Implement the Rest API on the Indexer

[AlexRuiz7]

Description

We need to create a new HTTP Rest API to the Command Manager plugin, exposing a POST endpoint that receives the command action request from the Management API on the Wazuh Server node, or from the Content Manager plugin (this is yet to be defined). Independently of the source, the Command Manager endpoint must receive this information, fit it into the Command index data model and persist the data on the index.

The endpoint must define the endpoint and its parameters, validate the data and persist it as the Commands index data model requires.

Be aware of any security concerns. On a next iteration, we want to secure the endpoint, so only allowed clients are allowed to use the endpoint.

Tasks

• Implement the ActionPlugin interface
• Implement the Rest endpoint (resthandler, model, ...)
• Validate the data
• Persist the data into the commands index.

[AlexRuiz7]

The API endpoint is already functional, we are polishing some details for the MVP delivery.

To test the endpoint with sample data, we have generated an events generator (see wazuh/wazuh-indexer#433). We can see a demo of the endpoint in action below.

curl -XPOST "http://127.0.0.1:9200/test/_doc" -H 'Content-Type: application/json' -d'
{
  "source": "Users/Services",
  "user": "user13",
  "target": "WazuhServerCluster5",
  "type": "agent_group",
  "action": {
      "type": "Server cluster",
      "args": [
          "/path/to/executable/arg8"
      ],
      "version": "v4"
  },
  "timeout": 100
}'

The API replies with the following schema:

{"_index":".commands","_id":"<document_id>","result":"created"}

If we query the index for result, we get:

http://localhost:9200/command-manager/_search

{
  "took": 37,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 1,
      "relation": "eq"
    },
    "max_score": 1,
    "hits": [
      {
        "_index": "command-manager",
        "_id": "1618514298767712625",
        "_score": 1,
        "_source": {
          "source": "Users/Services",
          "user": "user53",
          "target": "WazuhServerCluster5",
          "type": "agent",
          "action": {
            "type": "Agent groups",
            "args": [
              "/path/to/executable/arg8"
            ],
            "version": "v5"
          },
          "timeout": 92,
          "status": "PENDING",
          "order_id": "1618514298",
          "request_id": "767712625"
        }
      }
    ]
  }
}