Error output cleanup

eric-forte-elastic · eric-forte-elastic · commit 4a41c68c0077 · 2025-10-14T15:19:40.000-04:00
diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py
@@ -40,7 +40,9 @@
 from .docs import REPO_DOCS_DIR, IntegrationSecurityDocs, IntegrationSecurityDocsMDX
 from .ecs import download_endpoint_schemas, download_schemas
 from .endgame import EndgameSchemaManager
-from .esql_errors import EsqlKibanaBaseError, EsqlSchemaError, EsqlSyntaxError, EsqlTypeMismatchError
+from .esql_errors import (
+    ESQL_EXCEPTION_TYPES,
+)
 from .eswrap import CollectEvents, add_range_to_dsl
 from .ghwrap import GithubClient, update_gist
 from .integrations import (
@@ -1446,16 +1448,13 @@ def esql_remote_validation(
                     validator = ESQLValidator(r.contents.data.query)  # type: ignore[reportIncompatibleMethodOverride]
                     _ = validator.remote_validate_rule_contents(kibana_client, elastic_client, r.contents, verbosity)
                     break
-                except (
-                    ValueError,
-                    BadRequestError,
-                    EsqlSchemaError,
-                    EsqlSyntaxError,
-                    EsqlTypeMismatchError,
-                    EsqlKibanaBaseError,
-                ) as e:
-                    click.echo(f"FAILURE: {e}")
-                    fail_list.append(f"{r.contents.data.rule_id}  FAILURE: {type(e)}: {e}")
+                except (ValueError, BadRequestError, *ESQL_EXCEPTION_TYPES) as e:  # type: ignore[reportUnknownMemberType]
+                    e_type = type(e)  # type: ignore[reportUnknownMemberType]
+                    if e_type in ESQL_EXCEPTION_TYPES:
+                        _ = e.show()  # type: ignore[reportUnknownMemberType]
+                    else:
+                        click.echo(f"FAILURE: {e_type}: {e}")  # type: ignore[reportUnknownMemberType]
+                    fail_list.append(f"{r.contents.data.rule_id}  FAILURE: {e_type}: {e}")  # type: ignore[reportUnknownMemberType]
                     failed_count += 1
                     break
                 except ESConnectionError as e:
diff --git a/detection_rules/esql_errors.py b/detection_rules/esql_errors.py
@@ -5,9 +5,11 @@
 
 """ESQL exceptions."""
 
+from collections.abc import Sequence
+
 from elasticsearch import Elasticsearch  # type: ignore[reportMissingTypeStubs]
 
-from .misc import getdefault
+from .misc import ClientError, getdefault
 
 __all__ = (
     "EsqlKibanaBaseError",
@@ -21,7 +23,7 @@
 
 
 def cleanup_empty_indices(
-    elastic_client: Elasticsearch, index_patterns: tuple[str, ...] = ("rule-test-*", "test-*")
+    elastic_client: Elasticsearch, index_patterns: Sequence[str] = ("rule-test-*", "test-*")
 ) -> None:
     """Delete empty indices matching the given patterns."""
     if getdefault("skip_empty_index_cleanup")():
@@ -33,12 +35,16 @@ def cleanup_empty_indices(
             _ = elastic_client.indices.delete(index=empty_index)
 
 
-class EsqlKibanaBaseError(Exception):
+class EsqlKibanaBaseError(ClientError):
     """Base class for ESQL exceptions with cleanup logic."""
 
-    def __init__(self, message: str, elastic_client: Elasticsearch) -> None:
+    def __init__(
+        self,
+        message: str,
+        elastic_client: Elasticsearch,
+    ) -> None:
         cleanup_empty_indices(elastic_client)
-        super().__init__(message)
+        super().__init__(message, original_error=self)
 
 
 class EsqlSchemaError(EsqlKibanaBaseError):
@@ -53,24 +59,39 @@ class EsqlSyntaxError(EsqlKibanaBaseError):
     """Error with ESQL syntax."""
 
 
-class EsqlTypeMismatchError(Exception):
+class EsqlTypeMismatchError(ClientError):
     """Error when validating types in ESQL. Can occur in stack or local schema comparison."""
 
-    def __init__(self, message: str, elastic_client: Elasticsearch | None = None) -> None:
+    def __init__(
+        self,
+        message: str,
+        elastic_client: Elasticsearch | None = None,
+    ) -> None:
         if elastic_client:
             cleanup_empty_indices(elastic_client)
-        super().__init__(message)
+        super().__init__(message, original_error=self)
 
 
-class EsqlSemanticError(Exception):
+class EsqlSemanticError(ClientError):
     """Error with ESQL semantics. Validated through regex enforcement."""
 
     def __init__(self, message: str) -> None:
-        super().__init__(message)
+        super().__init__(message, original_error=self)
 
 
-class EsqlUnknownIndexError(Exception):
+class EsqlUnknownIndexError(ClientError):
     """Error with ESQL Indices. Validated through regex enforcement."""
 
     def __init__(self, message: str) -> None:
-        super().__init__(message)
+        super().__init__(message, original_error=self)
+
+
+ESQL_EXCEPTION_TYPES = (
+    EsqlSchemaError,
+    EsqlSyntaxError,
+    EsqlUnsupportedTypeError,
+    EsqlTypeMismatchError,
+    EsqlKibanaBaseError,
+    EsqlSemanticError,
+    EsqlUnknownIndexError,
+)
diff --git a/detection_rules/index_mappings.py b/detection_rules/index_mappings.py
@@ -347,14 +347,14 @@ def execute_query_against_indices(
     except BadRequestError as e:
         error_msg = str(e)
         if "parsing_exception" in error_msg:
-            raise EsqlSyntaxError(str(e), elastic_client) from e
+            raise EsqlSyntaxError(str(e), elastic_client) from None
         if "Unknown column" in error_msg:
-            raise EsqlSchemaError(str(e), elastic_client) from e
+            raise EsqlSchemaError(str(e), elastic_client) from None
         if "verification_exception" in error_msg and "unsupported type" in error_msg:
-            raise EsqlUnsupportedTypeError(str(e), elastic_client) from e
+            raise EsqlUnsupportedTypeError(str(e), elastic_client) from None
         if "verification_exception" in error_msg:
-            raise EsqlTypeMismatchError(str(e), elastic_client) from e
-        raise EsqlKibanaBaseError(str(e), elastic_client) from e
+            raise EsqlTypeMismatchError(str(e), elastic_client) from None
+        raise EsqlKibanaBaseError(str(e), elastic_client) from None
     if delete_indices or not misc.getdefault("skip_empty_index_cleanup")():
         for index_str in test_index_str.split(","):
             response = elastic_client.indices.delete(index=index_str.strip())
diff --git a/detection_rules/misc.py b/detection_rules/misc.py
@@ -48,7 +48,10 @@ def __init__(self, message: str, original_error: Exception | None = None) -> Non
 
     def show(self, file: IO[Any] | None = None, err: bool = True) -> None:
         """Print the error to the console."""
-        msg = f"{click.style(f'CLI Error ({self.original_error_type})', fg='red', bold=True)}: {self.format_message()}"
+        header = f"CLI Error ({self.original_error_type})"
+        if "Esql" in str(self.original_error_type):
+            header = f"{self.original_error_type}"
+        msg = f"{click.style(header, fg='red', bold=True)}: {self.format_message()}"
         click.echo(msg, err=err, file=file)
 
 
