[ES body removal] @elastic/security-detection-engine

[afharo]

Summary

in preparation for 9.0, we're trying to remove the deprecated body param in the ES client.

To make it easier to review, the changes have been split into multiple PRs, trying to group them per code owner as much as possible.

However, unfortunately, due to cross-dependencies, your team may be pinged more than once. Apologies for that additional noise.

What changes?

Nothing changes internally. The ES client already places everything where it should be when performing the request to ES (URL vs. query string vs. body params).

The main change is in the usage: when using the JS ES client, developers don't need to identify what goes in the body and what goes in the URL. All settings are provided at the root level. So, in summary, the change is:

const response = await client.search({
  index: 'test',
-  body: {
    query: {
      match_all: {}
    }
-  }
})

For this reason, enabling the "Hide whitespace changes" option when reviewing is recommended.

Some exceptions to this rule:

• Bulk APIs replace the body array with operations array (direct replacement)
• Index Put Settings API replace body array with settings (direct replacement)

[elasticmachine]

Pinging @elastic/security-detection-engine (Team:Detection Engine)

[yctercero]

Removing body caused issues for us in MKI. Can we be sure to run this change through our tests in MKI?

[afharo]

@yctercero, thanks for raising awareness! I've added the label ci:serverless-test-all to make sure that we test against MKI.

[elasticmachine]

⏳ Build in-progress, with failures

• Buildkite Build
• Commit: 3b66d6b
• Storybooks Preview

Failed CI Steps

• FTR Configs #57
• FTR Configs #57
• FTR Configs #74
• FTR Configs #74
• FTR Configs #91
• FTR Configs #91
• FTR Configs #103
• FTR Configs #103

Test Failures

• [job] [logs] FTR Configs #57 / Query rule execution logic API @ess @serverless @serverlessQA Query type rules preview logged requests should return requests property when enable_logged_requests set to true
• [job] [logs] FTR Configs #74 / Query rule execution logic API @ess @serverless @serverlessQA Query type rules preview logged requests should return requests property when enable_logged_requests set to true
• [job] [logs] FTR Configs #57 / Query rule execution logic API @ess @serverless @serverlessQA Query type rules preview logged requests should return requests property when enable_logged_requests set to true
• [job] [logs] FTR Configs #74 / Query rule execution logic API @ess @serverless @serverlessQA Query type rules preview logged requests should return requests property when enable_logged_requests set to true
• [job] [logs] FTR Configs #91 / Threshold rule execution logic API @ess @serverless @serverlessQA Threshold type rules preview logged requests should return requests property when enable_logged_requests set to true
• [job] [logs] FTR Configs #103 / Threshold rule execution logic API @ess @serverless @serverlessQA Threshold type rules preview logged requests should return requests property when enable_logged_requests set to true
• [job] [logs] FTR Configs #103 / Threshold rule execution logic API @ess @serverless @serverlessQA Threshold type rules preview logged requests should return requests property when enable_logged_requests set to true
• [job] [logs] FTR Configs #91 / Threshold rule execution logic API @ess @serverless @serverlessQA Threshold type rules preview logged requests should return requests property when enable_logged_requests set to true

History

• 💔 Build #271196 failed af63fae
• 💔 Build #271149 failed fa0d403
• 💛 Build #268713 was flaky ff14a3c
• 💔 Build #268647 failed 711f8fb

cc @afharo

[vitaliidm]

@nkhristinin
FYI: I added quite a lot changes to preview logged requests utils, so I removed myself from reviewers