[Workload Management] Add rule schema for workload management

[ruai0511]

Description

This PR introduces the schema for Rule object used in the workload management feature. A single rule will only have one feature but could have multiple attributes.
For the example below, the feature is query_group, and corresponds to the tag dev_query_group_id

{
    "_id": "fwhbuib397u4o03=="
    "attribute_1": ["logs123"],
    "attribute_2": ["xxxx", "yyyy],
    "query_group": "dev_query_group_id",
    "updated_at": "01-10-2025T21:23:456Z"
}

Related issues:
RFC: #16797
#16813

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

[github-actions]

✅ Gradle check result for f6a4a28: SUCCESS

[codecov]

Codecov Report

Attention: Patch coverage is 82.55034% with 26 lines in your changes missing coverage. Please review.

Project coverage is 72.42%. Comparing base (5b2692f) to head (e152d95).

Files with missing lines	Patch %	Lines
...src/main/java/org/opensearch/autotagging/Rule.java	82.55%	10 Missing and 16 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##               main   #17238    +/-   ##
==========================================
  Coverage     72.41%   72.42%            
- Complexity    65531    65577    +46     
==========================================
  Files          5291     5292     +1     
  Lines        304335   304484   +149     
  Branches      44181    44211    +30     
==========================================
+ Hits         220395   220513   +118     
- Misses        65838    65903    +65     
+ Partials      18102    18068    -34     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

❕ Gradle check result for bb8d06c: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[jainankitk]

Should we also have customer friendly - name/description fields for a rule?

[ruai0511]

Yeah i do think we can add a name field for better user readability. Especially when they get all the rules in the system, and only looking at the id and attributes could be overwhelming.

[jainankitk]

This design of using same rules for multiple features becomes really tricky if they have different allowed attribute values. Having more attributes present than the ones that apply to a rule can be very confusing and if we are not allowing that, the possible attributes is the intersection of allowed attributes for all the features.

[jainankitk]

@ruai0511 / @kaushalmahi12 - Can we add some more examples of how these rules will look if we have multiple features and multiple attributes tomorrow? Especially when the allowed attributes for those features are not common

[kaushalmahi12]

A single Rule entity will always map to a single feature. Hence each feature will define their set of allowed attributes.

For example since the slow logs are defined at index level. It doesn't make sense for s.ow log feature to consider index_pattern as attribute. It can define next layer of attributes to provide more specific details about the slow logs,

[ruai0511]

Yeah a single rule will only have one feature but could have multiple attributes.
For example,

{
    "_id": "fwhbuib397u4o03=="
    "attribute_1": ["logs123", "user*"],
    "attribute_2": ["logs123", "user*"],
    "query_group": "dev_query_group_id",
    "updated_at": "01-10-2025T21:23:456Z"
}

Here the feature is query_group, and corresponds to the tag dev_query_group_id

[kaushalmahi12]

We should move this file under a new package e,g; auto_tagging since the construct is meant to be used in generic context but the structure hints a specific use.

[kaushalmahi12]

I think we should rename this enum to Attribute since it is already under Rule class and should be referred to as Rule.Attribute.

[github-actions]

✅ Gradle check result for e152d95: SUCCESS

[kaushalmahi12]

LGTM! apart from the name field I think we should rename it to description

[github-actions]

❌ Gradle check result for aa1f8b7: null

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[jainankitk]

Overall, I feel we should move the enum Feature into enum FeatureType, and introduce Feature class that includes FeatureType, label (essentially nothing but value for feature type), and attributeMap (as allowed attributes are governed by FeatureType). Rule itself being generic in nature should be agnostic of coupling itself with those validations, etc.

[jainankitk]

label is corresponding to the feature right? Does it make sense to include as part of Feature?

[jainankitk]

This should be delegated to Feature class

[jainankitk]

should be delegated to the feature class

[sgup432]

What happens if an external plugin like queryInsights or other want to use this schema and eventually this Attribute class?
Will they add another enum for their usecase? That doesn't seem right. As core should be agnostic of plugin level logic.

Same for Feature class above.

[sgup432]

Passing validationException as a method param doesn't seem a very nice way to me.

Why not do below?

public static Optional<ValidationException> validateRuleInputs() {}

Here you just pass an optional exception in case u encounter any issues. The caller can additionally check if any exceptions are present or not, and accordingly handle it.

Same for below method.

[sgup432]

In addition to this, instead of passing all these params, should we create an internal object which can be passed instead? And same can be used at Rule class level above?

[kaushalmahi12]

I think creating a Validator class with all of the attributes which needs to be validated as member variables will be more suitable.

we can create something like following

static class RuleValidator {
      String description,
        Map<Attribute, Set<String>> attributeMap;
        String label;
        String updatedAt;
        Feature feature;
....

     Optional<ValidationException> validate() {
               validateAttributes();
               validateFeature();
         ....
    }
...
}

[ruai0511]

I put it as a method param to reuse the same ValidationException object and throw all the errors together after all the checks. If we use public static Optional<ValidationException> validateRuleInputs() {} then the internal error-checking functions like validateAttributeMap can't reuse the ValidationException object

[sgup432]

[NIT] Better to create a different file for this IMO. Same for below Attribute

[kaushalmahi12]

Overall, I feel we should move the enum Feature into enum FeatureType, and introduce Feature class that includes FeatureType, label (essentially nothing but value for feature type), and attributeMap (as allowed attributes are governed by FeatureType). Rule itself being generic in nature should be agnostic of coupling itself with those validations, etc.

I might be missing some context here but this seems unnecessary at this point. The feature here is used only by the rule entity.
Why I believe creating a separate class doesn't make sense.

1. Class itself means a blueprint for something to create similar types of things. Here we will still duplicate the FeatureType a lot. attributes are a again a static list of constants for a feature
2. Feature here is a constant and it doesn't necessarily needs to carry the label for itself since label is rule's property.

I agree with @sgup432 comments, Feature and Feature supported attributes are specific to plugin.