feat: implement compliance orchestrator backend client and evaluation logic

Author: elmilan06

plugins/compliance-orchestrator/bootstrap.go

@@ -0,0 +1,76 @@
+package main
+
+import (
+	"context"
+	"time"
+
+	"github.com/threatwinds/go-sdk/catcher"
+	"github.com/utmstack/UTMStack/plugins/compliance-orchestrator/client"
+)
+
+func waitForBackend(bc *client.BackendClient) error {
+	maxRetries := 3
+	retryDelay := 2 * time.Second
+
+	for retry := 0; retry < maxRetries; retry++ {
+		err := bc.HealthCheck(context.Background())
+		if err == nil {
+			catcher.Info("Connected to Backend", map[string]any{
+				"process": "compliance-orchestrator",
+			})
+			return nil
+		}
+
+		catcher.Error("Cannot connect to Backend, retrying", err, map[string]any{
+			"retry": retry + 1,
+		})
+
+		if retry < maxRetries-1 {
+			time.Sleep(retryDelay)
+			retryDelay *= 2
+		} else {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func waitForOpenSearch() error {
+	maxRetries := 3
+	retryDelay := 2 * time.Second
+
+	for retry := 0; retry < maxRetries; retry++ {
+		err := client.ConnectOpenSearch()
+		if err == nil {
+			return nil
+		}
+
+		catcher.Error("Cannot connect to OpenSearch, retrying", err, map[string]any{
+			"retry": retry + 1,
+		})
+
+		if retry < maxRetries-1 {
+			time.Sleep(retryDelay)
+			retryDelay *= 2
+		} else {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func bootstrap() (*client.BackendClient, error) {
+	backend := client.NewBackendClient()
+
+	if err := waitForBackend(backend); err != nil {
+		return nil, err
+	}
+
+	if err := waitForOpenSearch(); err != nil {
+		return nil, err
+	}
+
+	return backend, nil
+}

plugins/compliance-orchestrator/client/backend.go

@@ -0,0 +1,122 @@
+package client
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/threatwinds/go-sdk/catcher"
+	"github.com/threatwinds/go-sdk/plugins"
+	"github.com/utmstack/UTMStack/plugins/compliance-orchestrator/models"
+)
+
+type BackendClient struct {
+	baseURL     string
+	internalKey string
+	httpClient  *http.Client
+}
+
+func NewBackendClient() *BackendClient {
+	raw := plugins.PluginCfg("com.utmstack", false).Get("backend").String()
+
+	if !strings.HasPrefix(raw, "http://") && !strings.HasPrefix(raw, "https://") {
+		raw = "http://" + raw
+	}
+
+	return &BackendClient{
+		baseURL:     raw,
+		internalKey: plugins.PluginCfg("com.utmstack", false).Get("internalKey").String(),
+		httpClient: &http.Client{
+			Timeout: 30 * time.Second,
+		},
+	}
+}
+
+func (c *BackendClient) HealthCheck(ctx context.Context) error {
+	url := fmt.Sprintf("%s/api/ping", c.baseURL)
+
+	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	if err != nil {
+		return catcher.Error("failed to create backend ping request", err, nil)
+	}
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return catcher.Error("backend ping request failed", err, nil)
+	}
+
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+			catcher.Error("failed to close backend ping response body", err, nil)
+		}
+	}(resp.Body)
+
+	if resp.StatusCode != http.StatusOK {
+		return catcher.Error("backend ping returned non-200", nil, map[string]any{
+			"status": resp.StatusCode,
+		})
+	}
+
+	return nil
+}
+
+func (c *BackendClient) GetReportConfigs(ctx context.Context) ([]models.ReportConfig, error) {
+	url := fmt.Sprintf("%s/api/compliance/report-config?page=0&size=1000&sort=id,asc", c.baseURL)
+	var reports []models.ReportConfig
+
+	var body, err = c.GetRequest(ctx, url)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := json.Unmarshal(body, &reports); err != nil {
+		return nil, err
+	}
+	return reports, nil
+}
+
+func (c *BackendClient) GetActiveIndexPatterns(ctx context.Context) ([]models.IndexPattern, error) {
+	url := fmt.Sprintf("%s/api/utm-index-patterns?page=0&size=1000&sort=id,asc&isActive.equals=true", c.baseURL)
+	var activeIndex []models.IndexPattern
+
+	var body, err = c.GetRequest(ctx, url)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := json.Unmarshal(body, &activeIndex); err != nil {
+		return nil, err
+	}
+	return activeIndex, nil
+}
+
+func (c *BackendClient) GetRequest(ctx context.Context, url string) ([]byte, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("utm-internal-key", c.internalKey)
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("backend returned %d", resp.StatusCode)
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	return body, nil
+}

plugins/compliance-orchestrator/client/opensearch.go

@@ -0,0 +1,24 @@
+package client
+
+import (
+	"github.com/threatwinds/go-sdk/catcher"
+	sdkos "github.com/threatwinds/go-sdk/os"
+	"github.com/threatwinds/go-sdk/plugins"
+)
+
+func ConnectOpenSearch() error {
+	osUrl := plugins.PluginCfg("org.opensearch", false).Get("opensearch").String()
+
+	err := sdkos.Connect([]string{osUrl}, "", "")
+	if err != nil {
+		return catcher.Error("failed to connect to OpenSearch", err, map[string]any{
+			"url": osUrl,
+		})
+	}
+
+	catcher.Info("Connected to OpenSearch", map[string]any{
+		"url": osUrl,
+	})
+
+	return nil
+}

plugins/compliance-orchestrator/evaluator/evaluator.go

@@ -0,0 +1,86 @@
+package evaluator
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/threatwinds/go-sdk/catcher"
+	"github.com/utmstack/UTMStack/plugins/compliance-orchestrator/client"
+	"github.com/utmstack/UTMStack/plugins/compliance-orchestrator/models"
+)
+
+type Evaluator struct {
+	backend *client.BackendClient
+}
+
+func NewEvaluator(backend *client.BackendClient) *Evaluator {
+	return &Evaluator{backend: backend}
+}
+
+func (e *Evaluator) Evaluate(ctx context.Context, cfg models.ReportConfig) (models.Evaluation, error) {
+	// 1. Obtener index patterns activos
+	_, err := e.backend.GetActiveIndexPatterns(ctx)
+	if err != nil {
+		return models.Evaluation{}, fmt.Errorf("failed to get index patterns: %w", err)
+	}
+
+	// 2. Evaluar cada QuerySpec
+	/*var results []models.QueryResult*/
+	for _, q := range cfg.Queries {
+		/*qr := e.evaluateQuery(ctx, q, patterns)
+		results = append(results, qr)*/
+		catcher.Info("Evaluating query", map[string]any{
+			"query_id": q.ID,
+		})
+	}
+
+	/*final := combineResults(cfg, results)
+
+	return final, nil*/
+
+	return models.Evaluation{}, nil
+}
+
+func (e *Evaluator) evaluateQuery(ctx context.Context, q models.QuerySpec, patterns []models.IndexPattern) models.QueryResult {
+
+	/*if !patternExists(q.IndexPatternID, patterns) {
+		return models.QueryResult{
+			QueryID: int(q.ID),
+			Status:  models.StatusNotApplicable,
+			Reason:  "Index pattern not active",
+		}
+	}*/
+
+	return models.QueryResult{
+		QueryID: int(q.ID),
+		Status:  models.StatusCompliant,
+		Reason:  "Query executed successfully (placeholder)",
+	}
+}
+
+func patternExists(pattern int, active []models.IndexPattern) bool {
+	for _, p := range active {
+		if p.ID == pattern && p.Active {
+			return true
+		}
+	}
+	return false
+}
+
+func combineResults(cfg models.ReportConfig, results []models.QueryResult) models.Evaluation {
+	final := models.Evaluation{
+		ReportID: int(cfg.ID),
+		Results:  results,
+	}
+
+	// Estrategia simple: si alguna query es NON_COMPLIANT → NON_COMPLIANT
+	for _, r := range results {
+		if r.Status == models.StatusNonCompliant {
+			final.Status = models.StatusNonCompliant
+			return final
+		}
+	}
+
+	final.Status = models.StatusCompliant
+	return final
+}

plugins/compliance-orchestrator/go.mod

@@ -0,0 +1,54 @@
+module github.com/utmstack/UTMStack/plugins/compliance-orchestrator
+
+go 1.25.5
+
+require github.com/threatwinds/go-sdk v1.1.8
+
+require (
+	cel.dev/expr v0.25.1 // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.0 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.12 // indirect
+	github.com/gin-contrib/sse v1.1.0 // indirect
+	github.com/gin-gonic/gin v1.11.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.30.1 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
+	github.com/google/cel-go v0.26.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/opensearch-project/opensearch-go/v4 v4.6.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
+	github.com/stoewer/go-strcase v1.3.1 // indirect
+	github.com/tidwall/gjson v1.18.0 // indirect
+	github.com/tidwall/match v1.2.0 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
+	go.yaml.in/yaml/v2 v2.4.3 // indirect
+	golang.org/x/arch v0.23.0 // indirect
+	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/exp v0.0.0-20260112195511-716be5621a96 // indirect
+	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/text v0.33.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260114163908-3f89685c29c3 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260114163908-3f89685c29c3 // indirect
+	google.golang.org/grpc v1.78.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	sigs.k8s.io/yaml v1.6.0 // indirect
+)