fix doc level query constructor (opensearch-project#651) (opensearch-project#682)

opensearch-trigger-bot[bot] · eirsep · web-flow · commit 282046d7c760 · 2023-10-24T15:45:07.000-07:00
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> (cherry picked from commit 58a3a83) Co-authored-by: Surya Sashank Nistala <snistala@amazon.com>
diff --git a/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java b/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java
@@ -216,7 +216,7 @@ public FindingDto mapFindingWithDocsToFindingDto(FindingWithDocs findingWithDocs
         if (docLevelQueries.isEmpty()) { // this is finding generated by a bucket level monitor
             for (Map.Entry<String, String> entry : detector.getRuleIdMonitorIdMap().entrySet()) {
                 if(entry.getValue().equals(findingWithDocs.getFinding().getMonitorId())) {
-                    docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"","",Collections.emptyList()));
+                    docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"", Collections.emptyList(),"",Collections.emptyList()));
                 }
             }
         }
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
@@ -295,7 +295,10 @@ private void createMonitorFromQueries(List<Pair<String, Rule>> rulesById, Detect
                                 );
                             }
                         },
-                        listener::onFailure
+                        e1 -> {
+                            log.error("Failed to index doc level monitor in detector creation", e1);
+                            listener.onFailure(e1);
+                        }
                 );
             }, listener::onFailure);
         } else {
@@ -642,7 +645,7 @@ private IndexMonitorRequest createDocLevelMonitorRequest(List<Pair<String, Rule>
             tags.add(rule.getCategory());
             tags.addAll(rule.getTags().stream().map(Value::getValue).collect(Collectors.toList()));
 
-            DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, actualQuery, tags);
+            DocLevelQuery docLevelQuery = new DocLevelQuery(id, name, Collections.emptyList(), actualQuery, tags);
             docLevelQueries.add(docLevelQuery);
         }
         DocLevelMonitorInput docLevelMonitorInput = new DocLevelMonitorInput(detector.getName(), detector.getInputs().get(0).getIndices(), docLevelQueries);
@@ -692,6 +695,7 @@ private IndexMonitorRequest createDocLevelMonitorMatchAllRequest(
         DocLevelQuery docLevelQuery = new DocLevelQuery(
                 monitorName,
                 monitorName + "doc",
+                Collections.emptyList(),
                 actualQuery,
                 Collections.emptyList()
         );
diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingDtoTests.java
@@ -5,6 +5,7 @@
 package org.opensearch.securityanalytics.findings;
 
 import java.time.Instant;
+import java.util.Collections;
 import java.util.List;
 import org.opensearch.commons.alerting.model.DocLevelQuery;
 import org.opensearch.commons.alerting.model.FindingDocument;
@@ -27,7 +28,7 @@ public void testFindingDTO_creation() {
                 "findingId",
                 List.of("doc1", "doc2", "doc3"),
                 "my_index",
-                List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())),
+                List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())),
                 now,
                 List.of(findingDocument1, findingDocument2, findingDocument3)
         );
@@ -36,7 +37,7 @@ public void testFindingDTO_creation() {
         assertEquals("findingId", findingDto.getId());
         assertEquals(List.of("doc1", "doc2", "doc3"), findingDto.getRelatedDocIds());
         assertEquals("my_index", findingDto.getIndex());
-        assertEquals(List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())), findingDto.getDocLevelQueries());
+        assertEquals(List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())), findingDto.getDocLevelQueries());
         assertEquals(now, findingDto.getTimestamp());
         assertEquals(List.of(findingDocument1, findingDocument2, findingDocument3), findingDto.getDocuments());
     }
diff --git a/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java b/src/test/java/org/opensearch/securityanalytics/findings/FindingServiceTests.java
@@ -84,7 +84,7 @@ public void testGetFindings_success() {
                 "monitor_id1",
                 "monitor_name1",
                 "test_index1",
-                List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())),
+                List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())),
                 Instant.now(),
                 "1234"
         );
@@ -100,7 +100,7 @@ public void testGetFindings_success() {
                 "monitor_id2",
                 "monitor_name2",
                 "test_index2",
-                List.of(new DocLevelQuery("1","myQuery","fieldA:valABC", List.of())),
+                List.of(new DocLevelQuery("1", "myQuery", Collections.emptyList(), "fieldA:valABC", List.of())),
                 Instant.now(),
                 "1234"
         );

Original file line number	Diff line number	Diff line change
`@@ -216,7 +216,7 @@ public FindingDto mapFindingWithDocsToFindingDto(FindingWithDocs findingWithDocs`
`216`	`216`	`if (docLevelQueries.isEmpty()) { // this is finding generated by a bucket level monitor`
`217`	`217`	`for (Map.Entry<String, String> entry : detector.getRuleIdMonitorIdMap().entrySet()) {`
`218`	`218`	`if(entry.getValue().equals(findingWithDocs.getFinding().getMonitorId())) {`
`219`		`- docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"","",Collections.emptyList()));`
	`219`	`+ docLevelQueries = Collections.singletonList(new DocLevelQuery(entry.getKey(),"", Collections.emptyList(),"",Collections.emptyList()));`
`220`	`220`	`}`
`221`	`221`	`}`
`222`	`222`	`}`