EQL: Change default indices options#63192
Conversation
Ignore by default unavailable indices (same as ES) and verify that allowNoIndices is set to false since at least one index is required for validating the query. Fix elastic#62986
|
Pinging @elastic/es-ql (:Query Languages/EQL) |
| assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(404)); | ||
| //assertThat(exc.getMessage(), containsString("unauthorized")); |
There was a problem hiding this comment.
@imotov not sure why this fails now... Essentially by changing the index option ignoreUnavailable from false to true the 403/unauthorized became a 404...
There was a problem hiding this comment.
I think it is because we ignore unavailable indices and ended up with no indices at all, which leads to 404.
There was a problem hiding this comment.
And previously we did not ignore them but because we couldn't get access to them to verify their existence we got the 403...Make sense.
astefan
left a comment
There was a problem hiding this comment.
I think you need to make the same change in rest high level client corresponding EqlSearchRequest class.
| assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(404)); | ||
| //assertThat(exc.getMessage(), containsString("unauthorized")); |
There was a problem hiding this comment.
I think it is because we ignore unavailable indices and ended up with no indices at all, which leads to 404.
| - match: {hits.sequences.1.events.1._id: "3"} | ||
|
|
||
| --- | ||
| "Execute EQL sequence by default ignores unavailable indices" |
|
|
||
| private String[] indices; | ||
| private IndicesOptions indicesOptions = IndicesOptions.fromOptions(false, false, true, false); | ||
| private IndicesOptions indicesOptions = IndicesOptions.fromOptions(true, false, true, false); |
There was a problem hiding this comment.
@astefan the change inside EQL high-level rest client.
| "Execute EQL sequence by default ignores unavailable indices" | ||
| - do: | ||
| eql.search: | ||
| index: eql_test,non_existing |
There was a problem hiding this comment.
@matriv the integration test against non-existing indices
There was a problem hiding this comment.
I meant to query against only unavailable indices, just for completeness.
| assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(403)); | ||
| assertThat(exc.getMessage(), containsString("unauthorized")); | ||
| assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(404)); | ||
| //assertThat(exc.getMessage(), containsString("unauthorized")); |
| "Execute EQL sequence by default ignores unavailable indices" | ||
| - do: | ||
| eql.search: | ||
| index: eql_test,non_existing |
There was a problem hiding this comment.
I meant to query against only unavailable indices, just for completeness.
Ignore by default unavailable indices (same as ES) and verify that
allowNoIndices is set to false since at least one index is required
for validating the query.
Fix #62986