uses the default set of CompareOperator.
query is the initial bool query to use. querySettings is used to configure the query builder.
func (*BoolQueryBuilder) AddFilterRequest
func (q *BoolQueryBuilder) AddFilterRequest(request *filter.Request) error
AddFilterRequest adds a filter request to this query. The filter request is translated into a bool query.
func (*BoolQueryBuilder) AddTermFilter
func (q *BoolQueryBuilder) AddTermFilter(fieldName string, value any) error
AddTermFilter adds a term filter to this query.
value is the value to filter for.
func (*BoolQueryBuilder) AddTermsFilter
func (q *BoolQueryBuilder) AddTermsFilter(fieldName string, values ...any) error
AddTermsFilter adds a terms filter to this query.
values is the list of values to filter for.
func (*BoolQueryBuilder) Build
func (q *BoolQueryBuilder) Build() *esquery.BoolQuery
Build returns the built query.
type CompareOperator
CompareOperator defines a mapping between a filter.CompareOperator and a function to generate an appropriate query condition in form of a CompareOperatorHandler.
type CompareOperator struct {
Operator filter.CompareOperator
Handler CompareOperatorHandler
// MustCondition defines whether the condition should be added to the must (true) or must_not clause (false).
MustCondition bool
}
type CompareOperatorHandler
CompareOperatorHandler is a function that generates an appropriate query condition for the given field.
type CompareOperatorHandler func(fieldName string, fieldValue any) (esquery.Mappable, error)
type QuerySettings
QuerySettings is used to configure the query builder.
type QuerySettings struct {
FilterFieldMapping map[string]string
}
Generated by gomarkdoc
License
Copyright (C) 2022-2023 [Greenbone AG][Greenbone AG]
Licensed under the GNU General Public License v3.0 or later.
Documentation
¶
Overview ¶
package osquery provides a query builder for OpenSearch.
Index ¶
- func HandleCompareOperatorBeginsWith(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorBetweenDates(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorContains(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorExists(fieldName string, _ any) (esquery.Mappable, error)
- func HandleCompareOperatorIsEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorIsGreaterThan(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorIsGreaterThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorIsLessThan(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorIsLessThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
- func HandleCompareOperatorTextContains(fieldName string, fieldValue any) (esquery.Mappable, error)
- type BoolQueryBuilder
- type CompareOperator
- type CompareOperatorHandler
- type QuerySettings
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HandleCompareOperatorBeginsWith ¶
HandleCompareOperatorBeginsWith handles begins with
func HandleCompareOperatorBetweenDates ¶
HandleCompareOperatorBetweenDates constructs an OpenSearch range query for a given date field. It accepts a field name and a field value, which must be a slice of exactly 2 elements, representing the start and end of range. Accepted slice types: - []time.Time, - []string of two RFC3339Nano-formatted strings, - []any, containing any combination of time.Time and RFC3339Nano-formatted string.
The generated range query is inclusive of both the lower and upper bounds. If a document’s timestamp is exactly equal to the start or end date, it will still match the query.
func HandleCompareOperatorContains ¶
HandleCompareOperatorContains handles contains. In the index mapping the given field must be a string of type `keyword`.
func HandleCompareOperatorIsEqualTo ¶
HandleCompareOperatorIsEqualTo handles is equal to
func HandleCompareOperatorIsGreaterThan ¶
HandleCompareOperatorIsGreaterThan handles is greater than
func HandleCompareOperatorIsGreaterThanOrEqualTo ¶
func HandleCompareOperatorIsGreaterThanOrEqualTo(fieldName string, fieldValue any) (esquery.Mappable, error)
HandleCompareOperatorIsGreaterThanOrEqualTo handles is greater than or equal to
func HandleCompareOperatorIsLessThan ¶
HandleCompareOperatorIsLessThan handles is less than
Types ¶
type BoolQueryBuilder ¶
type BoolQueryBuilder struct {
Must []esquery.Mappable
MustNot []esquery.Mappable
// contains filtered or unexported fields
}
BoolQueryBuilder is a builder for an OpenSearch bool query. Use NewBoolQueryBuilder or NewBoolQueryBuilderWith for proper initialization.
func NewBoolQueryBuilder ¶
func NewBoolQueryBuilder(querySettings *QuerySettings) *BoolQueryBuilder
NewBoolQueryBuilder creates a new BoolQueryBuilder and returns it. It uses the default set of CompareOperator.
querySettings is used to configure the query builder.
func NewBoolQueryBuilderWith ¶
func NewBoolQueryBuilderWith(query *esquery.BoolQuery, querySettings *QuerySettings) *BoolQueryBuilder
NewBoolQueryBuilderWith creates a new BoolQueryBuilder and returns it. It uses the default set of CompareOperator.
query is the initial bool query to use. querySettings is used to configure the query builder.
func (*BoolQueryBuilder) AddFilterRequest ¶
func (q *BoolQueryBuilder) AddFilterRequest(request *filter.Request) error
AddFilterRequest adds a filter request to this query. The filter request is translated into a bool query.
func (*BoolQueryBuilder) AddTermFilter ¶
func (q *BoolQueryBuilder) AddTermFilter(fieldName string, value any) error
AddTermFilter adds a term filter to this query.
value is the value to filter for.
func (*BoolQueryBuilder) AddTermsFilter ¶
func (q *BoolQueryBuilder) AddTermsFilter(fieldName string, values ...any) error
AddTermsFilter adds a terms filter to this query.
values is the list of values to filter for.
func (*BoolQueryBuilder) Build ¶
func (q *BoolQueryBuilder) Build() *esquery.BoolQuery
Build returns the built query.
type CompareOperator ¶
type CompareOperator struct {
Operator filter.CompareOperator
Handler CompareOperatorHandler
// MustCondition defines whether the condition should be added to the must (true) or must_not clause (false).
MustCondition bool
}
CompareOperator defines a mapping between a filter.CompareOperator and a function to generate an appropriate query condition in form of a CompareOperatorHandler.
type CompareOperatorHandler ¶
CompareOperatorHandler is a function that generates an appropriate query condition for the given field.
type QuerySettings ¶
QuerySettings is used to configure the query builder.
Source Files