[alerting] add ignore_above to alerts params mappings to handle immense params (#100726)

resolves https://github.com/elastic/kibana/issues/100607 This fixes a problem when very large parameters (over 32K bytes) are saved with an alert. Before this fix, an error from elasticsearch would be thrown with the following message, and a 400 returned from create (and presumably update). Document contains at least one immense term in field=\"alert.params\" (whose UTF8 encoding is longer than the max length 32766), all of which were skipped. After the fix, alerts with immense params can be saved and executed. Note that the immense params will not be searchable, since they won't be indexed, but that seems both unavoidable, and not a severe issue.
2021-05-27 09:17:12 -04:00 · 2021-05-27 09:17:12 -04:00 · 11b3ab167d
parent 77452e686b
commit 11b3ab167d
2 changed files with 49 additions and 1 deletions
--- a/x-pack/plugins/alerting/server/saved_objects/mappings.json
+++ b/x-pack/plugins/alerting/server/saved_objects/mappings.json
@ -47,7 +47,8 @@
        }
      },
      "params": {
-        "type": "flattened"
+        "type": "flattened",
+        "ignore_above": 4096
      },
      "scheduledTaskId": {
        "type": "keyword"
--- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/create.ts
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/create.ts
@ -112,6 +112,53 @@ export default function createAlertTests({ getService }: FtrProviderContext) {
      });
    });

+    // see: https://github.com/elastic/kibana/issues/100607
+    // note this fails when the mappings for `params` does not have ignore_above
+    it('should handle alerts with immense params', async () => {
+      const { body: createdAction } = await supertest
+        .post(`${getUrlPrefix(Spaces.space1.id)}/api/actions/connector`)
+        .set('kbn-xsrf', 'foo')
+        .send({
+          name: 'MY action',
+          connector_type_id: 'test.noop',
+          config: {},
+          secrets: {},
+        })
+        .expect(200);
+
+      const lotsOfSpaces = ''.padEnd(100 * 1000); // 100K space chars
+      const response = await supertest
+        .post(`${getUrlPrefix(Spaces.space1.id)}/api/alerting/rule`)
+        .set('kbn-xsrf', 'foo')
+        .send(
+          getTestAlertData({
+            params: {
+              ignoredButPersisted: lotsOfSpaces,
+            },
+            actions: [
+              {
+                id: createdAction.id,
+                group: 'default',
+                params: {},
+              },
+            ],
+          })
+        );
+
+      expect(response.status).to.eql(200);
+      objectRemover.add(Spaces.space1.id, response.body.id, 'rule', 'alerting');
+
+      expect(response.body.params.ignoredButPersisted).to.eql(lotsOfSpaces);
+
+      // Ensure AAD isn't broken
+      await checkAAD({
+        supertest,
+        spaceId: Spaces.space1.id,
+        type: 'alert',
+        id: response.body.id,
+      });
+    });
+
    it('should allow providing custom saved object ids (uuid v1)', async () => {
      const customId = '09570bb0-6299-11eb-8fde-9fe5ce6ea450';
      const response = await supertest