monitor service and kf subscription WIP

2025-08-22 01:09:18 -04:00 · 2025-08-22 01:09:18 -04:00 · ab9ffa25bc
commit ab9ffa25bc
parent 147253716c
5 changed files with 636 additions and 3 deletions
--- a/securityconfig/roles.yml
+++ b/securityconfig/roles.yml
@ -7,6 +7,13 @@ openrag_user_role:
  cluster_permissions:
    - "indices:data/write/bulk"
    - "indices:data/write/index"
    - "cluster:admin/opensearch/notifications/configs/create"
    - "cluster:admin/opensearch/notifications/configs/list"
    - "cluster:admin/opensearch/notifications/configs/get"
    - "cluster:admin/opensearch/notifications/configs/update"
    - "cluster:admin/opensearch/notifications/configs/delete"
    - "cluster:admin/opensearch/alerting/*"
  index_permissions:
    - index_patterns: ["documents", "documents*", "knowledge_filters", "knowledge_filters*"]
      allowed_actions:
@ -17,4 +24,5 @@ openrag_user_role:
          {"term":{"owner":"${user.name}"}},
          {"term":{"allowed_users":"${user.name}"}},
          {"bool":{"must_not":{"exists":{"field":"owner"}}}}
-        ],"minimum_should_match":1}}
+        ],"minimum_should_match":1}}
--- a/src/api/knowledge_filter.py
+++ b/src/api/knowledge_filter.py
@ -1,6 +1,7 @@
 from starlette.requests import Request
 from starlette.responses import JSONResponse
 import uuid
 import json
 from datetime import datetime
 async def create_knowledge_filter(request: Request, knowledge_filter_service, session_manager):
@ -160,4 +161,184 @@ async def delete_knowledge_filter(request: Request, knowledge_filter_service, se
        elif "access denied" in error_msg.lower() or "insufficient permissions" in error_msg.lower():
            return JSONResponse(result, status_code=403)
        else:
-            return JSONResponse(result, status_code=500)
+            return JSONResponse(result, status_code=500)
 async def subscribe_to_knowledge_filter(request: Request, knowledge_filter_service, monitor_service, session_manager):
    """Create a subscription to a knowledge filter"""
    filter_id = request.path_params.get("filter_id")
    if not filter_id:
        return JSONResponse({"error": "Knowledge filter ID is required"}, status_code=400)
    payload = await request.json()
    user = request.state.user
    jwt_token = request.cookies.get("auth_token")
    # Get the knowledge filter to validate it exists and get its details
    filter_result = await knowledge_filter_service.get_knowledge_filter(filter_id, user_id=user.user_id, jwt_token=jwt_token)
    if not filter_result.get("success"):
        return JSONResponse({"error": "Knowledge filter not found or access denied"}, status_code=404)
    filter_doc = filter_result["filter"]
    # Create the monitor for this subscription
    monitor_result = await monitor_service.create_knowledge_filter_monitor(
        filter_id=filter_id,
        filter_name=filter_doc["name"],
        query_data=filter_doc["query_data"],
        user_id=user.user_id,
        jwt_token=jwt_token,
        notification_config=payload.get("notification_config")
    )
    if not monitor_result.get("success"):
        return JSONResponse(monitor_result, status_code=500)
    # Store subscription info in the knowledge filter document
    subscription_data = {
        "subscription_id": monitor_result["subscription_id"],
        "monitor_id": monitor_result["monitor_id"],
        "webhook_url": monitor_result["webhook_url"],
        "created_at": datetime.utcnow().isoformat(),
        "notification_config": payload.get("notification_config", {})
    }
    # Add subscription to the filter document
    update_result = await knowledge_filter_service.add_subscription(
        filter_id, subscription_data, user_id=user.user_id, jwt_token=jwt_token
    )
    if update_result.get("success"):
        return JSONResponse({
            "success": True,
            "subscription_id": monitor_result["subscription_id"],
            "monitor_id": monitor_result["monitor_id"],
            "webhook_url": monitor_result["webhook_url"],
            "message": f"Successfully subscribed to knowledge filter: {filter_doc['name']}"
        }, status_code=201)
    else:
        # If we can't update the filter doc, clean up the monitor
        await monitor_service.delete_monitor(monitor_result["monitor_id"], user.user_id, jwt_token)
        return JSONResponse({"error": "Failed to create subscription"}, status_code=500)
 async def list_knowledge_filter_subscriptions(request: Request, knowledge_filter_service, session_manager):
    """List subscriptions for a knowledge filter"""
    filter_id = request.path_params.get("filter_id")
    if not filter_id:
        return JSONResponse({"error": "Knowledge filter ID is required"}, status_code=400)
    user = request.state.user
    jwt_token = request.cookies.get("auth_token")
    result = await knowledge_filter_service.get_filter_subscriptions(filter_id, user_id=user.user_id, jwt_token=jwt_token)
    if result.get("success"):
        return JSONResponse(result, status_code=200)
    else:
        error_msg = result.get("error", "")
        if "not found" in error_msg.lower():
            return JSONResponse(result, status_code=404)
        elif "access denied" in error_msg.lower():
            return JSONResponse(result, status_code=403)
        else:
            return JSONResponse(result, status_code=500)
 async def cancel_knowledge_filter_subscription(request: Request, knowledge_filter_service, monitor_service, session_manager):
    """Cancel a subscription to a knowledge filter"""
    filter_id = request.path_params.get("filter_id")
    subscription_id = request.path_params.get("subscription_id")
    if not filter_id or not subscription_id:
        return JSONResponse({"error": "Knowledge filter ID and subscription ID are required"}, status_code=400)
    user = request.state.user
    jwt_token = request.cookies.get("auth_token")
    # Get subscription details to find the monitor ID
    subscriptions_result = await knowledge_filter_service.get_filter_subscriptions(filter_id, user_id=user.user_id, jwt_token=jwt_token)
    if not subscriptions_result.get("success"):
        return JSONResponse({"error": "Knowledge filter not found or access denied"}, status_code=404)
    # Find the specific subscription
    subscription = None
    for sub in subscriptions_result.get("subscriptions", []):
        if sub.get("subscription_id") == subscription_id:
            subscription = sub
            break
    if not subscription:
        return JSONResponse({"error": "Subscription not found"}, status_code=404)
    # Delete the monitor
    monitor_result = await monitor_service.delete_monitor(
        subscription["monitor_id"], user.user_id, jwt_token
    )
    # Remove subscription from the filter document
    remove_result = await knowledge_filter_service.remove_subscription(
        filter_id, subscription_id, user_id=user.user_id, jwt_token=jwt_token
    )
    if remove_result.get("success"):
        return JSONResponse({
            "success": True,
            "message": "Subscription cancelled successfully"
        }, status_code=200)
    else:
        return JSONResponse({"error": "Failed to cancel subscription"}, status_code=500)
 async def knowledge_filter_webhook(request: Request, knowledge_filter_service, session_manager):
    """Handle webhook notifications from OpenSearch monitors"""
    filter_id = request.path_params.get("filter_id")
    subscription_id = request.path_params.get("subscription_id")
    if not filter_id or not subscription_id:
        return JSONResponse({"error": "Invalid webhook URL"}, status_code=400)
    try:
        # Get the webhook payload
        payload = await request.json()
        print(f"[WEBHOOK] Knowledge filter webhook received for filter {filter_id}, subscription {subscription_id}")
        print(f"[WEBHOOK] Payload: {json.dumps(payload, indent=2)}")
        # Extract findings from the payload
        findings = payload.get("findings", [])
        if not findings:
            print(f"[WEBHOOK] No findings in webhook payload for subscription {subscription_id}")
            return JSONResponse({"status": "no_findings"})
        # Process the findings - these are the documents that matched the knowledge filter
        matched_documents = []
        for finding in findings:
            # Extract document information from the finding
            matched_documents.append({
                "document_id": finding.get("_id"),
                "index": finding.get("_index"),
                "source": finding.get("_source", {}),
                "score": finding.get("_score")
            })
        # Log the matched documents
        print(f"[WEBHOOK] Knowledge filter {filter_id} matched {len(matched_documents)} documents")
        for doc in matched_documents:
            print(f"[WEBHOOK] Matched document: {doc['document_id']} from index {doc['index']}")
        # Here you could add additional processing:
        # - Send notifications to external webhooks
        # - Email notifications
        # - Store alerts in a database
        # - Trigger other workflows
        return JSONResponse({
            "status": "processed",
            "filter_id": filter_id,
            "subscription_id": subscription_id,
            "matched_documents": len(matched_documents),
            "timestamp": datetime.utcnow().isoformat()
        })
    except Exception as e:
        print(f"[ERROR] Failed to process knowledge filter webhook: {str(e)}")
        import traceback
        traceback.print_exc()
        return JSONResponse({"error": f"Webhook processing failed: {str(e)}"}, status_code=500)
--- a/src/main.py
+++ b/src/main.py
@ -26,6 +26,7 @@ from services.task_service import TaskService
 from services.auth_service import AuthService
 from services.chat_service import ChatService
 from services.knowledge_filter_service import KnowledgeFilterService
 from services.monitor_service import MonitorService
 # Existing services
 from connectors.service import ConnectorService
@ -55,6 +56,27 @@ async def wait_for_opensearch():
            else:
                raise Exception("OpenSearch failed to become ready")
 async def configure_alerting_security():
    """Configure OpenSearch alerting plugin security settings"""
    try:
        # For testing, disable backend role filtering to allow all authenticated users
        # In production, you'd want to configure proper roles instead
        alerting_settings = {
            "persistent": {
                "plugins.alerting.filter_by_backend_roles": "false",
                "opendistro.alerting.filter_by_backend_roles": "false", 
                "opensearch.notifications.general.filter_by_backend_roles": "false"
            }
        }
        # Use admin client (clients.opensearch uses admin credentials)
        response = await clients.opensearch.cluster.put_settings(body=alerting_settings)
        print("Alerting security settings configured successfully")
        print(f"Response: {response}")
    except Exception as e:
        print(f"Warning: Failed to configure alerting security settings: {e}")
        # Don't fail startup if alerting config fails
 async def init_index():
    """Initialize OpenSearch index and security roles"""
    await wait_for_opensearch()
@ -78,6 +100,7 @@ async def init_index():
                "owner": {"type": "keyword"},
                "allowed_users": {"type": "keyword"},
                "allowed_groups": {"type": "keyword"},
                "subscriptions": {"type": "object"},  # Store subscription data
                "created_at": {"type": "date"},
                "updated_at": {"type": "date"}
            }
@ -89,6 +112,9 @@ async def init_index():
        print(f"Created index '{knowledge_filter_index_name}'")
    else:
        print(f"Index '{knowledge_filter_index_name}' already exists, skipping creation.")
    # Configure alerting plugin security settings
    await configure_alerting_security()
 def generate_jwt_keys():
    """Generate RSA keys for JWT signing if they don't exist"""
@ -146,6 +172,7 @@ def initialize_services():
    task_service = TaskService(document_service, process_pool)
    chat_service = ChatService()
    knowledge_filter_service = KnowledgeFilterService(session_manager)
    monitor_service = MonitorService(session_manager)
    # Set process pool for document service
    document_service.process_pool = process_pool
@ -171,6 +198,7 @@ def initialize_services():
        'auth_service': auth_service,
        'connector_service': connector_service,
        'knowledge_filter_service': knowledge_filter_service,
        'monitor_service': monitor_service,
        'session_manager': session_manager
    }
@ -281,6 +309,37 @@ def create_app():
                         session_manager=services['session_manager'])
              ), methods=["DELETE"]),
        # Knowledge Filter Subscription endpoints
        Route("/knowledge-filter/{filter_id}/subscribe", 
              require_auth(services['session_manager'])(
                  partial(knowledge_filter.subscribe_to_knowledge_filter,
                         knowledge_filter_service=services['knowledge_filter_service'],
                         monitor_service=services['monitor_service'],
                         session_manager=services['session_manager'])
              ), methods=["POST"]),
        Route("/knowledge-filter/{filter_id}/subscriptions", 
              require_auth(services['session_manager'])(
                  partial(knowledge_filter.list_knowledge_filter_subscriptions,
                         knowledge_filter_service=services['knowledge_filter_service'],
                         session_manager=services['session_manager'])
              ), methods=["GET"]),
        Route("/knowledge-filter/{filter_id}/subscribe/{subscription_id}", 
              require_auth(services['session_manager'])(
                  partial(knowledge_filter.cancel_knowledge_filter_subscription,
                         knowledge_filter_service=services['knowledge_filter_service'],
                         monitor_service=services['monitor_service'],
                         session_manager=services['session_manager'])
              ), methods=["DELETE"]),
        # Knowledge Filter Webhook endpoint (no auth required - called by OpenSearch)
        Route("/knowledge-filter/{filter_id}/webhook/{subscription_id}", 
              partial(knowledge_filter.knowledge_filter_webhook,
                     knowledge_filter_service=services['knowledge_filter_service'],
                     session_manager=services['session_manager']), 
              methods=["POST"]),
        # Chat endpoints
        Route("/chat", 
              require_auth(services['session_manager'])(
--- a/src/services/knowledge_filter_service.py
+++ b/src/services/knowledge_filter_service.py
@ -134,4 +134,104 @@ class KnowledgeFilterService:
            elif "AuthenticationException" in error_str:
                return {"success": False, "error": "Access denied: insufficient permissions"}
            else:
-                return {"success": False, "error": f"Delete operation failed: {error_str}"}
+                return {"success": False, "error": f"Delete operation failed: {error_str}"}
    async def add_subscription(self, filter_id: str, subscription_data: Dict[str, Any], user_id: str = None, jwt_token: str = None) -> Dict[str, Any]:
        """Add a subscription to a knowledge filter"""
        try:
            opensearch_client = self.session_manager.get_user_opensearch_client(user_id, jwt_token)
            # Get the current filter document
            filter_result = await self.get_knowledge_filter(filter_id, user_id, jwt_token)
            if not filter_result.get("success"):
                return filter_result
            filter_doc = filter_result["filter"]
            # Add subscription to the subscriptions array
            subscriptions = filter_doc.get("subscriptions", [])
            subscriptions.append(subscription_data)
            # Update the filter document
            update_body = {
                "doc": {
                    "subscriptions": subscriptions,
                    "updated_at": subscription_data["created_at"]  # Use the same timestamp
                }
            }
            result = await opensearch_client.update(
                index=KNOWLEDGE_FILTERS_INDEX_NAME,
                id=filter_id,
                body=update_body
            )
            if result.get("result") in ["updated", "noop"]:
                return {"success": True, "subscription": subscription_data}
            else:
                return {"success": False, "error": "Failed to add subscription"}
        except Exception as e:
            return {"success": False, "error": str(e)}
    async def remove_subscription(self, filter_id: str, subscription_id: str, user_id: str = None, jwt_token: str = None) -> Dict[str, Any]:
        """Remove a subscription from a knowledge filter"""
        try:
            opensearch_client = self.session_manager.get_user_opensearch_client(user_id, jwt_token)
            # Get the current filter document
            filter_result = await self.get_knowledge_filter(filter_id, user_id, jwt_token)
            if not filter_result.get("success"):
                return filter_result
            filter_doc = filter_result["filter"]
            # Remove subscription from the subscriptions array
            subscriptions = filter_doc.get("subscriptions", [])
            updated_subscriptions = [sub for sub in subscriptions if sub.get("subscription_id") != subscription_id]
            if len(updated_subscriptions) == len(subscriptions):
                return {"success": False, "error": "Subscription not found"}
            # Update the filter document
            from datetime import datetime
            update_body = {
                "doc": {
                    "subscriptions": updated_subscriptions,
                    "updated_at": datetime.utcnow().isoformat()
                }
            }
            result = await opensearch_client.update(
                index=KNOWLEDGE_FILTERS_INDEX_NAME,
                id=filter_id,
                body=update_body
            )
            if result.get("result") in ["updated", "noop"]:
                return {"success": True, "message": "Subscription removed successfully"}
            else:
                return {"success": False, "error": "Failed to remove subscription"}
        except Exception as e:
            return {"success": False, "error": str(e)}
    async def get_filter_subscriptions(self, filter_id: str, user_id: str = None, jwt_token: str = None) -> Dict[str, Any]:
        """Get all subscriptions for a knowledge filter"""
        try:
            filter_result = await self.get_knowledge_filter(filter_id, user_id, jwt_token)
            if not filter_result.get("success"):
                return filter_result
            filter_doc = filter_result["filter"]
            subscriptions = filter_doc.get("subscriptions", [])
            return {
                "success": True,
                "filter_id": filter_id,
                "filter_name": filter_doc.get("name"),
                "subscriptions": subscriptions
            }
        except Exception as e:
            return {"success": False, "error": str(e), "subscriptions": []}
--- a/src/services/monitor_service.py
+++ b/src/services/monitor_service.py
@ -0,0 +1,285 @@
 import uuid
 import json
 from typing import Any, Dict, Optional, List
 from datetime import datetime
 from config.settings import clients
 class MonitorService:
    def __init__(self, session_manager=None, webhook_base_url: str = None):
        self.session_manager = session_manager
        self.webhook_base_url = webhook_base_url or "http://openrag-backend:8000"
    async def create_knowledge_filter_monitor(
        self, 
        filter_id: str, 
        filter_name: str,
        query_data: Dict[str, Any], 
        user_id: str, 
        jwt_token: str,
        notification_config: Dict[str, Any] = None
    ) -> Dict[str, Any]:
        """Create a document-level monitor for a knowledge filter"""
        try:
            opensearch_client = self.session_manager.get_user_opensearch_client(user_id, jwt_token)
            subscription_id = str(uuid.uuid4())
            webhook_url = f"{self.webhook_base_url}/knowledge-filter/{filter_id}/webhook/{subscription_id}"
            # Convert knowledge filter query to monitor query format
            monitor_query = self._convert_kf_query_to_monitor_query(query_data)
            # TODO: OpenSearch 3.0 has a bug with document-level monitors on indexes with KNN fields
            # Error: "Cannot invoke KNNMethodConfigContext.getVectorDataType() because knnMethodConfigContext is null"
            # Consider using query-level monitors instead or excluding KNN fields from doc-level monitors
            # For now, this will fail on the 'documents' index due to chunk_embedding KNN field
            # Create the document-level monitor
            monitor_body = {
                "type": "monitor", 
                "monitor_type": "doc_level_monitor",
                "name": f"KF Monitor: {filter_name}",
                "enabled": True,
                "schedule": {
                    "period": {
                        "interval": 1,
                        "unit": "MINUTES"
                    }
                },
                "inputs": [
                    {
                        "doc_level_input": {
                            "description": f"Monitor for knowledge filter: {filter_name}",
                            "indices": ["documents"],
                            "queries": [
                                {
                                    "id": f"kf_query_{filter_id}",
                                    "name": f"Knowledge Filter Query: {filter_name}",
                                    "query": monitor_query,
                                    "tags": [f"knowledge_filter:{filter_id}", f"user:{user_id}"]
                                }
                            ]
                        }
                    }
                ],
                "triggers": [
                    {
                        "document_level_trigger": {
                            "name": f"KF Trigger: {filter_name}",
                            "severity": "1",
                            "condition": {
                                "script": {
                                    "source": "return true",
                                    "lang": "painless"
                                }
                            },
                            "actions": [
                                {
                                    "name": f"KF Webhook Action: {filter_name}",
                                    "destination_id": await self._get_or_create_webhook_destination(
                                        webhook_url, opensearch_client
                                    ),
                                    "subject_template": {
                                        "source": f"Knowledge Filter Alert: {filter_name}",
                                        "lang": "mustache"
                                    },
                                    "message_template": {
                                        "source": json.dumps({
                                            "filter_id": filter_id,
                                            "filter_name": filter_name,
                                            "subscription_id": subscription_id,
                                            "user_id": user_id,
                                            "timestamp": "{{ctx.trigger.timestamp}}",
                                            "findings": "{{ctx.results.0.hits.hits}}"
                                        }),
                                        "lang": "mustache"
                                    }
                                }
                            ]
                        }
                    }
                ]
            }
            # Create the monitor
            response = await opensearch_client.transport.perform_request(
                "POST", 
                "/_plugins/_alerting/monitors",
                body=monitor_body
            )
            if response.get("_id"):
                return {
                    "success": True,
                    "monitor_id": response["_id"],
                    "subscription_id": subscription_id,
                    "webhook_url": webhook_url,
                    "message": f"Monitor created successfully for knowledge filter: {filter_name}"
                }
            else:
                return {"success": False, "error": "Failed to create monitor"}
        except Exception as e:
            return {"success": False, "error": f"Monitor creation failed: {str(e)}"}
    async def delete_monitor(self, monitor_id: str, user_id: str, jwt_token: str) -> Dict[str, Any]:
        """Delete a document-level monitor"""
        try:
            opensearch_client = self.session_manager.get_user_opensearch_client(user_id, jwt_token)
            response = await opensearch_client.transport.perform_request(
                "DELETE", 
                f"/_plugins/_alerting/monitors/{monitor_id}"
            )
            if response.get("result") == "deleted":
                return {"success": True, "message": "Monitor deleted successfully"}
            else:
                return {"success": False, "error": "Failed to delete monitor"}
        except Exception as e:
            return {"success": False, "error": f"Monitor deletion failed: {str(e)}"}
    async def get_monitor(self, monitor_id: str, user_id: str, jwt_token: str) -> Dict[str, Any]:
        """Get monitor details"""
        try:
            opensearch_client = self.session_manager.get_user_opensearch_client(user_id, jwt_token)
            response = await opensearch_client.transport.perform_request(
                "GET", 
                f"/_plugins/_alerting/monitors/{monitor_id}"
            )
            if response.get("_id"):
                return {"success": True, "monitor": response}
            else:
                return {"success": False, "error": "Monitor not found"}
        except Exception as e:
            return {"success": False, "error": f"Failed to get monitor: {str(e)}"}
    async def list_user_monitors(self, user_id: str, jwt_token: str, limit: int = 50) -> List[Dict[str, Any]]:
        """List all monitors for a specific user"""
        try:
            opensearch_client = self.session_manager.get_user_opensearch_client(user_id, jwt_token)
            # Search for all monitors (DLS will filter to user's monitors automatically)
            search_body = {
                "query": {
                    "bool": {
                        "must": [
                            {"term": {"monitor.type": "doc_level_monitor"}}
                        ]
                    }
                },
                "sort": [{"monitor.last_update_time": {"order": "desc"}}],
                "size": limit
            }
            response = await opensearch_client.search(
                index=".opendistro-alerting-config",
                body=search_body
            )
            monitors = []
            for hit in response.get("hits", {}).get("hits", []):
                monitor_data = hit["_source"]
                monitor_data["monitor_id"] = hit["_id"]
                monitors.append(monitor_data)
            return monitors
        except Exception as e:
            print(f"Error listing monitors for user {user_id}: {e}")
            return []
    async def list_monitors_for_filter(self, filter_id: str, user_id: str, jwt_token: str) -> List[Dict[str, Any]]:
        """List all monitors for a specific knowledge filter"""
        try:
            opensearch_client = self.session_manager.get_user_opensearch_client(user_id, jwt_token)
            # Search for monitors with the knowledge filter tag
            search_body = {
                "query": {
                    "bool": {
                        "must": [
                            {"term": {"monitor.type": "doc_level_monitor"}},
                            {"term": {"monitor.inputs.doc_level_input.queries.tags": f"knowledge_filter:{filter_id}"}}
                        ]
                    }
                }
            }
            response = await opensearch_client.search(
                index=".opendistro-alerting-config",
                body=search_body
            )
            monitors = []
            for hit in response.get("hits", {}).get("hits", []):
                monitor_data = hit["_source"]
                monitor_data["monitor_id"] = hit["_id"]
                monitors.append(monitor_data)
            return monitors
        except Exception as e:
            print(f"Error listing monitors for filter {filter_id}: {e}")
            return []
    async def _get_or_create_webhook_destination(self, webhook_url: str, opensearch_client) -> str:
        """Get or create a webhook destination for notifications"""
        try:            
            # Try to find existing webhook destination
            search_response = await opensearch_client.transport.perform_request(
                "GET",
                "/_plugins/_notifications/configs",
                params={"config_type": "webhook"}
            )
            # Check if we already have a destination for this webhook URL
            for config in search_response.get("config_list", []):
                if config.get("config", {}).get("webhook", {}).get("url") == webhook_url:
                    return config["config_id"]
            # Create new webhook destination
            destination_body = {
                "config": {
                    "name": f"KF Webhook {str(uuid.uuid4())[:8]}",
                    "description": "Knowledge Filter webhook notification",
                    "config_type": "webhook",
                    "is_enabled": True,
                    "webhook": {
                        "url": webhook_url,
                        "method": "POST",
                        "header_params": {
                            "Content-Type": "application/json"
                        }
                    }
                }
            }
            response = await opensearch_client.transport.perform_request(
                "POST",
                "/_plugins/_notifications/configs",
                body=destination_body
            )
            return response.get("config_id")
        except Exception as e:
            raise Exception(f"Failed to create webhook destination: {str(e)}")
    def _convert_kf_query_to_monitor_query(self, query_data: Dict[str, Any]) -> Dict[str, Any]:
        """Convert knowledge filter query format to OpenSearch monitor query format"""
        # This assumes the query_data contains an OpenSearch query structure
        # You may need to adjust this based on your actual knowledge filter query format
        if isinstance(query_data, dict) and "query" in query_data:
            # If it's already in OpenSearch query format, use it directly
            return query_data["query"]
        elif isinstance(query_data, dict):
            # If it's a direct query object, use it as-is
            return query_data
        else:
            # Fallback to match_all if format is unexpected
            return {"match_all": {}}