Skip to content

Commit c9fe96f

Browse files
efd6efd6
committed
aws: use terser field access
1 parent b2d6b4e commit c9fe96f

File tree

1 file changed

+31
-31
lines changed
  • packages/aws/data_stream/cloudtrail/elasticsearch/ingest_pipeline

1 file changed

+31
-31
lines changed

packages/aws/data_stream/cloudtrail/elasticsearch/ingest_pipeline/default.yml

Lines changed: 31 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ processors:
7373
}
7474
7575
void addField(Set entities, String fieldName) {
76-
addValue(entities, field(fieldName).get(null));
76+
addValue(entities, $(fieldName, null));
7777
}
7878
7979
boolean addValues(Set entities, List values) {
@@ -173,27 +173,27 @@ processors:
173173
"json.responseElements.volumeId"
174174
]);
175175
176-
field("json.responseElements.securityGroupRuleSet.items").get([]).stream().forEach(i -> {
176+
$("json.responseElements.securityGroupRuleSet.items", []).stream().forEach(i -> {
177177
addValues(enrichCtx.related, [
178178
i.groupId,
179179
i.referencedGroupInfo?.groupId,
180180
i.securityGroupRuleId
181181
]);
182182
});
183183
184-
field("json.responseElements.groupSet.items").get([]).stream().forEach(i -> {
184+
$("json.responseElements.groupSet.items", []).stream().forEach(i -> {
185185
addValue(enrichCtx.related, i.groupId);
186186
});
187187
188-
field("json.requestParameters.groupSet.items").get([]).stream().forEach(i -> {
188+
$("json.requestParameters.groupSet.items", []).stream().forEach(i -> {
189189
addValue(enrichCtx.related, i.groupId);
190190
});
191191
192-
field("json.requestParameters.instancesSet.items").get([]).stream().forEach(i -> {
192+
$("json.requestParameters.instancesSet.items", []).stream().forEach(i -> {
193193
addValue(enrichCtx.related, i.instanceId);
194194
});
195195
196-
field("json.responseElements.instancesSet.items").get([]).stream().forEach(instances -> {
196+
$("json.responseElements.instancesSet.items", []).stream().forEach(instances -> {
197197
addValues(enrichCtx.related, [
198198
instances.subnetId,
199199
instances.vpcId,
@@ -223,7 +223,7 @@ processors:
223223
});
224224
});
225225
226-
field("json.requestParameters.revokedSecurityGroupRuleSet.items").get([]).stream().forEach(i -> {
226+
$("json.requestParameters.revokedSecurityGroupRuleSet.items", []).stream().forEach(i -> {
227227
addValues(enrichCtx.related, [
228228
i.securityGroupRuleId,
229229
i.groupId
@@ -233,7 +233,7 @@ processors:
233233
if (eventName == "AuthorizeSecurityGroupIngress"
234234
|| eventName == "AuthorizeSecurityGroupEgress") {
235235
addField(enrichCtx.target, "json.requestParameters.groupId");
236-
field("json.responseElements.securityGroupRuleSet.items").get([]).stream().forEach(f -> addValue(enrichCtx.target, f.securityGroupRuleId));
236+
$("json.responseElements.securityGroupRuleSet.items", []).stream().forEach(f -> addValue(enrichCtx.target, f.securityGroupRuleId));
237237
238238
} else if (eventName == "CreateTrafficMirrorFilter") {
239239
addField(enrichCtx.target, "json.responseElements.CreateTrafficMirrorFilterResponse.trafficMirrorFilter.trafficMirrorFilterId");
@@ -255,7 +255,7 @@ processors:
255255
256256
} else if (eventName == "DeleteNetworkAclEntry") {
257257
addField(enrichCtx.target, "json.requestParameters.networkAclId");
258-
def ruleNumber = field("json.requestParameters.ruleNumber").get(null);
258+
def ruleNumber = $("json.requestParameters.ruleNumber", null);
259259
if (ruleNumber != null) {
260260
addValue(enrichCtx.target, String.valueOf(ruleNumber));
261261
}
@@ -395,7 +395,7 @@ processors:
395395
396396
if (eventName == "DisableKey"
397397
|| eventName == "ScheduleKeyDeletion") {
398-
field("json.resources").get([]).stream().forEach(f -> addValue(enrichCtx.target, f.ARN));
398+
$("json.resources", []).stream().forEach(f -> addValue(enrichCtx.target, f.ARN));
399399
}
400400
}
401401
@@ -446,7 +446,7 @@ processors:
446446
}
447447
448448
if (eventName == "DeleteAlarms") {
449-
field("json.requestParameters.alarmNames").get([]).stream().forEach(f -> addValue(enrichCtx.target, f));
449+
$("json.requestParameters.alarmNames", []).stream().forEach(f -> addValue(enrichCtx.target, f));
450450
451451
}
452452
}
@@ -465,11 +465,11 @@ processors:
465465
"json.responseElements.vpcSecurityGroups.vpcSecurityGroupId"
466466
]);
467467
468-
field("json.responseElements.dBSubnetGroup.subnets").get([]).stream().forEach(i -> {
468+
$("json.responseElements.dBSubnetGroup.subnets", []).stream().forEach(i -> {
469469
addValue(enrichCtx.related, i.subnetIdentifier);
470470
});
471471
472-
field("json.responseElements.vpcSecurityGroups").get([]).stream().forEach(i -> {
472+
$("json.responseElements.vpcSecurityGroups", []).stream().forEach(i -> {
473473
addValue(enrichCtx.related, i.vpcSecurityGroupId);
474474
});
475475
@@ -538,10 +538,10 @@ processors:
538538
|| eventName == "GetObject"
539539
|| eventName == "DeleteObject"
540540
|| eventName == "DeleteBucket") {
541-
field("json.resources").get([]).stream().forEach(f -> addValue(enrichCtx.target, f.ARN));
541+
$("json.resources", []).stream().forEach(f -> addValue(enrichCtx.target, f.ARN));
542542
543543
} else if (eventName == "PutBucketReplication") {
544-
field("json.resources").get([]).stream().forEach(f -> addValue(enrichCtx.target, f.ARN));
544+
$("json.resources", []).stream().forEach(f -> addValue(enrichCtx.target, f.ARN));
545545
addField(enrichCtx.target, "json.requestParameters.ReplicationConfiguration.Rule.Destination.Bucket");
546546
547547
} else if (eventName == "ListBuckets") {
@@ -556,7 +556,7 @@ processors:
556556
}
557557
558558
if (eventName == "BatchGetSecretValue") {
559-
field("json.requestParameters.secretIdList").get([]).stream().forEach(f -> addValue(enrichCtx.target, f));
559+
$("json.requestParameters.secretIdList", []).stream().forEach(f -> addValue(enrichCtx.target, f));
560560
561561
} else if (eventName == "GetSecretValue") {
562562
addField(enrichCtx.target, "json.requestParameters.secretId");
@@ -583,7 +583,7 @@ processors:
583583
|| eventName == "GetParameters"
584584
|| eventName == "CreateControlChannel"
585585
|| eventName == "OpenControlChannel") {
586-
field("json.resources").get([]).stream().forEach(f -> addValue(enrichCtx.target, f.ARN));
586+
$("json.resources", []).stream().forEach(f -> addValue(enrichCtx.target, f.ARN));
587587
588588
} else if (eventName == "StartSession") {
589589
addField(enrichCtx.target, "json.requestParameters.target");
@@ -596,14 +596,14 @@ processors:
596596
addField(enrichCtx.target, "json.requestParameters.sessionId");
597597
598598
} else if (eventName == "SendCommand") {
599-
List instanceIds = field("json.requestParameters.instanceIds").get([]);
599+
List instanceIds = $("json.requestParameters.instanceIds", []);
600600
601601
if (instanceIds.isEmpty()) {
602-
instanceIds = field("json.requestParameters.targets").get([]).stream().flatMap(target -> target.values.stream()).collect(Collectors.toList());
602+
instanceIds = $("json.requestParameters.targets", []).stream().flatMap(target -> target.values.stream()).collect(Collectors.toList());
603603
}
604604
605605
if (instanceIds.size() == 1 && instanceIds.get(0) == "*") {
606-
instanceIds = [ field("json.recipientAccountId").get(null) ]; // if all instances, point to full account
606+
instanceIds = [ $("json.recipientAccountId", null) ]; // if all instances, point to full account
607607
}
608608
609609
addValues(enrichCtx.target, instanceIds);
@@ -628,21 +628,21 @@ processors:
628628
]);
629629
630630
if (eventName == "AssumeRole") {
631-
def userType = field("json.userIdentity.type").get(null);
631+
def userType = $("json.userIdentity.type", null);
632632
633633
if (userType == "AWSService") {
634-
enrichCtx.actor = field("json.userIdentity.invokedBy").get(null);
634+
enrichCtx.actor = $("json.userIdentity.invokedBy", null);
635635
} else if (userType == "AssumedRole") {
636-
enrichCtx.actor = field("json.userIdentity.sessionContext.sessionIssuer.arn").get(null);
636+
enrichCtx.actor = $("json.userIdentity.sessionContext.sessionIssuer.arn", null);
637637
} else {
638-
enrichCtx.actor = field("json.userIdentity.arn").get(null);
638+
enrichCtx.actor = $("json.userIdentity.arn", null);
639639
}
640640
641641
addField(enrichCtx.target, "json.requestParameters.roleArn");
642642
643643
} else if (eventName == "GetCallerIdentity") {
644644
addField(enrichCtx.target, "json.recipientAccountId");
645-
enrichCtx.actor = field("json.userIdentity.arn").get(null);
645+
enrichCtx.actor = $("json.userIdentity.arn", null);
646646
647647
}
648648
}
@@ -715,9 +715,9 @@ processors:
715715
enrichCtx.related = new TreeSet();
716716
enrichCtx.target = new TreeSet();
717717
718-
enrichCtx.actor = field("json.userIdentity.arn").get(null); // default actor value
718+
enrichCtx.actor = $("json.userIdentity.arn", null); // default actor value
719719
if (enrichCtx.actor == null) {
720-
enrichCtx.actor = field("json.userIdentity.onBehalfOf.userId").get(null);
720+
enrichCtx.actor = $("json.userIdentity.onBehalfOf.userId", null);
721721
}
722722
723723
addFields(enrichCtx.related, [
@@ -728,10 +728,10 @@ processors:
728728
"json.userIdentity.sessionContext.sessionIssuer.userName"
729729
]);
730730
731-
field("json.resources").get([]).stream().forEach(f -> addValue(enrichCtx.related, f.ARN));
731+
$("json.resources", []).stream().forEach(f -> addValue(enrichCtx.related, f.ARN));
732732
733-
String eventSource = field("json.eventSource").get(null);
734-
String eventName = field("json.eventName").get(null);
733+
String eventSource = $("json.eventSource", null);
734+
String eventName = $("json.eventName", null);
735735
736736
enrichCloudformation(enrichCtx, eventSource, eventName);
737737
enrichCloudtrail(enrichCtx, eventSource, eventName);
@@ -1749,7 +1749,7 @@ processors:
17491749
Map flattened = [:];
17501750
int prefix = "aws.cloudtrail.flattened.".length();
17511751
for (String f: params.required_flattened_fields) {
1752-
def v = field(f).get(null);
1752+
def v = $(f, null);
17531753
if (v == null) {
17541754
continue;
17551755
}

0 commit comments

Comments
 (0)