[ML] add auditor to data frame plugin #40012
Conversation
|
Pinging @elastic/ml-core |
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/common/notifications/Level.java
Outdated
Show resolved
Hide resolved
...re/src/main/java/org/elasticsearch/xpack/core/common/notifications/AbstractAuditMessage.java
Outdated
Show resolved
Hide resolved
| @@ -27,11 +30,16 @@ | |||
| public static final String INDEX_TEMPLATE_PATTERN = ".data-frame-internal-"; | |||
| public static final String INDEX_TEMPLATE_NAME = INDEX_TEMPLATE_PATTERN + INDEX_TEMPLATE_VERSION; | |||
| public static final String INDEX_NAME = INDEX_TEMPLATE_NAME; | |||
| public static final String AUDIT_INDEX = ".data-frame-notifications"; | |||
There was a problem hiding this comment.
although the chance is low, I would version it
...rame/src/main/java/org/elasticsearch/xpack/dataframe/persistence/DataFrameInternalIndex.java
Show resolved
Hide resolved
| import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; | ||
| import static org.elasticsearch.xpack.core.ClientHelper.executeAsyncWithOrigin; | ||
|
|
||
| public abstract class AbstractAuditor<T extends AbstractAuditMessage> { |
There was a problem hiding this comment.
I wonder if this needs to be abstact. We could pass executionOrigin and auditIndex in the constructor. And we could simply assume all implementation would simply log-trace success/failure, or at least those 2 could have a default implementation which most implementors would not need override.
There was a problem hiding this comment.
@dimitris-athanasiou I waffled back and forth while writing this on it being abstract or not. Comes down to inheritance vs injection. I am fine with simply passing the appropriate strings if that is preferred. Especially since nothing really interacts with the AbstractAuditor type by-itself.
|
|
||
| protected abstract String getResourceField(); | ||
|
|
||
| public static final class AuditMessageBuilder<T extends AbstractAuditMessage> { |
There was a problem hiding this comment.
Rename to Builder?
There was a problem hiding this comment.
For sure, since it is already nested in that class.
| import java.util.Locale; | ||
|
|
||
| public enum Level implements Writeable { | ||
| INFO, ACTIVITY, WARNING, ERROR; |
There was a problem hiding this comment.
Where would we use activity instead of info?
There was a problem hiding this comment.
It's true that we don't use this at all in the current product. In the old product where we did use it it is interesting to see who added it:
f52b8ead288 (Dimitrios Athanasiou 2016-05-05 13:36:31 +0100 101) auditor.activity(buildUsageMessage(activeJobs));
In other words, the usage information similar to what the X-Pack usage endpoint returns and is now stored by monitoring used to be stored in the notifications index with type activity.
But assuming I'm correct that we don't use it any more (please double check @benwtrent) now would be a good time to remove it.
There was a problem hiding this comment.
One more thing about removing activity - usually this would be a BWC breaking change. But in this case I don't think we ever serialise Level or AuditMessage on the wire, so we can do it. This leads to the question, should we even support serialising Level or AuditMessage on the wire? If you remove wire serialisation from Level and AuditMessage and their tests does the code still compile?
There was a problem hiding this comment.
@droberts195 @dimitris-athanasiou I tested on ML by removing serialization and ACTIVITY and there are no calls to serialization for AuditMessage and therefore no calls to Level serialization.
| } | ||
|
|
||
| AbstractAuditMessage(String resourceId, String message, Level level, String nodeName) { | ||
| this.resourceId = resourceId; |
There was a problem hiding this comment.
Add Objects.requireNotNull to those that need it. Probably all?
...rame/src/main/java/org/elasticsearch/xpack/dataframe/persistence/DataFrameInternalIndex.java
Outdated
Show resolved
Hide resolved
| import java.util.Locale; | ||
|
|
||
| public enum Level implements Writeable { | ||
| INFO, ACTIVITY, WARNING, ERROR; |
There was a problem hiding this comment.
One more thing about removing activity - usually this would be a BWC breaking change. But in this case I don't think we ever serialise Level or AuditMessage on the wire, so we can do it. This leads to the question, should we even support serialising Level or AuditMessage on the wire? If you remove wire serialisation from Level and AuditMessage and their tests does the code still compile?
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/common/notifications/Level.java
Outdated
Show resolved
Hide resolved
|
@droberts195 I think we do need to serialize it. If say, a master node action issues the request to index a notification, it will have to travel to a data node to be written in the index. |
Yes, but in that scenario it's the source of the index request created here that gets serialised. And that just contains the JSON doc to be indexed. Is there a place (apart from unit tests) where we serialise the higher level |
benwtrent
changed the title
|
@jasontedor ping This PR adds some commonly useful code to |
|
run elasticsearch-ci/bwc |
| new RoleDescriptor.IndicesPrivileges[]{ | ||
| RoleDescriptor.IndicesPrivileges.builder() | ||
| .indices(".data-frame-notifications*") | ||
| .privileges("view_index_metadata", "read").build() |
There was a problem hiding this comment.
Please open a separate PR on the stack docs similar to elastic/stack-docs#246 that updates the docs for the definition of these two roles. It causes problems for people who create their own custom roles if we don't accurately state which privileges our built in roles provide.
There was a problem hiding this comment.
@droberts195, I definitely will if this PR gets approved and we are going to use the Auditor.
|
run elasticsearch-ci/2 |
benwtrent
requested review from
droberts195,
dimitris-athanasiou and
hendrikmuhs
|
run elasticsearch-ci/2 |
|
run elasticsearch-ci/2 |
* [Data Frame] add auditor * Adjusting Level, Auditor, and message to address pr comments * Addressing PR comments
This adds a
DataFrameAuditor, a index for audit messages, and an audit messages class.I took the basic functionality found in the ML Auditor, and created two new abstract classes in
org.elasticsearch.xpack.core.common.notificationsfor consolidating what would be commonalities between any plugin using an Auditor-like system.I opted to simply copy the
Levelclass found in the ml notifications package. I thought it best do any refactoring for ML in a different PR.As for what to audit and when, that question is still up in the air, but at least after this PR that functionality will be available.