search

elastic / elastic-package

elastic-package - Command line tool for developing Elastic Integrations
Other
50 stars 116 forks source link

Package with transform in yaml format does not install #895

Open r00tu53r opened 2 years ago

r00tu53r commented 2 years ago

An integration package with transforms defined in YAML format does not install. I see the following error in kibana -

[2022-07-18T03:18:43.486+00:00][ERROR][plugins.fleet] Error: Error installing crowdstrike 1.4.0: Unexpected token s in JSON at position 0
    at ensureInstalledPackage (/usr/share/kibana/x-pack/plugins/fleet/server/services/epm/packages/install.js:199:11)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async Promise.all (index 0)
    at PackagePolicyService.create (/usr/share/kibana/x-pack/plugins/fleet/server/services/package_policy.js:110:33)
    at createPackagePolicyHandler (/usr/share/kibana/x-pack/plugins/fleet/server/routes/package_policy/handlers.js:107:27)
    at Router.handle (/usr/share/kibana/src/core/server/http/router/router.js:163:30)
    at handler (/usr/share/kibana/src/core/server/http/router/router.js:124:50)
    at exports.Manager.execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
    at Object.internals.handler (/usr/share/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
    at exports.execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
    at Request._lifecycle (/usr/share/kibana/node_modules/@hapi/hapi/lib/request.js:371:32)
    at Request._execute (/usr/share/kibana/node_modules/@hapi/hapi/lib/request.js:281:9)

However if I add JSON content to the YAML file the build and installation goes further but breaks with a different error about not being able to create the destination index.

jsoriano commented 2 years ago

I think that this is not supported in Kibana/Fleet yet, see https://github.com/elastic/kibana/issues/134321

susan-shu-c commented 2 years ago

I am encountering the same issue working on https://github.com/elastic/security-ml/issues/83, commenting here for documentation. I am aware of and following

As a temporary workaround, I am also adding .json contents in my transform.yml file (transform.yml for transforms is required by the new package-spec per https://github.com/elastic/package-spec/pull/307)

The curious thing is that if I simply translate the same .json contents to .yml, there is an error when installing the package: The error was this: Error installing host_risk_score 0.0.1: Unexpected token d in JSON at position 0. This seems to indicate the in the backend, it's a .json parser (which can't parse .yml, but a .yml parser can parse .json).