Comments (12)
Original dev of the Elasticsearch output plugin here.
I looked back at docs for old versions, I don't think there's a regression risk as all versions that still have live docs include that header value.
I submitted my changes via PR, so that seems like a decent route. If you want, I can incorporate your changes and add the requisite tests to ensure that my (broken ):) code would have failed.
from grr.
Thanks for reporting and debugging this issue! Please send a pull request with your fix.
from grr.
The following code changes work in my environment. I belive the potential danger with this change is reverse and forward compatability with different versions of the elasticsearch api.
master...fredx30:grr:update-elasticsearch-output-plugin
Currently i am using these changes in a fairly volatile way where i have to reimplement them on container restart. Is there any way of getting these into a mainline release? Am i better off building my own releases to a private container registry of my choosing?
Edit: Is a PR here with these changes welcome?
from grr.
@micrictor Im not sure what these tests would entail. I see no apparent variable to test for in this change.
I could see a test for verifying the headers are in place, however if this worked in previous version without the headers then i see little reason for testing for this as the api could just as well change again.
If you have a good idea for a test i would gladly attempt to write it, this whole editing opensource code thing is new and exciting to me i could use the practice getting the PR across the finish line.
from grr.
from grr.
I ran into some issues while learning how to run the tests. After a bit of trying to get pdb to work on the wsl cli I wound up setting up a pycharm project for local debugging in windows. There were a few awkward moments but i think i got the basics working. I see the tests pass in your pipelines, my windows testing needed some patches to work. You can see them here if they intrest you. I think my changes to the elastic output plugin tests should work as its run in the ubuntu pipeline but cant be sure- working on a run of my own now.
Will cherry pick these commits into the pr linked to this issue.
from grr.
The changes to the plugin and the test look good so far. I think what's missing is that the test method _ParseEvents
tries to parse an empty string - the last line, now that there's a trailing newline.
As for running tests - I, personally, would just run the tests for the ES plugin locally, and rely on the CI jobs to run the full test suite.
from grr.
Well its passing the pipeline run tests now.
Edit: Dealing with PR comments now.
from grr.
@fredx30 do you plan on finalizing your PR, or would you mind if I created one to fix this?
from grr.
@micrictor I believe i finished the PR and am waiting on @max-vogler to review the requested changes that have been made.
Based on your answer im suspecting i may have missed something thats a todo on my end. Would you enlighten me?
I have a (i think signed, never tested that part) build going to my public github artifacts that i have been using since i got my the tests and the review finished. It uses a small change to the build pipeline to push to github instead of docker. If am am correct in waiting i hope it can serve as some inspiration for the time being. If not i would love to get cracking on finishing this PR up, such that i too can be on a mainstream release.
from grr.
That PR looks good, only thing I can think of is manually marking Max's requested changes as complete may be needed for it to request review again.
Thanks for following up on this, I know it's been a long time.
from grr.
What i have done to that end is
- Request a re-review from max
- Mark all the requested changes as resolved
- Quoted/answered the main change request thread
I choose to believe the team is simply buzy or tasked with other things -as there have been no missed releases for this code. I trust max or someone else will get to this eventually. Latest activity is 6 months ago as far as releases are concerned ref: dockerhub.
With that said i dont think it would hurt to keep bumping this issue once every few months to keep it from getting stale on our end.
from grr.
Related Issues (20)
- Feature Request: Enable client installer to accept command line arguments for assigning labels at installation time HOT 1
- GRR on single port with Docker deployment HOT 1
- ETA for next release (Ubuntu 20.04LTS or 22.04LTS) HOT 1
- Installation issue GRR HOT 2
- Error unpacking grr-server_3.4.6-7_amd64.deb HOT 1
- Installation of the Zeek/Linux using the docker pull Repo : Error encountered as i tried to install FleetSpeak Service on Windows Client(dbg_GRR_3.4.6.7_amd64.msi/GRR_3.4.6.7_amd64.msi HOT 1
- grr-server_3.4.6-7 on Ubuntu 22.04 - Unmet Dependency HOT 1
- [GUI] Upgrade fsevents package
- Fleetspeak_frontend error: 'NoneType' object has no attribute 'Listen'
- Non installed fleetspeak
- Unable to see clients in the GRR Dashboard HOT 5
- GRR can't send email using SMTP
- Windows x86 client absent HOT 1
- Launch binaries failed with "Error 1406: Data too long for column 'data_value' at row 1" HOT 1
- Client: ValueError: FLEETSPEAK_COMMS_CHANNEL_INFD is not set HOT 2
- Windows on ARM, Support? HOT 2
- Condition logic prevents some valid artifacts from being collected on Windows 10 HOT 1
- GRR Client installation error - Permission Denied (PublicKey) HOT 1
- grr_api_client to Werkzeug 2.x
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from grr.