[ResponseOps] Mapped/searchable params #126531
Conversation
JiaweiWu
added
release_note:skip
|
Pinging @elastic/response-ops (Team:ResponseOps) |
JiaweiWu
changed the title
| @@ -196,15 +196,15 @@ export const useRulesColumns = ({ hasPermissions }: ColumnsProps): TableColumn[] | |||
| {value} | |||
| </EuiText> | |||
| ), | |||
| sortable: !!isInMemorySorting, | |||
| sortable: true, | |||
There was a problem hiding this comment.
This and line 207 are only here for testing/demoing purposes. Will be removed once this PR is approved
| it('should sort by parameters', async () => { | ||
| const response = await supertest.get( | ||
| `${getUrlPrefix(Spaces.space1.id)}/${ | ||
| describeType === 'public' ? 'api' : 'internal' | ||
| }/alerting/rules/_find?sort_field=params.severity&sort_order=asc` | ||
| ); | ||
| expect(response.body.data[0].params.severity).to.equal('low'); | ||
| expect(response.body.data[1].params.severity).to.equal('medium'); | ||
| expect(response.body.data[2].params.severity).to.equal('high'); |
There was a problem hiding this comment.
I'm not sure why but this test fails in CI, but I can't seem to get it to fail locally (always passes)
There was a problem hiding this comment.
How are you running it locally? Using --grep?
There was a problem hiding this comment.
correct, using the functional test runner and --grep="find".
There was a problem hiding this comment.
Try running it a level up until you find the error, so instead of --grep="find", try --grep="Alerting"
There was a problem hiding this comment.
Ah got it, makes sense, yea I'll try that
|
What do you think about adding a test in our migrations file? https://github.com/elastic/kibana/blob/main/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/migrations.ts You'll need to add a new alert, or just modify an existing one in the archive, to contain the legacy data and ensure the migration occurred smoothly |
|
Yep I can |
| }, []); | ||
| }; | ||
|
|
||
| export const getModifiedValue = (key: string, value: string) => { |
There was a problem hiding this comment.
Can we add a comment here explaining why we need to do this? It looks like we want to remap these values but I don't know why
There was a problem hiding this comment.
I can explain, it is because in the params, we are saving the severity like critical, hight ... but in the mapped params, we are saving it like 80-critical, 60-high .... Therefore we can sort the severity field the right way.
There was a problem hiding this comment.
Ah okay so to avoid needing to store the label and the value, we're going to put the value in the label so we can do the right sort. We should add a clarifying comment for future folks though
| } | ||
|
|
||
| if (filterKueryNode) { | ||
| modifyFilterKueryNode({ astFilter: filterKueryNode }); |
There was a problem hiding this comment.
Can you explain why this is necessary? Does the esKuery.fromKueryExpression not handle everything we need?
There was a problem hiding this comment.
the reason is if your query has field which belong in the mapped_fields, we will convert this field to use the mapped_params like if you want to filter on risk_score the query will be something like alert.attributes.params.risk_score > 50 then we will convert it to alert.attributes.mapped_params.risk_score > 50
There was a problem hiding this comment.
Ah okay so the filter kuery node functionality has no understanding of this mapped_params duality state situation so we need to explicitly modify the results to handle that - okay makes sense - lets add a clarifying comment for future folks
| const response = await supertest.get( | ||
| `${getUrlPrefix(Spaces.space1.id)}/${ | ||
| describeType === 'public' ? 'api' : 'internal' | ||
| }/alerting/rules/_find?search_fields=params.severity&search=40-medium` |
There was a problem hiding this comment.
I think the test should be like that and behind the scene we are doing the change
| }/alerting/rules/_find?search_fields=params.severity&search=40-medium` | |
| }/alerting/rules/_find?search_fields=params.severity&search=medium` |
| expect(response.body.total).to.equal(1); | ||
| expect(response.body.data[0].params.risk_score).to.eql(40); | ||
|
|
||
| if (describeType === 'public') { |
There was a problem hiding this comment.
Looks great in practice! (The separate of public and internal)
|
@JiaweiWu Is it possible to add in additional screenshots to the description of the PR? I thought I remember seeing this demoed outside of the security table with a specific search box. It'll help me provide some UI feedback if I can see it in all scenarios. Otherwise, if / when you're ready we can just do a quick zoom to go through it together. |
|
@elasticmachine merge upstream |
|
@mdefazio |
|
@elasticmachine merge upstream |
| if (options.searchFields) { | ||
| options.searchFields = getModifiedSearchFields(options.searchFields); | ||
| } | ||
| // Generate new modified search and search fields, translating certain params properties |
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Public APIs missing comments
Async chunks
Saved Objects .kibana field count
History
To update your PR or re-run it, just comment with: |
tylersmalley
added
ci:cloud-deploy
Summary
Addresses the issue: #124338
Complete implementation allowing for mapped/Searchable params. The change maps the values from
params, which is a flattened field, to a mapped field calledmapped_params. This lets us sort/filter/search on these values. To the public, these fields should be hidden, attempts to usemapped_paramsshould not be allowed.currently we are supporting:
params.risk_score->mapped_params.risk_scoreparams.severity->mapped_params.severityIn the background,
mapped_params.severityis stored as20-low, 40-medium, etc.... This enables us to sort on these fields.Here's a screenshot that shows sorting by risk score, which is a params property, using
mapped_paramsFuture additions to
mapped_paramswill be done at an ad-hoc basis.This change contains the following: