[alerting] add ignore_above to alerts params mappings to handle immen…

…se params (#100726) (#100772) resolves #100607 This fixes a problem when very large parameters (over 32K bytes) are saved with an alert. Before this fix, an error from elasticsearch would be thrown with the following message, and a 400 returned from create (and presumably update). Document contains at least one immense term in field=\"alert.params\" (whose UTF8 encoding is longer than the max length 32766), all of which were skipped. After the fix, alerts with immense params can be saved and executed. Note that the immense params will not be searchable, since they won't be indexed, but that seems both unavoidable, and not a severe issue.
elastic · May 27, 2021 · 12f6d2d · 12f6d2d
1 parent 4c6d3c9
commit 12f6d2d
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 1 deletion.
diff --git a/x-pack/plugins/alerting/server/saved_objects/mappings.json b/x-pack/plugins/alerting/server/saved_objects/mappings.json
@@ -47,7 +47,8 @@
  }
  },
  "params": {
- "type": "flattened"
+ "type": "flattened",
+ "ignore_above": 4096
  },
  "scheduledTaskId": {
  "type": "keyword"

diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/create.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/create.ts
@@ -112,6 +112,53 @@ export default function createAlertTests({ getService }: FtrProviderContext) {
  });
  });
 
+ // see: https://github.com/elastic/kibana/issues/100607
+ // note this fails when the mappings for `params` does not have ignore_above
+ it('should handle alerts with immense params', async () => {
+ const { body: createdAction } = await supertest
+ .post(`${getUrlPrefix(Spaces.space1.id)}/api/actions/connector`)
+ .set('kbn-xsrf', 'foo')
+ .send({
+ name: 'MY action',
+ connector_type_id: 'test.noop',
+ config: {},
+ secrets: {},
+ })
+ .expect(200);
+
+ const lotsOfSpaces = ''.padEnd(100 * 1000); // 100K space chars
+ const response = await supertest
+ .post(`${getUrlPrefix(Spaces.space1.id)}/api/alerting/rule`)
+ .set('kbn-xsrf', 'foo')
+ .send(
+ getTestAlertData({
+ params: {
+ ignoredButPersisted: lotsOfSpaces,
+ },
+ actions: [
+ {
+ id: createdAction.id,
+ group: 'default',
+ params: {},
+ },
+ ],
+ })
+ );
+
+ expect(response.status).to.eql(200);
+ objectRemover.add(Spaces.space1.id, response.body.id, 'rule', 'alerting');
+
+ expect(response.body.params.ignoredButPersisted).to.eql(lotsOfSpaces);
+
+ // Ensure AAD isn't broken
+ await checkAAD({
+ supertest,
+ spaceId: Spaces.space1.id,
+ type: 'alert',
+ id: response.body.id,
+ });
+ });
+
  it('should allow providing custom saved object ids (uuid v1)', async () => {
  const customId = '09570bb0-6299-11eb-8fde-9fe5ce6ea450';
  const response = await supertest