Tests fail due to ECS expected values #1472
Comments
chrisberkhout
added
bug
|
As discussed today with @andrewkroh and @P1llus, and earlier with @kgeller and @ebeahan. |
|
Thanks for the detailed description.
By now I would stay on the restrictive side of things. I don't see other packages using In any case, it sounds good to allow to define Also, once elastic/package-spec#558 is done, we can also add support to selectively disable this validation. |
|
IMHO breaking a build due to a valid though not expected value is something I'd rather opt into than have as default. It's not critical for me now since I found a variation on my earlier workaround that still works. |
Expected values defined for an ECS field, such as for
threat.indicator.type, are not the only valid values (def, emphasis added):The
expected_valuesfield was intended to indicate the "SHOULD" requirement level (as defined for RFCs). For this level it may be appropriate to warn about the use of other values, but not to fail a build or test run.Currently, pipeline and system tests will fail if they find values other than the expected ones.
A previous workaround when using ECS dynamic mappings was to override with explicit definitions. That makes tests pass now if those definitions include the full set of values or an empty array (example), but now
elastic-packagewill not successfully build a package if it defines its ownexpected_values, so this workaround no longer works.Some related links:
validate.goearlier this year, regarding import of the ECS schemathreat.indicator.typeandthreat.indicator.name(althoughthreat.indicator.nameis a misuse of expected values and will be converted to examples)The text was updated successfully, but these errors were encountered: