Fixing loader imports #580
Conversation
| @@ -212,7 +212,7 @@ def get_import_rule(self, rule): | |||
| Retrieve the name of the rule to import. | |||
| :param dict rule: Rule dict | |||
| :return: rule name that will all `get_yaml` to retrieve the yaml of the rule | |||
| :rtype: str | |||
| :rtype: str or List[str] | |||
There was a problem hiding this comment.
As defined by schema:
elastalert2/elastalert/schema.yaml
Line 204 in 42424d0
| @@ -596,7 +614,7 @@ def get_import_rule(self, rule): | |||
| Allow for relative paths to the import rule. | |||
| :param dict rule: | |||
| :return: Path the import rule | |||
| :rtype: str | |||
| :rtype: List[str] | |||
There was a problem hiding this comment.
The returned value, expanded_imports, is always a List[str].
| assert rules_loader.import_rules[leaf_path] == [ | ||
| branch_path, | ||
| ] | ||
| # re-load the rule a couple times to ensure import_rules cache is updated correctly |
There was a problem hiding this comment.
Best visualized with side by side:
| assert rules_loader.import_rules[water_path] == [ | ||
| oxygen_path, | ||
| ] | ||
| # re-load the rule a couple times to ensure import_rules cache is updated correctly |
There was a problem hiding this comment.
Best visualized with side by side:
| 'symbol': 'O', | ||
| } | ||
| assert sorted(rules_loader.import_rules.keys()) == [ | ||
| oxygen_path, |
There was a problem hiding this comment.
The oxygen.yaml file had no imports, so this is fixed now:
| assert sorted(rules_loader.import_rules.keys()) == [ | ||
| water_path, | ||
| ] | ||
| assert rules_loader.import_rules[water_path] == [ |
There was a problem hiding this comment.
Cache no represents correct set of import paths:
| # read the set of import paths from the rule | ||
| import_paths = self.get_import_rule(rule) | ||
| if type(import_paths) is str: | ||
| import_paths = [import_paths] |
There was a problem hiding this comment.
This was a bi-product of how they were using the += operator on the files_to_import list before:
files_to_import += self.get_import_rule(rule)
Example:
list = []
list += [ 'a', 'b' ]
print( list )
list += 'c'
print( list )
Outputs:
['a', 'b']
['a', 'b', 'c']
|
|
||
| if 'import' not in rule: | ||
| # clear import_rules cache for current path | ||
| self.import_rules.pop(current_path, None) |
There was a problem hiding this comment.
In what scenario will this self.import_rules.pop statement actually pop something?
There was a problem hiding this comment.
When the import is removed from a file. Added test case to cover this:
ef06201#diff-68599694211dc95012d74a98b54fd5f439eddb0d4ce257ba1a35a1772f243069R617
There was a problem hiding this comment.
I see now. It's great to have all this new test coverage, thanks for adding it.
There was a problem hiding this comment.
I'm hoping this resolves the issue I'm seeing:
After rule updates, the yaml scanner explodes with warnings:
{
"name": "py.warnings",
"levelno": 30,
"levelname": "WARNING",
"pathname": "/usr/local/lib/python3.10/warnings.py",
"filename": "warnings.py",
"module": "warnings",
"lineno": 109,
"funcName": "_showwarnmsg",
"created": 1638273031.6421432,
"asctime": "2021-11-30 11:50:31,642",
"msecs": 642.1432495117188,
"relativeCreated": 492821989.7737503,
"thread": 139802450061056,
"threadName": "ThreadPoolExecutor-0_6",
"process": 47,
"message": "/usr/local/lib/python3.10/site-packages/yaml/scanner.py:286: ResourceWarning: unclosed <ssl.SSLSocket fd=386, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('172.31.38.167', 49134), raddr=('54.87.161.2', 443)>\n for level in list(self.possible_simple_keys):\n"
}With enough rule updates the CPU ends up pegged on computing sha1 hashes of the imports.
There was a problem hiding this comment.
Have you automated your rule updates?
There was a problem hiding this comment.
Yes. We commit our rules to a git repository and I run cron job inside the docker container to update them.
ghost
mentioned this pull request
Description
Fixing
RulesLoader/FileRulesLoaderto load and maintain cache of imports (import_rules) correctly.Checklist
make test-dockerwith my changes.