Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

qualys_vmdr.knowledge_base: Handle *_LIST fields containing multiple values. #11877

Merged
merged 3 commits into from
Nov 28, 2024
Merged

qualys_vmdr.knowledge_base: Handle *_LIST fields containing multiple values. #11877

merged 3 commits into from
Nov 28, 2024

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Nov 26, 2024
edited
Loading

Proposed commit message

Current ingest pipeline only handles *_LIST response elements such as SOFTWARE_LIST as a single value.
When *_LIST is an array with objects, the respective fields remain unpopulated.

This PR:

  • Handles the case when *_LIST fields are an array by extracting them into relevant fields inside ingest pipeline.
  • Updates mapping for diagnosis and solution custom fields to match_only_text to avoid errors in system test. match_only_text correctly defines these fields instead of existing keyword type.

Note

Following error occurs when mappings for diagnosis and solution are keyword:
test case failed: found ignored fields in data stream: found ignored fields in data stream logs-qualys_vmdr.knowledge_base-84257: [qualys_vmdr.knowledge_base.diagnosis.value qualys_vmdr.knowledge_base.solution.value]. Affected documents:....

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  1. Run pipeline tests (added new log line):
    Command: $ eval "$(elastic-package stack shellinit)" && elastic-package test pipeline --generate -v --data-streams=knowledge_base
    Result:

    --- Test results for package: qualys_vmdr - START ---
╭─────────────┬────────────────┬───────────┬────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE     │ DATA STREAM    │ TEST TYPE │ TEST NAME                                          │ RESULT │ TIME ELAPSED │
├─────────────┼────────────────┼───────────┼────────────────────────────────────────────────────┼────────┼──────────────┤
│ qualys_vmdr │ knowledge_base │ pipeline  │ (ingest pipeline warnings test-knowledge-base.log) │ PASS   │ 348.510083ms │
│ qualys_vmdr │ knowledge_base │ pipeline  │ test-knowledge-base.log                            │ PASS   │  70.199583ms │
╰─────────────┴────────────────┴───────────┴────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: qualys_vmdr - END   ---
Done

  2. Run system tests with config file option (added new config with single, multiple element responses)
    Command: cd packages/qualys_vmdr && elastic-package test system --generate -v --setup --config-file ./data_stream/knowledge_base/_dev/test/system/test-0_valid-mixed-list-config.yml
    Result:

    --- Test results for package: qualys_vmdr - START ---
╭─────────────┬────────────────┬───────────┬────────────────────────────┬────────┬───────────────╮
│ PACKAGE     │ DATA STREAM    │ TEST TYPE │ TEST NAME                  │ RESULT │  TIME ELAPSED │
├─────────────┼────────────────┼───────────┼────────────────────────────┼────────┼───────────────┤
│ qualys_vmdr │ knowledge_base │ system    │ setup - 0_valid-mixed-list │ PASS   │ 39.792048875s │
╰─────────────┴────────────────┴───────────┴────────────────────────────┴────────┴───────────────╯
--- Test results for package: qualys_vmdr - END   ---
Done

  3. Teardown system test changes:

    elastic-package test system -v --no-provision
elastic-package test system -v --tear-down

Related issues

@kcreddy kcreddy mentioned this pull request Nov 20, 2024
Open
10 tasks
@kcreddy kcreddy self-assigned this Nov 26, 2024
@kcreddy kcreddy added bugfix Pull request that fixes a bug issue Integration:qualys_vmdr Qualys VMDR Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] labels Nov 26, 2024
@kcreddy kcreddy changed the title qualys_vmdr.knowledge_base: Handle *_LIST fields containing multiple elements. qualys_vmdr.knowledge_base: Handle *_LIST fields containing multiple values. Nov 26, 2024
@kcreddy kcreddy marked this pull request as ready for review November 26, 2024 14:38
@kcreddy kcreddy requested a review from a team as a code owner November 26, 2024 14:38
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @kcreddy

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
72.1% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

@kcreddy kcreddy requested a review from efd6 November 27, 2024 12:13
@kcreddy kcreddy merged commit 9a3cb85 into elastic:main Nov 28, 2024
4 of 5 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package qualys_vmdr - 5.2.2 containing this change is available at https://epr.elastic.co/package/qualys_vmdr/5.2.2/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@kcreddy kcreddy

Labels
bugfix Pull request that fixes a bug issue Integration:qualys_vmdr Qualys VMDR Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kcreddy @elasticmachine @efd6