[Security Solution + Files + Fleet] Add option to Files client to handle index alias and fix Endpoint/Fleet usage to set new option to true #153342
Conversation
paul-tavares
added
release_note:skip
| : undefined; | ||
|
|
||
| // Because `asStream` was used in retrieving the document, errors will also not be processes |
There was a problem hiding this comment.
FYI: this was something that had caused me some trouble in the past. When asStream is used, errors in ES are also not processed, so the call does not actually fail. We check here to see if retrieving the chunk was successful and error/log it if not.
| // to retrieve the chunk. | ||
| if (decodedChunkDoc && ('error' in decodedChunkDoc || !decodedChunkDoc.found)) { | ||
| const err = new Error(`Failed to retrieve chunk id [${id}] from index [${chunkIndex}]`); | ||
| this.logger.error(err); |
There was a problem hiding this comment.
FYI: I normally prefer .error() instead of .debug just because it will provide imediate feedback in the logs without requiring a customer to set debugging to debug. The code base seems to (for the most part) use .debug() so let me know if I should change it.
paul-tavares
changed the title
get-file server services to use .search() instead of .get() when retrieving file info
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
| @@ -186,6 +186,7 @@ export async function getAgentUploadFile( | |||
| metadataIndex: FILE_STORAGE_METADATA_AGENT_INDEX, | |||
| elasticsearchClient: esClient, | |||
| logger: appContextService.getLogger(), | |||
| indexIsAlias: true, | |||
botelastic
bot
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
There was a problem hiding this comment.
Great work! Files services code changes LGTM.
In Slack you mentioned about testing, there are integration tests in src/plugins/files/server/blob_storage_service/adapters/es/integration_tests/es.test.ts for this code.
You can run them with
yarn test:jest_integration src/plugins/files/server/blob_storage_service/adapters/es/integration_tests/es.test.ts
You can either add a test case for indexIsAlias there, or copy the whole test suite and execute it using indexIsAlias: true.
|
Nothing actionable, just curious, why did you decide instead of fetching the chunk by "search", to instead execute a query to find the index first and then fetch by "get"? |
| @@ -30,6 +30,13 @@ export interface CreateEsFileClientArgs { | |||
| * An elasticsearch client that will be used to interact with the cluster. | |||
| */ | |||
| elasticsearchClient: ElasticsearchClient; | |||
| /** | |||
| * Tread the indexes provided as Aliases. If set to true, ES `search()` will be used to | |||
| @@ -30,6 +30,13 @@ export interface CreateEsFileClientArgs { | |||
| * An elasticsearch client that will be used to interact with the cluster. | |||
| */ | |||
| elasticsearchClient: ElasticsearchClient; | |||
| /** | |||
| * Tread the indexes provided as Aliases. If set to true, ES `search()` will be used to | |||
| * retrieve the file info and content instead of `get()`. This is needed to ensurer the | |||
| : undefined; | ||
|
|
||
| // Because `asStream` was used in retrieving the document, errors will also not be processes |
There was a problem hiding this comment.
nit: ...also not be processed...
|
Hi @vadimkibana , Re:
I did not want to change to much in that function, so I opted to stick with the |
💚 Build Succeeded
Metrics [docs]Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…dle index alias and fix Endpoint/Fleet usage to set new option to true (elastic#153342) ## Summary - Adds `indexIsAlias` to `Files` plugin client. Used when provided indexes are Aliases (changes how the documents are retrieved internally) - Changes security solution (endpoint) file service to use `.search()` instead of `.get()` when retrieving a file metadata via `id` - Changed Security Solution call to `createEsFileClient()` (`Files` plugin service) to set `indexIsAlias` to `true` - Changed Fleet call to `createEsFileClient()` (`Files` plugin service) to set `indexIsAlias` to `true` Addresses the following Issues that were raised for 8.7: - Fixes elastic#153322 - FIxes elastic#153334 (cherry picked from commit 50cc574) # Conflicts: # src/plugins/files/server/blob_storage_service/adapters/es/content_stream/content_stream.ts # src/plugins/files/server/file_client/create_es_file_client.ts
…to handle index alias and fix Endpoint/Fleet usage to set new option to true (#153342) (#153403) # Backport This will backport the following commits from `main` to `8.7`: - [[Security Solution + Files + Fleet] Add option to Files client to handle index alias and fix Endpoint/Fleet usage to set new option to true (#153342)](#153342) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Paul Tavares","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-03-21T20:40:39Z","message":"[Security Solution + Files + Fleet] Add option to Files client to handle index alias and fix Endpoint/Fleet usage to set new option to true (#153342)\n\n## Summary\r\n\r\n- Adds `indexIsAlias` to `Files` plugin client. Used when provided\r\nindexes are Aliases (changes how the documents are retrieved internally)\r\n- Changes security solution (endpoint) file service to use `.search()`\r\ninstead of `.get()` when retrieving a file metadata via `id`\r\n- Changed Security Solution call to `createEsFileClient()` (`Files`\r\nplugin service) to set `indexIsAlias` to `true`\r\n- Changed Fleet call to `createEsFileClient()` (`Files` plugin service)\r\nto set `indexIsAlias` to `true`\r\n\r\n\r\nAddresses the following Issues that were raised for 8.7:\r\n\r\n- Fixes #153322 \r\n- FIxes #153334","sha":"50cc574c63a3837ce255878ee483b9cbc75d8277","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","Team:Defend Workflows","v8.7.0","v8.8.0"],"number":153342,"url":"https://github.com/elastic/kibana/pull/153342","mergeCommit":{"message":"[Security Solution + Files + Fleet] Add option to Files client to handle index alias and fix Endpoint/Fleet usage to set new option to true (#153342)\n\n## Summary\r\n\r\n- Adds `indexIsAlias` to `Files` plugin client. Used when provided\r\nindexes are Aliases (changes how the documents are retrieved internally)\r\n- Changes security solution (endpoint) file service to use `.search()`\r\ninstead of `.get()` when retrieving a file metadata via `id`\r\n- Changed Security Solution call to `createEsFileClient()` (`Files`\r\nplugin service) to set `indexIsAlias` to `true`\r\n- Changed Fleet call to `createEsFileClient()` (`Files` plugin service)\r\nto set `indexIsAlias` to `true`\r\n\r\n\r\nAddresses the following Issues that were raised for 8.7:\r\n\r\n- Fixes #153322 \r\n- FIxes #153334","sha":"50cc574c63a3837ce255878ee483b9cbc75d8277"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/153342","number":153342,"mergeCommit":{"message":"[Security Solution + Files + Fleet] Add option to Files client to handle index alias and fix Endpoint/Fleet usage to set new option to true (#153342)\n\n## Summary\r\n\r\n- Adds `indexIsAlias` to `Files` plugin client. Used when provided\r\nindexes are Aliases (changes how the documents are retrieved internally)\r\n- Changes security solution (endpoint) file service to use `.search()`\r\ninstead of `.get()` when retrieving a file metadata via `id`\r\n- Changed Security Solution call to `createEsFileClient()` (`Files`\r\nplugin service) to set `indexIsAlias` to `true`\r\n- Changed Fleet call to `createEsFileClient()` (`Files` plugin service)\r\nto set `indexIsAlias` to `true`\r\n\r\n\r\nAddresses the following Issues that were raised for 8.7:\r\n\r\n- Fixes #153322 \r\n- FIxes #153334","sha":"50cc574c63a3837ce255878ee483b9cbc75d8277"}}]}] BACKPORT-->
There was a problem hiding this comment.
Left a few post hoc thoughts @paul-tavares . Otherwise this change LGTM!
| private readonly logger: Logger, | ||
| private readonly indexIsAlias: boolean = false |
There was a problem hiding this comment.
nit: we usually try to follow the pattern of passing logger last. I understand this prevents indexIsAlias from using default and would make the refactor a little larger. Best solution may be proper DI 😄
| return fileDocSearchResult.hits.hits[0] as GetResponse<TDocument>; | ||
| } | ||
|
|
||
| return esClient.get<TDocument>({ |
There was a problem hiding this comment.
With this change, we do not have the same error behaviour for non-existent docs. A call to .get will throw where a call to .search will not.
I think we should just copy what x-pack/plugins/security_solution/server/endpoint/services/actions/action_files.ts is doing in this case.
|
Thanks @jloleysens for the feedback. |
…tion and minor refactor (#153815) ## Summary This PR builds on top of #153342 and: - adds test for the `indexAsAlias` option that was added to `createEsFileClient()` - removes `fetchDoc()` utility (not needed) --------- Co-authored-by: kibanamachine <[email protected]>
Summary
indexIsAliastoFilesplugin client. Used when provided indexes are Aliases (changes how the documents are retrieved internally).search()instead of.get()when retrieving a file metadata viaidcreateEsFileClient()(Filesplugin service) to setindexIsAliastotruecreateEsFileClient()(Filesplugin service) to setindexIsAliastotrueAddresses the following Issues that were raised for 8.7: