From 65a97fcb378b910eb83ace915eb0d577cb9dc627 Mon Sep 17 00:00:00 2001 From: Ying Date: Mon, 25 Nov 2024 16:46:30 -0500 Subject: [PATCH 1/4] Using ecs dynamic templates --- .../alerts_service/alerts_service.test.ts | 72 ++++++++----------- .../server/alerts_service/alerts_service.ts | 21 ++---- .../alerting/server/alerts_service/index.ts | 2 +- x-pack/plugins/alerting/server/index.ts | 1 - .../resource_installer.test.ts | 6 +- .../resource_installer.ts | 11 --- 6 files changed, 36 insertions(+), 77 deletions(-) diff --git a/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts b/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts index 4b4f632d4cb20..e20b07870f18e 100644 --- a/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts +++ b/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts @@ -149,7 +149,7 @@ const getIndexTemplatePutBody = (opts?: GetIndexTemplatePutBodyOpts) => { body: { index_patterns: indexPatterns, composed_of: [ - ...(useEcs ? ['.alerts-ecs-mappings'] : []), + ...(useEcs ? ['ecs@mappings'] : []), `.alerts-${context ? `${context}.alerts` : 'test.alerts'}-mappings`, ...(useLegacyAlerts ? ['.alerts-legacy-alert-mappings'] : []), '.alerts-framework-mappings', @@ -289,14 +289,12 @@ describe('Alerts Service', () => { if (!useDataStreamForAlerts) { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledWith(IlmPutBody); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(2); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); - const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); }); test('should not initialize common resources if ES is not ready', async () => { @@ -329,14 +327,12 @@ describe('Alerts Service', () => { if (!useDataStreamForAlerts) { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledWith(IlmPutBody); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(2); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); - const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); }); test('should log error and set initialized to false if adding ILM policy throws error', async () => { @@ -481,7 +477,7 @@ describe('Alerts Service', () => { ); // 3x for framework, legacy-alert and ecs mappings, then 1 extra time to update component template // after updating index template field limit - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); }); }); @@ -516,14 +512,12 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); - const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); - const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[3][0]; + const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; expect(componentTemplate4.name).toEqual('.alerts-test.alerts-mappings'); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledWith( @@ -576,15 +570,13 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); - const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[3][0]; - expect(componentTemplate4.name).toEqual('.alerts-test.alerts-mappings'); + expect(componentTemplate3.name).toEqual('.alerts-test.alerts-mappings'); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledWith( getIndexTemplatePutBody({ @@ -639,15 +631,13 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); - const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[3][0]; - expect(componentTemplate4.name).toEqual('.alerts-test.alerts-mappings'); + expect(componentTemplate3.name).toEqual('.alerts-test.alerts-mappings'); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledWith( getIndexTemplatePutBody({ useEcs: true, useDataStream: useDataStreamForAlerts }) @@ -698,7 +688,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.putIndexTemplate).toHaveBeenNthCalledWith( 1, getIndexTemplatePutBody({ useDataStream: useDataStreamForAlerts }) @@ -802,15 +792,13 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledWith(IlmPutBody); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); - const componentTemplate4 = clusterClient.cluster.putComponentTemplate.mock.calls[3][0]; - expect(componentTemplate4.name).toEqual('.alerts-test.alerts-mappings'); + expect(componentTemplate3.name).toEqual('.alerts-test.alerts-mappings'); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledWith( getIndexTemplatePutBody({ @@ -853,13 +841,11 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).not.toHaveBeenCalled(); } - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(2); const componentTemplate1 = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; expect(componentTemplate1.name).toEqual('.alerts-framework-mappings'); const componentTemplate2 = clusterClient.cluster.putComponentTemplate.mock.calls[1][0]; expect(componentTemplate2.name).toEqual('.alerts-legacy-alert-mappings'); - const componentTemplate3 = clusterClient.cluster.putComponentTemplate.mock.calls[2][0]; - expect(componentTemplate3.name).toEqual('.alerts-ecs-mappings'); const template = { name: `.alerts-empty.alerts-default-index-template`, @@ -1002,7 +988,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); // putIndexTemplate is skipped but other operations are called as expected expect(clusterClient.indices.putIndexTemplate).not.toHaveBeenCalled(); @@ -1050,7 +1036,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).not.toHaveBeenCalled(); expect(clusterClient.indices.getAlias).not.toHaveBeenCalled(); @@ -1081,7 +1067,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.getAlias).not.toHaveBeenCalled(); @@ -1113,7 +1099,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).not.toHaveBeenCalled(); @@ -1137,7 +1123,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).not.toHaveBeenCalled(); @@ -1173,7 +1159,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1207,7 +1193,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1248,7 +1234,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1279,7 +1265,7 @@ describe('Alerts Service', () => { expect(clusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).not.toHaveBeenCalled(); @@ -1328,7 +1314,7 @@ describe('Alerts Service', () => { ); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.getAlias).toHaveBeenCalled(); @@ -1364,7 +1350,7 @@ describe('Alerts Service', () => { ); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1400,7 +1386,7 @@ describe('Alerts Service', () => { expect(logger.error).toHaveBeenCalledWith(`Error creating concrete write index - fail`); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putSettings).toHaveBeenCalled(); @@ -1444,7 +1430,7 @@ describe('Alerts Service', () => { expect(logger.error).toHaveBeenCalledWith(`Error creating concrete write index - fail`); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.getAlias).toHaveBeenCalled(); @@ -1490,7 +1476,7 @@ describe('Alerts Service', () => { expect(logger.error).toHaveBeenCalledWith(`Error creating concrete write index - fail`); expect(clusterClient.ilm.putLifecycle).toHaveBeenCalled(); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); expect(clusterClient.indices.simulateTemplate).toHaveBeenCalled(); expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalled(); expect(clusterClient.indices.getAlias).toHaveBeenCalled(); @@ -2368,7 +2354,7 @@ describe('Alerts Service', () => { 'alert service initialized', async () => alertsService.isInitialized() === true ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(5); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); }); test('should retry updating index template for transient ES errors', async () => { diff --git a/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts b/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts index 4f0ead6c54206..180c85c93a00c 100644 --- a/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts +++ b/x-pack/plugins/alerting/server/alerts_service/alerts_service.ts @@ -8,7 +8,7 @@ import { isEmpty, isEqual, omit } from 'lodash'; import { Logger, ElasticsearchClient } from '@kbn/core/server'; import { filter, firstValueFrom, Observable } from 'rxjs'; -import { alertFieldMap, ecsFieldMap, legacyAlertFieldMap } from '@kbn/alerts-as-data-utils'; +import { alertFieldMap, legacyAlertFieldMap } from '@kbn/alerts-as-data-utils'; import { DEFAULT_NAMESPACE_STRING } from '@kbn/core-saved-objects-utils-server'; import { DEFAULT_ALERTS_ILM_POLICY_NAME, @@ -48,9 +48,9 @@ import { IAlertsClient } from '../alerts_client/types'; import { setAlertsToUntracked, SetAlertsToUntrackedParams } from './lib/set_alerts_to_untracked'; export const TOTAL_FIELDS_LIMIT = 2500; +export const ECS_COMPONENT_TEMPLATE_NAME = 'ecs@mappings'; const LEGACY_ALERT_CONTEXT = 'legacy-alert'; -export const ECS_CONTEXT = `ecs`; -export const ECS_COMPONENT_TEMPLATE_NAME = getComponentTemplateName({ name: ECS_CONTEXT }); + interface AlertsServiceParams { logger: Logger; pluginStop$: Observable; @@ -348,17 +348,6 @@ export class AlertsService implements IAlertsService { }), totalFieldsLimit: TOTAL_FIELDS_LIMIT, }), - () => - createOrUpdateComponentTemplate({ - logger: this.options.logger, - esClient, - template: getComponentTemplate({ - fieldMap: ecsFieldMap, - name: ECS_CONTEXT, - includeSettings: true, - }), - totalFieldsLimit: TOTAL_FIELDS_LIMIT, - }), ]; // Install in parallel @@ -414,9 +403,9 @@ export class AlertsService implements IAlertsService { // 4. Framework common component template, always included const componentTemplateRefs: string[] = []; - // If useEcs is set to true, add the ECS component template to the references + // If useEcs is set to true, add the ECS dynamic mapping template to the references if (useEcs) { - componentTemplateRefs.push(getComponentTemplateName({ name: ECS_CONTEXT })); + componentTemplateRefs.push(ECS_COMPONENT_TEMPLATE_NAME); } // If fieldMap is not empty, create a context specific component template and add to the references diff --git a/x-pack/plugins/alerting/server/alerts_service/index.ts b/x-pack/plugins/alerting/server/alerts_service/index.ts index 0b32802bdf250..7559cb744a086 100644 --- a/x-pack/plugins/alerting/server/alerts_service/index.ts +++ b/x-pack/plugins/alerting/server/alerts_service/index.ts @@ -9,7 +9,7 @@ export { DEFAULT_ALERTS_ILM_POLICY, DEFAULT_ALERTS_ILM_POLICY_NAME, } from './default_lifecycle_policy'; -export { ECS_COMPONENT_TEMPLATE_NAME, ECS_CONTEXT, TOTAL_FIELDS_LIMIT } from './alerts_service'; +export { ECS_COMPONENT_TEMPLATE_NAME, TOTAL_FIELDS_LIMIT } from './alerts_service'; export { getComponentTemplate, VALID_ALERT_INDEX_PREFIXES } from './resource_installer_utils'; export { type InitializationPromise, diff --git a/x-pack/plugins/alerting/server/index.ts b/x-pack/plugins/alerting/server/index.ts index 2cb2c212a91ba..7a2edb14c3bbf 100644 --- a/x-pack/plugins/alerting/server/index.ts +++ b/x-pack/plugins/alerting/server/index.ts @@ -55,7 +55,6 @@ export { DEFAULT_ALERTS_ILM_POLICY, DEFAULT_ALERTS_ILM_POLICY_NAME, ECS_COMPONENT_TEMPLATE_NAME, - ECS_CONTEXT, TOTAL_FIELDS_LIMIT, VALID_ALERT_INDEX_PREFIXES, getComponentTemplate, diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts index d2011139adbb7..8794f8de265d4 100644 --- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts +++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts @@ -148,13 +148,9 @@ describe('resourceInstaller', () => { expect(mockClusterClient.ilm.putLifecycle).toHaveBeenCalledTimes( useDataStreamForAlerts ? 0 : 1 ); - expect(mockClusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(2); + expect(mockClusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(1); expect(mockClusterClient.cluster.putComponentTemplate).toHaveBeenNthCalledWith( 1, - expect.objectContaining({ name: ECS_COMPONENT_TEMPLATE_NAME }) - ); - expect(mockClusterClient.cluster.putComponentTemplate).toHaveBeenNthCalledWith( - 2, expect.objectContaining({ name: TECHNICAL_COMPONENT_TEMPLATE_NAME }) ); }); diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts index 2a6533d7e1002..a576421f69d75 100644 --- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts +++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.ts @@ -15,7 +15,6 @@ import { createOrUpdateIndexTemplate, DEFAULT_ALERTS_ILM_POLICY, DEFAULT_ALERTS_ILM_POLICY_NAME, - ECS_COMPONENT_TEMPLATE_NAME, getIndexTemplate, installWithTimeout, TOTAL_FIELDS_LIMIT, @@ -25,7 +24,6 @@ import { } from '@kbn/alerting-plugin/server'; import { TECHNICAL_COMPONENT_TEMPLATE_NAME } from '../../common/assets'; import { technicalComponentTemplate } from '../../common/assets/component_templates/technical_component_template'; -import { ecsComponentTemplate } from '../../common/assets/component_templates/ecs_component_template'; import type { IndexInfo } from './index_info'; interface ConstructorOptions { @@ -89,15 +87,6 @@ export class ResourceInstaller { policy: DEFAULT_ALERTS_ILM_POLICY, dataStreamAdapter: this.options.dataStreamAdapter, }), - createOrUpdateComponentTemplate({ - logger, - esClient: clusterClient, - template: { - name: ECS_COMPONENT_TEMPLATE_NAME, - body: ecsComponentTemplate, - }, - totalFieldsLimit: TOTAL_FIELDS_LIMIT, - }), ]), createOrUpdateComponentTemplate({ logger, From b39879a03af0e4d747fc5c73640897b3d2c1d81c Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 25 Nov 2024 22:09:03 +0000 Subject: [PATCH 2/4] [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' --- .../server/rule_data_plugin_service/resource_installer.test.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts index 8794f8de265d4..3bacb59b97745 100644 --- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts +++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts @@ -17,7 +17,6 @@ import { import { Dataset } from './index_options'; import { IndexInfo } from './index_info'; -import { ECS_COMPONENT_TEMPLATE_NAME } from '@kbn/alerting-plugin/server'; import type { DataStreamAdapter } from '@kbn/alerting-plugin/server'; import { getDataStreamAdapter } from '@kbn/alerting-plugin/server/alerts_service/lib/data_stream_adapter'; From ecd44f9cfbcb0c2c1d5b0d76af5034c6783d3dbb Mon Sep 17 00:00:00 2001 From: Ying Date: Tue, 26 Nov 2024 09:53:52 -0500 Subject: [PATCH 3/4] Adding more settings --- .../server/alerts_service/alerts_service.test.ts | 9 ++++++--- .../lib/create_or_update_index_template.test.ts | 3 ++- .../lib/create_or_update_index_template.ts | 3 ++- .../server/task_runner/task_runner_alerts_client.test.ts | 6 +----- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts b/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts index e20b07870f18e..2831237a304fc 100644 --- a/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts +++ b/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts @@ -170,9 +170,10 @@ const getIndexTemplatePutBody = (opts?: GetIndexTemplatePutBodyOpts) => { }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, + 'index.mapping.ignore_dynamic_beyond_limit': true, }, mappings: { - dynamic: false, + dynamic: true, _meta: { kibana: { version: '8.8.0' }, managed: true, @@ -432,9 +433,10 @@ describe('Alerts Service', () => { rollover_alias: `.alerts-empty-default`, }, 'index.mapping.total_fields.limit': 1800, + 'index.mapping.ignore_dynamic_beyond_limit': true, }, mappings: { - dynamic: false, + dynamic: true, }, }, }, @@ -872,6 +874,7 @@ describe('Alerts Service', () => { }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, + 'index.mapping.ignore_dynamic_beyond_limit': true, }, mappings: { _meta: { @@ -879,7 +882,7 @@ describe('Alerts Service', () => { managed: true, namespace: 'default', }, - dynamic: false, + dynamic: true, }, }, _meta: { diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts index 85113b768860a..cc8e7b161ffcd 100644 --- a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts +++ b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts @@ -35,7 +35,7 @@ const IndexTemplate = (namespace: string = 'default', useDataStream: boolean = f managed: true, namespace, }, - dynamic: false, + dynamic: true, }, settings: { auto_expand_replicas: '0-1', @@ -50,6 +50,7 @@ const IndexTemplate = (namespace: string = 'default', useDataStream: boolean = f }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, + 'index.mapping.ignore_dynamic_beyond_limit': true, }, }, priority: namespace.length, diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts index 503e3848fa658..8d28c9184388f 100644 --- a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts +++ b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts @@ -70,9 +70,10 @@ export const getIndexTemplate = ({ }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': totalFieldsLimit, + 'index.mapping.ignore_dynamic_beyond_limit': true, }, mappings: { - dynamic: false, + dynamic: true, _meta: indexMetadata, }, ...(indexPatterns.secondaryAlias diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts b/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts index 958ecaf8d270d..9865a47ae4c76 100644 --- a/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts +++ b/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts @@ -470,7 +470,7 @@ describe('Task Runner', () => { expect(call.services.alertsClient?.setAlertData).toBeTruthy(); expect(call.services.scopedClusterClient).toBeTruthy(); expect(call.services).toBeTruthy(); - expect(logger.debug).toHaveBeenCalledTimes(useDataStreamForAlerts ? 9 : 10); + expect(logger.debug).toHaveBeenCalledTimes(useDataStreamForAlerts ? 8 : 9); let debugCall = 1; expect(logger.debug).nthCalledWith( @@ -494,10 +494,6 @@ describe('Task Runner', () => { debugCall++, 'Installing component template .alerts-legacy-alert-mappings' ); - expect(logger.debug).nthCalledWith( - debugCall++, - 'Installing component template .alerts-ecs-mappings' - ); expect(logger.debug).nthCalledWith( debugCall++, 'deprecated ruleRunStatus for test:1: {"lastExecutionDate":"1970-01-01T00:00:00.000Z","status":"ok"}', From d7f15960fc160c15b364ae04c80a69d3def2038e Mon Sep 17 00:00:00 2001 From: Ying Date: Tue, 26 Nov 2024 11:18:04 -0500 Subject: [PATCH 4/4] Adding more settings --- .../alerting/server/alerts_service/alerts_service.test.ts | 6 +++--- .../lib/create_or_update_index_template.test.ts | 2 +- .../alerts_service/lib/create_or_update_index_template.ts | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts b/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts index 2831237a304fc..1543596a7ad4d 100644 --- a/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts +++ b/x-pack/plugins/alerting/server/alerts_service/alerts_service.test.ts @@ -170,7 +170,7 @@ const getIndexTemplatePutBody = (opts?: GetIndexTemplatePutBodyOpts) => { }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, - 'index.mapping.ignore_dynamic_beyond_limit': true, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, mappings: { dynamic: true, @@ -433,7 +433,7 @@ describe('Alerts Service', () => { rollover_alias: `.alerts-empty-default`, }, 'index.mapping.total_fields.limit': 1800, - 'index.mapping.ignore_dynamic_beyond_limit': true, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, mappings: { dynamic: true, @@ -874,7 +874,7 @@ describe('Alerts Service', () => { }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, - 'index.mapping.ignore_dynamic_beyond_limit': true, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, mappings: { _meta: { diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts index cc8e7b161ffcd..d500db6e41ea5 100644 --- a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts +++ b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.test.ts @@ -50,7 +50,7 @@ const IndexTemplate = (namespace: string = 'default', useDataStream: boolean = f }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': 2500, - 'index.mapping.ignore_dynamic_beyond_limit': true, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, }, priority: namespace.length, diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts index 8d28c9184388f..e1321651d285e 100644 --- a/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts +++ b/x-pack/plugins/alerting/server/alerts_service/lib/create_or_update_index_template.ts @@ -70,7 +70,7 @@ export const getIndexTemplate = ({ }), 'index.mapping.ignore_malformed': true, 'index.mapping.total_fields.limit': totalFieldsLimit, - 'index.mapping.ignore_dynamic_beyond_limit': true, + 'index.mapping.total_fields.ignore_dynamic_beyond_limit': true, }, mappings: { dynamic: true,