[Security Solution] OpenAPI `stringifyZodError` generates verbose and confusing error message

machadoum commented 1 week ago

Describe the bug: The function stringifyZodError which is used by buildRouteValidationWithZod returns verbose and confusing error messages for some OpenAPI schemas.

Current behavior: Given the schema defined here: https://github.com/elastic/kibana/blob/f2e68345e10166376b3cd6889d0c1d1f997be880/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.schema.yaml#L251

the following test: https://github.com/elastic/kibana/blob/f2e68345e10166376b3cd6889d0c1d1f997be880/x-pack/plugins/security_solution/common/api/entity_analytics/common/risk_weights.schema.test.ts#L57

Produces the error meesgae: 'host: Required, user: Required, type: Invalid literal value, expected "risk_category", value: Invalid literal value, expected "category_1", host: Required, and 3 more'

Expected behavior: The previous implementation (without OpenAPI) used to produce a more readable error message:

[
    'Invalid value "undefined" supplied to "host"',
    'Invalid value "undefined" supplied to "user"',
]

elasticmachine commented 1 week ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 1 week ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

marshallmain commented 1 week ago

Can you add the old zod schema implementation here for comparison?

marshallmain commented 1 week ago

Also, using a discriminated union on type for RiskScoreWeight will likely make the error message a lot clearer. We have an example of how to add a discriminant here.

elastic / kibana

[Security Solution] OpenAPI `stringifyZodError` generates verbose and confusing error message #182935