feat: implement compliance orchestrator backend client and evaluation logic

Author: elmilan06

plugins/compliance-orchestrator/client/backend.go

@@ -1,6 +1,7 @@
 package client
 
 import (
+	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
@@ -65,19 +66,19 @@ func (c *BackendClient) HealthCheck(ctx context.Context) error {
 	return nil
 }
 
-func (c *BackendClient) GetReportConfigs(ctx context.Context) ([]models.ReportConfig, error) {
-	url := fmt.Sprintf("%s/api/compliance/report-config?page=0&size=1000&sort=id,asc", c.baseURL)
-	var reports []models.ReportConfig
+func (c *BackendClient) GetControlConfigs(ctx context.Context) ([]models.ControlConfig, error) {
+	url := fmt.Sprintf("%s/api/compliance/control-config?page=0&size=1000&sort=id,asc", c.baseURL)
+	var controls []models.ControlConfig
 
 	var body, err = c.GetRequest(ctx, url)
 	if err != nil {
 		return nil, err
 	}
 
-	if err := json.Unmarshal(body, &reports); err != nil {
+	if err := json.Unmarshal(body, &controls); err != nil {
 		return nil, err
 	}
-	return reports, nil
+	return controls, nil
 }
 
 func (c *BackendClient) GetActiveIndexPatterns(ctx context.Context) ([]models.IndexPattern, error) {
@@ -120,3 +121,32 @@ func (c *BackendClient) GetRequest(ctx context.Context, url string) ([]byte, err
 
 	return body, nil
 }
+
+func (b *BackendClient) IndexEvaluationResult(ctx context.Context, index string, doc any) error {
+	baseURL := plugins.PluginCfg("org.opensearch", false).Get("opensearch").String()
+	endpoint := fmt.Sprintf("%s/%s/_doc", baseURL, index)
+
+	jsonBody, err := json.Marshal(doc)
+	if err != nil {
+		return fmt.Errorf("failed to marshal evaluation result: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", endpoint, bytes.NewBuffer(jsonBody))
+	if err != nil {
+		return fmt.Errorf("failed to create index request: %w", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := b.httpClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("index request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode >= 300 {
+		return fmt.Errorf("indexing failed with status %d", resp.StatusCode)
+	}
+
+	return nil
+}

plugins/compliance-orchestrator/client/opensearch.go

@@ -1,6 +1,12 @@
 package client
 
 import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
 	"github.com/threatwinds/go-sdk/catcher"
 	sdkos "github.com/threatwinds/go-sdk/os"
 	"github.com/threatwinds/go-sdk/plugins"
@@ -22,3 +28,41 @@ func ConnectOpenSearch() error {
 
 	return nil
 }
+
+type SQLResponse struct {
+	Total int `json:"total"`
+}
+
+func (b *BackendClient) ExecuteSQLQuery(ctx context.Context, sql string) (int, error) {
+	baseURL := plugins.PluginCfg("org.opensearch", false).Get("opensearch").String()
+	sqlEndpoint := fmt.Sprintf("%s/_plugins/_sql", baseURL)
+
+	body := map[string]string{
+		"query": sql,
+	}
+
+	jsonBody, err := json.Marshal(body)
+	if err != nil {
+		return 0, fmt.Errorf("failed to marshal SQL body: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", sqlEndpoint, bytes.NewBuffer(jsonBody))
+	if err != nil {
+		return 0, fmt.Errorf("failed to create SQL request: %w", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := b.httpClient.Do(req)
+	if err != nil {
+		return 0, fmt.Errorf("SQL request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	var result SQLResponse
+	if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
+		return 0, fmt.Errorf("failed to decode SQL response: %w", err)
+	}
+
+	return result.Total, nil
+}

plugins/compliance-orchestrator/evaluator/evaluator.go

@@ -17,70 +17,152 @@ func NewEvaluator(backend *client.BackendClient) *Evaluator {
 	return &Evaluator{backend: backend}
 }
 
-func (e *Evaluator) Evaluate(ctx context.Context, cfg models.ReportConfig) (models.Evaluation, error) {
+func (e *Evaluator) Evaluate(ctx context.Context, cfg models.ControlConfig) (models.ControlEvaluation, error) {
 	// 1. Obtener index patterns activos
-	_, err := e.backend.GetActiveIndexPatterns(ctx)
+	patterns, err := e.backend.GetActiveIndexPatterns(ctx)
 	if err != nil {
-		return models.Evaluation{}, fmt.Errorf("failed to get index patterns: %w", err)
+		return models.ControlEvaluation{}, fmt.Errorf("failed to get index patterns: %w", err)
 	}
 
-	// 2. Evaluar cada QuerySpec
-	/*var results []models.QueryResult*/
-	for _, q := range cfg.Queries {
-		/*qr := e.evaluateQuery(ctx, q, patterns)
-		results = append(results, qr)*/
+	results := make([]models.QueryEvaluation, 0)
+	applicable := make([]models.QueryEvaluation, 0) // solo queries con indexPattern activo
+
+	// 2. Evaluar cada QueryConfig
+	for _, q := range cfg.QueriesConfigs {
 		catcher.Info("Evaluating query", map[string]any{
 			"query_id": q.ID,
 		})
-	}
 
-	/*final := combineResults(cfg, results)
+		// 2.1 Si el index pattern NO está activo → NOT_APPLICABLE
+		if !patternExists(int(q.IndexPatternID), patterns) {
+			reason := "Index pattern not active"
+			qr := models.QueryEvaluation{
+				QueryConfigID: q.ID,
+				QueryName:     q.QueryName,
+				Hits:          0,
+				Status:        models.QueryStatusNotApplicable,
+				ErrorMessage:  &reason,
+			}
+			results = append(results, qr)
+			continue
+		}
 
-	return final, nil*/
+		// 2.2 Evaluar query normalmente
+		qr := e.evaluateQuery(ctx, q)
+		results = append(results, qr)
 
-	return models.Evaluation{}, nil
-}
+		// 2.3 Solo las queries aplicables participan en la estrategia ALL/ANY
+		if qr.Status != models.QueryStatusNotApplicable {
+			applicable = append(applicable, qr)
+		}
+	}
+
+	// 3. Combinar resultados según la estrategia del control
+	finalStatus := computeControlStatus(cfg.ControlStrategy, applicable)
 
-func (e *Evaluator) evaluateQuery(ctx context.Context, q models.QuerySpec, patterns []models.IndexPattern) models.QueryResult {
+	// 4. Construir evaluación final
+	return models.ControlEvaluation{
+		ControlConfigID:  cfg.ID,
+		ControlName:      cfg.ControlName,
+		Status:           finalStatus,
+		QueryEvaluations: results,
+	}, nil
+}
 
-	/*if !patternExists(q.IndexPatternID, patterns) {
-		return models.QueryResult{
-			QueryID: int(q.ID),
-			Status:  models.StatusNotApplicable,
-			Reason:  "Index pattern not active",
+func (e *Evaluator) evaluateQuery(ctx context.Context, q models.QueryConfig) models.QueryEvaluation {
+	// Ejecutar la query SQL real contra OpenSearch
+	hits, err := e.backend.ExecuteSQLQuery(ctx, q.SQLQuery)
+	if err != nil {
+		msg := fmt.Sprintf("query execution failed: %v", err)
+		return models.QueryEvaluation{
+			QueryConfigID: q.ID,
+			QueryName:     q.QueryName,
+			Hits:          0,
+			Status:        models.QueryStatusError,
+			ErrorMessage:  &msg,
 		}
-	}*/
+	}
+
+	// Evaluar la regla con los hits obtenidos
+	status, errMsg := evaluateQueryRule(q, hits)
 
-	return models.QueryResult{
-		QueryID: int(q.ID),
-		Status:  models.StatusCompliant,
-		Reason:  "Query executed successfully (placeholder)",
+	return models.QueryEvaluation{
+		QueryConfigID: q.ID,
+		QueryName:     q.QueryName,
+		Hits:          int64(hits),
+		Status:        status,
+		ErrorMessage:  errMsg,
 	}
 }
 
-func patternExists(pattern int, active []models.IndexPattern) bool {
-	for _, p := range active {
-		if p.ID == pattern && p.Active {
-			return true
+func evaluateQueryRule(q models.QueryConfig, hits int) (models.QueryEvaluationStatus, *string) {
+	switch q.EvaluationRule {
+
+	case models.NoHitsAllowed:
+		if hits == 0 {
+			return models.QueryStatusCompliant, nil
+		}
+		return models.QueryStatusNonCompliant, nil
+
+	case models.MinHitsRequired:
+		if q.RuleValue == nil {
+			msg := "ruleValue is required for MIN_HITS_REQUIRED"
+			return models.QueryStatusError, &msg
 		}
+		if hits >= *q.RuleValue {
+			return models.QueryStatusCompliant, nil
+		}
+		return models.QueryStatusNonCompliant, nil
+
+	case models.ThresholdMax:
+		if q.RuleValue == nil {
+			msg := "ruleValue is required for THRESHOLD_MAX"
+			return models.QueryStatusError, &msg
+		}
+		if hits <= *q.RuleValue {
+			return models.QueryStatusCompliant, nil
+		}
+		return models.QueryStatusNonCompliant, nil
+
+	default:
+		msg := "unknown evaluation rule"
+		return models.QueryStatusError, &msg
 	}
-	return false
 }
 
-func combineResults(cfg models.ReportConfig, results []models.QueryResult) models.Evaluation {
-	final := models.Evaluation{
-		ReportID: int(cfg.ID),
-		Results:  results,
-	}
+func computeControlStatus(strategy models.ComplianceStrategy, results []models.QueryEvaluation) models.ControlEvaluationStatus {
 
-	// Estrategia simple: si alguna query es NON_COMPLIANT → NON_COMPLIANT
-	for _, r := range results {
-		if r.Status == models.StatusNonCompliant {
-			final.Status = models.StatusNonCompliant
-			return final
+	switch strategy {
+
+	case models.StrategyAll:
+		// ALL → todas deben ser COMPLIANT
+		for _, r := range results {
+			if r.Status != models.QueryStatusCompliant {
+				return models.ControlStatusNonCompliant
+			}
+		}
+		return models.ControlStatusCompliant
+
+	case models.StrategyAny:
+		// ANY → basta con que una sea COMPLIANT
+		for _, r := range results {
+			if r.Status == models.QueryStatusCompliant {
+				return models.ControlStatusCompliant
+			}
 		}
+		return models.ControlStatusNonCompliant
+
+	default:
+		// fallback seguro
+		return models.ControlStatusNonCompliant
 	}
+}
 
-	final.Status = models.StatusCompliant
-	return final
+func patternExists(pattern int, active []models.IndexPattern) bool {
+	for _, p := range active {
+		if int(p.ID) == pattern && p.Active {
+			return true
+		}
+	}
+	return false
 }

plugins/compliance-orchestrator/models/constant.go

@@ -1,8 +1,32 @@
 package models
 
+type QueryEvaluationStatus string
+
+const (
+	QueryStatusCompliant     QueryEvaluationStatus = "COMPLIANT"
+	QueryStatusNonCompliant  QueryEvaluationStatus = "NON_COMPLIANT"
+	QueryStatusNotApplicable QueryEvaluationStatus = "NOT_APPLICABLE"
+	QueryStatusError         QueryEvaluationStatus = "ERROR"
+)
+
+type ControlEvaluationStatus string
+
+const (
+	ControlStatusCompliant    ControlEvaluationStatus = "COMPLIANT"
+	ControlStatusNonCompliant ControlEvaluationStatus = "NON_COMPLIANT"
+)
+
+type EvaluationRule string
+
+const (
+	NoHitsAllowed   EvaluationRule = "NO_HITS_ALLOWED"
+	MinHitsRequired EvaluationRule = "MIN_HITS_REQUIRED"
+	ThresholdMax    EvaluationRule = "THRESHOLD_MAX"
+)
+
+type ComplianceStrategy string
+
 const (
-	StatusCompliant     = "COMPLIANT"
-	StatusNonCompliant  = "NON_COMPLIANT"
-	StatusNotApplicable = "NOT_APPLICABLE"
-	StatusError         = "ERROR"
+	StrategyAll ComplianceStrategy = "ALL"
+	StrategyAny ComplianceStrategy = "ANY"
 )

plugins/compliance-orchestrator/models/control_evaluation.go

@@ -0,0 +1,11 @@
+package models
+
+import "time"
+
+type ControlEvaluation struct {
+	ControlConfigID  int64                   `json:"controlConfigId"`
+	ControlName      string                  `json:"controlName"`
+	Status           ControlEvaluationStatus `json:"status"`
+	QueryEvaluations []QueryEvaluation       `json:"queryevaluations"`
+	EvaluatedAt      time.Time               `json:"evaluatedAt"`
+}

plugins/compliance-orchestrator/models/evaluation.go

@@ -0,0 +1,11 @@
+package models
+
+import "time"
+
+type EvaluationDocument struct {
+	ControlID        int64                   `json:"control_id"`
+	ControlName      string                  `json:"control_name"`
+	Status           ControlEvaluationStatus `json:"status"`
+	Timestamp        time.Time               `json:"timestamp"`
+	QueryEvaluations []QueryEvaluation       `json:"query_evaluations"`
+}

plugins/compliance-orchestrator/models/evaluation_document.go

@@ -0,0 +1,10 @@
+package models
+
+type QueryEvaluation struct {
+	QueryConfigID int64                 `json:"queryConfigId"`
+	QueryName     string                `json:"queryName"`
+	Hits          int64                 `json:"hits"`
+	Status        QueryEvaluationStatus `json:"status"`
+	ErrorMessage  *string               `json:"errorMessage,omitempty"`
+	Evidence      [][]any               `json:"evidence,omitempty"`
+}