Skip to content

Commit

Permalink
fix doc level query constructor (#651)
Browse files Browse the repository at this point in the history
Signed-off-by: Surya Sashank Nistala <[email protected]>
  • Loading branch information
eirsep authored Oct 9, 2023
1 parent 115ae95 commit 58a3a83
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ public FindingDto mapFindingWithDocsToFindingDto(FindingWithDocs findingWithDocs
if (docLevelQueries.isEmpty()) { // this is finding generated by a bucket level monitor
for (Map.Entry<String, String> entry : detector.getRuleIdMonitorIdMap().entrySet()) {
if(entry.getValue().equals(findingWithDocs.getFinding().getMonitorId())) {
docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"","",Collections.emptyList()));
docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"", Collections.emptyList(),"",Collections.emptyList()));
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,10 @@ private void createMonitorFromQueries(List<Pair<String, Rule>> rulesById, Detect
);
}
},
listener::onFailure
e1 -> {
log.error("Failed to index doc level monitor in detector creation", e1);
listener.onFailure(e1);
}
);
}, listener::onFailure);
} else {
Expand Down Expand Up @@ -642,7 +645,7 @@ private IndexMonitorRequest createDocLevelMonitorRequest(List<Pair<String, Rule>
tags.add(rule.getCategory());
tags.addAll(rule.getTags().stream().map(Value::getValue).collect(Collectors.toList()));

DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, actualQuery, tags);
DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, Collections.emptyList(), actualQuery, tags);
docLevelQueries.add(docLevelQuery);
}
DocLevelMonitorInput docLevelMonitorInput = new DocLevelMonitorInput(detector.getName(), detector.getInputs().get(0).getIndices(), docLevelQueries);
Expand Down Expand Up @@ -692,6 +695,7 @@ private IndexMonitorRequest createDocLevelMonitorMatchAllRequest(
DocLevelQuery docLevelQuery = new DocLevelQuery(
monitorName,
monitorName + "doc",
Collections.emptyList(),
actualQuery,
Collections.emptyList()
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
package org.opensearch.securityanalytics.findings;

import java.time.Instant;
import java.util.Collections;
import java.util.List;
import org.opensearch.commons.alerting.model.DocLevelQuery;
import org.opensearch.commons.alerting.model.FindingDocument;
Expand All @@ -27,7 +28,7 @@ public void testFindingDTO_creation() {
"findingId",
List.of("doc1", "doc2", "doc3"),
"my_index",
List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())),
List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())),
now,
List.of(findingDocument1, findingDocument2, findingDocument3)
);
Expand All @@ -36,7 +37,7 @@ public void testFindingDTO_creation() {
assertEquals("findingId", findingDto.getId());
assertEquals(List.of("doc1", "doc2", "doc3"), findingDto.getRelatedDocIds());
assertEquals("my_index", findingDto.getIndex());
assertEquals(List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), findingDto.getDocLevelQueries());
assertEquals(List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), findingDto.getDocLevelQueries());
assertEquals(now, findingDto.getTimestamp());
assertEquals(List.of(findingDocument1, findingDocument2, findingDocument3), findingDto.getDocuments());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ public void testGetFindings_success() {
"monitor_id1",
"monitor_name1",
"test_index1",
List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())),
List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())),
Instant.now(),
"1234"
);
Expand All @@ -100,7 +100,7 @@ public void testGetFindings_success() {
"monitor_id2",
"monitor_name2",
"test_index2",
List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())),
List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())),
Instant.now(),
"1234"
);
Expand Down

0 comments on commit 58a3a83

Please sign in to comment.