ssi_some: prevent updating fleet health status to degraded #15415
Conversation
navnit-elastic
added
enhancement
🚀 Benchmarks reportTo see the full report comment with |
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
| - set: | ||
| target: body.cursor | ||
| value: '[[if not (eq (len .cursor) 0)]][[.cursor.last_cursor]][[end]]' | ||
| value: >- |
There was a problem hiding this comment.
@efd6, If the terminate helper evaluates to an empty value, then we don't need to use terminate here, right? Also, I'm not sure about using "do_not_log_failure: true" without "fail_on_template_error: true". Does this scenario prevent changing health status to degraded?
There was a problem hiding this comment.
If the terminate helper evaluates to an empty value, then we don't need to use terminate here, right?
That's correct. Note that terminate is an error-free termination of the template expansion, not a termination of the surrounding environment. Using terminate to stop pagination is incorrect.
Also, I'm not sure about using "do_not_log_failure: true" without "fail_on_template_error: true". Does this scenario prevent changing health status to degraded?
It should.
andrewkroh
added
the
documentation
| [[if not (eq (len .cursor) 0)]] | ||
| [[.cursor.last_cursor]] | ||
| [[else]] | ||
| [[terminate "cursor is empty"]] | ||
| [[end]] |
There was a problem hiding this comment.
We don't need to do this, just fail_on_template_error: true with the do_not_log_failure: true.
(comment applies throughout)
There was a problem hiding this comment.
Updated in c9ccf9d. Not enabling fail_on_template_error because the error is expected here.
There was a problem hiding this comment.
@efd6 @navnit-elastic , just FYI we have an open SDH on this.
| value_type: int | ||
| value: '[[if eq (len .cursor) 0]]{{limit}}[[end]]' | ||
| value: >- | ||
| [[if eq (len .cursor) 0]]{{limit}}[[else]][[terminate "cursor is not empty"]][[end]] |
Conflicts: packages/google_scc/changelog.yml packages/m365_defender/changelog.yml packages/rapid7_insightvm/changelog.yml
There was a problem hiding this comment.
I've checked locally that this resolves the issue in 1password on 9.1.4 and that the current tip fails on that version of the stack.
I would like the change to be simplified though
diff --git a/packages/1password/data_stream/audit_events/agent/stream/httpjson.yml.hbs b/packages/1password/data_stream/audit_events/agent/stream/httpjson.yml.hbs
index 621af5d15d..1a6101567f 100644
--- a/packages/1password/data_stream/audit_events/agent/stream/httpjson.yml.hbs
+++ b/packages/1password/data_stream/audit_events/agent/stream/httpjson.yml.hbs
@@ -45,7 +45,7 @@ response.split:
response.pagination:
- set:
target: body.cursor
- value: '[[if eq .last_response.body.has_more true]][[.last_response.body.cursor]][[else]][[/*This is an empty value to stop pagination.*/]][[end]]'
+ value: '[[if eq .last_response.body.has_more true]][[.last_response.body.cursor]][[end]]'
fail_on_template_error: true
do_not_log_failure: true
- delete:
diff --git a/packages/1password/data_stream/item_usages/agent/stream/httpjson.yml.hbs b/packages/1password/data_stream/item_usages/agent/stream/httpjson.yml.hbs
index 36b285bf19..06cb4c0889 100644
--- a/packages/1password/data_stream/item_usages/agent/stream/httpjson.yml.hbs
+++ b/packages/1password/data_stream/item_usages/agent/stream/httpjson.yml.hbs
@@ -46,7 +46,7 @@ response.split:
response.pagination:
- set:
target: body.cursor
- value: '[[if eq .last_response.body.has_more true]][[.last_response.body.cursor]][[else]][[/*This is an empty value to stop pagination.*/]][[end]]'
+ value: '[[if eq .last_response.body.has_more true]][[.last_response.body.cursor]][[end]]'
fail_on_template_error: true
do_not_log_failure: true
- delete:
diff --git a/packages/1password/data_stream/signin_attempts/agent/stream/httpjson.yml.hbs b/packages/1password/data_stream/signin_attempts/agent/stream/httpjson.yml.hbs
index d12967a150..c5cd14d84d 100644
--- a/packages/1password/data_stream/signin_attempts/agent/stream/httpjson.yml.hbs
+++ b/packages/1password/data_stream/signin_attempts/agent/stream/httpjson.yml.hbs
@@ -46,7 +46,7 @@ response.split:
response.pagination:
- set:
target: body.cursor
- value: '[[if eq .last_response.body.has_more true]][[.last_response.body.cursor]][[else]][[/*This is an empty value to stop pagination.*/]][[end]]'
+ value: '[[if eq .last_response.body.has_more true]][[.last_response.body.cursor]][[end]]'
fail_on_template_error: true
do_not_log_failure: true
- delete:The else branch is not needed since in the absence of a true condition we already resolve to the empty string, and the use of the fail_on_template_error option indicates the rationale for the condition.
Similar changes should be applied to the other packages here.
💚 Build Succeeded
History
|
|
|
Package 1password - 1.34.0 containing this change is available at https://epr.elastic.co/package/1password/1.34.0/ |
|
Package google_scc - 2.2.0 containing this change is available at https://epr.elastic.co/package/google_scc/2.2.0/ |
|
Package m365_defender - 4.2.0 containing this change is available at https://epr.elastic.co/package/m365_defender/4.2.0/ |
|
Package rapid7_insightvm - 2.4.0 containing this change is available at https://epr.elastic.co/package/rapid7_insightvm/2.4.0/ |
…5415) Prevent updating fleet health status to degraded for following packages when HTTPJSON template value evaluation is empty: * 1password * google_scc * m365_defender * rapid7_insightvm This change bumps minimum Kibana version to 8.19.4 and 9.1.4 and adds do_not_log_filure: true in set processors to avoid updating fleet health status to degraded. This change also fixes the 1password package's system tests.
5 participants
Proposed commit message
Prevent updating fleet health status to degraded for following packages
when HTTPJSON template value evaluation is empty.
This change bumps minimum Kibana version to 8.19.4 and 9.1.4 and
adds do_not_log_filure: true in set processors to avoid updating
fleet health status to degraded.
This change also fixes the 1password package's system tests.
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots