From aefbd391a6cdc8a12f87b9040a21b525ff309922 Mon Sep 17 00:00:00 2001 From: Patrick Mueller Date: Wed, 26 May 2021 15:14:07 -0400 Subject: [PATCH] [alerting] add ignore_above to alerts params mappings to handle immense params resolves https://github.com/elastic/kibana/issues/100607 This fixes a problem when very large parameters (over 32K bytes) are saved with an alert. Before this fix, an error from elasticsearch would be thrown with the following message, and a 400 returned from create (and presumably update). Document contains at least one immense term in field=\"alert.params\" (whose UTF8 encoding is longer than the max length 32766), all of which were skipped. After the fix, you can alerts with immense params can be saved and executed. Note that the immense params will not be searchable, since they won't be indexed, but that seems both unavoidable, and not a severe issue. --- .../server/saved_objects/mappings.json | 3 +- .../spaces_only/tests/alerting/create.ts | 47 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/alerting/server/saved_objects/mappings.json b/x-pack/plugins/alerting/server/saved_objects/mappings.json index 136dc530aa119..43292c6a54346 100644 --- a/x-pack/plugins/alerting/server/saved_objects/mappings.json +++ b/x-pack/plugins/alerting/server/saved_objects/mappings.json @@ -47,7 +47,8 @@ } }, "params": { - "type": "flattened" + "type": "flattened", + "ignore_above": 4096 }, "scheduledTaskId": { "type": "keyword" diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/create.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/create.ts index 9033b1f303943..96534c192d67c 100644 --- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/create.ts +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/create.ts @@ -112,6 +112,53 @@ export default function createAlertTests({ getService }: FtrProviderContext) { }); }); + // see: https://github.com/elastic/kibana/issues/100607 + // note this fails when the mappings for `params` does not have ignore_above + it('should handle alerts with immense params', async () => { + const { body: createdAction } = await supertest + .post(`${getUrlPrefix(Spaces.space1.id)}/api/actions/connector`) + .set('kbn-xsrf', 'foo') + .send({ + name: 'MY action', + connector_type_id: 'test.noop', + config: {}, + secrets: {}, + }) + .expect(200); + + const lotsOfSpaces = ''.padEnd(100 * 1000); // 100K space chars + const response = await supertest + .post(`${getUrlPrefix(Spaces.space1.id)}/api/alerting/rule`) + .set('kbn-xsrf', 'foo') + .send( + getTestAlertData({ + params: { + ignoredButPersisted: lotsOfSpaces, + }, + actions: [ + { + id: createdAction.id, + group: 'default', + params: {}, + }, + ], + }) + ); + + expect(response.status).to.eql(200); + objectRemover.add(Spaces.space1.id, response.body.id, 'rule', 'alerting'); + + expect(response.body.params.ignoredButPersisted).to.eql(lotsOfSpaces); + + // Ensure AAD isn't broken + await checkAAD({ + supertest, + spaceId: Spaces.space1.id, + type: 'alert', + id: response.body.id, + }); + }); + it('should allow providing custom saved object ids (uuid v1)', async () => { const customId = '09570bb0-6299-11eb-8fde-9fe5ce6ea450'; const response = await supertest