Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AWS][WAF] System test failing for WAF with 8.14.0 #10400

Closed
agithomas opened this issue Jul 6, 2024 · 3 comments · Fixed by #10401
Closed

[AWS][WAF] System test failing for WAF with 8.14.0 #10400

agithomas opened this issue Jul 6, 2024 · 3 comments · Fixed by #10401
Assignees
@agithomas
Labels
Integration:aws AWS Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]

Comments

@agithomas
Copy link
Contributor

Steps to Recreate the issue

  1. Update manifest.yml as
  kibana:
    version: "^8.14.0"
  1. elastic-package test system -d waf -v

Output

Error: error running package system tests: could not complete test run: found ignored fields in data stream logs-aws.waf-ep: [aws.waf.terminating_rule_match_details.location aws.waf.non_terminating_matching_rules.ruleMatchDetails.location aws.waf.rule_group_list.nonTerminatingMatchingRules.ruleMatchDetails.location]. Affected documents: [
  {
    "_id": "996f88ec15-000000000000",
    "@timestamp": "2019-12-13T23:40:12.771Z",
    "ignored_field_values": null
  },
  {
    "_id": "996f88ec15-000000000826",
    "@timestamp": "2020-06-17T01:26:32.516Z",
    "ignored_field_values": null
  },
  {
    "_id": "996f88ec15-000000001695",
    "@timestamp": "2020-06-17T02:43:30.888Z",
    "ignored_field_values": null
  },
  {
    "_id": "996f88ec15-000000002947",
    "@timestamp": "2019-12-13T23:40:12.771Z",
    "ignored_field_values": null
  }
]

Initial Assumption / Observation

I guess this may be related to the recently added feature in elastic-package
- System tests fail on presence of ignored fields. cc @jsoriano

Impacted PRs
@agithomas agithomas added the Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] label Jul 6, 2024
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@agithomas agithomas mentioned this issue Jul 6, 2024
Merged
4 tasks
@agithomas
Copy link
Contributor Author

agithomas commented Jul 6, 2024
edited
Loading

With

skip_ignored_fields:
  - aws.waf.terminating_rule_match_details.location
  - aws.waf.non_terminating_matching_rules.ruleMatchDetails.location
  - aws.waf.rule_group_list.nonTerminatingMatchingRules.ruleMatchDetails.location

added to test-default-config.yml for AWS/WAF

Reference : PR

With this change:

--- Test results for package: aws - START ---
╭─────────┬─────────────┬───────────┬───────────┬────────┬─────────────────╮
│ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │    TIME ELAPSED │
├─────────┼─────────────┼───────────┼───────────┼────────┼─────────────────┤
│ aws     │ waf         │ system    │ default   │ PASS   │ 1m43.569735941s │
╰─────────┴─────────────┴───────────┴───────────┴────────┴─────────────────╯
--- Test results for package: aws - END   ---
Done

@agithomas agithomas mentioned this issue Jul 6, 2024
Merged
4 tasks
@agithomas
Copy link
Contributor Author

PR LInk to Resolve the issue : #10401

@agithomas agithomas self-assigned this Jul 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@agithomas agithomas

Labels
Integration:aws AWS Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add skip ignored fields for AWS WAF fields agithomas/integrations
2 participants
@elasticmachine @agithomas