-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solutions][Detection Engine] Fixes cypress errors by using latest signals mapping #84600
[Security Solutions][Detection Engine] Fixes cypress errors by using latest signals mapping #84600
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First: both the explanation and the steps are greatly appreciated.
I checked things out locally and verified both the "red" and "green" cases (🎄) as described in the summary 👍 .
I had one question/concern about all of the churn in these mappings files, but that's more of a noise-minimization problem on top of these already noisy files and not a blocker to merging this.
"properties": { | ||
"@timestamp": { | ||
"type": "date" | ||
}, | ||
"agent": { | ||
"properties": { | ||
"ephemeral_id": { | ||
"ignore_above": 1024, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know the cause behind all this churn? Our hope was that consistent use of es_archiver would minimize this sort of thing, but if its output is nondeterministic then that's worrisome.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I copied and pasted this directly from the output of the mapping by doing a query rather than using es_archiver for this part. I don't think es_archiver sorts keys which is part of the problem vs. using something like dev tools to do an update. But overall we should make a better way of doing things as discussed during team meetings rather than doing large es archiver dumps of saved objects and signals due to migration issues and unsupported hot re-loading issues we are seeing.
@elasticmachine merge upstream |
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Distributable file count
History
To update your PR or re-run it, just comment with: |
…latest signals mapping (elastic#84600) ## Summary Fixes issues within Cypress whenever developers would re-run tests they could become blocked as some of the tests cause a migration/roll over of the signals. To reproduce the error off of master: Start Cypress ```ts cd ./kibana/x-pack/plugins/security_solution yarn cypress:open-as-ci ``` Then run the export test twice. The first time it will run ok. The second time the test will refuse to run. <img width="585" alt="Screen Shot 2020-11-30 at 1 57 24 PM" src="https://user-images.githubusercontent.com/1151048/100683706-2233c200-3336-11eb-949f-48f86e884d8b.png"> The second time that you run the test you will get these errors from Cypress and will be blocked until you do workarounds such as logging into `https://localhost:5620` and manually changing the indexes manually or restarting Cypress altogether. <img width="1067" alt="Screen Shot 2020-11-30 at 6 05 07 PM" src="https://user-images.githubusercontent.com/1151048/100683945-9a9a8300-3336-11eb-9d49-187dee4fc1dc.png"> What is going on with the errors is that a migration is occurring since the existing signals mapping for the tests are not the newer migrated version and these are creating a new index named `.siem-signals-default-0000002` like so: <img width="1242" alt="Screen Shot 2020-11-30 at 1 57 12 PM" src="https://user-images.githubusercontent.com/1151048/100684145-fcf38380-3336-11eb-8fe1-b29d3462a1ae.png"> This index is not being cleaned up and when the next time we do an es_archive load we are marking two indexes as being writable file: x-pack/test/security_solution_cypress/es_archives/alerts/mappings.json ```ts ".siem-signals-default": { "is_write_index": true } }, "index": ".siem-signals-default-000001", ``` which leads to the stack trace and the Cypress errors on the front end: ```ts MacBook-Pro.local] path: /.siem-signals-default-000001, params: {index=.siem-signals-default-000001} │ java.lang.IllegalStateException: alias [.siem-signals-default] has more than one write index [.siem-signals-default-000002,.siem-signals-default-000001] │ at org.elasticsearch.cluster.metadata.IndexAbstraction$Alias.computeAndValidateAliasProperties(IndexAbstraction.java:276) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT] ``` This fixes that by updating the mapping and migration number. Each time we migrate/change the signals mapping we will have to perform a PR like this to update each location. At the moment this is 5 different locations we have to update with the latest mappings. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…latest signals mapping (#84600) (#85209) ## Summary Fixes issues within Cypress whenever developers would re-run tests they could become blocked as some of the tests cause a migration/roll over of the signals. To reproduce the error off of master: Start Cypress ```ts cd ./kibana/x-pack/plugins/security_solution yarn cypress:open-as-ci ``` Then run the export test twice. The first time it will run ok. The second time the test will refuse to run. <img width="585" alt="Screen Shot 2020-11-30 at 1 57 24 PM" src="https://user-images.githubusercontent.com/1151048/100683706-2233c200-3336-11eb-949f-48f86e884d8b.png"> The second time that you run the test you will get these errors from Cypress and will be blocked until you do workarounds such as logging into `https://localhost:5620` and manually changing the indexes manually or restarting Cypress altogether. <img width="1067" alt="Screen Shot 2020-11-30 at 6 05 07 PM" src="https://user-images.githubusercontent.com/1151048/100683945-9a9a8300-3336-11eb-9d49-187dee4fc1dc.png"> What is going on with the errors is that a migration is occurring since the existing signals mapping for the tests are not the newer migrated version and these are creating a new index named `.siem-signals-default-0000002` like so: <img width="1242" alt="Screen Shot 2020-11-30 at 1 57 12 PM" src="https://user-images.githubusercontent.com/1151048/100684145-fcf38380-3336-11eb-8fe1-b29d3462a1ae.png"> This index is not being cleaned up and when the next time we do an es_archive load we are marking two indexes as being writable file: x-pack/test/security_solution_cypress/es_archives/alerts/mappings.json ```ts ".siem-signals-default": { "is_write_index": true } }, "index": ".siem-signals-default-000001", ``` which leads to the stack trace and the Cypress errors on the front end: ```ts MacBook-Pro.local] path: /.siem-signals-default-000001, params: {index=.siem-signals-default-000001} │ java.lang.IllegalStateException: alias [.siem-signals-default] has more than one write index [.siem-signals-default-000002,.siem-signals-default-000001] │ at org.elasticsearch.cluster.metadata.IndexAbstraction$Alias.computeAndValidateAliasProperties(IndexAbstraction.java:276) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT] ``` This fixes that by updating the mapping and migration number. Each time we migrate/change the signals mapping we will have to perform a PR like this to update each location. At the moment this is 5 different locations we have to update with the latest mappings. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
…or-disable-searchable-snapshot-fields * 'master' of github.com:elastic/kibana: (29 commits) HTTP CRUD+ API for Index Patterns (elastic#83576) Don't list packages in devDependencies already listed in dependencies (elastic#85120) Remove unused devDependencies (elastic#85121) [ILM] Reposition form toggles (elastic#85143) [APM] Make sure jest script can be run from anywhere (elastic#85111) Add EuiButtonEmptyTo components (elastic#85213) skip flaky suite (elastic#85216) skip flaky suite (elastic#83775) skip flaky suite (elastic#83774) skip flaky suite (elastic#83773) skip flaky suite (elastic#83793) skip flaky suite (elastic#85215) skip flaky suite (elastic#85217) [Usage Collection] Kibana Overview Page UI Metrics (elastic#81937) [Alerting UI] Replaced AlertsContextProvider with KibanaContextProvider and exposed components in API (elastic#84604) skip flaky suite (elastic#85208) [Security Solutions][Detection Engine] Fixes cypress errors by using latest signals mapping (elastic#84600) Small fixes to Kibana search bar (elastic#85079) Change link text to say Fleet (elastic#85083) [Metrics UI] Refactor Process List API to fetch only top processes (elastic#84716) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/hot_phase/hot_phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/shared_fields/searchable_snapshot_field/searchable_snapshot_field.tsx
Summary
Fixes issues within Cypress whenever developers would re-run tests they could become blocked as some of the tests cause a migration/roll over of the signals.
To reproduce the error off of master:
Start Cypress
Then run the export test twice. The first time it will run ok. The second time the test will refuse to run.
The second time that you run the test you will get these errors from Cypress and will be blocked until you do workarounds such as logging into
https://localhost:5620
and manually changing the indexes manually or restarting Cypress altogether.What is going on with the errors is that a migration is occurring since the existing signals mapping for the tests are not the newer migrated version and these are creating a new index named
.siem-signals-default-0000002
like so:This index is not being cleaned up and when the next time we do an es_archive load we are marking two indexes as being writable
file: x-pack/test/security_solution_cypress/es_archives/alerts/mappings.json
which leads to the stack trace and the Cypress errors on the front end:
This fixes that by updating the mapping and migration number. Each time we migrate/change the signals mapping we will have to perform a PR like this to update each location.
At the moment this is 5 different locations we have to update with the latest mappings.
Checklist