Adds explicit SavedObjectsRespository error type for 404 that do not originate from Elasticsearch responses

[TinaHeiligers]

Summary

Resolves #102353
There may be cases where a 404 can be returned during calls to the Saved Objects Repository for reasons other than the saved object not being found.

The Saved Objects service should distinguish between a Saved Object is not found and other unknown reasons that do not originate from responses to an Elasticsearch call.

This PR adds an explicit 503 NotFoundEsUnavailable Error that will wrap 404 errors from get, update and delete requests when the response does not contain the x-elastic-product: Elasticsearch header.

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

Risk Matrix

Risk	Probability	Severity	Mitigation/Notes
False positives— An intermediate proxy doesn't forward x-elastic-product header .	Low	Low	As of 7.15.0 Kibana won't start unless the required headers are present. For 7.14 patches, the type of error returned could be a 404 or a 503 but we will still get an error

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[TinaHeiligers]

Initial comments to reviewers.

[TinaHeiligers]

I'm not sure this is the best text string to use as a descriptor for the "missing" header. I took inspiration from the client's team but made it a lot more specific. We need to get Product's input on wording if we choose to follow this implementation.

[TinaHeiligers]

Specifically set a status code of 503 to indicate an ES availability error. This overrides the 404 we would otherwise have thrown.

[joshdover]

This is looking great. I really only have feedback on which error we'd like to raise in this case and subsequently, the condition we should use to throw this error.

An integration test for this would be really nice to have but it's not going to be simple. We'd need to setup a proxy server in front of Elasticsearch that allows us to 'hi-jack' the response to test this condition. I imagine this would be easier to accomplish in a jest integration test than with the FTR. As a starting place, I'd experiment with using a custom Hapi server with the h2o2 plugin (same one we use for the bath path proxy). We can also do this as a follow up if needed.

[joshdover]

Do we want to differentiate this error from isEsUnavailableError? I'm inclined to say that we want applications to handle this condition in the same way they would handle any other issue reaching Elasticsearch. I'm not sure if there's anything different a consumer would or can do in this case vs. any other isEsUnavailableError. Another benefit of using the existing error is that any existing code that is handling it will also handle this new case.

Curious what @mshustov thinks as well.

[mshustov]

Agree, it's ES server is unavailable rather than a Kibana entity is not found.
A user reacts to them in different ways: in the case of a Kibana entity is not found, the user needs to adjust the request params and try again.
While in the case of ES server is unavailable, the error is not actionable: the user needs to contact an admin to address the availability problem.

[TinaHeiligers]

Initially, I did try throwing isEsUnavailableError but that returns a boolean, not an actual Error or DecoratedError. If you mean that we should rather throw a decorated EsUnavailableError that will return true on checking that the error is isEsUnavailable, then we can do that.
If I'm mis-reading the types here, please let me know!.

[mshustov]

f you mean that we should rather throw a decorated EsUnavailableError that will return true on checking that the error is isEsUnavailable, then we can do that.

Yeah, I was thinking about something like this. @joshdover Did you mean the same?

[TinaHeiligers]

I initially replied with this but then deleted it again. I'm adding it back for more context on the error that I'm using:

createGenericNotFoundEsUnavailableError will return a 503 error that adds the message from a NotFoundError to the EsUnavailableError. The decorated error that's thrown will assert true to a check for isEsUnavailableError, since the latter returns a boolean for the statusCode being 503.

[joshdover]

If we decide to use the same isEsUnavailable error (see comment above), then I think we should simplify this condition to only if (!isEsHeaderValid(headers)) to catch this issue more broadly. Same for the other repository functions.

[TinaHeiligers]

isEsUnavailable does not return an error. It returns a boolean.

[TinaHeiligers]

In addition, what we're hoping to accomplish with this work is to differentiate between a saved object not actually being found (404) vs the response returning a 404 because ES is unavailable.

For the initial work (this PR), we're only scoping the work to checking if the response is from ES when we get a 404, rather than a larger check on all or any responses.

We will need to implement something for ensuring all responses received are valid ES responses in the long run but IMO, is too risky to try and get in for a patch release.

[joshdover]

I'm fairly certain this is the case, but have we validated that the casing of the header names are always normalized to lowercase?

[TinaHeiligers]

Good question! I did do a cursory check but we could handle the case by casting it to lowercase before checking the condition to be safe.

[mshustov]

Do we need : at the end?

[TinaHeiligers]

Nope. Good catch!

[mshustov]

Question: Might it lead to false positives if an intermediate proxy doesn't forward x-elastic-product header? In v7.14, we do allow Kibana starts even if x-elastic-product header is missing. Kibana won't start unless the header presents starting from v7.15 #105557
Does it mean that we cannot backport this change to v7.14.1?

[TinaHeiligers]

Might it lead to false positives if an intermediate proxy doesn't forward x-elastic-product header?

If the header is missing from the response then yes, we would get 503 errors rather than 404 (which is what we're getting now). We would, however, still be getting an error because ATM, the header check is only done if we are already getting a 404 response.

If we did backport the work to 7.14.1, then there is a chance we'd get false positives but I don't know how likely that would be. We rely on headers for other Kibana functionality (e.g. accessing internal indices). In what cases wouldn't a proxy forward response headers on?

[TinaHeiligers]

An integration test for this would be really nice to have but it's not going to be simple. We'd need to setup a proxy server in front of Elasticsearch that allows us to 'hi-jack' the response to test this condition. I imagine this would be easier to accomplish in a jest integration test than with the FTR. As a starting place, I'd experiment with using a custom Hapi server with the h2o2 plugin (same one we use for the bath path proxy). We can also do this as a follow up if needed.

++ to adding a jest integration test. I also agree adding one as a follow up would be better because, as you say, it's not going to be simple.

[TinaHeiligers]

@mshustov @joshdover I've either addressed or answered your initial comments. Could you please take another look at the PR? I've kept the scope small for this one in the hope that we can get it in for the 7.14.1 patch.
@YulNaumenko Would this work for your case? The changes have been applied to get, update and delete.

I'm not sure what's up with all those doc changes. I'll investigate and potentially open a new PR if needed. Converting back to draft to figure this out. Sorry folks!

[TinaHeiligers]

@elasticmachine merge upstream

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 8d14a73
• Storybooks Preview

Metrics [docs]

Unknown metric groups

API count

id	before	after	diff
core	2363	2368	+5

API count missing comments

id	before	after	diff
core	1081	1086	+5

History

• 💚 Build #141974 succeeded 159068b
• 💚 Build #141824 succeeded 9a33d69
• 💔 Build #141811 failed e1e93eb
• 💔 Build #141532 failed e1e93eb
• 💔 Build #141522 failed df0c75c278ec938bb645bbe98cede4ed786e84da

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[TinaHeiligers]

@joshdover @mshustov @YulNaumenko I've opened a new PR without all those weird doc changes. Sorry about that!