EQL: Expand verification tests (#52664)

aleksmaus · web-flow · commit 8e02bc3b324e · 2020-02-24T12:48:20.000-05:00
Expand verification tests Fix some error messaging consistency in EqlParser Related to #51873
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlParser.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlParser.java
@@ -164,14 +164,14 @@ public void exitFunctionExpression(EqlBaseParser.FunctionExpressionContext conte
                 case "arrayCount":
                 case "arraySearch":
                     throw new ParsingException(
-                        "unsupported function " + functionName,
+                        "Unsupported function [" + functionName + "]",
                         null,
                         token.getLine(),
                         token.getCharPositionInLine());
 
                 default:
                     throw new ParsingException(
-                        "unknown function " + functionName,
+                        "Unknown function [" + functionName + "]",
                         null,
                         token.getLine(),
                         token.getCharPositionInLine());
@@ -182,7 +182,7 @@ public void exitFunctionExpression(EqlBaseParser.FunctionExpressionContext conte
         public void exitJoin(EqlBaseParser.JoinContext context) {
             Token token = context.JOIN().getSymbol();
             throw new ParsingException(
-                "join is not supported",
+                "Join is not supported",
                 null,
                 token.getLine(),
                 token.getCharPositionInLine());
@@ -192,7 +192,7 @@ public void exitJoin(EqlBaseParser.JoinContext context) {
         public void exitPipe(EqlBaseParser.PipeContext context) {
             Token token = context.PIPE().getSymbol();
             throw new ParsingException(
-                "pipes are not supported",
+                "Pipes are not supported",
                 null,
                 token.getLine(),
                 token.getCharPositionInLine());
@@ -202,7 +202,7 @@ public void exitPipe(EqlBaseParser.PipeContext context) {
         public void exitProcessCheck(EqlBaseParser.ProcessCheckContext context) {
             Token token = context.relationship;
             throw new ParsingException(
-                "process relationships are not supported",
+                "Process relationships are not supported",
                 null,
                 token.getLine(),
                 token.getCharPositionInLine());
@@ -212,7 +212,7 @@ public void exitProcessCheck(EqlBaseParser.ProcessCheckContext context) {
         public void exitSequence(EqlBaseParser.SequenceContext context) {
             Token token = context.SEQUENCE().getSymbol();
             throw new ParsingException(
-                "sequence is not supported",
+                "Sequence is not supported",
                 null,
                 token.getLine(),
                 token.getCharPositionInLine());
@@ -223,7 +223,7 @@ public void exitQualifiedName(EqlBaseParser.QualifiedNameContext context) {
             if (context.INTEGER_VALUE().size() > 0) {
                 Token firstIndex = context.INTEGER_VALUE(0).getSymbol();
                 throw new ParsingException(
-                    "array indexes are not supported",
+                    "Array indexes are not supported",
                     null,
                     firstIndex.getLine(),
                     firstIndex.getCharPositionInLine());
diff --git a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/analysis/VerifierTests.java b/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/analysis/VerifierTests.java
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-alias.json b/x-pack/plugin/eql/src/test/resources/mapping-alias.json
@@ -0,0 +1,17 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "user_name" : {
+            "type" : "keyword"
+        },
+        "user_domain" : {
+            "type" : "keyword"
+        },
+        "user_name_alias": {
+            "type": "alias",
+            "path": "user_name"
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-binary.json b/x-pack/plugin/eql/src/test/resources/mapping-binary.json
@@ -0,0 +1,10 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "blob" : {
+            "type" : "binary"
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-boolean.json b/x-pack/plugin/eql/src/test/resources/mapping-boolean.json
@@ -0,0 +1,10 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "boolean_field" : {
+            "type" : "boolean"
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-date.json b/x-pack/plugin/eql/src/test/resources/mapping-date.json
@@ -0,0 +1,21 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "date" : {
+            "type" : "date"
+        },
+        "date_with_format" : {
+            "type" : "date",
+            "format" : "yyyy-MM-dd"
+        },
+        "date_with_multi_format" : {
+            "type" : "date",
+            "format" : "yyyy-MM-dd || basic_time || year"
+        },
+        "date_nanos_field" : {
+            "type" : "date_nanos"
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-default.json b/x-pack/plugin/eql/src/test/resources/mapping-default.json
@@ -50,6 +50,27 @@
                     "ignore_above" : 256
                 }
             }
+        },
+        "opcode" : {
+            "type" : "long"
+        },
+        "file_name" : {
+            "type" : "text",
+            "fields" : {
+                "keyword" : {
+                    "type" : "keyword",
+                    "ignore_above" : 256
+                }
+            }
+        },
+        "serial_event_id" : {
+            "type" : "long"
+        },
+        "source_address" : {
+            "type" : "ip"
+        },
+        "exit_code" : {
+            "type" : "long"
         }
     }
 }
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-geo.json b/x-pack/plugin/eql/src/test/resources/mapping-geo.json
@@ -0,0 +1,13 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "location" : {
+            "type" : "geo_point"
+        },
+        "site": {
+            "type" : "geo_shape"
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-ip.json b/x-pack/plugin/eql/src/test/resources/mapping-ip.json
@@ -0,0 +1,10 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "ip_addr" : {
+            "type" : "ip"
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-join.json b/x-pack/plugin/eql/src/test/resources/mapping-join.json
@@ -0,0 +1,16 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "serial_event_id" : {
+            "type" : "long"
+        },
+        "parent_child" : {
+            "type" : "join",
+            "relations" : {
+                "question" : "answer"
+            }
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-missing-event-type.json b/x-pack/plugin/eql/src/test/resources/mapping-missing-event-type.json
@@ -0,0 +1,7 @@
+{
+    "properties" : {
+        "long_field" : {
+            "type" : "long"
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-multi-field.json b/x-pack/plugin/eql/src/test/resources/mapping-multi-field.json
@@ -0,0 +1,68 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "multi_field" : {
+            "type" : "text",
+            "fields" : {
+                "raw" : {
+                    "type" : "keyword"
+                },
+                "english" : {
+                    "type" : "text",
+                    "analyzer" : "english"
+                }
+            }
+        },
+        "multi_field_options" : {
+            "type" : "text",
+            "fields" : {
+                "raw" : {
+                    "type" : "keyword"
+                },
+                "key" : {
+                    "type" : "keyword"
+                }
+            }
+        },
+        "multi_field_ambiguous" : {
+            "type" : "text",
+            "fields" : {
+                "one" : {
+                    "type" : "keyword"
+                },
+                "two" : {
+                    "type" : "keyword"
+                },
+                "normalized" : {
+                    "type" : "keyword",
+                    "normalizer" : "some_normalizer"
+                }
+            }
+        },
+        "multi_field_nested" : {
+            "type" : "nested",
+            "properties" : {
+                "dep_name" : {
+                    "type" : "text"
+                },
+                "dep_id" : {
+                    "type" : "text",
+                    "fields" : {
+                        "keyword" : {
+                            "type" : "keyword",
+                            "ignore_above" : 256
+                        }
+                    }
+                },
+                "end_date" : {
+                    "type" : "date"
+                },
+                "start_date" : {
+                    "type" : "date"
+                }
+            }
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-nested.json b/x-pack/plugin/eql/src/test/resources/mapping-nested.json
@@ -0,0 +1,23 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "processes" : {
+            "type" : "nested",
+            "properties" : {
+                "pid" : {
+                    "type" : "long"
+                },
+                "path" : {
+                    "type" : "text",
+                    "fields" : {
+                        "keyword" : {
+                            "type" : "keyword"
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-nodoc.json b/x-pack/plugin/eql/src/test/resources/mapping-nodoc.json
@@ -0,0 +1,11 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "description_nodoc" : {
+            "type" : "integer",
+            "doc_values" : false
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-numeric.json b/x-pack/plugin/eql/src/test/resources/mapping-numeric.json
@@ -0,0 +1,34 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "long_field" : {
+            "type" : "long"
+        },
+        "integer_field" : {
+            "type" : "integer"
+        },
+        "short_field" : {
+            "type" : "short"
+        },
+        "byte_field": {
+            "type" : "byte"
+        },
+        "double_field": {
+            "type" : "double"
+        },
+        "float_field" : {
+            "type" : "float"
+        },
+        "half_float_field" : {
+            "type" : "half_float"
+        },
+        "scaled_float_field": {
+            "type" : "scaled_float"
+        },
+        "wrong_int_type_field": {
+            "type" : "int"
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-object.json b/x-pack/plugin/eql/src/test/resources/mapping-object.json
@@ -0,0 +1,17 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "endgame" : {
+            "properties" : {
+                "pid" : {
+                    "type" : "long"
+                },
+                "user_name" : {
+                    "type" : "keyword"
+                }
+            }
+        }
+    }
+}
diff --git a/x-pack/plugin/eql/src/test/resources/mapping-range.json b/x-pack/plugin/eql/src/test/resources/mapping-range.json
@@ -0,0 +1,25 @@
+{
+    "properties" : {
+        "event_type" : {
+            "type" : "keyword"
+        },
+        "integer_range_field" : {
+            "type" : "integer_range"
+        },
+        "float_range_field" : {
+            "type" : "float_range"
+        },
+        "long_range_field" : {
+            "type" : "long_range"
+        },
+        "double_range_field" : {
+            "type" : "double_range"
+        },
+        "date_range_field" : {
+            "type" : "date_range"
+        },
+        "ip_range_field" : {
+            "type" : "ip_range"
+        }
+    }
+}
diff --git a/x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/index/IndexResolution.java b/x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/index/IndexResolution.java

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,27 @@`
`50`	`50`	`"ignore_above" : 256`
`51`	`51`	`}`
`52`	`52`	`}`
	`53`	`+ },`
	`54`	`+ "opcode" : {`
	`55`	`+ "type" : "long"`
	`56`	`+ },`
	`57`	`+ "file_name" : {`
	`58`	`+ "type" : "text",`
	`59`	`+ "fields" : {`
	`60`	`+ "keyword" : {`
	`61`	`+ "type" : "keyword",`
	`62`	`+ "ignore_above" : 256`
	`63`	`+ }`
	`64`	`+ }`
	`65`	`+ },`
	`66`	`+ "serial_event_id" : {`
	`67`	`+ "type" : "long"`
	`68`	`+ },`
	`69`	`+ "source_address" : {`
	`70`	`+ "type" : "ip"`
	`71`	`+ },`
	`72`	`+ "exit_code" : {`
	`73`	`+ "type" : "long"`
`53`	`74`	`}`
`54`	`75`	`}`
`55`	`76`	`}`