-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix get alerts api to also return chained alerts with default params. and skip audit state alerts #1020
Fix get alerts api to also return chained alerts with default params. and skip audit state alerts #1020
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -58,7 +58,7 @@ class TransportGetAlertsAction @Inject constructor( | |
clusterService: ClusterService, | ||
actionFilters: ActionFilters, | ||
val settings: Settings, | ||
val xContentRegistry: NamedXContentRegistry | ||
val xContentRegistry: NamedXContentRegistry, | ||
) : HandledTransportAction<ActionRequest, GetAlertsResponse>( | ||
AlertingActions.GET_ALERTS_ACTION_NAME, | ||
transportService, | ||
|
@@ -77,7 +77,7 @@ class TransportGetAlertsAction @Inject constructor( | |
override fun doExecute( | ||
task: Task, | ||
request: ActionRequest, | ||
actionListener: ActionListener<GetAlertsResponse> | ||
actionListener: ActionListener<GetAlertsResponse>, | ||
) { | ||
val getAlertsRequest = request as? GetAlertsRequest | ||
?: recreateObject(request) { GetAlertsRequest(it) } | ||
|
@@ -97,7 +97,15 @@ class TransportGetAlertsAction @Inject constructor( | |
queryBuilder.filter(QueryBuilders.termQuery("severity", getAlertsRequest.severityLevel)) | ||
} | ||
|
||
if (getAlertsRequest.alertState != "ALL") { | ||
if (getAlertsRequest.alertState == "ALL") { | ||
// alerting dashboards expects chained alerts and individually executed monitors' alerts to be returned from this api | ||
// when invoked with state=ALL. They require that audit alerts are NOT returned in this page | ||
// and only be shown in "associated alerts" field under get workflow_alerts API. | ||
// But if the API is called with query_params: state=AUDIT,monitor_id=<123>,workflow_id=<abc>, this api | ||
// will return audit alerts generated by delegate monitor <123> in workflow <abc> | ||
QueryBuilders.boolQuery() | ||
.filter(QueryBuilders.boolQuery().mustNot(QueryBuilders.termsQuery(Alert.STATE_FIELD, Alert.State.AUDIT.name))) | ||
} else { | ||
queryBuilder.filter(QueryBuilders.termQuery("state", getAlertsRequest.alertState)) | ||
} | ||
|
||
|
@@ -107,16 +115,23 @@ class TransportGetAlertsAction @Inject constructor( | |
|
||
if (getAlertsRequest.monitorId != null) { | ||
queryBuilder.filter(QueryBuilders.termQuery("monitor_id", getAlertsRequest.monitorId)) | ||
if (getAlertsRequest.workflowIds.isNullOrEmpty()) { | ||
val noWorklfowIdQuery = QueryBuilders.boolQuery() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. corrected |
||
.should(QueryBuilders.boolQuery().mustNot(QueryBuilders.existsQuery(Alert.WORKFLOW_ID_FIELD))) | ||
.should(QueryBuilders.termsQuery(Alert.WORKFLOW_ID_FIELD, "")) | ||
queryBuilder.must(noWorklfowIdQuery) | ||
} | ||
} else if (getAlertsRequest.monitorIds.isNullOrEmpty() == false) { | ||
queryBuilder.filter(QueryBuilders.termsQuery("monitor_id", getAlertsRequest.monitorIds)) | ||
if (getAlertsRequest.workflowIds.isNullOrEmpty()) { | ||
val noWorklfowIdQuery = QueryBuilders.boolQuery() | ||
.should(QueryBuilders.boolQuery().mustNot(QueryBuilders.existsQuery(Alert.WORKFLOW_ID_FIELD))) | ||
.should(QueryBuilders.termsQuery(Alert.WORKFLOW_ID_FIELD, "")) | ||
queryBuilder.must(noWorklfowIdQuery) | ||
} | ||
} | ||
if (getAlertsRequest.workflowIds.isNullOrEmpty() == false) { | ||
queryBuilder.must(QueryBuilders.termsQuery("workflow_id", getAlertsRequest.workflowIds)) | ||
} else { | ||
val noWorklfowIdQuery = QueryBuilders.boolQuery() | ||
.should(QueryBuilders.boolQuery().mustNot(QueryBuilders.existsQuery(Alert.WORKFLOW_ID_FIELD))) | ||
.should(QueryBuilders.termsQuery(Alert.WORKFLOW_ID_FIELD, "")) | ||
queryBuilder.must(noWorklfowIdQuery) | ||
} | ||
if (!tableProp.searchString.isNullOrBlank()) { | ||
queryBuilder | ||
|
@@ -196,7 +211,7 @@ class TransportGetAlertsAction @Inject constructor( | |
alertIndex: String, | ||
searchSourceBuilder: SearchSourceBuilder, | ||
actionListener: ActionListener<GetAlertsResponse>, | ||
user: User? | ||
user: User?, | ||
) { | ||
// user is null when: 1/ security is disabled. 2/when user is super-admin. | ||
if (user == null) { | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -310,7 +310,7 @@ object CompositeWorkflowRunner : WorkflowRunner() { | |
.should(boolQuery().mustNot(existsQuery(Alert.ERROR_MESSAGE_FIELD))) | ||
.should(termsQuery(Alert.ERROR_MESSAGE_FIELD, "")) | ||
queryBuilder.must(noErrorQuery) | ||
searchRequest.source().query(queryBuilder) | ||
searchRequest.source().query(queryBuilder).size(9999) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. to make sure we fetch as many alerts as we can There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We should be paginating through them then. Also isnt there a max of 25 delegate monitors to a workflow? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. let's revisit this soon |
||
val searchResponse: SearchResponse = monitorCtx.client!!.suspendUntil { monitorCtx.client!!.search(searchRequest, it) } | ||
val alerts = searchResponse.hits.map { hit -> | ||
val xcp = XContentHelper.createParser( | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we are still letting this API call get audit alerts, it should be included in ALL. It should not be just for the dashboard use case.
Otherwise, we should not let users see audit alerts through this API and only from the workflow alerts API
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If not supporting it in
ALL
is temporary until the front end can fix it, then I am fine with going with this logic as long as we have an open github issue about itThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AUDIT alerts is a state designed to ållow us to create events which we don't want to get users notified about. That's why they rely on chained alerts to be actionable(notifications/acknowledgement etc)
When we return alerts in the api it would clutter the response.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Created issue to discuss further and reconcile with front end #1021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should make a call on if we want audit alerts here or not now.