[Custom threshold] Always pass allowLeadingWildcards as true to the K…

…QL validation in the custom threshold rule API param validation (elastic#190031) Fixes elastic#189072 Related elastic#190029 ## Summary This PR updates the KQL validation on the server side by passing the Kibana leadingWildcard setting as true during validation. This means that even if this configuration is disabled in Kibana, we will still allow saving such a filter in the rule, but it will fail during rule execution. I've created a separate ticket to discuss how to apply the KQL validation correctly during API param validation. ([issue](elastic#190029)) This fix will solve the following issues: <img src="https://github.com/user-attachments/assets/d99177cb-d4cd-4f33-9a60-8575d87372e3" width=500 /> We also have [proper validation on the UI side](https://github.com/elastic/kibana/blob/main/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/validation.tsx#L60,L64) that considers Kibana setting during validation: |Error|Leading wildcard error| |---|---| | ![image](https://github.com/user-attachments/assets/81cfaea6-c932-4184-8f2f-0d06b267a986)|![image](https://github.com/user-attachments/assets/7719813d-ee7b-4eac-b04f-69a867a6dd89)| (cherry picked from commit ae4d522)
kibanamachine · Aug 14, 2024 · 4a61357 · 4a61357
1 parent ff58b6a
commit 4a61357
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 14 deletions.
diff --git a/...erver/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap b/...erver/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap
diff --git a/...on/observability/server/lib/rules/custom_threshold/register_custom_threshold_rule_type.ts b/...on/observability/server/lib/rules/custom_threshold/register_custom_threshold_rule_type.ts
@@ -56,10 +56,10 @@ export const MetricsRulesTypeAlertDefinition: IRuleTypeAlerts<CustomThresholdAle
 export const searchConfigurationSchema = schema.object({
   index: schema.oneOf([schema.string(), dataViewSpecSchema]),
   query: schema.object({
-    language: schema.string({
+    language: schema.string(),
+    query: schema.string({
       validate: validateKQLStringFilter,
     }),
-    query: schema.string(),
   }),
   filter: schema.maybe(
     schema.arrayOf(

diff --git a/...gins/observability_solution/observability/server/lib/rules/custom_threshold/utils.test.ts b/...gins/observability_solution/observability/server/lib/rules/custom_threshold/utils.test.ts
@@ -62,12 +62,22 @@ describe('validateKQLStringFilter', () => {
     // input, output
     ['', undefined],
     ['host.name:host-0', undefined],
-    [':*', 'filterQuery must be a valid KQL filter'],
+  ];
+  const dataWithError = [
+    // input, output
+    [
+      ':*',
+      'filterQuery must be a valid KQL filter (error: Expected "(", NOT, end of input, field name, value, whitespace but ":" found.',
+    ],
   ];
 
   test.each(data)('validateKQLStringFilter(%s): %o', (input: any, output: any) => {
     expect(validateKQLStringFilter(input)).toEqual(output);
   });
+
+  test.each(dataWithError)('validateKQLStringFilter(%s): %o', (input: any, output: any) => {
+    expect(validateKQLStringFilter(input)).toContain(output);
+  });
 });
 
 describe('getFormattedGroupBy', () => {

diff --git a/...k/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts b/...k/plugins/observability_solution/observability/server/lib/rules/custom_threshold/utils.ts
@@ -52,10 +52,14 @@ export const validateKQLStringFilter = (value: string) => {
   }
 
   try {
-    kbnBuildEsQuery(undefined, [{ query: value, language: 'kuery' }], []);
+    kbnBuildEsQuery(undefined, [{ query: value, language: 'kuery' }], [], {
+      allowLeadingWildcards: true,
+      queryStringOptions: {},
+      ignoreFilterIfFieldNotInIndex: false,
+    });
   } catch (e) {
     return i18n.translate('xpack.observability.customThreshold.rule.schema.invalidFilterQuery', {
-      defaultMessage: 'filterQuery must be a valid KQL filter',
+      defaultMessage: `filterQuery must be a valid KQL filter (error: ${e.message})`,
     });
   }
 };

diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json
@@ -29721,7 +29721,6 @@
     "xpack.observability.customThreshold.rule.labelsActionVariableDescription": "Liste d'étiquettes associées avec l'entité sur laquelle l'alerte s'est déclenchée.",
     "xpack.observability.customThreshold.rule.orchestratorActionVariableDescription": "Objet orchestrateur défini par ECS s'il est disponible dans la source.",
     "xpack.observability.customThreshold.rule.reasonActionVariableDescription": "Une description concise de la raison du signalement",
-    "xpack.observability.customThreshold.rule.schema.invalidFilterQuery": "filterQuery doit être un filtre KQL valide",
     "xpack.observability.customThreshold.rule.sourceConfiguration.missingHttp": "Échec de chargement de la source : Aucun client HTTP disponible.",
     "xpack.observability.customThreshold.rule.sourceConfiguration.updateFailureBody": "Nous n'avons pas pu appliquer les modifications à la configuration des indicateurs. Réessayez plus tard.",
     "xpack.observability.customThreshold.rule.sourceConfiguration.updateFailureTitle": "La mise à jour de la configuration a échoué",

diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
@@ -29699,7 +29699,6 @@
     "xpack.observability.customThreshold.rule.labelsActionVariableDescription": "このアラートがトリガーされたエンティティに関連付けられたラベルのリスト。",
     "xpack.observability.customThreshold.rule.orchestratorActionVariableDescription": "ソースで使用可能な場合に、ECSで定義されたオーケストレーターオブジェクト。",
     "xpack.observability.customThreshold.rule.reasonActionVariableDescription": "アラートの理由の簡潔な説明",
-    "xpack.observability.customThreshold.rule.schema.invalidFilterQuery": "filterQueryは有効なKQLフィルターでなければなりません",
     "xpack.observability.customThreshold.rule.sourceConfiguration.missingHttp": "ソースの読み込みに失敗しました：HTTPクライアントがありません。",
     "xpack.observability.customThreshold.rule.sourceConfiguration.updateFailureBody": "変更をメトリック構成に適用できませんでした。しばらくたってから再試行してください。",
     "xpack.observability.customThreshold.rule.sourceConfiguration.updateFailureTitle": "構成の更新が失敗しました",

diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
@@ -29739,7 +29739,6 @@
     "xpack.observability.customThreshold.rule.labelsActionVariableDescription": "与在其上触发此告警的实体关联的标签列表。",
     "xpack.observability.customThreshold.rule.orchestratorActionVariableDescription": "ECS 定义的 Orchestrator 对象（如果在源中可用）。",
     "xpack.observability.customThreshold.rule.reasonActionVariableDescription": "告警原因的简洁描述",
-    "xpack.observability.customThreshold.rule.schema.invalidFilterQuery": "filterQuery 必须是有效的 KQL 筛选",
     "xpack.observability.customThreshold.rule.sourceConfiguration.missingHttp": "无法加载源：无 HTTP 客户端可用。",
     "xpack.observability.customThreshold.rule.sourceConfiguration.updateFailureBody": "无法对指标配置应用更改。请稍后重试。",
     "xpack.observability.customThreshold.rule.sourceConfiguration.updateFailureTitle": "配置更新失败",