Skip to content

[aws_bedrock] Ignore non-policy data under ...trace.guardrail #11487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 22, 2024
Merged

[aws_bedrock] Ignore non-policy data under ...trace.guardrail #11487

merged 3 commits into from
Oct 22, 2024

Conversation

@chrisberkhout
Copy link
Contributor

@chrisberkhout chrisberkhout commented Oct 22, 2024
edited
Loading

Proposed commit message

[aws_bedrock] Ignore non-policy data under ...trace.guardrail In existing pipeline tests, input documents only had policy data under `output.outputBodyJson.trace.guardrail.inputAssessment`, but now there is also `invocationMetrics` data. This change modifies the `get_guardrail_details` script to skip entries that don't have policy at the end of their name. It also adds cases to be processed in the `painless_to_rename_fields_under_aws_bedrock_groups` script, so that in the output, the naming of the new invocation metrics object matches the surrounding data. --------- Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>

Discussion

Existing pipeline tests had input documents with values under output.outputBodyJson.trace.guardrail.inputAssessment such as:

{ "l7n9e426howe": { "topicPolicy": { "topics": [ { "name": "Robbing A Bank", "type": "DENY", "action": "BLOCKED" } ] }, "contentPolicy": { "filters": [ { "type": "MISCONDUCT", "confidence": "HIGH", "action": "BLOCKED" } ] } } }

Now this has been observed:

{ "l4n3ea14nowf": { "contentPolicy": { "filters": [ { "type": "PROMPT_ATTACK", "confidence": "HIGH", "filterStrength": "HIGH", "action": "BLOCKED" } ] }, "invocationMetrics": { "guardrailProcessingLatency": 340, "usage": { "topicPolicyUnits": 0, "contentPolicyUnits": 1, "wordPolicyUnits": 0, "sensitiveInformationPolicyUnits": 0, "sensitiveInformationPolicyFreeUnits": 0, "contextualGroundingPolicyUnits": 0 }, "guardrailCoverage": { "textCharacters": { "guarded": 73, "total": 74 } } } } }

I chose to only process objects with keys ending in Policy (_policy after the renaming).

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

The change is covered by a modified pipeline test.

Related issues
@chrisberkhout chrisberkhout requested a review from a team as a code owner October 22, 2024 13:38
@chrisberkhout chrisberkhout self-assigned this Oct 22, 2024
@chrisberkhout chrisberkhout added bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:aws_bedrock Amazon Bedrock labels Oct 22, 2024
@elasticmachine
Copy link

elasticmachine commented Oct 22, 2024

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@chrisberkhout chrisberkhout changed the title [aws_bedrock] Ignore non-policy data under ...guardrail.inputAssessment [aws_bedrock] Ignore non-policy data under ...trace.guardrail Oct 22, 2024
@efd6 efd6 mentioned this pull request Oct 22, 2024
Closed
5 tasks
@chrisberkhout chrisberkhout enabled auto-merge (squash) October 22, 2024 19:59
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 22, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Oct 22, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube
@chrisberkhout chrisberkhout merged commit 1a6fe15 into elastic:main Oct 22, 2024
4 of 5 checks passed
@elasticmachine
Copy link

elasticmachine commented Oct 22, 2024

💚 Build Succeeded

History

cc @chrisberkhout
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 22, 2024

Package aws_bedrock - 0.11.3 containing this change is available at https://epr.elastic.co/search?package=aws_bedrock
@chrisberkhout chrisberkhout mentioned this pull request Oct 23, 2024
Closed
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@chrisberkhout @efd6
[aws_bedrock] Ignore non-policy data under ...trace.guardrail (elasti…
58d7311 
…c#11487) In existing pipeline tests, input documents only had policy data under `output.outputBodyJson.trace.guardrail.inputAssessment`, but now there is also `invocationMetrics` data. This change modifies the `get_guardrail_details` script to skip entries that don't have policy at the end of their name. It also adds cases to be processed in the `painless_to_rename_fields_under_aws_bedrock_groups` script, so that in the output, the naming of the new invocation metrics object matches the surrounding data. --------- Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@chrisberkhout @efd6
[aws_bedrock] Ignore non-policy data under ...trace.guardrail (elasti…
7450315 
…c#11487) In existing pipeline tests, input documents only had policy data under `output.outputBodyJson.trace.guardrail.inputAssessment`, but now there is also `invocationMetrics` data. This change modifies the `get_guardrail_details` script to skip entries that don't have policy at the end of their name. It also adds cases to be processed in the `painless_to_rename_fields_under_aws_bedrock_groups` script, so that in the output, the naming of the new invocation metrics object matches the surrounding data. --------- Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:aws_bedrock Amazon Bedrock Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

3 participants

@chrisberkhout @elasticmachine @efd6