Merge pull request wazuh#29357 from wazuh/enhancement/29323-engine-archiver

Adds archives to the Engine

Author: JcabreraC

docs/ref/modules/engine/spec.yaml

@@ -21,6 +21,8 @@ tags:
     description: "Operations for managing key-value databases"
   - name: Tester
     description: "Operations for testing and validating policies"
+  - name: Archiver
+    description: "Operations for managing the archives. By default a file 'archives.json' is created at '/var/lib/wazuh-server/archives.json' where all events received by the Engine are stored."
 
 #################################################################################
 # Paths
@@ -133,7 +135,7 @@ paths:
                   summary: The requested collection does not exist
                   value:
                     status: "ERROR"
-                    error: "Invalid collection type \"non-exist\""
+                    error: 'Invalid collection type "non-exist"'
                 invalid_format:
                   summary: The requested format does not exist
                   value:
@@ -143,12 +145,12 @@ paths:
                   summary: The asset content does not have a name
                   value:
                     status: "ERROR"
-                    error: "Invalid content name 'documentation': Invalid collection type \"documentation\""
+                    error: 'Invalid content name ''documentation'': Invalid collection type "documentation"'
                 name_type_mismatch:
                   summary: The asset name in the content does not match the asset type
                   value:
                     status: "ERROR"
-                    error: "Invalid content name 'non-exist/documentation/0': Invalid type \"non-exist\""
+                    error: 'Invalid content name ''non-exist/documentation/0'': Invalid type "non-exist"'
                 already_exists:
                   summary: The asset already exists currently
                   value:
@@ -198,7 +200,7 @@ paths:
                   summary: The requested collection does not exist
                   value:
                     status: "ERROR"
-                    error: "Invalid collection type \"non-exist\""
+                    error: 'Invalid collection type "non-exist"'
                 invalid_format:
                   summary: The requested format does not exist
                   value:
@@ -208,7 +210,7 @@ paths:
                   summary: The requested asset name has an invalid format
                   value:
                     status: "ERROR"
-                    error: "Invalid name \"decoder/core-wazuh-message/0/other\" received, a name with 1, 2 or 3 parts was expected"
+                    error: 'Invalid name "decoder/core-wazuh-message/0/other" received, a name with 1, 2 or 3 parts was expected'
         "500":
           $ref: "#/components/responses/InternalServerError_500"
 
@@ -300,7 +302,7 @@ paths:
                   summary: Invalid format of the asset name
                   value:
                     status: "ERROR"
-                    error: "Invalid name \"decoder/documentation/0/0\" received, a name with 1, 2 or 3 parts was expected"
+                    error: 'Invalid name "decoder/documentation/0/0" received, a name with 1, 2 or 3 parts was expected'
         "500":
           $ref: "#/components/responses/InternalServerError_500"
 
@@ -336,7 +338,7 @@ paths:
                   summary: Invalid helper function
                   value:
                     status: "ERROR"
-                    error: "In stage 'normalize' builder for block 'map' failed with error: Failed to build operation '@timestamp: map(\"non-exist()\")': Field '@timestamp' value validation failed: Invalid date"
+                    error: 'In stage ''normalize'' builder for block ''map'' failed with error: Failed to build operation ''@timestamp: map("non-exist()")'': Field ''@timestamp'' value validation failed: Invalid date'
                 invalid_map_structure:
                   summary: Invalid map structure
                   value:
@@ -2238,6 +2240,98 @@ paths:
                     error: "Cannot download database from 'https://raw.githubusercontent.com/wazuh/wazuh/blob/main/src/engine/test/integration_tests/geo/data/base.mmdb': Failed to download file from 'https://raw.githubusercontent.com/wazuh/wazuh/blob/main/src/engine/test/integration_tests/geo/data/base.mmdb', error: HTTP response code said error, status code: 404."
         "500":
           $ref: "#/components/responses/InternalServerError_500"
+  #################################
+  # Archiver
+  #################################
+  /archiver/activate:
+    post:
+      tags:
+        - Archiver
+      summary: Activate the archiver
+      description: |
+        This endpoint activates the archiver in the system.
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/EmptyRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/GenericSuccess_200"
+        "400":
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/responses/BadRequest_400"
+        "500":
+          $ref: "#/components/responses/InternalServerError_500"
+  /archiver/deactivate:
+    post:
+      tags:
+        - Archiver
+      summary: Deactivate the archiver
+      description: |
+        This endpoint deactivates the archiver in the system.
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/EmptyRequest"
+      responses:
+        "200":
+          $ref: "#/components/responses/GenericSuccess_200"
+        "400":
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/responses/BadRequest_400"
+        "500":
+          $ref: "#/components/responses/InternalServerError_500"
+  /archiver/status:
+    post:
+      tags:
+        - Archiver
+      summary: Get the status of the archiver
+      description: |
+        This endpoint retrieves the current status of the archiver.
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/EmptyRequest"
+      responses:
+        "200":
+          description: Successfully retrieved archiver status
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ArchiverStatus_Response"
+              examples:
+                archiver_active:
+                  summary: Archiver is active
+                  value:
+                    status: "OK"
+                    error: null
+                    active: true
+                archiver_inactive:
+                  summary: Archiver is inactive
+                  value:
+                    status: "OK"
+                    error: null
+                    active: false
+        "400":
+          description: Bad Request
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/responses/BadRequest_400"
+        "500":
+          $ref: "#/components/responses/InternalServerError_500"
 
 #################################################################################
 # Components

src/engine/CMakeLists.txt

@@ -229,6 +229,7 @@ add_subdirectory(${ENGINE_SOURCE_DIR}/queue)
 add_subdirectory(${ENGINE_SOURCE_DIR}/fs)
 add_subdirectory(${ENGINE_SOURCE_DIR}/keystore)
 add_subdirectory(${ENGINE_SOURCE_DIR}/httpsrv)
+add_subdirectory(${ENGINE_SOURCE_DIR}/archiver)
 
 target_link_libraries(main
     base
@@ -254,6 +255,7 @@ target_link_libraries(main
     httpsrv
     api::event
     queue
+    archiver
 )
 
 # If ASAN, UBSAN or any other sanitizers are enabled do not link with static libraries

src/engine/source/api/CMakeLists.txt

@@ -6,6 +6,7 @@ add_subdirectory(router)
 add_subdirectory(tester)
 add_subdirectory(kvdb)
 add_subdirectory(event)
+add_subdirectory(archiver)
 
 add_library(api INTERFACE)
 target_include_directories(api INTERFACE
@@ -19,4 +20,5 @@ target_link_libraries(api INTERFACE
   api::tester
   api::kvdb
   api::event
+  api::archiver
 )

src/engine/source/api/archiver/CMakeLists.txt

@@ -0,0 +1,39 @@
+set(SRC_DIR ${CMAKE_CURRENT_LIST_DIR}/src)
+set(INC_DIR ${CMAKE_CURRENT_LIST_DIR}/include)
+
+add_library(api_archiver STATIC
+  ${SRC_DIR}/handlers.cpp
+)
+target_include_directories(api_archiver
+  PUBLIC
+  ${INC_DIR}
+  PRIVATE
+  ${SRC_DIR}
+)
+target_link_libraries(api_archiver
+    PUBLIC
+    api::adapter
+    archiver::iface
+)
+add_library(api::archiver ALIAS api_archiver)
+
+if(ENGINE_BUILD_TEST)
+    set(TEST_SRC_DIR ${CMAKE_CURRENT_LIST_DIR}/test/src)
+    set(UNIT_SRC_DIR ${TEST_SRC_DIR}/unit)
+
+    add_executable(api_archiver_utest
+        ${UNIT_SRC_DIR}/handlers_test.cpp
+    )
+    target_include_directories(api_archiver_utest
+        PRIVATE
+        ${UNIT_SRC_DIR}
+    )
+    target_link_libraries(api_archiver_utest
+        PRIVATE
+        api::archiver
+        GTest::gtest_main
+        api::adapter::test
+        archiver::mocks
+    )
+    gtest_discover_tests(api_archiver_utest)
+endif()

src/engine/source/api/archiver/include/api/archiver/handlers.hpp

@@ -0,0 +1,25 @@
+#ifndef _API_ARCHIVER_HANDLERS_HPP
+#define _API_ARCHIVER_HANDLERS_HPP
+
+#include <api/adapter/adapter.hpp>
+#include <archiver/iarchiver.hpp>
+#include <base/baseTypes.hpp>
+
+namespace api::archiver::handlers
+{
+adapter::RouteHandler activateArchiver(const std::shared_ptr<::archiver::IArchiver>& archiver);
+
+adapter::RouteHandler deactivateArchiver(const std::shared_ptr<::archiver::IArchiver>& archiver);
+
+adapter::RouteHandler getArchiverStatus(const std::shared_ptr<::archiver::IArchiver>& archiver);
+
+inline void registerHandlers(const std::shared_ptr<::archiver::IArchiver>& archiver,
+                             const std::shared_ptr<httpsrv::Server>& server)
+{
+    server->addRoute(httpsrv::Method::POST, "/archiver/activate", activateArchiver(archiver));
+    server->addRoute(httpsrv::Method::POST, "/archiver/deactivate", deactivateArchiver(archiver));
+    server->addRoute(httpsrv::Method::POST, "/archiver/status", getArchiverStatus(archiver));
+}
+} // namespace api::archiver::handlers
+
+#endif // _API_ARCHIVER_HANDLERS_HPP

src/engine/source/api/archiver/src/handlers.cpp

@@ -0,0 +1,87 @@
+#include <api/archiver/handlers.hpp>
+#include <base/logging.hpp>
+#include <eMessages/archiver.pb.h>
+
+namespace api::archiver::handlers
+{
+
+namespace eArchiver = adapter::eEngine::archiver;
+namespace eEngine = adapter::eEngine;
+
+adapter::RouteHandler activateArchiver(const std::shared_ptr<::archiver::IArchiver>& archiver)
+{
+    return [lambdaName = logging::getLambdaName(__FUNCTION__, "apiHandler"),
+            weakArchiver = std::weak_ptr(archiver)](const auto& req, auto& res)
+    {
+        using RequestType = eArchiver::ArchiverActivate_Request;
+        using ResponseType = eEngine::GenericStatus_Response;
+
+        auto result = adapter::getReqAndHandler<RequestType, ResponseType, ::archiver::IArchiver>(req, weakArchiver);
+        if (adapter::isError(result))
+        {
+            res = adapter::getErrorResp(result);
+            return;
+        }
+
+        auto [archiver, protoReq] = adapter::getRes(result);
+
+        archiver->activate();
+
+        ResponseType eResponse;
+        eResponse.set_status(eEngine::ReturnStatus::OK);
+        res = adapter::userResponse(eResponse);
+    };
+}
+
+adapter::RouteHandler deactivateArchiver(const std::shared_ptr<::archiver::IArchiver>& archiver)
+{
+    return [lambdaName = logging::getLambdaName(__FUNCTION__, "apiHandler"),
+            weakArchiver = std::weak_ptr(archiver)](const auto& req, auto& res)
+    {
+        using RequestType = eArchiver::ArchiverDeactivate_Request;
+        using ResponseType = eEngine::GenericStatus_Response;
+
+        auto result = adapter::getReqAndHandler<RequestType, ResponseType, ::archiver::IArchiver>(req, weakArchiver);
+        if (adapter::isError(result))
+        {
+            res = adapter::getErrorResp(result);
+            return;
+        }
+
+        auto [archiver, protoReq] = adapter::getRes(result);
+
+        archiver->deactivate();
+
+        ResponseType eResponse;
+        eResponse.set_status(eEngine::ReturnStatus::OK);
+        res = adapter::userResponse(eResponse);
+    };
+}
+
+adapter::RouteHandler getArchiverStatus(const std::shared_ptr<::archiver::IArchiver>& archiver)
+{
+    return [lambdaName = logging::getLambdaName(__FUNCTION__, "apiHandler"),
+            weakArchiver = std::weak_ptr(archiver)](const auto& req, auto& res)
+    {
+        using RequestType = eArchiver::ArchiverStatus_Request;
+        using ResponseType = eArchiver::ArchiverStatus_Response;
+
+        auto result = adapter::getReqAndHandler<RequestType, ResponseType, ::archiver::IArchiver>(req, weakArchiver);
+        if (adapter::isError(result))
+        {
+            res = adapter::getErrorResp(result);
+            return;
+        }
+
+        auto [archiver, protoReq] = adapter::getRes(result);
+
+        // Get the status
+        const auto isActive = archiver->isActive();
+
+        ResponseType eResponse;
+        eResponse.set_status(eEngine::ReturnStatus::OK);
+        eResponse.set_active(isActive);
+        res = adapter::userResponse(eResponse);
+    };
+}
+} // namespace api::archiver::handlers