[Custom threshold] Always pass allowLeadingWildcards as true to the KQL validation in the custom threshold rule API param validation #190031
Conversation
maryam-saeidi
added
bug
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
botelastic
bot
added
ci:project-deploy-observability
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
maryam-saeidi
changed the title
| @@ -103,9 +105,11 @@ export function thresholdRuleType( | |||
| name: schema.string(), | |||
| aggType: schema.literal('count'), | |||
| filter: schema.maybe( | |||
| schema.string({ | |||
| validate: validateKQLStringFilter, | |||
There was a problem hiding this comment.
@jasonrhodes I am changing the validateKQLStringFilter validation to string to avoid the issue mentioned here. Alternatively, I can always pass the leadingWildcard setting as true, but there are other configs, and I am not sure if we face the same issue in the future. Any thoughts?
There was a problem hiding this comment.
Discussed offline: I will change the code to set the leadingWildcard to true by default for all the requests.
There was a problem hiding this comment.
For extra clarity for my future self: the leadingWildcard value will be set to true for the validation function that runs on the server, which means the server validation phase will allow leading wildcards always, regardless of the advanced setting value. All other KQL syntax will continue to be checked and invalid syntax would trigger an error as usual.
In the case that a user submits leading wildcard KQL to the API and allows it to be saved, but the advanced setting in Kibana is set to disallow leading wildcards, the query will fail during the rule execution phase and generate an error that can be seen in the rule's event log.
This is a temporary fix meant to address this validation situation as best as we can until @elastic/response-ops is able to provide a way for us to access advanced setting values during the validation phase.
|
In terms of Backwards Compatibility / Zero Down Time (BWC / ZDT) aspects, this is generally a safe direction to move in. Make validation more permissive in a future version. Older versions of the rule will obviously still validate. There's still the case of someone creating a new rule during an upgrade, and an older Kibana picking it up to run, and then failing the validation. But this would be short-lived (presumably) and the framework should handle these fine anyway (but report a validation error on run). The other thing to think about is the NEXT version, where you add a KQL-ish validation. Now you've made it more strict, so there's a greater possibility of BWC/ZDT issues, in theory. It would be again the same scenario - the rule would fail to run but note the validation error, and presumably the UX would also show an error on the field when editing. You may well end up with rules in a failing state on the upgrade though ... So I think we're generally good. But thought I'd think it through first ... I'm not sure, but it doesn't feel quite right, as an option, to leave the current validator (presumably with a modification to do whatever it needs to do), and then enhance it in the future - it's still leaving some room for breaking changes. As long as the UX "does the right thing", I'm 98% happy as that would leave just API users hanging on this issue, the course of which is already fraught with peril, and presumably they are looking more closely at logs/histories so would notice ... |
|
@pmuellr Did I understand correctly that you are in favor of using the |
That's what this PR is doing, right? On server-side anyway? That's what I thought it was doing given the title and top comment; but looking closer I see it's ADDING a validation of some sort. So, this actually is a forward compatibility issue then! Old rules which for some reason have rule params that do not validate, will cause the rules to stop running.
But you are currently storing unvalidated strings in here, right? So when a rule runs with a param which does not validate, the rule will exit early, failing the validation. I may be misunderstanding what's going on here ... |
maryam-saeidi
changed the title
maryam-saeidi
added
the
backport:prev-minor
Sorry for the confusion; I forgot to update the PR title and description; my bad. Now it is up to date with the latest changes, thanks for the catch!
This is only at the time of rule creation/update. So, the rule should have failed even before this change, and the rule execution is the same after merging this PR. The difference is that if users save rules with invalid parameters and try to update the rule with the same invalid filter, they will receive an error during the update but no difference on execution.
I changed this part. Now, we validate the KQL filter by passing the allowLeadingWildcards setting as true always, so we made the validation loose but didn't remove it. Also, in the case of the optional filter, the validation was on the wrong field, which I fixed. So, for that one, previously, we didn't have validation, and now we validate it using allowLeadingWildcards as true. Please let me know if there are any concerns that we need to take into account. (Update: discussed in Slack and there was no major concern) |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
…QL validation in the custom threshold rule API param validation (elastic#190031) Fixes elastic#189072 Related elastic#190029 ## Summary This PR updates the KQL validation on the server side by passing the Kibana leadingWildcard setting as true during validation. This means that even if this configuration is disabled in Kibana, we will still allow saving such a filter in the rule, but it will fail during rule execution. I've created a separate ticket to discuss how to apply the KQL validation correctly during API param validation. ([issue](elastic#190029)) This fix will solve the following issues: <img src="https://github.com/user-attachments/assets/d99177cb-d4cd-4f33-9a60-8575d87372e3" width=500 /> We also have [proper validation on the UI side](https://github.com/elastic/kibana/blob/main/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/validation.tsx#L60,L64) that considers Kibana setting during validation: |Error|Leading wildcard error| |---|---| | || (cherry picked from commit ae4d522)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
|
Wanted to add a note re: potential Backward Compatibility / Zero Down Time issues. On the face of it, we made one field stricter and one field looser. The field that we made stricter (query) would end up failing in the rule executor, so the only compatibility issue is where it fails (framework now instead of executor). The field that we made looser (language) wasn't supposed to be validated anyway - the value will be like So, seems like we shouldn't have any forward- or backward- compatibility issues. |
…o the KQL validation in the custom threshold rule API param validation (#190031) (#190494) # Backport This will backport the following commits from `main` to `8.15`: - [[Custom threshold] Always pass allowLeadingWildcards as true to the KQL validation in the custom threshold rule API param validation (#190031)](#190031) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maryam Saeidi","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-08-14T10:38:53Z","message":"[Custom threshold] Always pass allowLeadingWildcards as true to the KQL validation in the custom threshold rule API param validation (#190031)\n\nFixes #189072\r\nRelated #190029\r\n\r\n## Summary\r\n\r\nThis PR updates the KQL validation on the server side by passing the\r\nKibana leadingWildcard setting as true during validation. This means\r\nthat even if this configuration is disabled in Kibana, we will still\r\nallow saving such a filter in the rule, but it will fail during rule\r\nexecution.\r\nI've created a separate ticket to discuss how to apply the KQL\r\nvalidation correctly during API param validation.\r\n([issue](https://github.com/elastic/kibana/issues/190029))\r\n\r\nThis fix will solve the following issues:\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/d99177cb-d4cd-4f33-9a60-8575d87372e3\"\r\nwidth=500 />\r\n\r\n\r\nWe also have [proper validation on the UI\r\nside](https://github.com/elastic/kibana/blob/main/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/validation.tsx#L60,L64)\r\nthat considers Kibana setting during validation:\r\n\r\n|Error|Leading wildcard error|\r\n|---|---|\r\n|\r\n||","sha":"ae4d522b52b2c3573c4e276bfd38ecec00d9ff96","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-management","Feature: Custom threshold","v8.16.0"],"title":"[Custom threshold] Always pass allowLeadingWildcards as true to the KQL validation in the custom threshold rule API param validation","number":190031,"url":"https://github.com/elastic/kibana/pull/190031","mergeCommit":{"message":"[Custom threshold] Always pass allowLeadingWildcards as true to the KQL validation in the custom threshold rule API param validation (#190031)\n\nFixes #189072\r\nRelated #190029\r\n\r\n## Summary\r\n\r\nThis PR updates the KQL validation on the server side by passing the\r\nKibana leadingWildcard setting as true during validation. This means\r\nthat even if this configuration is disabled in Kibana, we will still\r\nallow saving such a filter in the rule, but it will fail during rule\r\nexecution.\r\nI've created a separate ticket to discuss how to apply the KQL\r\nvalidation correctly during API param validation.\r\n([issue](https://github.com/elastic/kibana/issues/190029))\r\n\r\nThis fix will solve the following issues:\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/d99177cb-d4cd-4f33-9a60-8575d87372e3\"\r\nwidth=500 />\r\n\r\n\r\nWe also have [proper validation on the UI\r\nside](https://github.com/elastic/kibana/blob/main/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/validation.tsx#L60,L64)\r\nthat considers Kibana setting during validation:\r\n\r\n|Error|Leading wildcard error|\r\n|---|---|\r\n|\r\n||","sha":"ae4d522b52b2c3573c4e276bfd38ecec00d9ff96"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/190031","number":190031,"mergeCommit":{"message":"[Custom threshold] Always pass allowLeadingWildcards as true to the KQL validation in the custom threshold rule API param validation (#190031)\n\nFixes #189072\r\nRelated #190029\r\n\r\n## Summary\r\n\r\nThis PR updates the KQL validation on the server side by passing the\r\nKibana leadingWildcard setting as true during validation. This means\r\nthat even if this configuration is disabled in Kibana, we will still\r\nallow saving such a filter in the rule, but it will fail during rule\r\nexecution.\r\nI've created a separate ticket to discuss how to apply the KQL\r\nvalidation correctly during API param validation.\r\n([issue](https://github.com/elastic/kibana/issues/190029))\r\n\r\nThis fix will solve the following issues:\r\n<img\r\nsrc=\"https://github.com/user-attachments/assets/d99177cb-d4cd-4f33-9a60-8575d87372e3\"\r\nwidth=500 />\r\n\r\n\r\nWe also have [proper validation on the UI\r\nside](https://github.com/elastic/kibana/blob/main/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/validation.tsx#L60,L64)\r\nthat considers Kibana setting during validation:\r\n\r\n|Error|Leading wildcard error|\r\n|---|---|\r\n|\r\n||","sha":"ae4d522b52b2c3573c4e276bfd38ecec00d9ff96"}}]}] BACKPORT--> --------- Co-authored-by: Maryam Saeidi <[email protected]>
Fixes #189072
Related #190029
Summary
This PR updates the KQL validation on the server side by passing the Kibana leadingWildcard setting as true during validation. This means that even if this configuration is disabled in Kibana, we will still allow saving such a filter in the rule, but it will fail during rule execution.
I've created a separate ticket to discuss how to apply the KQL validation correctly during API param validation. (issue)
This fix will solve the following issues:
We also have proper validation on the UI side that considers Kibana setting during validation: