METRON-1616 Changing alert status fails if no metaalerts have been created yet (merrimanr) closes apache/metron#1061
Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/36b20297 Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/36b20297 Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/36b20297 Branch: refs/heads/feature/METRON-1416-upgrade-solr Commit: 36b20297b7f385202387b22087a5e85d92e55bc7 Parents: 0bb3580 Author: merrimanr <merrim...@gmail.com> Authored: Mon Jun 18 16:35:51 2018 -0500 Committer: merrimanr <merrim...@apache.org> Committed: Mon Jun 18 16:35:51 2018 -0500 ---------------------------------------------------------------------- .../dao/ElasticsearchMetaAlertDao.java | 29 ++++++++++++------ .../dao/ElasticsearchMetaAlertDaoTest.java | 32 ++++++++++++++++++++ 2 files changed, 52 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/36b20297/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java b/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java index ee3ca89..71fe181 100644 --- a/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java +++ b/metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDao.java @@ -43,6 +43,7 @@ import org.apache.metron.indexing.dao.update.OriginalNotFoundException; import org.apache.metron.indexing.dao.update.PatchRequest; import org.apache.metron.stellar.common.utils.ConversionUtils; import org.elasticsearch.action.search.SearchRequestBuilder; +import org.elasticsearch.index.IndexNotFoundException; import org.elasticsearch.index.query.InnerHitBuilder; import org.elasticsearch.index.query.QueryBuilder; import org.elasticsearch.index.query.QueryBuilders; @@ -77,6 +78,7 @@ public class ElasticsearchMetaAlertDao implements MetaAlertDao { public static final String THREAT_TRIAGE_FIELD = THREAT_FIELD_DEFAULT.replace('.', ':'); private static final String STATUS_PATH = "/status"; private static final String ALERT_PATH = "/alert"; + private static final String INDEX_NOT_FOUND_INDICES_KEY = "es.index"; private IndexDao indexDao; private ElasticsearchDao elasticsearchDao; @@ -421,15 +423,24 @@ public class ElasticsearchMetaAlertDao implements MetaAlertDao { } else { Map<Document, Optional<String>> updates = new HashMap<>(); updates.put(update, index); - // We need to update an alert itself. Only that portion of the update can be delegated. - // We still need to get meta alerts potentially associated with it and update. - Collection<Document> metaAlerts = getMetaAlertsForAlert(update.getGuid()).getResults().stream() - .map(searchResult -> new Document(searchResult.getSource(), searchResult.getId(), METAALERT_TYPE, update.getTimestamp())) - .collect(Collectors.toList()); - // Each meta alert needs to be updated with the new alert - for (Document metaAlert : metaAlerts) { - replaceAlertInMetaAlert(metaAlert, update); - updates.put(metaAlert, Optional.of(METAALERTS_INDEX)); + try { + // We need to update an alert itself. Only that portion of the update can be delegated. + // We still need to get meta alerts potentially associated with it and update. + Collection<Document> metaAlerts = getMetaAlertsForAlert(update.getGuid()).getResults().stream() + .map(searchResult -> new Document(searchResult.getSource(), searchResult.getId(), METAALERT_TYPE, update.getTimestamp())) + .collect(Collectors.toList()); + // Each meta alert needs to be updated with the new alert + for (Document metaAlert : metaAlerts) { + replaceAlertInMetaAlert(metaAlert, update); + updates.put(metaAlert, Optional.of(METAALERTS_INDEX)); + } + } catch (IndexNotFoundException e) { + List<String> indicesNotFound = e.getMetadata(INDEX_NOT_FOUND_INDICES_KEY); + // If no metaalerts have been created yet and the metaalerts index does not exist, assume no metaalerts exist for alert. + // Otherwise throw the exception. + if (indicesNotFound.size() != 1 || !METAALERTS_INDEX.equals(indicesNotFound.get(0))) { + throw e; + } } // Run the alert's update http://git-wip-us.apache.org/repos/asf/metron/blob/36b20297/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java ---------------------------------------------------------------------- diff --git a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java index 44defb3..df782bd 100644 --- a/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java +++ b/metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/dao/ElasticsearchMetaAlertDaoTest.java @@ -18,9 +18,14 @@ package org.apache.metron.elasticsearch.dao; +import static org.apache.metron.indexing.dao.MetaAlertDao.METAALERTS_INDEX; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.verify; import java.io.IOException; import java.util.ArrayList; @@ -47,6 +52,7 @@ import org.apache.metron.indexing.dao.search.InvalidSearchException; import org.apache.metron.indexing.dao.search.SearchRequest; import org.apache.metron.indexing.dao.search.SearchResponse; import org.apache.metron.indexing.dao.update.Document; +import org.elasticsearch.index.IndexNotFoundException; import org.junit.Test; public class ElasticsearchMetaAlertDaoTest { @@ -273,4 +279,30 @@ public class ElasticsearchMetaAlertDaoTest { metaAlertDao.calculateMetaScores(metaalert); assertNotNull(metaalert.getDocument().get(MetaAlertDao.THREAT_FIELD_DEFAULT)); } + + @Test + public void testUpdateShouldUpdateOnMissingMetaAlertIndex() throws Exception { + ElasticsearchDao elasticsearchDao = mock(ElasticsearchDao.class); + ElasticsearchMetaAlertDao emaDao = spy(new ElasticsearchMetaAlertDao(elasticsearchDao)); + + doThrow(new IndexNotFoundException(METAALERTS_INDEX)).when(emaDao).getMetaAlertsForAlert("alert_one"); + + Document update = new Document(new HashMap<>(), "alert_one", "", 0L); + emaDao.update(update, Optional.empty()); + + Map<Document, Optional<String>> expectedUpdate = new HashMap<Document, Optional<String>>() {{ + put(update, Optional.empty()); + }}; + verify(elasticsearchDao).batchUpdate(expectedUpdate); + } + + @Test(expected = IndexNotFoundException.class) + public void testUpdateShouldThrowExceptionOnMissingSensorIndex() throws Exception { + ElasticsearchMetaAlertDao emaDao = spy(new ElasticsearchMetaAlertDao()); + + doThrow(new IndexNotFoundException("bro")).when(emaDao).getMetaAlertsForAlert("alert_one"); + + Document update = new Document(new HashMap<>(), "alert_one", "", 0L); + emaDao.update(update, Optional.empty()); + } }
