From 282046d7c76048f6e2120fcfe2eb7b50360d015f Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Tue, 24 Oct 2023 15:45:07 -0700 Subject: [PATCH] fix doc level query constructor (#651) (#682) Signed-off-by: Surya Sashank Nistala (cherry picked from commit 58a3a83619010b2c4059eaa8731d1df6d4628640) Co-authored-by: Surya Sashank Nistala --- .../securityanalytics/findings/FindingsService.java | 2 +- .../transport/TransportIndexDetectorAction.java | 8 ++++++-- .../securityanalytics/findings/FindingDtoTests.java | 5 +++-- .../securityanalytics/findings/FindingServiceTests.java | 4 ++-- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java index 755b124db..4674f40cc 100644 --- a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java +++ b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java @@ -216,7 +216,7 @@ public FindingDto mapFindingWithDocsToFindingDto(FindingWithDocs findingWithDocs if (docLevelQueries.isEmpty()) { // this is finding generated by a bucket level monitor for (Map.Entry entry : detector.getRuleIdMonitorIdMap().entrySet()) { if(entry.getValue().equals(findingWithDocs.getFinding().getMonitorId())) { - docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"","",Collections.emptyList())); + docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"", Collections.emptyList(),"",Collections.emptyList())); } } } diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java index fdad38e58..cbed43990 100644 --- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java +++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java @@ -295,7 +295,10 @@ private void createMonitorFromQueries(List> rulesById, Detect ); } }, - listener::onFailure + e1 -> { + log.error("Failed to index doc level monitor in detector creation", e1); + listener.onFailure(e1); + } ); }, listener::onFailure); } else { @@ -642,7 +645,7 @@ private IndexMonitorRequest createDocLevelMonitorRequest(List tags.add(rule.getCategory()); tags.addAll(rule.getTags().stream().map(Value::getValue).collect(Collectors.toList())); - DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, actualQuery, tags); + DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, Collections.emptyList(), actualQuery, tags); docLevelQueries.add(docLevelQuery); } DocLevelMonitorInput docLevelMonitorInput = new DocLevelMonitorInput(detector.getName(), detector.getInputs().get(0).getIndices(), docLevelQueries); @@ -692,6 +695,7 @@ private IndexMonitorRequest createDocLevelMonitorMatchAllRequest( DocLevelQuery docLevelQuery = new DocLevelQuery( monitorName, monitorName + "doc", + Collections.emptyList(), actualQuery, Collections.emptyList() ); diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java index 7877410be..ffcb75644 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java @@ -5,6 +5,7 @@ package org.opensearch.securityanalytics.findings; import java.time.Instant; +import java.util.Collections; import java.util.List; import org.opensearch.commons.alerting.model.DocLevelQuery; import org.opensearch.commons.alerting.model.FindingDocument; @@ -27,7 +28,7 @@ public void testFindingDTO_creation() { "findingId", List.of("doc1", "doc2", "doc3"), "my_index", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), now, List.of(findingDocument1, findingDocument2, findingDocument3) ); @@ -36,7 +37,7 @@ public void testFindingDTO_creation() { assertEquals("findingId", findingDto.getId()); assertEquals(List.of("doc1", "doc2", "doc3"), findingDto.getRelatedDocIds()); assertEquals("my_index", findingDto.getIndex()); - assertEquals(List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), findingDto.getDocLevelQueries()); + assertEquals(List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), findingDto.getDocLevelQueries()); assertEquals(now, findingDto.getTimestamp()); assertEquals(List.of(findingDocument1, findingDocument2, findingDocument3), findingDto.getDocuments()); } diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java index 0fb9376b6..5c28ba65b 100644 --- a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java +++ b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java @@ -84,7 +84,7 @@ public void testGetFindings_success() { "monitor_id1", "monitor_name1", "test_index1", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), Instant.now(), "1234" ); @@ -100,7 +100,7 @@ public void testGetFindings_success() { "monitor_id2", "monitor_name2", "test_index2", - List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), + List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), Instant.now(), "1234" );