Merge branch 'main' into alerting/allow-manage-rules-with-api-key-auth

elastic · Mar 29, 2023 · 76ec358 · 76ec358
2 parents c2217af + e41cc7a
commit 76ec358
Show file tree

Hide file tree

Showing 55 changed files with 1,295 additions and 145 deletions.
diff --git a/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts b/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts
@@ -22,6 +22,7 @@ import {
   ALERT_RULE_NAME,
   ALERT_RULE_PARAMETERS,
   ALERT_RULE_PRODUCER,
+  ALERT_RULE_REVISION,
   ALERT_RULE_TAGS,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
@@ -112,6 +113,11 @@ export const alertFieldMap = {
     array: false,
     required: true,
   },
+  [ALERT_RULE_REVISION]: {
+    type: 'long',
+    array: false,
+    required: true,
+  },
   [ALERT_RULE_TAGS]: {
     type: 'keyword',
     array: true,

diff --git a/packages/kbn-expandable-flyout/src/types.ts b/packages/kbn-expandable-flyout/src/types.ts
@@ -39,5 +39,5 @@ export interface Panel {
   /**
    * Width used when rendering the panel
    */
-  width: number; // TODO remove this, the width shouldn't be a property of a panel, but handled at the flyout level
+  width: number; // TODO remove this, see https://github.com/elastic/security-team/issues/6247
 }
diff --git a/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts b/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts
@@ -82,6 +82,9 @@ const ALERT_RULE_PARAMETERS = `${ALERT_RULE_NAMESPACE}.parameters` as const;
 // kibana.alert.rule.producer - rule type producer for rule that generated this alert
 const ALERT_RULE_PRODUCER = `${ALERT_RULE_NAMESPACE}.producer` as const;
 
+// kibana.alert.rule.revision - current revision of the rule that generated this alert
+const ALERT_RULE_REVISION = `${ALERT_RULE_NAMESPACE}.revision` as const;
+
 // kibana.alert.rule.tags - rule tags for rule that generated this alert
 const ALERT_RULE_TAGS = `${ALERT_RULE_NAMESPACE}.tags` as const;
 
@@ -113,6 +116,7 @@ const fields = {
   ALERT_RULE_NAME,
   ALERT_RULE_PARAMETERS,
   ALERT_RULE_PRODUCER,
+  ALERT_RULE_REVISION,
   ALERT_RULE_TAGS,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
@@ -148,6 +152,7 @@ export {
   ALERT_RULE_NAME,
   ALERT_RULE_PARAMETERS,
   ALERT_RULE_PRODUCER,
+  ALERT_RULE_REVISION,
   ALERT_RULE_TAGS,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,

diff --git a/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts b/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts
@@ -254,6 +254,9 @@ describe('mappingFromFieldMap', () => {
                     producer: {
                       type: 'keyword',
                     },
+                    revision: {
+                      type: 'long',
+                    },
                     rule_type_id: {
                       type: 'keyword',
                     },

diff --git a/x-pack/plugins/alerting/common/rule.ts b/x-pack/plugins/alerting/common/rule.ts
@@ -187,6 +187,7 @@ export type SanitizedRuleConfig = Pick<
   | 'throttle'
   | 'notifyWhen'
   | 'muteAll'
+  | 'revision'
   | 'snoozeSchedule'
 > & {
   producer: string;

diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.ts
@@ -260,6 +260,7 @@ export class TaskRunner<
       enabled,
       actions,
       muteAll,
+      revision,
       snoozeSchedule,
     } = rule;
     const {
@@ -379,6 +380,7 @@ export class TaskRunner<
                 tags,
                 consumer,
                 producer: ruleType.producer,
+                revision,
                 ruleTypeId: rule.alertTypeId,
                 ruleTypeName: ruleType.name,
                 enabled,

diff --git a/...erver/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.test.ts b/...erver/lib/alerting/inventory_metric_threshold/inventory_metric_threshold_executor.test.ts
@@ -75,6 +75,7 @@ const mockOptions = {
     throttle: null,
     notifyWhen: null,
     producer: '',
+    revision: 0,
     ruleTypeId: '',
     ruleTypeName: '',
     muteAll: false,

diff --git a/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts b/x-pack/plugins/infra/server/lib/alerting/metric_threshold/metric_threshold_executor.test.ts
@@ -113,6 +113,7 @@ const mockOptions = {
     throttle: null,
     notifyWhen: null,
     producer: '',
+    revision: 0,
     ruleTypeId: '',
     ruleTypeName: '',
     muteAll: false,

diff --git a/x-pack/plugins/observability/public/components/alerts_flyout.test.tsx b/x-pack/plugins/observability/public/components/alerts_flyout.test.tsx
@@ -67,6 +67,7 @@ const activeAlert: TopAlert = {
     'kibana.alert.rule.producer': 'logs',
     'kibana.alert.rule.consumer': 'logs',
     'kibana.alert.rule.category': 'Log threshold',
+    'kibana.alert.rule.revision': 0,
     'kibana.alert.start': '2021-09-02T12:54:09.674Z',
     'kibana.alert.rule.rule_type_id': 'logs.alert.document.count',
     'event.action': 'active',
@@ -97,6 +98,7 @@ const recoveredAlert: TopAlert = {
     'kibana.alert.rule.producer': 'infrastructure',
     'kibana.alert.rule.consumer': 'infrastructure',
     'kibana.alert.rule.category': 'Inventory',
+    'kibana.alert.rule.revision': 0,
     'kibana.alert.start': '2021-09-02T13:05:36.699Z',
     'kibana.alert.rule.rule_type_id': 'metrics.alert.inventory.threshold',
     'event.action': 'close',

diff --git a/x-pack/plugins/observability/public/hooks/use_fetch_alert_detail.test.ts b/x-pack/plugins/observability/public/hooks/use_fetch_alert_detail.test.ts
@@ -27,6 +27,7 @@ describe('useFetchAlertDetail', () => {
     'kibana.alert.rule.execution.uuid': 'e62c418d-734d-47e7-bbeb-e6f182f5fb45',
     'kibana.alert.rule.name': 'A super rule',
     'kibana.alert.rule.producer': 'infrastructure',
+    'kibana.alert.rule.revision': 0,
     'kibana.alert.rule.rule_type_id': 'metrics.alert.threshold',
     'kibana.alert.rule.uuid': '69411af0-82a2-11ec-8139-c1568734434e',
     'kibana.space_ids': ['default'],
@@ -124,6 +125,7 @@ describe('useFetchAlertDetail', () => {
               "kibana.alert.rule.execution.uuid": "e62c418d-734d-47e7-bbeb-e6f182f5fb45",
               "kibana.alert.rule.name": "A super rule",
               "kibana.alert.rule.producer": "infrastructure",
+              "kibana.alert.rule.revision": 0,
               "kibana.alert.rule.rule_type_id": "metrics.alert.threshold",
               "kibana.alert.rule.tags": Array [],
               "kibana.alert.rule.uuid": "69411af0-82a2-11ec-8139-c1568734434e",

diff --git a/x-pack/plugins/observability/public/pages/alert_details/mock/alert.ts b/x-pack/plugins/observability/public/pages/alert_details/mock/alert.ts
@@ -15,6 +15,7 @@ import {
   ALERT_RULE_CONSUMER,
   ALERT_RULE_NAME,
   ALERT_RULE_PRODUCER,
+  ALERT_RULE_REVISION,
   ALERT_RULE_TAGS,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
@@ -46,6 +47,7 @@ export const alert: TopAlert = {
     [ALERT_RULE_PRODUCER]: 'logs',
     [ALERT_RULE_CONSUMER]: 'logs',
     [ALERT_RULE_CATEGORY]: 'Log threshold',
+    [ALERT_RULE_REVISION]: 0,
     [ALERT_START]: '2021-09-02T12:54:09.674Z',
     [ALERT_RULE_TYPE_ID]: 'logs.alert.document.count',
     [EVENT_ACTION]: 'active',

diff --git a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts
@@ -163,6 +163,11 @@ it('matches snapshot', () => {
         "required": false,
         "type": "keyword",
       },
+      "kibana.alert.rule.revision": Object {
+        "array": false,
+        "required": true,
+        "type": "long",
+      },
       "kibana.alert.rule.rule_id": Object {
         "array": false,
         "required": false,

diff --git a/x-pack/plugins/rule_registry/common/parse_technical_fields.test.ts b/x-pack/plugins/rule_registry/common/parse_technical_fields.test.ts
@@ -24,6 +24,7 @@ describe('parseTechnicalFields', () => {
       'kibana.alert.rule.rule_type_id': ['metrics.alert.threshold'],
       'event.action': ['active'],
       'kibana.alert.rule.name': ['Uptime'],
+      'kibana.alert.rule.revision': 0,
       'kibana.alert.uuid': ['f31f5726-3c47-4c88-bc42-4e1fbde17e34'],
       'kibana.space_ids': ['default'],
       'kibana.version': ['8.1.0'],
@@ -102,6 +103,7 @@ describe('parseTechnicalFields', () => {
       'kibana.alert.rule.category': ['Metric threshold'],
       'kibana.alert.rule.rule_type_id': ['metrics.alert.threshold'],
       'kibana.alert.rule.name': ['Uptime'],
+      'kibana.alert.rule.revision': 0,
       'kibana.alert.uuid': ['f31f5726-3c47-4c88-bc42-4e1fbde17e34'],
       'kibana.space_ids': ['default'],
     };

diff --git a/x-pack/plugins/rule_registry/common/schemas/8.8.0/index.ts b/x-pack/plugins/rule_registry/common/schemas/8.8.0/index.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ALERT_RULE_REVISION } from '@kbn/rule-data-utils';
+import { CommonAlertFields870 } from '../8.7.0';
+
+/* DO NOT MODIFY THIS SCHEMA TO ADD NEW FIELDS. These types represent the alerts that shipped in 8.8.0.
+Any changes to these types should be bug fixes so the types more accurately represent the alerts from 8.8.0.
+
+If you are adding new fields for a new release of Kibana, create a new sibling folder to this one
+for the version to be released and add the field(s) to the schema in that folder.
+
+Then, update `../index.ts` to import from the new folder that has the latest schemas, add the
+new schemas to the union of all alert schemas, and re-export the new schemas as the `*Latest` schemas.
+*/
+
+export interface RevisionField880 {
+  [ALERT_RULE_REVISION]: number;
+}
+
+export type CommonAlertFields880 = CommonAlertFields870 & RevisionField880;
+
+export type CommonAlertFieldName880 = keyof CommonAlertFields880;
+
+export type AlertWithCommonFields880<T> = T & CommonAlertFields880;
diff --git a/x-pack/plugins/rule_registry/common/schemas/index.ts b/x-pack/plugins/rule_registry/common/schemas/index.ts
@@ -6,19 +6,22 @@
  */
 
 import type {
-  CommonAlertFieldName870,
+  AlertWithSuppressionFields870,
+  SuppressionFields870,
   CommonAlertIdFieldName870,
-  CommonAlertFields870,
-  AlertWithCommonFields870,
 } from './8.7.0';
 
-import type { AlertWithSuppressionFields870, SuppressionFields870 } from './8.7.0';
+import type {
+  AlertWithCommonFields880,
+  CommonAlertFieldName880,
+  CommonAlertFields880,
+} from './8.8.0';
 
 export type {
   AlertWithSuppressionFields870 as AlertWithSuppressionFieldsLatest,
   SuppressionFields870 as SuppressionFieldsLatest,
-  CommonAlertFieldName870 as CommonAlertFieldNameLatest,
+  CommonAlertFieldName880 as CommonAlertFieldNameLatest,
   CommonAlertIdFieldName870 as CommonAlertIdFieldNameLatest,
-  CommonAlertFields870 as CommonAlertFieldsLatest,
-  AlertWithCommonFields870 as AlertWithCommonFieldsLatest,
+  CommonAlertFields880 as CommonAlertFieldsLatest,
+  AlertWithCommonFields880 as AlertWithCommonFieldsLatest,
 };
diff --git a/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.test.ts b/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.test.ts
@@ -11,6 +11,7 @@ import {
   ALERT_RULE_CONSUMER,
   ALERT_RULE_NAME,
   ALERT_RULE_PRODUCER,
+  ALERT_RULE_REVISION,
   ALERT_RISK_SCORE,
   ALERT_RULE_TYPE_ID,
   ALERT_RULE_UUID,
@@ -36,6 +37,7 @@ const getMockAlert = (): ParsedTechnicalFields & ParsedExperimentalFields => ({
   [ALERT_RULE_CONSUMER]: 'apm',
   [ALERT_RULE_NAME]: 'Check error rate',
   [ALERT_RULE_PRODUCER]: 'apm',
+  [ALERT_RULE_REVISION]: 0,
   [ALERT_RISK_SCORE]: 20,
   [ALERT_RULE_TYPE_ID]: 'fake-rule-type-id',
   [ALERT_RULE_UUID]: 'fake-rule-uuid',

diff --git a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type.test.ts
@@ -115,6 +115,7 @@ function createRule(shouldWriteAlerts: boolean = true) {
           name: 'name',
           notifyWhen: 'onActionGroupChange',
           producer: 'producer',
+          revision: 0,
           ruleTypeId: 'ruleTypeId',
           ruleTypeName: 'ruleTypeName',
           schedule: {
@@ -255,6 +256,7 @@ describe('createLifecycleRuleTypeFactory', () => {
                 "threshold": 1,
               },
               "kibana.alert.rule.producer": "producer",
+              "kibana.alert.rule.revision": 0,
               "kibana.alert.rule.rule_type_id": "ruleTypeId",
               "kibana.alert.rule.tags": Array [
                 "tags",
@@ -291,6 +293,7 @@ describe('createLifecycleRuleTypeFactory', () => {
                 "threshold": 1,
               },
               "kibana.alert.rule.producer": "producer",
+              "kibana.alert.rule.revision": 0,
               "kibana.alert.rule.rule_type_id": "ruleTypeId",
               "kibana.alert.rule.tags": Array [
                 "tags",

diff --git a/x-pack/plugins/rule_registry/server/utils/get_common_alert_fields.ts b/x-pack/plugins/rule_registry/server/utils/get_common_alert_fields.ts
@@ -17,6 +17,7 @@ import {
   ALERT_RULE_TAGS,
   TIMESTAMP,
   ALERT_RULE_PARAMETERS,
+  ALERT_RULE_REVISION,
 } from '@kbn/rule-data-utils';
 
 import { RuleExecutorOptions } from '@kbn/alerting-plugin/server';
@@ -32,6 +33,7 @@ export const getCommonAlertFields = (
     [ALERT_RULE_EXECUTION_UUID]: options.executionId,
     [ALERT_RULE_NAME]: options.rule.name,
     [ALERT_RULE_PRODUCER]: options.rule.producer,
+    [ALERT_RULE_REVISION]: options.rule.revision,
     [ALERT_RULE_TYPE_ID]: options.rule.ruleTypeId,
     [ALERT_RULE_UUID]: options.rule.id,
     [SPACE_IDS]: [options.spaceId],

diff --git a/x-pack/plugins/rule_registry/server/utils/rule_executor.test_helpers.ts b/x-pack/plugins/rule_registry/server/utils/rule_executor.test_helpers.ts
@@ -66,6 +66,7 @@ export const createDefaultAlertExecutorOptions = <
     createdAt,
     updatedAt,
     notifyWhen: null,
+    revision: 0,
     ruleTypeId: 'RULE_TYPE_ID',
     ruleTypeName: 'RULE_TYPE_NAME',
     muteAll: false,

diff --git a/...ion/cypress/e2e/detection_alerts/expandable_flyout/alert_details_right_panel_header.cy.ts b/...ion/cypress/e2e/detection_alerts/expandable_flyout/alert_details_right_panel_header.cy.ts
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { upperFirst } from 'lodash';
+import {
+  DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE,
+  DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE_VALUE,
+  DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY,
+  DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY_VALUE,
+  DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_TITLE,
+} from '../../../screens/document_expandable_flyout';
+import { expandFirstAlertExpandableFlyout } from '../../../tasks/document_expandable_flyout';
+import { cleanKibana } from '../../../tasks/common';
+import { login, visit } from '../../../tasks/login';
+import { createRule } from '../../../tasks/api_calls/rules';
+import { getNewRule } from '../../../objects/rule';
+import { ALERTS_URL } from '../../../urls/navigation';
+import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
+
+// Skipping these for now as the feature is protected behind a feature flag set to false by default
+// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
+describe.skip(
+  'Alert details expandable flyout right panel header',
+  { testIsolation: false },
+  () => {
+    const rule = getNewRule();
+
+    before(() => {
+      cleanKibana();
+      login();
+      createRule(rule);
+      visit(ALERTS_URL);
+      waitForAlertsToPopulate();
+      expandFirstAlertExpandableFlyout();
+    });
+
+    it('should display correct title in header', () => {
+      cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_TITLE)
+        .should('be.visible')
+        .and('have.text', rule.name);
+    });
+
+    it('should display risk score in header', () => {
+      cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE).should('be.visible');
+      cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE_VALUE)
+        .should('be.visible')
+        .and('have.text', rule.risk_score);
+    });
+
+    it('should display severity in header', () => {
+      cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY).should('be.visible');
+      cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY_VALUE)
+        .should('be.visible')
+        .and('have.text', upperFirst(rule.severity));
+    });
+  }
+);