Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

expected_values in field definitions #1952

Merged
merged 7 commits into from
Jun 20, 2022
Merged

expected_values in field definitions #1952

merged 7 commits into from
Jun 20, 2022

Conversation

ebeahan
Copy link
Member

@ebeahan ebeahan commented Jun 6, 2022

Adds support for an expected_values attribute in schema field definitions.

Specific ECS fields include lists of expected values, and expected_values provides a consistent location to capture those values.

Example definition

Fields define an expected_values array. Additionally, the --strict flag now compares the value(s) in example against the expected_values.

---
- name: faas
  fields:
    - name: trigger.type
      level: extended
      type: keyword
      short: The trigger for the function execution.
      expected_values:
        - http
        - pubsub
        - data source
        - timer
        - other
      description: >
        The trigger for the function execution.
     example: http

Example field rendering

The Jinja2 template now consistently renders the expected_values. Unordered lists are now also generated with formatting.

Screen Shot 2022-06-06 at 4 37 27 PM

Additional field-details.asciidoc formatting change

Asciidoc supports additional formatting options in a table cell using the a| operator. This change opens up a better formatting experience for ECS field descriptions.

The field-details.j2 template now uses a| for each field description.

Addresses #1951

@ebeahan ebeahan requested a review from a team as a code owner June 6, 2022 21:50
@ebeahan ebeahan self-assigned this Jun 6, 2022
@djptek
Copy link
Contributor

djptek commented Jun 7, 2022

Hi @ebeahan

Have you looked into using the same structure as allowed_values to implement expected_values ?

The fact that allowed_values has a sub-attribute expected_event_types is unfortunate, however, I would expect expected_values to use the same structure as allowed_values to permit re-use both in ECS tooling and in any potential downstream field validation code.

Assuming inviability of renaming **.allowed_values.expected_event_types, I think it might be an option to have e.g. **.expected_values.expected_event_types echoing the same structure. This is turn might suggest a PR to synchronise previously documented expected values from their related descriptions, so for example file.attributes might look like:

- name: attributes
      level: extended
      type: keyword
      short: Array of file attributes.
      description: >
        Array of file attributes.

        Attributes names will vary by platform. Here's a non-exhaustive list of values
        that are expected in this field: archive, compressed, directory, encrypted,
        execute, hidden, read, readonly, system, write.
      example: '["readonly", "system"]'
      normalize:
        - array
      expected_values:
        -expected_event_types:
            - archive
            - compressed
            - directory
            - encrypted
            - execute
            - hidden
            - read
            - readonly
            - system
            - write

@ebeahan
Copy link
Member Author

ebeahan commented Jun 7, 2022

Have you looked into using the same structure as allowed_values to implement expected_values ?

I haven't thought of using a list of objects over a list.

allowed_values holds a list of objects with name, description, and expected_event_types keys. In this implementation, expected_keys only holds a list of expected values.

Are there other keys/attributes to set underneath expected_values? If not, I prefer the simplicity of expected_values.

@djptek
Copy link
Contributor

djptek commented Jun 7, 2022

The relationship between allowed_values and expected_values may need care. Prior to commenting on this issue, I did a lot of searching and grep-ing and was considering raising a meta-issue to clarify this before opting to comment here.

I prefer the simplicity of expected_values.

I agree the simplicity of having the values in an array would be aesthetically preferable, but I'm uncomfortable with doing expected_values and allowed_values differently, because that would obstruct reuse in our tools & end-users tools, and allowed_values has already been done this way.

I agree that the description may be redundant for expected_values, however, from a usage standpoint, if a user is writing validation code they would first address allowed_values because these could threaten data integrity. To refactor allowed_values may be a breaking change for users, so if that's not going to change my inclination would be to follow the established pattern.

@djptek
Copy link
Contributor

djptek commented Jun 13, 2022

Discussed offline @ebeahan let's go ahead with the list

@djptek
Copy link
Contributor

djptek commented Jun 14, 2022

LGTM

@djptek djptek self-requested a review June 14, 2022 09:10
djptek
djptek approved these changes Jun 14, 2022
View reviewed changes
Copy link
Contributor

@djptek djptek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ebeahan ebeahan merged commit 4a3ec76 into elastic:main Jun 20, 2022
@ebeahan ebeahan deleted the expected-values branch June 20, 2022 19:54
ebeahan added a commit to ebeahan/ecs that referenced this pull request Jun 20, 2022
@ebeahan
expected_values in field definitions (elastic#1952)
a27a10a 
* render expected_values in field details j2 template

* add check of examples against expected_values

* document expected_values attr

* incorporate cell formatting option

* note --strict validation of example against expected_values

* escape unintended copyright text replacements

(cherry picked from commit 4a3ec76)

# Conflicts:
#	experimental/generated/csv/fields.csv
#	generated/csv/fields.csv
@ebeahan ebeahan mentioned this pull request Jun 20, 2022
Merged
@ebeahan
Copy link
Member Author

ebeahan commented Jun 20, 2022

💚 All backports created successfully

Status Branch Result
8.4

Questions ?

Please refer to the Backport tool documentation

ebeahan added a commit that referenced this pull request Jun 20, 2022
@ebeahan
expected_values in field definitions (#1952) (#1961)
1993913 
* render expected_values in field details j2 template

* add check of examples against expected_values

* document expected_values attr

* incorporate cell formatting option

* note --strict validation of example against expected_values

* escape unintended copyright text replacements

(cherry picked from commit 4a3ec76)
This was referenced Jun 21, 2022
Closed
Merged
@andrewkroh andrewkroh mentioned this pull request Jun 23, 2022
Closed
@jsoriano jsoriano mentioned this pull request Jun 24, 2022
Merged
mitodrummer pushed a commit to mitodrummer/ecs that referenced this pull request Jul 6, 2022
@ebeahan
expected_values in field definitions (elastic#1952)
641e4c1 
* render expected_values in field details j2 template

* add check of examples against expected_values

* document expected_values attr

* incorporate cell formatting option

* note --strict validation of example against expected_values

* escape unintended copyright text replacements
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djptek djptek djptek approved these changes

Assignees

@ebeahan ebeahan

Labels
8.4.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ebeahan @djptek