Skip to content

Make enrich project-aware #124099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 6, 2025
Merged

Make enrich project-aware #124099

merged 3 commits into from
Mar 6, 2025

Conversation

@nielsbauman
Copy link
Contributor

@nielsbauman nielsbauman commented Mar 5, 2025

Makes the execution and use of enrich policies project-aware.
Note: this does not make the enrich cache project-aware. That is to be handled in a follow-up PR.

@nielsbauman
Make enrich project-aware
07e6204 
Makes the execution and use of enrich policies project-aware.
Note: this does not make the enrich cache project-aware. That is to be
handled in a follow-up PR.
@nielsbauman nielsbauman added the :Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP label Mar 5, 2025
@nielsbauman nielsbauman requested a review from a team as a code owner March 5, 2025 13:18
@nielsbauman nielsbauman requested a review from a team March 5, 2025 13:18
@elasticsearchmachine elasticsearchmachine added Team:Data Management Meta label for data/management team v9.1.0 labels Mar 5, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Mar 5, 2025

Pinging @elastic/es-data-management (Team:Data Management)

ywangd
ywangd approved these changes Mar 6, 2025
View reviewed changes
Copy link
Member

@ywangd ywangd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I don't fully understand how ingest processor works. But the changes related to passing project-id makes sense to me. I think it might be worthwhile to create a placeholder ticket to remind relevant teams owning the processors to review whether the new project-id parameter should be leveraged. Probably also worth a separate ticket of the similar nature for logstash since it is a separate product.

x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/EnrichCache.java
* @param searchResponseFetcher The function used to compute the value to be put in the cache, if there is no value in the cache already
* @param listener A listener to be notified of the value in the cache
*/
@FixForMultiProject(description = "The enrich cache will currently leak data between projects. We need to either disable or fix it.")
Copy link
Member

@ywangd ywangd Mar 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems pretty serious if it happens, I suggest we create a JIRA issue to track it for better visibility.

Copy link
Contributor Author

@nielsbauman nielsbauman Mar 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I already created ES-10936 and put it on the agenda for today's weekly Data Management team meeting :)

@nielsbauman
Copy link
Contributor Author

nielsbauman commented Mar 6, 2025
edited
Loading

@ywangd, most processors work within the scope of a single document and thus won't need a project ID. There are some exceptions, like the enrich, pipeline, and more processors. I think that in any of those cases, they'll at some point call a method that uses Metadata#getProject(). While we're working through the list of Metadata#getProject(), we will eventually run into cases that are used by processors, causing us to update the processor to make use of the project ID.

However, some parts are perhaps more difficult to identify (e.g. the enrich cache I mentioned), so I'll add a ticket to do a final check on all the processors that they're not leaking information between projects. I opened ES-11061.

@elasticsearchmachine elasticsearchmachine added the serverless-linked Added by automation, don't add manually label Mar 6, 2025
@nielsbauman nielsbauman enabled auto-merge (squash) March 6, 2025 16:45
@nielsbauman nielsbauman disabled auto-merge March 6, 2025 16:45
@nielsbauman nielsbauman enabled auto-merge (squash) March 6, 2025 17:18
@nielsbauman nielsbauman merged commit 20e186a into elastic:main Mar 6, 2025
16 of 17 checks passed
@nielsbauman nielsbauman deleted the mp-enrich branch March 6, 2025 18:20
georgewallace pushed a commit to georgewallace/elasticsearch that referenced this pull request Mar 11, 2025
@nielsbauman @georgewallace
Make enrich project-aware (elastic#124099)
cb92185 
Makes the execution and use of enrich policies project-aware.
Note: this does not make the enrich cache project-aware. That is to be
handled in a follow-up PR.
@mashhurs mashhurs mentioned this pull request Mar 13, 2025
Merged
costin pushed a commit to costin/elasticsearch that referenced this pull request Mar 15, 2025
@nielsbauman @costin
Make enrich project-aware (elastic#124099)
ae70027 
Makes the execution and use of enrich policies project-aware.
Note: this does not make the enrich cache project-aware. That is to be
handled in a follow-up PR.
@mashhurs mashhurs mentioned this pull request Mar 19, 2025
Closed
@mashhurs mashhurs mentioned this pull request Jul 10, 2025
Closed
@joegallo joegallo mentioned this pull request Aug 28, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ywangd ywangd ywangd approved these changes

Assignees

No one assigned

Labels

:Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP >non-issue serverless-linked Added by automation, don't add manually Team:Data Management Meta label for data/management team v9.1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nielsbauman @elasticsearchmachine @ywangd