fix: Skip instance-level enrichment for elastic. Ensure enrichments are applied conditionally (#4645)

VladimirFilonov · web-flow · commit 4cf963b0666b · 2025-04-29T16:08:13.000+04:00
diff --git a/keep/api/bl/enrichments_bl.py b/keep/api/bl/enrichments_bl.py
@@ -716,6 +716,8 @@ def disposable_enrich_entity(
         alert_id = UUIDType(binary=False).process_bind_param(
             last_alert.alert_id, self.db_session.bind.dialect
         )
+        # For elastic we do not save instance-level enrichments
+        common_kwargs["should_exist"] = False
         self.enrich_entity(fingerprint=alert_id, audit_enabled=False, **common_kwargs)
 
     def enrich_entity(
diff --git a/keep/providers/base/base_provider.py b/keep/providers/base/base_provider.py
@@ -287,19 +287,21 @@ def _enrich(self, enrichments, results, audit_enabled=True):
                 "audit_enabled": audit_enabled,
             }
 
-            # enrich the alert with _enrichments
-            enrichments_bl.enrich_entity(
-                enrichments=_enrichments,
-                action_description=f"Workflow enriched the alert with {enrichment_string}",
-                **common_kwargs,
-            )
+            if _enrichments:
+                # enrich the alert with _enrichments
+                enrichments_bl.enrich_entity(
+                    enrichments=_enrichments,
+                    action_description=f"Workflow enriched the alert with {enrichment_string}",
+                    **common_kwargs,
+                )
 
-            # enrich with disposable enrichments
-            enrichments_bl.disposable_enrich_entity(
-                enrichments=disposable_enrichments,
-                action_description=f"Workflow enriched the alert with {disposable_enrichment_string}",
-                **common_kwargs,
-            )
+            if disposable_enrichments:
+                # enrich with disposable enrichments
+                enrichments_bl.disposable_enrich_entity(
+                    enrichments=disposable_enrichments,
+                    action_description=f"Workflow enriched the alert with {disposable_enrichment_string}",
+                    **common_kwargs,
+                )
 
             should_check_incidents_resolution = (
                 _enrichments.get("status", None) == "resolved"

Original file line number	Diff line number	Diff line change
`@@ -716,6 +716,8 @@ def disposable_enrich_entity(`
`716`	`716`	`alert_id = UUIDType(binary=False).process_bind_param(`
`717`	`717`	`last_alert.alert_id, self.db_session.bind.dialect`
`718`	`718`	`)`
	`719`	`+ # For elastic we do not save instance-level enrichments`
	`720`	`+ common_kwargs["should_exist"] = False`
`719`	`721`	`self.enrich_entity(fingerprint=alert_id, audit_enabled=False, **common_kwargs)`
`720`	`722`
`721`	`723`	`def enrich_entity(`