Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor schema reader to use intermediate schema structure #722

Merged
merged 4 commits into from
Jan 21, 2020
Merged

Refactor schema reader to use intermediate schema structure #722

merged 4 commits into from
Jan 21, 2020

Conversation

marshallmain
Copy link
Contributor

This PR improves the ECS ability to nest reusable fields inside other reusable field sets. Currently there is at least one example of multiple reuse: "group" fields are reused in "user", and "user" is then reused by "client", "destination", "host", "server", and "source". However, the implementation in master depends on the "group" fields being copied to "user" before all of the "user" fields are copied to the final locations. This works because the "group" key comes before the "user" key when iterating over the keys in the schema dictionary, but this will not be the case for other places we might want to use multi-level nesting.

This PR adds an intermediate data structure representing the schema which contains references to reused field sets rather than immediately copying them. Using references removes the dependency on the order fieldsets are read in. The intermediate representation is then rendered into the same formats as before by recursively replacing the references with copies.

The output from the refactored version diverges from the original in a few ways. Most notably original_fieldset now refers to the closest reusable fieldset (previously client.user.group.domain would have original_fieldset: user instead of original_fieldset: group). original_fieldset is also populated in every reusable fieldset, even when the fieldset is not embedded. dashed_name now matches flat_name more closely.

Reopened version of #707 reapplying changes on top of master

webmat
webmat reviewed Jan 17, 2020
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this, @marshallmain! This is looking great :-)

  • Could you add back a few tests? They don't need to cover all edge cases, but perhaps 1 or 2 tests exercising each of flatten_fields and cleanup_fields_recursive.
  • Please add a changelog entry to the "tooling" section

generated/csv/fields.csv
@@ -14,7 +14,7 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Example,Description
1.5.0-dev,true,client,client.address,keyword,extended,,Client network address.
1.5.0-dev,true,client,client.as.number,long,extended,15169,Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.
1.5.0-dev,true,client,client.as.organization.name,keyword,extended,Google LLC,Organization name.
1.5.0-dev,true,client,as.organization.name.text,text,extended,Google LLC,Organization name.
1.5.0-dev,true,client,client.as.organization.name.text,text,extended,Google LLC,Organization name.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hadn't noticed that before.

PRs that come with bugfixes are my favourites ;-)

@webmat
Copy link
Contributor

webmat commented Jan 20, 2020

Once we're done with this PR we should revisit #698

@marshallmain
Copy link
Contributor Author

Thanks for the review @webmat ! I'm planning to add the tests and changelog tomorrow so we can get this merged.

webmat
webmat approved these changes Jan 21, 2020
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking great, thanks for adding the tests 👍

@marshallmain marshallmain merged commit 68afbb8 into elastic:master Jan 21, 2020
@marshallmain marshallmain mentioned this pull request Jan 30, 2020
Merged
dcode pushed a commit to dcode/ecs that referenced this pull request Apr 15, 2020
@marshallmain @dcode
Refactor schema reader to use intermediate schema structure (elastic#722
7700c88 
)

* refactor schema reader to use intermediate schema structure

* remove logic for '.' notation in reusable field names

* update changelog.next.md

* Add tests for intermediate schema data structures
@marshallmain marshallmain mentioned this pull request Apr 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@webmat webmat webmat approved these changes

@andrewstucki andrewstucki Awaiting requested review from andrewstucki

@rw-access rw-access Awaiting requested review from rw-access

@james-elastic james-elastic Awaiting requested review from james-elastic

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@marshallmain @webmat