Skip to content

Fix/workflow validation ~10 delegation monitor limit#2145

Open
thecodingshrimp wants to merge 1 commit into
opensearch-project:mainfrom
thecodingshrimp:fix/workflow-validation-10-rules-limit
Open

Fix/workflow validation ~10 delegation monitor limit#2145
thecodingshrimp wants to merge 1 commit into
opensearch-project:mainfrom
thecodingshrimp:fix/workflow-validation-10-rules-limit

Conversation

@thecodingshrimp
Copy link
Copy Markdown

@thecodingshrimp thecodingshrimp commented May 18, 2026
edited
Loading

Description

This PR fixes a bug in workflow validation where creating a Security Analytics detector with more than 10 rules fails with an "invalid monitor ids" error (#2144).

Root Cause:
The validateMonitorAccess() function in TransportIndexWorkflowAction.kt was not setting an explicit size parameter on the search query. This caused OpenSearch to default to returning only the first 10 results. When a Security Analytics detector referenced more than 10 rules (generating more than 10 delegate monitors), the validation would incorrectly report that the additional monitor IDs were invalid.

The Fix:
Added .size(monitorIds.size) to the SearchSourceBuilder on line 716 to ensure all delegate monitor IDs are returned and validated correctly.

Code Change:

// Before
val searchSource = SearchSourceBuilder().query(query)

// After
val searchSource = SearchSourceBuilder().query(query).size(monitorIds.size)

Impact:

  • Fixes detector creation for rule sets with more than 10 rules
  • Eliminates misleading "invalid monitor ids" error messages
  • Ensures workflow validation correctly handles workflows of any size (up to the existing 25 delegate limit)

Related Issues

#2144

Example Error (Before Fix):

Error 400 (Bad Request): 0uhbOp4BCrnc_R8wysGB, 1-hbOp4BCrnc_R8wysGD, 2uhbOp4BCrnc_R8wysGG are not valid monitor ids [type=security_analytics_exception]

Check List

  • New functionality includes testing.
    • Not applicable: This is a bug fix for existing functionality. The existing test suite in WorkflowRestApiIT.kt validates workflow creation and monitor validation scenarios.
  • New functionality has been documented.
    • Not applicable: This is a bug fix, not new functionality.
  • API changes companion pull request created.
    • Not applicable: No API changes.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@thecodingshrimp
Fix workflow validation failing for detectors with >10 rules
0b42d12 
The validateMonitorAccess() function in TransportIndexWorkflowAction
was not setting an explicit size parameter on the search query, causing
OpenSearch to default to returning only 10 results. When a Security
Analytics detector referenced more than 10 rules (generating >10
delegate monitors), the validation would incorrectly report that the
additional monitor IDs were invalid.

This fix adds .size(monitorIds.size) to the SearchSourceBuilder to
ensure all delegate monitor IDs are returned and validated correctly.

Fixes issue where detector creation fails with '400 Bad Request:
<monitor_ids> are not valid monitor ids' when using >10 rules.

Signed-off-by: thecodingshrimp <leonard.stutzer@sap.com>
@thecodingshrimp thecodingshrimp force-pushed the fix/workflow-validation-10-rules-limit branch from dc6a6bc to 0b42d12 Compare May 18, 2026 12:59
@thecodingshrimp thecodingshrimp changed the title Fix/workflow validation ~10 rules limit Fix/workflow validation ~10 delegation monitor limit May 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@AWSHurneyt AWSHurneyt Awaiting requested review from AWSHurneyt AWSHurneyt is a code owner

@eirsep eirsep Awaiting requested review from eirsep eirsep is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 is a code owner

@bowenlan-amzn bowenlan-amzn Awaiting requested review from bowenlan-amzn bowenlan-amzn is a code owner

@rishabhmaurya rishabhmaurya Awaiting requested review from rishabhmaurya rishabhmaurya is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn riysaxen-amzn is a code owner

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan is a code owner

@goyamegh goyamegh Awaiting requested review from goyamegh goyamegh is a code owner

@toepkerd toepkerd Awaiting requested review from toepkerd toepkerd is a code owner

@vikhy-aws vikhy-aws Awaiting requested review from vikhy-aws vikhy-aws is a code owner

@manaswini1920 manaswini1920 Awaiting requested review from manaswini1920 manaswini1920 is a code owner

@nishtham-amazon nishtham-amazon Awaiting requested review from nishtham-amazon nishtham-amazon is a code owner

@KashKondaka KashKondaka Awaiting requested review from KashKondaka KashKondaka is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thecodingshrimp