[ResponseOps][Alerts] Add alerts grouping aggregations endpoint #186475
Conversation
|
/ci |
|
/ci |
…rouping-aggregations-endpoint
…rouping-aggregations-endpoint
|
/ci |
…rouping-aggregations-endpoint
|
/ci |
umbopepato
added
release_note:skip
|
Pinging @elastic/response-ops (Team:ResponseOps) |
| }); | ||
| }); | ||
|
|
||
| test('returns error status if rac client find fails', async () => { |
There was a problem hiding this comment.
Could you also add a test where getGroupAggregations resolves but alerts == null? If I understand correctly the message should be different right? Satus 404 and message alerts not found?
There was a problem hiding this comment.
As discussed on Slack that case is unreachable without an exception being thrown, I've removed the check altogether
| /** | ||
| * Performs a `find` query to extract aggregations on alert groups | ||
| */ | ||
| public getGroupAggregations({ |
There was a problem hiding this comment.
How about adding something like x-pack/plugins/rule_registry/server/alert_data_client/tests/getGroupAggregations.test.ts that tests this?
Nothing too elaborate, to ensure that find is called with the correct params and no changes break this function.
I know we do some testing in x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.test.ts but that is like "indirectly" 😛
| pageSize?: number; | ||
| }) { | ||
| const uniqueValue = uuid(); | ||
| return this.find({ |
There was a problem hiding this comment.
Like you were saying yesterday, QueryDSL gives me headaches 😄
| @@ -5,6 +5,7 @@ | |||
| * 2.0. | |||
| */ | |||
| import Boom from '@hapi/boom'; | |||
| import { v4 as uuid } from 'uuid'; | |||
There was a problem hiding this comment.
super nit:
| import { v4 as uuid } from 'uuid'; | |
| import { v4 as uuidv4 } from 'uuid'; |
| * | ||
| * Applies alerting RBAC through featureIds. | ||
| */ | ||
| export const useGetAlertsGroupAggregationsQuery = <T>({ |
There was a problem hiding this comment.
Could you please add tests for this in packages/kbn-alerts-ui-shared/src/common/hooks/use_get_alerts_group_aggregations_query.test.ts? Stuff like displays error toast if params are not JSON or API gets called with the correct body..
…rouping-aggregations-endpoint
…rouping-aggregations-endpoint
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
History
To update your PR or re-run it, just comment with: |
| /** | ||
| * Any sort options to apply to the groupByField aggregations | ||
| */ | ||
| sort?: object[]; |
There was a problem hiding this comment.
In the useGetAlertsGroupAggregationsQuery you used the SortCombinations type for the sort. Should we use the same here?
| /** | ||
| * Performs a `find` query to extract aggregations on alert groups | ||
| */ | ||
| public getGroupAggregations({ |
| pageIndex = 0, | ||
| pageSize = DEFAULT_ALERTS_GROUP_BY_FIELD_SIZE, | ||
| } = request.body; | ||
| if (pageIndex < 0 || pageIndex > 100) { |
There was a problem hiding this comment.
With this validation, it seems that we cap users to not be able to go over the 100th page if the pageSize is 1. What about the following?
if (pageIndex > maxPerPage) { <--- 100 items per page
throw Boom.badRequest('The provided pageIndex value is too high. The maximum allowed pageIndex value is ${maxPerPage}.');
}
if (Math.max(pageIndex, pageIndex * pageSize) > MAX_DOCS_PER_PAGE) { <-- 10K max documents
throw Boom.badRequest('The number of documents is too high. Paginating through more than ${MAX_DOCS_PER_PAGE} documents is not possible.');
}
Also, I am wondering if we should move the validation inside the alertsClient.getGroupAggregations. This way consumers of the alert client will have the same validation. Wdyt?
…rouping-aggregations-endpoint
…rouping-aggregations-endpoint
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
| index?: string; | ||
| _source?: string[] | undefined; | ||
| _source?: string[] | false; |
There was a problem hiding this comment.
curious about this type, why can it be false?
There was a problem hiding this comment.
To disable the _source field (docs)
| this.logger.error(errorMessage); | ||
| throw Boom.badData(errorMessage); | ||
| } | ||
| if (result?.hits?.hits?.length > 0) { |
There was a problem hiding this comment.
nitpick: can return early here
if (!result?.hits?.hits?.length) {
return result;
}
... rest
| ); | ||
|
|
||
| export const alertsGroupFilterSchema = t.record( | ||
| t.union([ |
There was a problem hiding this comment.
Do we have existing enums for these literals? Just so we can have a more centralized source of truth
There was a problem hiding this comment.
Would have been nice, but I was only able to find type-level information. I added a type assertion to check that the keys are correctly aligned to the es types though 🙂
| script: { | ||
| source: | ||
| // When size()==0, emits a uniqueValue as the value to represent this group else join by uniqueValue. | ||
| "if (doc[params['selectedGroup']].size()==0) { emit(params['uniqueValue']) }" + |
There was a problem hiding this comment.
nitpick: can use `` to avoid concatenating the strings
There was a problem hiding this comment.
Yep, I thought it was worth keeping it as it was originally written by Security though, to comment the two parts separately 🙂
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
History
|
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
kibanamachine
added
the
backport missing
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
cnasikas
added
backport:skip
Summary
Adds an endpoint dedicated to fetching alerts group aggregations to avoid adding runtime mappings and client-side controlled scripts to the
internal/rac/alerts/findendpoint.The new endpoint injects a
groupByFieldruntime field used to normalize the values of the field used for grouping, to account for null and multi-element arrays.#184635 depends on this
Closes #186383
To verify
Review the added tests.
Use the Kibana Dev Console to test various body params and aggregations:
_group_aggregationsendpoint, using the feature id(s) that cover the type of rules you used:See here and here to know the available params and pre-defined aggregations.
Checklist