forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ResponseOps][Rules] Move the params of es query and index threshold …
…rule types (elastic#210197) Connected with elastic#195188 ## Summary - Moved params of es query rule type to `@kbn/response-ops-rule-params/es_query` package - Moved params of index threshold rule type to `@kbn/response-ops-rule-params/index_threshold` package The following constants for the es query rule type have been duplicated: - MAX_SELECTABLE_SOURCE_FIELDS - MAX_SELECTABLE_GROUP_BY_TERMS - ES_QUERY_MAX_HITS_PER_EXECUTION
- Loading branch information
1 parent
3ce4cf5
commit 71254c8
Showing
40 changed files
with
576 additions
and
556 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
src/platform/packages/shared/response-ops/rule_params/es_query/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the "Elastic License | ||
| * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side | ||
| * Public License v 1"; you may not use this file except in compliance with, at | ||
| * your election, the "Elastic License 2.0", the "GNU Affero General Public | ||
| * License v3.0 only", or the "Server Side Public License, v 1". | ||
| */ | ||
| export { EsQueryRuleParamsSchema } from './latest'; | ||
| export { EsQueryRuleParamsSchema as EsQueryRuleParamsSchemaV1 } from './v1'; | ||
|
|
||
| export type { EsQueryRuleParams } from './latest'; | ||
| export type { EsQueryRuleParams as EsQueryRuleParamsV1 } from './latest'; |
9 changes: 9 additions & 0 deletions
9
src/platform/packages/shared/response-ops/rule_params/es_query/latest.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the "Elastic License | ||
| * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side | ||
| * Public License v 1"; you may not use this file except in compliance with, at | ||
| * your election, the "Elastic License 2.0", the "GNU Affero General Public | ||
| * License v3.0 only", or the "Server Side Public License, v 1". | ||
| */ | ||
| export * from './v1'; |
217 changes: 217 additions & 0 deletions
217
src/platform/packages/shared/response-ops/rule_params/es_query/v1.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,217 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the "Elastic License | ||
| * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side | ||
| * Public License v 1"; you may not use this file except in compliance with, at | ||
| * your election, the "Elastic License 2.0", the "GNU Affero General Public | ||
| * License v3.0 only", or the "Server Side Public License, v 1". | ||
| */ | ||
| import { schema, TypeOf } from '@kbn/config-schema'; | ||
| import { i18n } from '@kbn/i18n'; | ||
|
|
||
| import { | ||
| validateTimeWindowUnits, | ||
| validateAggType, | ||
| validateGroupBy, | ||
| getComparatorSchemaType, | ||
| betweenComparators, | ||
| validateComparator, | ||
| } from '../common/utils'; | ||
|
|
||
| import { | ||
| MAX_SELECTABLE_SOURCE_FIELDS, | ||
| MAX_SELECTABLE_GROUP_BY_TERMS, | ||
| ES_QUERY_MAX_HITS_PER_EXECUTION, | ||
| MAX_GROUPS, | ||
| Comparator, | ||
| } from '../common/constants'; | ||
|
|
||
| const EsQueryRuleParamsSchemaProperties = { | ||
| size: schema.number({ min: 0, max: ES_QUERY_MAX_HITS_PER_EXECUTION }), | ||
| timeWindowSize: schema.number({ min: 1 }), | ||
| excludeHitsFromPreviousRun: schema.boolean({ defaultValue: true }), | ||
| timeWindowUnit: schema.string({ validate: validateTimeWindowUnits }), | ||
| threshold: schema.arrayOf(schema.number(), { minSize: 1, maxSize: 2 }), | ||
| thresholdComparator: getComparatorSchemaType(validateComparator), | ||
| // aggregation type | ||
| aggType: schema.string({ validate: validateAggType, defaultValue: 'count' }), | ||
| // aggregation field | ||
| aggField: schema.maybe(schema.string({ minLength: 1 })), | ||
| // how to group | ||
| groupBy: schema.string({ validate: validateGroupBy, defaultValue: 'all' }), | ||
| // field to group on (for groupBy: top) | ||
| termField: schema.maybe( | ||
| schema.oneOf([ | ||
| schema.string({ minLength: 1 }), | ||
| schema.arrayOf(schema.string(), { minSize: 2, maxSize: MAX_SELECTABLE_GROUP_BY_TERMS }), | ||
| ]) | ||
| ), | ||
| // limit on number of groups returned | ||
| termSize: schema.maybe(schema.number({ min: 1 })), | ||
| searchType: schema.oneOf( | ||
| [schema.literal('searchSource'), schema.literal('esQuery'), schema.literal('esqlQuery')], | ||
| { | ||
| defaultValue: 'esQuery', | ||
| } | ||
| ), | ||
| timeField: schema.conditional( | ||
| schema.siblingRef('searchType'), | ||
| schema.literal('esQuery'), | ||
| schema.string({ minLength: 1 }), | ||
| schema.maybe(schema.string({ minLength: 1 })) | ||
| ), | ||
| // searchSource rule param only | ||
| searchConfiguration: schema.conditional( | ||
| schema.siblingRef('searchType'), | ||
| schema.literal('searchSource'), | ||
| schema.object({}, { unknowns: 'allow' }), | ||
| schema.never() | ||
| ), | ||
| // esQuery rule params only | ||
| esQuery: schema.conditional( | ||
| schema.siblingRef('searchType'), | ||
| schema.literal('esQuery'), | ||
| schema.string({ minLength: 1 }), | ||
| schema.never() | ||
| ), | ||
| index: schema.conditional( | ||
| schema.siblingRef('searchType'), | ||
| schema.literal('esQuery'), | ||
| schema.arrayOf(schema.string({ minLength: 1 }), { minSize: 1 }), | ||
| schema.never() | ||
| ), | ||
| // esqlQuery rule params only | ||
| esqlQuery: schema.conditional( | ||
| schema.siblingRef('searchType'), | ||
| schema.literal('esqlQuery'), | ||
| schema.object({ esql: schema.string({ minLength: 1 }) }), | ||
| schema.never() | ||
| ), | ||
| sourceFields: schema.maybe( | ||
| schema.arrayOf( | ||
| schema.object({ | ||
| label: schema.string(), | ||
| searchPath: schema.string(), | ||
| }), | ||
| { | ||
| maxSize: MAX_SELECTABLE_SOURCE_FIELDS, | ||
| } | ||
| ) | ||
| ), | ||
| }; | ||
|
|
||
| // rule type parameters | ||
| export type EsQueryRuleParams = TypeOf<typeof EsQueryRuleParamsSchema>; | ||
|
|
||
| function isSearchSourceRule(searchType: EsQueryRuleParams['searchType']) { | ||
| return searchType === 'searchSource'; | ||
| } | ||
|
|
||
| function isEsqlQueryRule(searchType: EsQueryRuleParams['searchType']) { | ||
| return searchType === 'esqlQuery'; | ||
| } | ||
|
|
||
| // using direct type not allowed, circular reference, so body is typed to any | ||
| function validateParams(anyParams: unknown): string | undefined { | ||
| const { | ||
| esQuery, | ||
| thresholdComparator, | ||
| threshold, | ||
| searchType, | ||
| aggType, | ||
| aggField, | ||
| groupBy, | ||
| termField, | ||
| termSize, | ||
| } = anyParams as EsQueryRuleParams; | ||
|
|
||
| if (betweenComparators.has(thresholdComparator) && threshold.length === 1) { | ||
| return i18n.translate('responseOps.ruleParams.esQuery.invalidThreshold2ErrorMessage', { | ||
| defaultMessage: | ||
| '[threshold]: must have two elements for the "{thresholdComparator}" comparator', | ||
| values: { | ||
| thresholdComparator, | ||
| }, | ||
| }); | ||
| } | ||
|
|
||
| if (aggType !== 'count' && !aggField) { | ||
| return i18n.translate('responseOps.ruleParams.esQuery.aggTypeRequiredErrorMessage', { | ||
| defaultMessage: '[aggField]: must have a value when [aggType] is "{aggType}"', | ||
| values: { | ||
| aggType, | ||
| }, | ||
| }); | ||
| } | ||
|
|
||
| // check grouping | ||
| if (groupBy === 'top') { | ||
| if (termField == null) { | ||
| return i18n.translate('xpack.responseOps.ruleParams.esQuery.termFieldRequiredErrorMessage', { | ||
| defaultMessage: '[termField]: termField required when [groupBy] is top', | ||
| }); | ||
| } | ||
| if (termSize == null) { | ||
| return i18n.translate('xpack.responseOps.ruleParams.esQuery.termSizeRequiredErrorMessage', { | ||
| defaultMessage: '[termSize]: termSize required when [groupBy] is top', | ||
| }); | ||
| } | ||
| if (termSize > MAX_GROUPS) { | ||
| return i18n.translate( | ||
| 'xpack.responseOps.ruleParams.esQuery.invalidTermSizeMaximumErrorMessage', | ||
| { | ||
| defaultMessage: '[termSize]: must be less than or equal to {maxGroups}', | ||
| values: { | ||
| maxGroups: MAX_GROUPS, | ||
| }, | ||
| } | ||
| ); | ||
| } | ||
| } | ||
|
|
||
| if (isSearchSourceRule(searchType)) { | ||
| return; | ||
| } | ||
|
|
||
| if (isEsqlQueryRule(searchType)) { | ||
| const { timeField } = anyParams as EsQueryRuleParams; | ||
|
|
||
| if (!timeField) { | ||
| return i18n.translate('xpack.responseOps.ruleParams.esQuery.esqlTimeFieldErrorMessage', { | ||
| defaultMessage: '[timeField]: is required', | ||
| }); | ||
| } | ||
| if (thresholdComparator !== Comparator.GT) { | ||
| return i18n.translate( | ||
| 'xpack.responseOps.ruleParams.esQuery.esqlThresholdComparatorErrorMessage', | ||
| { | ||
| defaultMessage: '[thresholdComparator]: is required to be greater than', | ||
| } | ||
| ); | ||
| } | ||
| if (threshold && threshold[0] !== 0) { | ||
| return i18n.translate('xpack.responseOps.ruleParams.esQuery.esqlThresholdErrorMessage', { | ||
| defaultMessage: '[threshold]: is required to be 0', | ||
| }); | ||
| } | ||
| return; | ||
| } | ||
|
|
||
| try { | ||
| const parsedQuery = JSON.parse(esQuery); | ||
|
|
||
| if (parsedQuery && !parsedQuery.query) { | ||
| return i18n.translate('xpack.responseOps.ruleParams.esQuery.missingEsQueryErrorMessage', { | ||
| defaultMessage: '[esQuery]: must contain "query"', | ||
| }); | ||
| } | ||
| } catch (err) { | ||
| return i18n.translate('xpack.responseOps.ruleParams.esQuery.invalidEsQueryErrorMessage', { | ||
| defaultMessage: '[esQuery]: must be valid JSON', | ||
| }); | ||
| } | ||
| } | ||
|
|
||
| export const EsQueryRuleParamsSchema = schema.object(EsQueryRuleParamsSchemaProperties, { | ||
| validate: validateParams, | ||
| }); |
Oops, something went wrong.