From f3aab8e4bf3d86ab1c870ad3a5a4c1a656f310f1 Mon Sep 17 00:00:00 2001
From: Joanne Wang <109310487+jowg-amazon@users.noreply.github.com>
Date: Fri, 1 Sep 2023 11:59:40 -0700
Subject: [PATCH] Fixes detectorType incompatibility with detector rules (#524)

Signed-off-by: jowg-amazon <jowg@amazon.com>
---
 .../TransportIndexDetectorAction.java         |  4 +-
 .../resthandler/DetectorRestApiIT.java        | 51 +++++++++++--------
 2 files changed, 33 insertions(+), 22 deletions(-)

diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
index d8d4c99bf..6b74e16af 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
@@ -288,9 +288,9 @@ public void onFailure(Exception e) {
                 );
             }, listener::onFailure);
         } else {
-            // Do nothing if detector doesn't have any monitor
+            // Failure if detector doesn't have any monitor
             if (monitorRequests.isEmpty()) {
-                listener.onResponse(Collections.emptyList());
+                listener.onFailure(new OpenSearchStatusException("Detector cannot be created as no compatible rules were provided", RestStatus.BAD_REQUEST));
                 return;
             }
 
diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java
index 2e27d7835..8b92beb77 100644
--- a/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java
+++ b/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java
@@ -322,29 +322,40 @@ public void testCreateDetectorWithoutRules() throws IOException {
 
         Detector detector = randomDetector(Collections.emptyList());
 
-        Response createResponse = makeRequest(client(), "POST", SecurityAnalyticsPlugin.DETECTOR_BASE_URI, Collections.emptyMap(), toHttpEntity(detector));
-        Assert.assertEquals("Create detector failed", RestStatus.CREATED, restStatus(createResponse));
+        try {
+            makeRequest(client(), "POST", SecurityAnalyticsPlugin.DETECTOR_BASE_URI, Collections.emptyMap(), toHttpEntity(detector));
+            fail("create detector call should have failed");
+        } catch (ResponseException ex) {
+            Assert.assertEquals(400, ex.getResponse().getStatusLine().getStatusCode());
+            assertTrue(ex.getMessage().contains("Detector cannot be created as no compatible rules were provided"));
+        }
+    }
 
-        Map<String, Object> responseBody = asMap(createResponse);
+    public void testCreateDetectorWithIncompatibleDetectorType() throws IOException {
+        String index = createTestIndex(randomIndex(), windowsIndexMapping());
 
-        // Verify rules
-        String request = "{\n" +
-                "   \"query\" : {\n" +
-                "     \"match_all\":{\n" +
-                "     }\n" +
-                "   }\n" +
-                "}";
-        SearchResponse response = executeSearchAndGetResponse(DetectorMonitorConfig.getRuleIndex(randomDetectorType()) + "*", request, true);
-        Assert.assertEquals(0, response.getHits().getTotalHits().value);
+        // Execute CreateMappingsAction to add alias mapping for index
+        Request createMappingRequest = new Request("POST", SecurityAnalyticsPlugin.MAPPER_BASE_URI);
+        // both req params and req body are supported
+        createMappingRequest.setJsonEntity(
+                "{ \"index_name\":\"" + index + "\"," +
+                        "  \"rule_topic\":\"" + randomDetectorType() + "\", " +
+                        "  \"partial\":true" +
+                        "}"
+        );
 
-        String createdId = responseBody.get("_id").toString();
-        int createdVersion = Integer.parseInt(responseBody.get("_version").toString());
-        Assert.assertNotEquals("response is missing Id", Detector.NO_ID, createdId);
-        Assert.assertTrue("incorrect version", createdVersion > 0);
-        Assert.assertEquals("Incorrect Location header", String.format(Locale.getDefault(), "%s/%s", SecurityAnalyticsPlugin.DETECTOR_BASE_URI, createdId), createResponse.getHeader("Location"));
-        Assert.assertFalse(((Map<String, Object>) responseBody.get("detector")).containsKey("rule_topic_index"));
-        Assert.assertFalse(((Map<String, Object>) responseBody.get("detector")).containsKey("findings_index"));
-        Assert.assertFalse(((Map<String, Object>) responseBody.get("detector")).containsKey("alert_index"));
+        Response createMappingResponse = client().performRequest(createMappingRequest);
+        assertEquals(HttpStatus.SC_OK, createMappingResponse.getStatusLine().getStatusCode());
+
+        Detector detector = randomDetector(getPrePackagedRules("ad_ldap"));
+
+        try {
+            makeRequest(client(), "POST", SecurityAnalyticsPlugin.DETECTOR_BASE_URI, Collections.emptyMap(), toHttpEntity(detector));
+            fail("create detector call should have failed");
+        } catch (ResponseException ex) {
+            Assert.assertEquals(400, ex.getResponse().getStatusLine().getStatusCode());
+            assertTrue(ex.getMessage().contains("Detector cannot be created as no compatible rules were provided"));
+        }
     }
 
     public void testCreateDetectorWithInvalidCategory() throws IOException {