-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EQL: Change default indices options #63192
Conversation
Ignore by default unavailable indices (same as ES) and verify that allowNoIndices is set to false since at least one index is required for validating the query. Fix elastic#62986
Pinging @elastic/es-ql (:Query Languages/EQL) |
assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(404)); | ||
//assertThat(exc.getMessage(), containsString("unauthorized")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@imotov not sure why this fails now... Essentially by changing the index option ignoreUnavailable
from false
to true
the 403/unauthorized became a 404...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is because we ignore unavailable indices and ended up with no indices at all, which leads to 404.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And previously we did not ignore them but because we couldn't get access to them to verify their existence we got the 403...Make sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this means that if you only include non existing indices we don't fail?
Can we have a test for that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you need to make the same change in rest high level client corresponding EqlSearchRequest class.
assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(404)); | ||
//assertThat(exc.getMessage(), containsString("unauthorized")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is because we ignore unavailable indices and ended up with no indices at all, which leads to 404.
@@ -83,6 +83,20 @@ setup: | |||
- match: {hits.sequences.1.events.0._id: "2"} | |||
- match: {hits.sequences.1.events.1._id: "3"} | |||
|
|||
--- | |||
"Execute EQL sequence by default ignores unavailable indices" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing :
at the end
@@ -34,7 +34,7 @@ | |||
public class EqlSearchRequest implements Validatable, ToXContentObject { | |||
|
|||
private String[] indices; | |||
private IndicesOptions indicesOptions = IndicesOptions.fromOptions(false, false, true, false); | |||
private IndicesOptions indicesOptions = IndicesOptions.fromOptions(true, false, true, false); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@astefan the change inside EQL high-level rest client.
"Execute EQL sequence by default ignores unavailable indices" | ||
- do: | ||
eql.search: | ||
index: eql_test,non_existing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@matriv the integration test against non-existing indices
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant to query against only unavailable indices, just for completeness.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, left 2 comments.
assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(403)); | ||
assertThat(exc.getMessage(), containsString("unauthorized")); | ||
assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(404)); | ||
//assertThat(exc.getMessage(), containsString("unauthorized")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we remove it then?
"Execute EQL sequence by default ignores unavailable indices" | ||
- do: | ||
eql.search: | ||
index: eql_test,non_existing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant to query against only unavailable indices, just for completeness.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Ignore by default unavailable indices (same as ES) and verify that
allowNoIndices is set to false since at least one index is required
for validating the query.
Fix #62986