-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
saved object tagging phase 1 #16484
Comments
@elastic/kibana-operations @elastic/kibana-design @elastic/kibana-management Do you have any opinions about the questions above or the tentative plans for object tagging? |
Likely a mix. I'm planning to use the viz color blind palette (which is 10 colors) for the tags. We've got the color picker component as well though, so I'll make sure the badge component can how accept a hex color as a prop as well. |
Adding a few to @nreese list What are we trying to solve?
Tags dedicated page(pop-up) : this page will have all functions related to managing tags:
-Edit a tag name:
-List number of objects in the tag (#visualizations, #dashboards, etc..) - list of tags with a summary of the number of objects from each type Tag an object: When saving an object (for new and existing object) user can select to tag the object with one or multiple tags from a list of existing tags (tagging an object is optional). -Remove a tag from an object can also be done by clicking save (except for index pattern, TBD) Filtering by a tag:
|
@AlonaNadler, that document is not publicly available. Can it be? |
@nreese I added index pattern to your lists of objects that can tagged |
cc @elastic/kibana-platform |
The GUI should probably live in management in the same area that saved objects are managed. I'm not sure about the storage. I'm hoping we can just store them within each saved object itself instead of duplicating a list at some higher level. In the management UI, we can just search all saved objects (this shouldn't be too costly based on what I've heard about saved object counts, but someone feel free to contradict me here) and that will be the list we display. |
My immediate concern is the addition of a new type as an inter-object dependency. A seemingly large percentage of our users use the export/import as a backup/restore solution. How will we handle this? We will also rely on client-side joins for this data, increasing the complexity of creating a new object with a tag. I am wondering if we could denormalize this data on the objects themselves and completely eliminate the need of adding a new type. Example:
Getting a list of available tags should be easy. The only question I have is changing a tag name or color. I believe this should be possible with the update_by_query using a script, but we would need to verify. |
So it seems like we could just have tags as the strings themselves and then use ES foo to build cached list of available tags for UI purposes. If we are going to be querying the docs anyway for tags, I don't see why we need the tag objects. |
I'd recommend not overthinking the featureset of tags. Things like colors are cool, and I see the use case, but there's a lot of power in simply putting strings on a saved object that we can filter on, and we should explore all that has to offer before adopting a more complicated structure. Changing the name of an existing tag will happen, but it's not something a person is doing daily. A bulk update here isn't crazy. Also, we don't need to store metadata in json objects in Elasticsearch. ES is just a storage engine for us, so if we want to serialize metadata alongside the tag name, we can just do that in Kibana and store the result as a string. This falls down if we want to search against that data, but that's not what we're talking about here - "give me all the blue tags" is just... not very interesting. Example: This means we can go forward with tag names and build features around them such as security (grant access to all objects with tags matching |
What will happen here once we introduce object level security and the user won't potentially be able to update "all" saved objects that have this tag? Not having a dedicated saved object type for tags, and the relationship, will make a tag management screen increasingly complicated. Additionally, providing autocomplete functionality when a user goes to tag an existing object would require us retrieving all saved objects, and parsing their tags collection. |
Without an elevated set of privileges, a user shouldn't be able to globally rename a tag if they don't have access to the places where it is used. If we want users to modify tags without some elevated privilege, then one user renaming a tag for their own objects shouldn't impact the tags used by objects they don't have access to. It should effectively introduce a new tag and all the saved objects the user doesn't have access to would remain undisturbed. If we want administrative tag management that affect things globally regardless of OLS, then an elevated privilege is required. We could piggy back on the Having a global list of tags separate from the objects themselves means we have nested objects, which means we have the same sort of security challenges that we have with visualizations on dashboards today.
I agree. There are trade offs here either way.
We should be able to do this with term aggs rather than a search for raw documents. I'm pretty sure this is how we handle autocomplete elsewhere as well. |
Mocks from this morning's meeting. Note that all components in this mock should be available already in EUI. The filtering / search mechanics are in flight with elastic/eui#379 TodoMake a mock for adding a visualization to a dashboard by utilizing tags. |
@epixa, thinking through this some more - If we have the tags denormalized on the objects, it's entirely possible to have tags with differing meta-data. You could have a tag with a particular color then import a document containing the same tag with a different color. This is something we could handle in the object import as we could see what tags there are and ensure they are consistent. Just something we might need to handle if we go this route. |
@tylersmalley That's a good point, and it isn't limited to import. If a person only had access to 50% of the objects that has a tag and then they went and changed the color of that tag, it would only update the 50% of objects that they have access to, which leaves a person that sees 100% of the objects in an awkward state. |
@epixa @kobelb @tylersmalley Known problems
|
The corollary with Dashboard/Visualizations would stipulate that users can no longer edit Visualizations if they're added to a Dashboard that they don't have edit permissions, this doesn't seem like something that we'd want to do. I think we should allow Visualizations in this situation to be updated, and defer this decision to the Dashboard author to whether they want to add a Visualization that not only they have edit rights to. The same applies to tags, they could create a tag with the proper ACL to safe-guard this from occurring, but I think trying to automatically enforce this safe-guard is increasingly problematic. |
If we go with the denormalized, string on object approach, how does a tag first get created? I think the denormalized approach is going to create issues for us down the line. Remember how difficult it was to change dashboard ids from a user readable title string to a guid? I think it'd be easier to start with using a guid to attach and associate separate tag objects from the get go. Not only does this prevent the mismatched colors issue and the issue mentioned above, but I also have concerns about tags becoming associated by accident (there could be two different users/systems, e.g. beats, tagging objects with the same string but different meanings). |
I had three primary concerns around tags being separate objects, but this and related discussions have shown that they all have mitigations: Concern 1: While managing it becomes a bit more cumbersome, with the proper API/UI in Kibana, DLS is still a viable approach based on tag ids. Plus, if OLS is built directly in Kibana, then we can build a secure tag layer over that without issue. In the latter case, we wouldn't want DLS anyway. Concern 2: We must fix this problem in phase 1 of any authorization solution we build into Kibana, so nested objects are here to stay and will only have improved support going forward. Maybe we can even tag a swing at the initial groundwork for this change in the context of this tag work, but even if we don't, the tag implementation will benefit from whatever we come up with in the future. Concern 3: We can ignore missing ids in our searches and even build a mechanism to automatically patch objects with missing tag ids when they were discovered or as a background task if we wanted to. In practice, we probably don't need to since tags won't be changing constantly, so the built-up cruft won't be very significant. With those concerns addressed, I look to the concerns raised about the denormalized approach, and I can't come up with any reasonable mitigations. Concern 1: The only real mitigation I can think of here is maintaining a totally separate list of tags as the source for autocompletion and whatnot, but then we basically have all the same problems that we'd have with the separate object approach, only things would be even more complicated since the relationship between the objects would be implicit based on name rather than a concrete id. Concern 2: There isn't any mitigation here that I can think of. Concern 3: The only practical mitigation I can think of here is to not allow tags to have metadata. All around, it seems like the tags-as-separate-objects approach is more flexible and easier to reason about. If we go down the denormalized route, then we have at least a couple big challenges without obvious solutions. |
Summary from today's meeting:
|
To clarify, I think we are going to add the ability to export/import in the GUI, but we'll do so using the same mechanism used today which I think will be very easy. I say that without looking at the code, but I'm guessing all you have to do is add a new type string somewhere and the tab and functionality for importing/exporting "tags" automatically appears in the saved objects management page. Does that sound right @bmcconaghy? Is this in line with your thinking too @nreese? |
I created #16831 to track some of the research I had done for creating an export/import API |
Don't mind me, just subscribing |
This effort currently is stalled until Spaces are implemented. At this point the topic could be picked up again or discussed. Since the topic itself belongs more to Management and Platform team who own the Saved Objects (and the management aspect of that), I moved it to their label. Also once Spaces would be implemented and this topic should be picked up again, we anyway need to further discuss who can then work at this. |
When we get back to this work, we need to reconcile with Canvas static tags created in #28779 |
cc @elastic-jb @elastic/kibana-app-arch |
I've been working on a PoC during my Space Time to add tagging support to Kibana. Below I would like to present the findings and structure I ended up with, after considering all comments in this thread, all other Kibana GitHub issues about tagging and a number of other requirements that you can see below in the "Product Specification" section. Tags are Basic+ feature which means it has to be a plugin in X-Pack. In the PoC I implemented it as DemoEmpty management app Tags section: Tag creation form: Creation of key-value tag: Progression from empty Tags section in management app to populated one: Example plugin with examples for tag integration for developers: Integration of Dashboard listing view with attached tags: Filtering by Visualization listing view with attached tags: Tags app which displays all resources (any resource type) to which specific tags were attached: Product SpecificationBelow are product specifications which I received from @alexfrancoeur while working on this PoC as well as extra requirements from myself.
Key-value tagsKey-value tags are ones where user for a given key creates multiple tags with different value. This allows grouping tags by value. Attach tag to anythingNot everything in Kibana is a Saved Object. This PoC allows attaching tags to anything.
REST HTTP APIAll tag persistance logic is implemented in one place on the server-side and exposed through REST HTTP API to outside for consumption by Kibana app and other users.
GitHub “label” modelThe implementation follows GitHub's label model, where you first select one or more tags using full-text search. Once tags are selected the resources are filtered using exact match by tag ID. Default tagsThere could be a set of Default tags, which are not actually used for tagging but used for populating a new space with tags. Request for security team to implement listener for new space creation. We could listen for a new space creation and populate that space with tags. This is similar to GitHub's default tags for organization. Color-blind supportTags could have a pattern for color blind people to better discriminate between color shades. This was not implemented in this PoC, but @elastic/eui-design team could add support for that in EUI. Technical ArchitectureTagging is implemented in multiple layers, where each layer is completely isolated and consumes functionality only from the one layer below. Saved object client
Tags saved objects
Tags client
REST HTTP API
The HTTP endpoints
Browser tags client
Tags managerTags manager is implemented on top of the tags client, and has the following properties:
React componentsThe UIA collection of apps use the React components and Tags Manager provided by thet
IntegrationsOnce we have tags we now need to integrate them into various places in Kibana. It is relatively easy to integrate tags into other X-Pack plugins as those can simply depend on It gets harder when tags need to be integrated into an OSS plugin. For example, This quickly adds up as for every OSS tags integration we would need to follow a similar pattern. For example, for Another approach is to have an OSS |
@streamich Awesome!!! FWIW, your last option for integrating the |
This issue has been open for quite some time and as a result, a lot of the discussion is outdated. We've decided to close out this issue and #16495 in favor of a new meta issue focused on the initial implementation of saved object tagging. PS. Thank you so much for sharing the results of your space time @streamich! Please feel free to participate in the new issue as much as you'd like. |
Create a new saved object type for storing tags
New kibana
tag
APIWe will not be storing tag counts in the tag saved object. The tag counts will be generated on the fly by querying all saved objects, building a snapshot of counts, and adding the generated counts with the
tag
saved object results . This will avoid all the complexities of managing tag counts during saved object writes.get
delete
- delete tag saved object, remove tag from all other other saved objectsSaved object API updates
read
to translate tag ids to tag names?Manage tags on visualizations, saved-searches, and dashboards
Use tags to filter visualizations, saved-searches, and dashboards lists
Questions
The text was updated successfully, but these errors were encountered: