Validate fields using ECS JSON schema when all stack versions support ecs@mappings #1711
Conversation
With the change elastic-package load JSON schema when: - package-spec > 2.3.0 and import_mappings: true - package-spec > 3.1.3 If package-spec is >= 2.3.0 and < 3.1.3 elastic-package continue to embed the legacy ecs@mappings.
zmoog
changed the title
We should continue support import mappings for integrations that want to. We don't want to force integrations devs to migrate.
zmoog
force-pushed
the
zmoog/deprecate-import-mappings
branch
from
3bc07d7 to
02c8e9c
Compare
zmoog
changed the title
This is an experiment to try inferring if all supported stack versions in the Kibana constraints support ECS mappings. If not, we don't include the ECS JSON schema mappings. In this case, users can opt for one of the following: - enable import mappings - add field mappings - bump the Kibana constraints >= 8.13.0
|
@jsoriano, the gist of this change is to enable
Kibana constraints can be as simple as The semver package we're using does not offer to get the minimum supported version out of a constraints expression, and I want to try something simpler before custom parsing it. So I ran a little experiment to infer if the Kibana constrains support a stack version without ECS support. Let me know what you think. |
zmoog
changed the title
We compare all ES releases without ECS support against the kibana constraints to assess if the package can use the ECS JSON schema or not.
| // This check works under the assumption the constraints are not limited | ||
| // upwards. | ||
| // | ||
| // For example, if the constraint is `>= 8.12.0` and the stack version is | ||
| // `8.12.999`, the constraint will be satisfied. | ||
| // | ||
| // However, if the constraint is `>= 8.0.0, < 8.10.0` the check will not | ||
| // return the right result. | ||
| // | ||
| // To support this, we would need to check the constraint against a larger | ||
| // set of versions, and check if the constraint is satisfied for all | ||
| // of them, like in the commented out example above. | ||
| // | ||
| // lastStackVersionWithoutEcsMappings := semver.MustParse("8.12.999") | ||
| // return !kibanaConstraints.Check(lastStackVersionWithoutEcsMappings) |
There was a problem hiding this comment.
This is a simpler implementation that checks the Kibana constraints agains the latest known stack version that does NOT support ecs@mappings.
This check works under the assumption the constraints are not limited upwards (for example, ^8.10.0 or ^7.14.0 || ^8.0.0).
I plan to remove at the end of the review process, but I want to mention it as an option.
There was a problem hiding this comment.
This option is actually not bad, but yeah, let's go with the other one that looks safer.
|
/test integrations |
There was a problem hiding this comment.
Looks good overall.
It would be good though to add a test case for a package with kibana.version: '^8.13.0', that uses ECS fields and doesn't embed them. I think that currently all tests are used with the default version of the stack, so maybe we need to change this for the test to work.
Pinging @mrodm to take another look on the change, and help with adding a test if needed.
| // This check works under the assumption the constraints are not limited | ||
| // upwards. | ||
| // | ||
| // For example, if the constraint is `>= 8.12.0` and the stack version is | ||
| // `8.12.999`, the constraint will be satisfied. | ||
| // | ||
| // However, if the constraint is `>= 8.0.0, < 8.10.0` the check will not | ||
| // return the right result. | ||
| // | ||
| // To support this, we would need to check the constraint against a larger | ||
| // set of versions, and check if the constraint is satisfied for all | ||
| // of them, like in the commented out example above. | ||
| // | ||
| // lastStackVersionWithoutEcsMappings := semver.MustParse("8.12.999") | ||
| // return !kibanaConstraints.Check(lastStackVersionWithoutEcsMappings) |
There was a problem hiding this comment.
This option is actually not bad, but yeah, let's go with the other one that looks safer.
internal/fields/validate.go
Outdated
| var schema []FieldDefinition | ||
| if buildManifest.ImportMappings() && !specVersion.LessThan(semver2_3_0) && importECSSchema { | ||
| if (packageEmbedsEcsMappings || stackIncludesEcsMapping) && importECSSchema { |
There was a problem hiding this comment.
Please, add or modify a test package so we have a test case with a package that uses ECS fields, but doesn't embeds the mappings.
There was a problem hiding this comment.
If we want to test the scenario where the package uses the ECS in Elasticsearch, we need a stack version 8.13.0.
@mrodm, which version of the stack the tests run on? Can we have stack version 8.13.0 (for all tests or just one)?
There was a problem hiding this comment.
@mrodm, which version of the stack the tests run on? Can we have stack version 8.13.0 (for all tests or just one)?
Currently, the steps in the CI to test packages run with the default version. IIRC that version now should be 8.12.0.
If this needs to be changed, it needs to be updated scripts/test-check-packages.sh to allow define --version flag in the elastic-package stack up command through an environment variable or so. This will require also update
- Makefile: to add a new target
- Add into the buildkite script this new target
In this implementation, the ECS fields are imported before validation by the test runners (e.g. kibana version condition is ^8.13.0), so there should not be errors related to field definitions. Is it required to start an Elastic stack ^8.13.0 too? @zmoog
There was a problem hiding this comment.
In this implementation, the ECS fields are imported before validation by the test runners (e.g. kibana version condition is
^8.13.0), so there should not be errors related to field definitions. Is it required to start an Elastic stack ^8.13.0 too?
Correct!
elastic-package validates the ECS fields using the JSON schema during the static checks, so it does not need to run on Elastic stack ^8.13.0.
Co-authored-by: Jaime Soriano Pastor <[email protected]>
There are no package versions for older stacks. Sort the stack version numbers (`sort -V` is your friend here).
Since most of current integrations support 8.x:
$ cat all_kibana_version.txt | awk -F',' '{print $3}' | sort | uniq -c
3 ^7.14.0 || ^8.0.0
5 ^7.14.1 || ^8.0.0
1 ^7.14.1 || ^8.8.0
10 ^7.16.0 || ^8.0.0
4 ^7.17.0 || ^8.0.0
6 ^8.0.0
7 ^8.10.1
6 ^8.10.2
3 ^8.11.0
2 ^8.11.2
75 ^8.12.0
1 ^8.12.1
1 ^8.12.2
44 ^8.13.0
1 ^8.2.0
2 ^8.2.1
6 ^8.3.0
2 ^8.4.0
4 ^8.5.0
1 ^8.5.1
2 ^8.6.0
1 ^8.6.1
1 ^8.7.0
24 ^8.7.1
27 ^8.8.0
1 ^8.8.1
1 ^8.8.2
11 ^8.9.0
It's more efficient to check for recent stack versions.
Co-authored-by: Jaime Soriano Pastor <[email protected]>
There was a problem hiding this comment.
New to the project so can't comment on small stylistic things or anything.
About the approach itself - I know I suggested this approach with listing all existing stack versions @zmoog , but looking at it now there is actually another case we don't capture here. Due to security updates, it's possible to see new patch versions for older major/minor versions (e.g. 7.17.19 could be added). As this new version won't be included in the check, it opens a small theoretical gap in this check.
Two options:
- Just live with this - it probably won't cause issues in practice
- Come up with a process to update this list either in a runtime fashion (load the list of versions from some central place during execution) or via a code change to elastic-package
It feels like the coverage by this check is good enough and we should just move forward with this approach for now - we can always revisit and I honestly don't expect this to cause issues as I can't see why someone would retroactively add Kibana version compatibility with just a single patch release of a previous version.
I'm also trying to improve naming and flow.
It's a fair point. Wha't the kibana constraints expression that would break the current implementation? |
|
Even if unlikely, it's still possible. I would address this potential risk by adding a few extra upcoming 7.17.x versions, and move the PR forward with this implementation. I can create a separate issue to reimplement the I want to enable the elastic package to deal with ECS mappings and allow the remaining step of the ecs@mappings migration to happen as soon as possible. @flash1293, WDYT? |
|
@zmoog sounds good to me, let's move forward with this for now and create a follow-up issue. |
Adding a few extra releases to support unlikely yet possible edge cases.
| var schema []FieldDefinition | ||
| if buildManifest.ImportMappings() && !specVersion.LessThan(semver2_3_0) && importECSSchema { | ||
| if (packageEmbedsEcsMappings || stackSupportsEcsMapping) && importECSSchema { |
There was a problem hiding this comment.
Probably it could be added here a logger.Debug message to mention that all field definitions from the external schema are going to be imported for validation. WDYT? Wondering if that would help in case there are errors related to some field is defined.
if (packageEmbedsEcsMappings || stackSupportsEcsMapping) && importECSSchema {
// Import all fields from external schema (most likely ECS) to
// validate the package fields against it.
ecsSchema, err := fdm.ImportAllFields(defaultExternal)
if err != nil {
return nil, nil, err
}
schema = ecsSchema
logger.Debug("Imported field definitions from external schema")
}
return fdm, schema, nil
}There was a problem hiding this comment.
Good point! And I remember considering adding it, but but it slipped my mind. I'm doing it now.
| Test package to verify support for ECS mappings available to integrations running on stack version 8.13.0 and later. | ||
|
|
||
| Please note that the package: | ||
|
|
||
| - does not embed the legacy ECS mappings (no `import_mappings`). | ||
| - does not define fields in the `ecs.yml` file. | ||
|
|
||
| Mappings for ECS fields (for example, `ecs.version`) come from the `ecs@mappings` component template in the integration index template, which has been available since 8.13.0. |
There was a problem hiding this comment.
Thanks for this test package 👍
internal/fields/validate.go
Outdated
| var schema []FieldDefinition | ||
| if buildManifest.ImportMappings() && !specVersion.LessThan(semver2_3_0) && importECSSchema { | ||
| if (packageEmbedsEcsMappings || stackIncludesEcsMapping) && importECSSchema { |
There was a problem hiding this comment.
@mrodm, which version of the stack the tests run on? Can we have stack version 8.13.0 (for all tests or just one)?
Currently, the steps in the CI to test packages run with the default version. IIRC that version now should be 8.12.0.
If this needs to be changed, it needs to be updated scripts/test-check-packages.sh to allow define --version flag in the elastic-package stack up command through an environment variable or so. This will require also update
- Makefile: to add a new target
- Add into the buildkite script this new target
In this implementation, the ECS fields are imported before validation by the test runners (e.g. kibana version condition is ^8.13.0), so there should not be errors related to field definitions. Is it required to start an Elastic stack ^8.13.0 too? @zmoog
Co-authored-by: Mario Rodriguez Molins <[email protected]>
💚 Build Succeeded
History
cc @zmoog |
Change description
Enable
elastic-packageto import the ECS JSON schema to validate fields in two conditions:ecs@mappingsin Elasticsearch (8.13.0+).If the package supports one or more stack versions without ECS mappings, devs must support ECS using
import_mappings(deprecated) orecs.ymlfile.Motivation
On 8.13, we enabled Fleet to include the
ecs@mappingscomponent template in all the integration index templates. So, starting from 8.13, integration developers can stop usingimport_mappingsand theecs.yml.However,
elastic-packageshould import the ECS JSON schema only if ALL stack versions in the Kibana constraints have ECS mappings from Elasticsearch.Additional Notes
Reviewer checklist
main.README.md, if needed).CONTRIBUTING.md) and are well-formatted.