Skip to content

[RORDEV-1980] Showcase: Search Profiler & Data Set Quality features with ROR #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
coutoPL wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[RORDEV-1980] Showcase: Search Profiler & Data Set Quality features with ROR #95

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2f04c33
Fix
coutoPL Mar 24, 2026
10b3c32
Fix
coutoPL Mar 24, 2026
86816f0
wip
coutoPL Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions ror-demo-cluster/.env-showcase
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Non-interactive configuration for ror-demo-cluster.
# When this file is present and non-empty, run.sh skips all interactive prompts and uses these values directly.
#
# ES/KBN DOCKERFILE options:
# Dockerfile-use-ror-binaries-from-api - download ROR plugin from API (requires ROR_ES_VERSION / ROR_KBN_VERSION)
# Dockerfile-use-ror-binaries-from-file - use a local plugin file (requires ES_ROR_FILE / KBN_ROR_FILE)

ES_VERSION=8.19.11
ES_DOCKERFILE=Dockerfile-use-ror-binaries-from-file
ES_ROR_FILE=readonlyrest-1.69.0-pre01_es8.19.11.zip

KBN_VERSION=8.19.11
KBN_DOCKERFILE=Dockerfile-use-ror-binaries-from-api
ROR_KBN_VERSION=1.68.0
6 changes: 3 additions & 3 deletions ror-demo-cluster/conf/es/readonlyrest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,18 @@ readonlyrest:

- name: "End users"
groups: ["EndUsers"]
indices: ["frontend_logs", "kibana_sample_data_*"]
indices: ["logs-frontend-dev", "kibana_sample_data_*"]
kibana:
index: .kibana_end_@{user}
access: rw
hide_apps: ["Security", "Observability"]

- name: "Business users"
groups: ["BusinessUsers"]
indices: ["business_logs", "kibana_sample_data_*"]
indices: ["logs-business-dev", "kibana_sample_data_*"]
Comment on lines +21 to +29
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

logs-system-dev is seeded but never allowed.

shared/init-scripts/init.sh now creates and populates logs-system-dev, but these updated rules only grant logs-frontend-dev and logs-business-dev. That leaves one of the new showcase datasets unreachable through ReadonlyREST. Either add it to an intended audience or stop generating it.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ror-demo-cluster/conf/es/readonlyrest.yml` around lines 21 - 29, The
ReadonlyREST rules currently grant access to "logs-frontend-dev" and
"logs-business-dev" but not to the newly seeded "logs-system-dev", so either add
"logs-system-dev" to an appropriate role's indices list or stop seeding it;
update the YAML block that defines the "Business users" (name: "Business users",
groups: ["BusinessUsers"]) or whichever role should reach system logs by adding
"logs-system-dev" to its indices array (indices: ["logs-business-dev",
"logs-system-dev", "kibana_sample_data_*"]) or remove the seeding logic in
shared/init-scripts/init.sh if the dataset is not intended to be reachable.

kibana:
index: .kibana_business_@{user}
access: rw
access: ro
hide_apps: ["Security", "Observability"]

users:
Expand Down
2 changes: 2 additions & 0 deletions ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt
server.ssl.key: /usr/share/kibana/config/kibana.key
server.ssl.redirectHttpFromPort: 80

xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key"

readonlyrest_kbn.logLevel: info
readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm'
readonlyrest_kbn:
Expand Down
2 changes: 2 additions & 0 deletions ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,7 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt
server.ssl.key: /usr/share/kibana/config/kibana.key
server.ssl.redirectHttpFromPort: 80

xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key"

readonlyrest_kbn.logLevel: info
readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm'
2 changes: 2 additions & 0 deletions ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,7 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt
server.ssl.key: /usr/share/kibana/config/kibana.key
server.ssl.redirectHttpFromPort: 80

xpack.encryptedSavedObjects.encryptionKey: "min-32-byte-long-strong-encryption-key"

readonlyrest_kbn.logLevel: info
readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm'
Binary file added ror-demo-cluster/readonlyrest-1.69.0-pre01_es8.19.11.zip
View file
Open in desktop
Binary file not shown.
39 changes: 6 additions & 33 deletions shared/init-scripts/init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,37 +4,10 @@ cd "$(dirname "$0")"

source utils/lib.sh

function generate_log_documents() {
if [ "$#" -ne 1 ]; then
echo "ERROR: One required: 1) number of documents to generate"
return 1
fi
createDataStream "logs-frontend-dev" && generate_log_documents 100 | putDocument "logs-frontend-dev"
createDataStream "logs-business-dev" && generate_log_documents 100 | putDocument "logs-business-dev"
createDataStream "logs-system-dev" && generate_log_documents 100 | putDocument "logs-system-dev"

N=$1

for ((i = 1; i <= N; i++)); do
user_id=$((RANDOM % 10000 + 1))
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
log_message="User $user_id login successful"
level="$(pick_randomly "INFO" "WARN" "ERROR" "DEBUG")"

echo "{ \"message\": \"$log_message\", \"level\": \"$level\", \"timestamp\": \"$timestamp\", \"user_id\": \"$user_id\" }"
done
}

function index_documents() {
if [ "$#" -ne 1 ]; then
echo "ERROR: One required: 1) index name"
return 1
fi

INDEX_NAME=$1

while IFS= read -r document; do
putDocument "$INDEX_NAME" "$document"
done
}

generate_log_documents 100 | index_documents "frontend_logs"
generate_log_documents 50 | index_documents "business_logs"
generate_log_documents 60 | index_documents "system_logs"
#createIndex "frontend_logs_index" && generate_log_documents 100 | putDocument "frontend_logs_index"
#createIndex "business_logs_index" && generate_log_documents 50 | putDocument "business_logs_index"
#createIndex "system_logs_index" && generate_log_documents 60 | putDocument "system_logs_index"
127 changes: 119 additions & 8 deletions shared/init-scripts/utils/lib.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,92 @@ function pick_randomly() {
echo "${OPTIONS[$RANDOM_INDEX]}"
}

function createIndex() {
if [ "$#" -ne 1 ]; then
echo "ERROR: One parameter required: 1) index name"
return 1
fi

if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then
echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty"
exit 2
fi

if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then
echo "ERROR: required variable ELASTICSEARCH_USER not set or empty"
exit 3
fi

if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then
echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty"
exit 4
fi

INDEX_NAME=$1

response=$(curl -k -s -L -w "\n%{http_code}" -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD \
-X PUT "$ELASTICSEARCH_ADDRESS/$INDEX_NAME" \
-H "Content-Type: application/json"
Comment on lines +33 to +35
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -e

rg -n --fixed-strings '-u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD' shared/init-scripts/utils/lib.sh

ELASTICSEARCH_USER='demo'
ELASTICSEARCH_PASSWORD='pa ss'
set -- curl -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD
printf 'argc=%s\n' "$#"
printf '[%s]\n' "$@"

Repository: beshu-tech/ror-sandbox

Length of output: 470

🏁 Script executed:

#!/bin/bash
cd shared/init-scripts/utils || exit 1
# Search for the pattern with proper escaping
echo "=== Searching for unquoted credentials pattern ==="
grep -n 'curl.*-u \$ELASTICSEARCH_USER:\$ELASTICSEARCH_PASSWORD' lib.sh || echo "Not found with escaped pattern"

# Also try a simpler pattern
grep -n '\$ELASTICSEARCH_USER:\$ELASTICSEARCH_PASSWORD' lib.sh

echo ""
echo "=== Demonstrating word-splitting vulnerability ==="
ELASTICSEARCH_USER='demo'
ELASTICSEARCH_PASSWORD='pa ss'
set -- curl -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD
printf 'argc=%s\n' "$#"
printf '[%s]\n' "$@"

Repository: beshu-tech/ror-sandbox

Length of output: 798

🏁 Script executed:

#!/bin/bash
cd shared/init-scripts/utils || exit 1

echo "=== Context around line 33 ==="
sed -n '25,40p' lib.sh

echo ""
echo "=== Context around line 73 ==="
sed -n '65,80p' lib.sh

echo ""
echo "=== Context around line 129 ==="
sed -n '121,136p' lib.sh

echo ""
echo "=== Checking for any other unquoted credential patterns ==="
grep -n '\$ELASTICSEARCH_USER' lib.sh | grep -v '"'

Repository: beshu-tech/ror-sandbox

Length of output: 1648

Quote the curl -u credentials.

These calls pass -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD unquoted. A password with whitespace or shell metacharacters will be split/expanded by Bash and the request will fail.

🔐 Suggested fix 
-  response=$(curl -k -s -L -w "\n%{http_code}" -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD \
+  response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD" \
     -X PUT "$ELASTICSEARCH_ADDRESS/$INDEX_NAME" \
     -H "Content-Type: application/json"
   )

Also applies to lines 73-75 and 129-131.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
response=$(curl -k -s -L -w "\n%{http_code}" -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD \
-X PUT "$ELASTICSEARCH_ADDRESS/$INDEX_NAME" \
-H "Content-Type: application/json"
response=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD" \
-X PUT "$ELASTICSEARCH_ADDRESS/$INDEX_NAME" \
-H "Content-Type: application/json"
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@shared/init-scripts/utils/lib.sh` around lines 33 - 35, The curl invocations
using -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD must quote the credentials
so Bash does not split/expand passwords with spaces or metacharacters; update
the -u args to use the quoted form (e.g. -u
"${ELASTICSEARCH_USER}:${ELASTICSEARCH_PASSWORD}") in the PUT/other curl calls
found in lib.sh (the shown block and the other occurrences around the blocks
currently at lines 73-75 and 129-131), ensuring all curl invocations
consistently quote both ELASTICSEARCH_USER and ELASTICSEARCH_PASSWORD.

)

http_status=$(echo "$response" | tail -n 1)
response_body=$(echo "$response" | sed \$d)

if [[ "$http_status" != 2* ]]; then
echo "ERROR: Cannot create index [$INDEX_NAME]. HTTP status: $http_status, response body: $response_body"
return 5
fi

return 0
}

function createDataStream() {
if [ "$#" -ne 1 ]; then
echo "ERROR: One parameter required: 1) data stream name"
return 1
fi

if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then
echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty"
exit 2
fi

if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then
echo "ERROR: required variable ELASTICSEARCH_USER not set or empty"
exit 3
fi

if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then
echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty"
exit 4
fi

STREAM_NAME=$1
TEMPLATE_NAME="${STREAM_NAME}-template"

response=$(curl -k -s -L -w "\n%{http_code}" -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD \
-X PUT "$ELASTICSEARCH_ADDRESS/_index_template/$TEMPLATE_NAME" \
-H "Content-Type: application/json" -d "{
\"index_patterns\": [\"$STREAM_NAME\"],
\"data_stream\": {},
\"priority\": 500
}"
)

http_status=$(echo "$response" | tail -n 1)
response_body=$(echo "$response" | sed \$d)

if [[ "$http_status" != 2* ]]; then
echo "ERROR: Cannot create index template for data stream [$STREAM_NAME]. HTTP status: $http_status, response body: $response_body"
return 5
fi

return 0
}

function putDocument() {
if [ "$#" -ne 2 ]; then
echo "ERROR: Three parameters required: 1) index name, 2) document JSON string"
if [ "$#" -lt 1 ] || [ "$#" -gt 2 ]; then
echo "ERROR: Required: 1) index name, optionally 2) document JSON string (or via stdin)"
return 1
fi

Expand All @@ -29,22 +112,50 @@ function putDocument() {
fi

INDEX_NAME=$1
DOCUMENT_CONTENT=$2

set -x
if [ "$#" -eq 2 ]; then
putSingleDocument "$INDEX_NAME" "$2"
else
while IFS= read -r DOCUMENT_CONTENT; do
putSingleDocument "$INDEX_NAME" "$DOCUMENT_CONTENT"
done
fi
}
Comment on lines +116 to +123
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -e

putSingleDocument() {
  local _index=$1
  local doc=$2
  [[ "$doc" != "bad" ]]
}

putDocument() {
  local index_name=$1
  while IFS= read -r document_content; do
    putSingleDocument "$index_name" "$document_content"
  done
}

if printf '%s\n' bad good | putDocument demo; then
  echo "putDocument returned success after an earlier failure"
else
  echo "putDocument returned failure"
fi

Repository: beshu-tech/ror-sandbox

Length of output: 119

🏁 Script executed:

cat -n shared/init-scripts/utils/lib.sh | sed -n '110,130p'

Repository: beshu-tech/ror-sandbox

Length of output: 738

🏁 Script executed:

cat -n shared/init-scripts/utils/lib.sh | sed -n '125,155p'

Repository: beshu-tech/ror-sandbox

Length of output: 1150

Propagate the first failed insert in stdin mode.

Line 120 ignores putSingleDocument's return status. If one document fails (returning 5) and a later one succeeds (returning 0), putDocument exits 0 after a partial load, allowing the init script to continue with an incomplete dataset.

🧱 Suggested fix 
   if [ "$#" -eq 2 ]; then
     putSingleDocument "$INDEX_NAME" "$2"
   else
     while IFS= read -r DOCUMENT_CONTENT; do
-      putSingleDocument "$INDEX_NAME" "$DOCUMENT_CONTENT"
+      putSingleDocument "$INDEX_NAME" "$DOCUMENT_CONTENT" || return $?
     done
   fi
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if [ "$#" -eq 2 ]; then
putSingleDocument "$INDEX_NAME" "$2"
else
while IFS= read -r DOCUMENT_CONTENT; do
putSingleDocument "$INDEX_NAME" "$DOCUMENT_CONTENT"
done
fi
}
if [ "$#" -eq 2 ]; then
putSingleDocument "$INDEX_NAME" "$2"
else
while IFS= read -r DOCUMENT_CONTENT; do
putSingleDocument "$INDEX_NAME" "$DOCUMENT_CONTENT" || return $?
done
fi
}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@shared/init-scripts/utils/lib.sh` around lines 116 - 123, The loop in
putDocument currently ignores putSingleDocument's exit code so a later success
can mask earlier failures; modify putDocument so after each call to
putSingleDocument (both in the "$# -eq 2" branch and inside the while-read loop)
you capture its return value (e.g., rc=$?) and if rc is non-zero immediately
return or exit with that rc to propagate the first failure up to the caller;
locate calls to putSingleDocument in the function and add the conditional
check/early return using the captured rc.


respone=$(curl -k -s -L -w "\n%{http_code}" -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD \
function putSingleDocument() {
INDEX_NAME=$1
DOCUMENT_CONTENT=$2

response=$(curl -k -s -L -w "\n%{http_code}" -u $ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD \
-X POST "$ELASTICSEARCH_ADDRESS/$INDEX_NAME/_doc/" \
-H "Content-Type: application/json" -d "$DOCUMENT_CONTENT"
)

http_status=$(echo "$respone" | tail -n 1)
response_body=$(echo "$respone" | sed \$d)
http_status=$(echo "$response" | tail -n 1)
response_body=$(echo "$response" | sed \$d)

if [[ "$http_status" != 2* ]] ; then
echo "ERROR: Cannot add document [$DOCUMENT_CONTENT] to index=[$INDEX_NAME].\nHTTP status: $HTTP_STATUS, response body: $RESPONSE_BODY"
echo "ERROR: Cannot add document [$DOCUMENT_CONTENT] to index=[$INDEX_NAME].\nHTTP status: $http_status, response body: $response_body"
return 5
fi

return 0
}

function generate_log_documents() {
if [ "$#" -ne 1 ]; then
echo "ERROR: One required: 1) number of documents to generate"
return 1
fi

N=$1

for ((i = 1; i <= N; i++)); do
user_id=$((RANDOM % 10000 + 1))
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
log_message="User $user_id login successful"
level="$(pick_randomly "INFO" "WARN" "ERROR" "DEBUG")"

echo "{ \"message\": \"$log_message\", \"level\": \"$level\", \"@timestamp\": \"$timestamp\", \"user_id\": \"$user_id\" }"
done
}
24 changes: 24 additions & 0 deletions utils/collect-info-about-ror-es-kbn.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,30 @@

echo "Preparing Elasticsearch & Kibana with ROR environment ..."

if [[ -s ".env-showcase" ]]; then
echo "Found .env-showcase - running in non-interactive mode ..."
cp .env-showcase .env

source .env-showcase

if [[ "$ES_DOCKERFILE" == *"from-file"* ]]; then
es_ror_info="FILE: $ES_ROR_FILE"
else
es_ror_info="API: ROR ES $ROR_ES_VERSION"
fi

if [[ "$KBN_DOCKERFILE" == *"from-file"* ]]; then
kbn_ror_info="FILE: $KBN_ROR_FILE"
else
kbn_ror_info="API: ROR KBN $ROR_KBN_VERSION"
fi

echo " Elasticsearch $ES_VERSION ($es_ror_info)"
echo " Kibana $KBN_VERSION ($kbn_ror_info)"

exit 0
Comment on lines +5 to +26
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Validate .env-showcase before the early exit.

This shortcut copies and prints the config, then returns success without checking that the required variables are present or that any *-from-file artifact actually exists. With the new showcase config using Dockerfile-use-ror-binaries-from-file for Elasticsearch, a typo or missing ES_ROR_FILE will only fail much later during the build/run flow.

🛠️ Suggested fail-fast checks 
 if [[ -s ".env-showcase" ]]; then
   echo "Found .env-showcase - running in non-interactive mode ..."
   cp .env-showcase .env
 
   source .env-showcase
+
+  for required_var in ES_VERSION KBN_VERSION ES_DOCKERFILE KBN_DOCKERFILE; do
+    if [[ -z "${!required_var:-}" ]]; then
+      echo "ERROR: .env-showcase is missing $required_var"
+      exit 1
+    fi
+  done
+
+  if [[ "$ES_DOCKERFILE" == *"from-file"* && ! -f "${ES_ROR_FILE:-}" ]]; then
+    echo "ERROR: ES_ROR_FILE [${ES_ROR_FILE:-}] does not exist"
+    exit 1
+  fi
+  if [[ "$ES_DOCKERFILE" != *"from-file"* && -z "${ROR_ES_VERSION:-}" ]]; then
+    echo "ERROR: ROR_ES_VERSION is required when ES binaries come from API"
+    exit 1
+  fi
+
+  if [[ "$KBN_DOCKERFILE" == *"from-file"* && ! -f "${KBN_ROR_FILE:-}" ]]; then
+    echo "ERROR: KBN_ROR_FILE [${KBN_ROR_FILE:-}] does not exist"
+    exit 1
+  fi
+  if [[ "$KBN_DOCKERFILE" != *"from-file"* && -z "${ROR_KBN_VERSION:-}" ]]; then
+    echo "ERROR: ROR_KBN_VERSION is required when Kibana binaries come from API"
+    exit 1
+  fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if [[ -s ".env-showcase" ]]; then
echo "Found .env-showcase - running in non-interactive mode ..."
cp .env-showcase .env
source .env-showcase
if [[ "$ES_DOCKERFILE" == *"from-file"* ]]; then
es_ror_info="FILE: $ES_ROR_FILE"
else
es_ror_info="API: ROR ES $ROR_ES_VERSION"
fi
if [[ "$KBN_DOCKERFILE" == *"from-file"* ]]; then
kbn_ror_info="FILE: $KBN_ROR_FILE"
else
kbn_ror_info="API: ROR KBN $ROR_KBN_VERSION"
fi
echo " Elasticsearch $ES_VERSION ($es_ror_info)"
echo " Kibana $KBN_VERSION ($kbn_ror_info)"
exit 0
if [[ -s ".env-showcase" ]]; then
echo "Found .env-showcase - running in non-interactive mode ..."
cp .env-showcase .env
source .env-showcase
for required_var in ES_VERSION KBN_VERSION ES_DOCKERFILE KBN_DOCKERFILE; do
if [[ -z "${!required_var:-}" ]]; then
echo "ERROR: .env-showcase is missing $required_var"
exit 1
fi
done
if [[ "$ES_DOCKERFILE" == *"from-file"* && ! -f "${ES_ROR_FILE:-}" ]]; then
echo "ERROR: ES_ROR_FILE [${ES_ROR_FILE:-}] does not exist"
exit 1
fi
if [[ "$ES_DOCKERFILE" != *"from-file"* && -z "${ROR_ES_VERSION:-}" ]]; then
echo "ERROR: ROR_ES_VERSION is required when ES binaries come from API"
exit 1
fi
if [[ "$KBN_DOCKERFILE" == *"from-file"* && ! -f "${KBN_ROR_FILE:-}" ]]; then
echo "ERROR: KBN_ROR_FILE [${KBN_ROR_FILE:-}] does not exist"
exit 1
fi
if [[ "$KBN_DOCKERFILE" != *"from-file"* && -z "${ROR_KBN_VERSION:-}" ]]; then
echo "ERROR: ROR_KBN_VERSION is required when Kibana binaries come from API"
exit 1
fi
if [[ "$ES_DOCKERFILE" == *"from-file"* ]]; then
es_ror_info="FILE: $ES_ROR_FILE"
else
es_ror_info="API: ROR ES $ROR_ES_VERSION"
fi
if [[ "$KBN_DOCKERFILE" == *"from-file"* ]]; then
kbn_ror_info="FILE: $KBN_ROR_FILE"
else
kbn_ror_info="API: ROR KBN $ROR_KBN_VERSION"
fi
echo " Elasticsearch $ES_VERSION ($es_ror_info)"
echo " Kibana $KBN_VERSION ($kbn_ror_info)"
exit 0
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@utils/collect-info-about-ror-es-kbn.sh` around lines 5 - 26, The early-return
branch that handles a preseeded ".env-showcase" (the block that copies and
sources .env-showcase and then echoes ES/KBN info) must validate required
variables and referenced files before exiting: check that when ES_DOCKERFILE
contains "from-file" the ES_ROR_FILE variable is non-empty and the referenced
file exists, and similarly ensure KBN_ROR_FILE exists when KBN_DOCKERFILE
contains "from-file"; also verify required variables like ES_VERSION,
KBN_VERSION, ROR_ES_VERSION and ROR_KBN_VERSION are set (non-empty) when used.
If any check fails, print a clear error via echo (or stderr) and exit with
non-zero status instead of returning success. Apply these validations in the
same branch that currently sets es_ror_info/kbn_ror_info so the script fails
fast on typos/missing artifacts.

fi

if ! command -v jq > /dev/null; then
$(dirname "$0")/collect-info-about-ror-es-kbn-without-hints.sh
else
Expand Down
2 changes: 1 addition & 1 deletion xpack-docker-demo-cluster/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ services:
ports:
- "29200:9200"
- "29300:9300"
- "5005:5005"
- "5015:5005"
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Update debugger documentation to match the new host port (5015).

This change is valid technically, but readme.md (Line 40-60) still instructs using port 5005 for remote debugging. That creates a silent debugger connection failure for users following docs. Please update the README port reference to 5015 (or document both if intentional).

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@xpack-docker-demo-cluster/docker-compose.yml` at line 12, The README's
debugger instructions still reference port 5005 while docker-compose.yml exposes
the debugger on host port 5015; update the README (readme.md) to use 5015
wherever remote debugging port 5005 is mentioned, or explicitly document both
ports (5005 container port and 5015 host-mapped port) to avoid confusion; ensure
the command examples and any IDE/run-config snippets reflect the 5015 host port
so users can successfully connect to the debugger.

environment:
- cluster.name=xpack-es-cluster
- node.name=es-xpack-single
Expand Down