-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RAC][Rule Registry] BUG: Component template bootstrapping fails on conflicting fields #109816
Comments
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
@banderror Does this need to be addressed in 7.16? |
This is no longer an issue as we have things planned because we are only allowing additive changes for now. |
As you can see from the PR description this bug could be reproduced when moving a field between component templates and changing its type. I'd guess that it's not possible to reproduce it with an additive change or refactoring (e.g. moving a field from one template to another without changing its type), but I'm not 100% sure about that. |
I confirm that. To reproduce the bug, we should move a field + change its type. With additive changes, it is not an issue. |
Hey everyone, I removed this ticket from the backlog of the Detection Rules area. We (@elastic/security-detections-response-rules) are not the owners anymore (however feel free to still ping us if you have any tech questions about the ticket). Ownership of this ticket and other tickets related to rule_registry (like #101016) now goes to the Detection Alerts area ( |
Closing as this scenario only occurs when making a non-additive change to the mappings, which is unsupported in the rule registry currently. |
Parent ticket: #101016
Summary
Rule Registry resources bootstrapping fails when component templates update lead to conflicting fields during the upgrade process.
How to reproduce
Let's say we want to update mappings by moving a field from a solution-specific component template to a common one and changing the field's type in the process. For example, the changes could look like this:
When we restart Kibana, the bootstrapping fails with the following error:
It happens because we first try to add the new field to the common template and, after that, remove it from the solution-specific template. So despite, in the end, we would receive a valid template, during the upgrade process, templates could become incompatible.
The text was updated successfully, but these errors were encountered: