Alerting V2 Monitor and Trigger models #873
Conversation
toepkerd
force-pushed
the
ppl-review
branch
3 times, most recently
from
62cfcdf to
7997234
Compare
toepkerd
requested review from
AWSHurneyt,
bowenlan-amzn,
cwperks,
eirsep,
engechas,
getsaurabh02,
jowg-amazon,
lezzago,
rishabhmaurya,
riysaxen-amzn and
sbcd90
as code owners
toepkerd
force-pushed
the
ppl-review
branch
2 times, most recently
from
11a7fed to
ff223d2
Compare
Signed-off-by: Dennis Toepker <[email protected]>
Signed-off-by: Dennis Toepker <[email protected]>
Signed-off-by: Dennis Toepker <[email protected]>
Signed-off-by: Dennis Toepker <[email protected]>
Signed-off-by: Dennis Toepker <[email protected]>
Signed-off-by: Dennis Toepker <[email protected]>
| val schemaVersion: Int = NO_SCHEMA_VERSION, | ||
| val monitorId: String, | ||
| val monitorName: String, | ||
| val monitorVersion: Long, |
There was a problem hiding this comment.
This would refer to the version of the monitor this alert was generated from since sometimes the monitor is updated, so the current query might not be applicable anymore to the alert.
| import java.io.IOException | ||
| import java.time.Instant | ||
|
|
||
| data class AlertV2( |
There was a problem hiding this comment.
For tests: tests will be added post internal demo and customer playground, as the goal currently is to see if RBAC and other AuthZ can be implemented before internal and customer demo.
For Alert States: no, Alerts in AlertingV2 will not have states. The general flow of alerts is that a PPLMonitor will fire and forget them. Alerts will then get deleted by a separate Alert cleanup mechanism based on the configured Alert expiration time (AlertExpirer.kt) is the upcoming class that does this.
There was a problem hiding this comment.
FYI we should discuss: opensearch-project/security#4500.
We should move away from storing user copies...esp for new use cases
There was a problem hiding this comment.
For Roles Injection..used for Alerting monitor runtime..that would still require storing a user copy, however, for visibility and sharing purposes security will be pushing for the new model.
Roles Injection will also need replaced eventually. That is used in cases where the creator of an alerting monitor has DLS restrictions.
That being said, there is a known issue that a contributor has graciously been helping us with but its stuck in review in the alerting repo: opensearch-project/alerting#1917
| monitorId = sin.readString(), | ||
| monitorName = sin.readString(), | ||
| monitorVersion = sin.readLong(), | ||
| // monitorUser = if (sin.readBoolean()) { |
There was a problem hiding this comment.
see: #873 (comment)
| // val monitorUser: User?, | ||
| val triggerId: String, | ||
| val triggerName: String, | ||
| val queryResults: Map<String, Any>, |
There was a problem hiding this comment.
will this be the same structure for PPL, SQL, DSL?
There was a problem hiding this comment.
For PPL and SQL yes. DSL responses can technically be stored as a Map<String, Any>, but the PPL Alerting logic expects this to follow the format of SQL/PPL Plugin Execute API Response format: https://docs.opensearch.org/latest/search-plugins/sql/sql-ppl-api/#example-request
| override val name: String, | ||
| override val severity: Severity, | ||
| override val suppressDuration: TimeValue?, | ||
| override val expireDuration: TimeValue?, |
There was a problem hiding this comment.
what is this?
add code comments and java docs
| val monitorId: String, | ||
| val monitorName: String, | ||
| val monitorVersion: Long, | ||
| // val monitorUser: User?, |
There was a problem hiding this comment.
nitpick: cleanup commented code unless intentional. This applies to everywhere else as well.
There was a problem hiding this comment.
Also I noticed the older alert contained this. Why do we want to remove it now? I believe this helped with rbac support.
There was a problem hiding this comment.
The comments are intentional. In all coming PRs, RBAC related code is commented out as markers for what RBAC data needs to be stored, and where RBAC checks need to be made. There are no plans to remove monitorUser from Alerts
There was a problem hiding this comment.
FYI we should discuss: opensearch-project/security#4500.
We should move away from storing user copies...esp for new use cases
| val schemaVersion: Int = NO_SCHEMA_VERSION, | ||
| val monitorId: String, | ||
| val monitorName: String, | ||
| val monitorVersion: Long, |
There was a problem hiding this comment.
This would refer to the version of the monitor this alert was generated from since sometimes the monitor is updated, so the current query might not be applicable anymore to the alert.
| import java.io.IOException | ||
| import java.time.Instant | ||
|
|
||
| interface MonitorV2 : ScheduledJob { |
There was a problem hiding this comment.
The RFC's model of the v2 monitor is different from this. Can we get them in sync?
There was a problem hiding this comment.
MonitorV2 is meant to serve as a more upstream interface. Please see PPLMonitor.kt for a model that matches the RFC.
+1 we need tests. Also can we update the RFC with all the models we are planning on creating? Additionally is there any plugin requiring to use these alerting v2 monitors? If not, I would recommend keeping this in the Alerting plugin. |
| override val suppressDuration: TimeValue?, | ||
| override val expireDuration: TimeValue?, | ||
| override var lastTriggeredTime: Instant?, | ||
| override val actions: List<Action>, |
5 participants
Description
Adds PPL Monitor and PPL Trigger models for Alerting V2
Related Issues
opensearch-project/alerting#1880
Check List
--signoff.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.