Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Logs UI] Fix match phrase and not match phrase alerting comparators #71850

Merged
merged 2 commits into from
Jul 20, 2020

Conversation

Kerry350
Copy link
Contributor

@Kerry350 Kerry350 commented Jul 15, 2020

Summary

This fixes #71828.

The MATCH_PHRASE and NOT_MATCH_PHRASE comparators weren't being accounted for in the registration validation schema. This validation schema is used by the alerting framework before handing parameters off to the executor.

It's important to note that these comparators were being handled by the runtime validation within the executor itself, here: https://github.com/elastic/kibana/blob/master/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.ts#L48 and here: https://github.com/elastic/kibana/blob/master/x-pack/plugins/infra/common/alerting/logs/types.ts#L25. Of course, this was no use failing at the level beforehand.

Similarly, there was a test for these: https://github.com/elastic/kibana/blob/master/x-pack/plugins/infra/server/lib/alerting/log_threshold/log_threshold_executor.test.ts#L280, but that wouldn't have caught this happening before hitting the executor.

Based on this information, I'd like to suggest several things (for 7.10):

  • The alerting validation is optional: You may also have the parameters validated before they are passed to the executor function or created as an alert saved object. In order to do this, provide a @kbn/config-schema schema that we will use to validate the params attribute.. Given that we have strict validation within our executor, we could remove the additional registration validation, this would stop the two becoming out of sync. That validation option has to use a config-schema currently.

  • We should implement [Logs / Metrics UI] [Alerting] Add functional tests #69162, this would introduce functional tests that could catch problems with interacting with the alerting framework itself.

(There is a 7.8.2 scheduled so I've targetted that as well).

Testing

  • It should be possible to create alerts using matches phrase and does not match phrase for the criteria comparators.

@Kerry350 Kerry350 added release_note:fix v8.0.0 Feature:Logs UI Logs UI feature Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services v7.9.0 v7.8.2 7.10.0 labels Jul 15, 2020
@Kerry350 Kerry350 requested a review from a team July 15, 2020 11:57
@Kerry350 Kerry350 self-assigned this Jul 15, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui)

Copy link
Member

@weltenwort weltenwort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀 Reviewing on behalf of @elastic/logs-metrics-ui...

@weltenwort
Copy link
Member

weltenwort commented Jul 15, 2020

I agree that having two sources of truth for the validation is not ideal. But validating during the alert submission has the advantage that it fails early and loudly in the UI.

That validation option has to use a config-schema currently.

Does it? The type suggests it could be anything with a validate function:

params?: { validate: (object: unknown) => AlertExecutorOptions['params'] };

Shouldn't we be able to create an adapter similar to createValidationFunction for routes, that allows us to use the same io-ts runtime type for both the registration and within the executor (in a later PR 😉)?

Copy link
Member

@weltenwort weltenwort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was able to create alerts using the "matches phrase" and "not matches phrase" operators. 👍

@spalger spalger added v7.10.0 and removed 7.10.0 labels Jul 15, 2020
@jasonrhodes jasonrhodes added the bug Fixes for quality problems that affect the customer experience label Jul 16, 2020
@jasonrhodes jasonrhodes added this to the Logs UI 7.9 milestone Jul 16, 2020
@weltenwort
Copy link
Member

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@Kerry350 Kerry350 merged commit 11182c8 into elastic:master Jul 20, 2020
@Kerry350
Copy link
Contributor Author

Kerry350 commented Jul 20, 2020

But validating during the alert submission has the advantage that it fails early and loudly in the UI.

Yeah, true.

Does it? The type suggests it could be anything with a validate function

Good point 🤔 I was going off of the docs, where a schema config is the only thing mentioned. But looking at the types it looks like we can use our own function. I'll file a ticket (which can also include updating the Alerting README).

Kerry350 added a commit to Kerry350/kibana that referenced this pull request Jul 20, 2020
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 20, 2020
* master: (60 commits)
  [SIEM][Detection Engine][Lists] Adds list permissions (elastic#72335)
  [SIEM][Detection Engine][Lists] Adds conflict versioning and io-ts improvements to lists (elastic#72337)
  [Resolver] no longer pass related event stats to process node component (elastic#72435)
  Revert "skip flaky suite (elastic#72146)"
  [Security Solution] Cleanup endpoint telemetry (elastic#71950)
  Unskip dashboard embeddable rendering tests (elastic#71824)
  [ENDPOINT] Added unerolling status for host. (elastic#72303)
  [Alerting][Connectors] Increase the size of the logos (elastic#72419)
  [SECURITY] [Timeline] Raw events not displayed (elastic#72387)
  [ML] Fixes display of regression stop stats if one is NaN (elastic#72412)
  [Ingest Pipelines] Processor Editor Move Tooltip (elastic#72239)
  Fix match phrase and not match phrase comparators (elastic#71850)
  [Plugin Generator] Generate tsconfig and useDefaultBehaviors (elastic#72040)
  [Security Solution][Timeline] Fix timeline styling and createFrom beh… (elastic#72152)
  [Resolver] Selector performance (elastic#72380)
  [Ingest Manager] Set `_meta` in the index.mappings (elastic#72026)
  [Ingest Manager] Do not bumb config revision during config creation (elastic#72270)
  [ML] Adding missing index pattern name to new job wizards (elastic#72400)
  [ML] improve annotation flyout performance (elastic#72299)
  [APM] Testing error rate API and restructuring folders (elastic#72257)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 20, 2020
* master: (26 commits)
  [SIEM][Detection Engine][Lists] Adds list permissions (elastic#72335)
  [SIEM][Detection Engine][Lists] Adds conflict versioning and io-ts improvements to lists (elastic#72337)
  [Resolver] no longer pass related event stats to process node component (elastic#72435)
  Revert "skip flaky suite (elastic#72146)"
  [Security Solution] Cleanup endpoint telemetry (elastic#71950)
  Unskip dashboard embeddable rendering tests (elastic#71824)
  [ENDPOINT] Added unerolling status for host. (elastic#72303)
  [Alerting][Connectors] Increase the size of the logos (elastic#72419)
  [SECURITY] [Timeline] Raw events not displayed (elastic#72387)
  [ML] Fixes display of regression stop stats if one is NaN (elastic#72412)
  [Ingest Pipelines] Processor Editor Move Tooltip (elastic#72239)
  Fix match phrase and not match phrase comparators (elastic#71850)
  [Plugin Generator] Generate tsconfig and useDefaultBehaviors (elastic#72040)
  [Security Solution][Timeline] Fix timeline styling and createFrom beh… (elastic#72152)
  [Resolver] Selector performance (elastic#72380)
  [Ingest Manager] Set `_meta` in the index.mappings (elastic#72026)
  [Ingest Manager] Do not bumb config revision during config creation (elastic#72270)
  [ML] Adding missing index pattern name to new job wizards (elastic#72400)
  [ML] improve annotation flyout performance (elastic#72299)
  [APM] Testing error rate API and restructuring folders (elastic#72257)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 21, 2020
…feature-privileges

* alerting/consumer-based-rbac: (45 commits)
  fixed alerts test
  [SIEM][Detection Engine][Lists] Adds list permissions (elastic#72335)
  [SIEM][Detection Engine][Lists] Adds conflict versioning and io-ts improvements to lists (elastic#72337)
  [Resolver] no longer pass related event stats to process node component (elastic#72435)
  Revert "skip flaky suite (elastic#72146)"
  [Security Solution] Cleanup endpoint telemetry (elastic#71950)
  Unskip dashboard embeddable rendering tests (elastic#71824)
  [ENDPOINT] Added unerolling status for host. (elastic#72303)
  [Alerting][Connectors] Increase the size of the logos (elastic#72419)
  [SECURITY] [Timeline] Raw events not displayed (elastic#72387)
  [ML] Fixes display of regression stop stats if one is NaN (elastic#72412)
  [Ingest Pipelines] Processor Editor Move Tooltip (elastic#72239)
  Fix match phrase and not match phrase comparators (elastic#71850)
  [Plugin Generator] Generate tsconfig and useDefaultBehaviors (elastic#72040)
  [Security Solution][Timeline] Fix timeline styling and createFrom beh… (elastic#72152)
  allow user to disable alert even if they dont have privileges to the underlying action
  [Resolver] Selector performance (elastic#72380)
  [Ingest Manager] Set `_meta` in the index.mappings (elastic#72026)
  [Ingest Manager] Do not bumb config revision during config creation (elastic#72270)
  [ML] Adding missing index pattern name to new job wizards (elastic#72400)
  ...
@EamonnTP
Copy link

EamonnTP commented Aug 5, 2020

Hi @Kerry350 Should this be included in the 7.9.0 release notes? I don't see it listed here: https://github.com/elastic/kibana/blob/0afaba21b39709739086e2aaa3a88a8a1bea855b/docs/CHANGELOG.asciidoc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience Feature:Logs UI Logs UI feature release_note:fix Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services v7.8.2 v7.9.0 v7.10.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Logs UI] Creation of log threshold alerts with "matches phrase" comparator fails
7 participants