support legacy event log alert recovery syntax

x-pack/plugins/alerts/server/alerts_client/tests/get_alert_instance_summary.test.ts

@@ -122,7 +122,7 @@ describe('getAlertInstanceSummary()', () => {
  .addActiveInstance('instance-previously-active', 'action group B')
  .advanceTime(10000)
  .addExecute()
- .addResolvedInstance('instance-previously-active')
+ .addRecoveredInstance('instance-previously-active')
  .addActiveInstance('instance-currently-active', 'action group A')
  .getEvents();
  const eventsResult = {

x-pack/plugins/alerts/server/lib/alert_instance_summary_from_event_log.test.ts

@@ -6,7 +6,7 @@
 
 import { SanitizedAlert, AlertInstanceSummary } from '../types';
 import { IValidatedEvent } from '../../../event_log/server';
-import { EVENT_LOG_ACTIONS, EVENT_LOG_PROVIDER } from '../plugin';
+import { EVENT_LOG_ACTIONS, EVENT_LOG_PROVIDER, LEGACY_EVENT_LOG_ACTIONS } from '../plugin';
 import { alertInstanceSummaryFromEventLog } from './alert_instance_summary_from_event_log';
 
 const ONE_HOUR_IN_MILLIS = 60 * 60 * 1000;
@@ -189,7 +189,43 @@ describe('alertInstanceSummaryFromEventLog', () => {
  .addActiveInstance('instance-1', 'action group A')
  .advanceTime(10000)
  .addExecute()
- .addResolvedInstance('instance-1')
+ .addRecoveredInstance('instance-1')
+ .getEvents();
+
+ const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
+ alert,
+ events,
+ dateStart,
+ dateEnd,
+ });
+
+ const { lastRun, status, instances } = summary;
+ expect({ lastRun, status, instances }).toMatchInlineSnapshot(`
+ Object {
+ "instances": Object {
+ "instance-1": Object {
+ "actionGroupId": undefined,
+ "activeStartDate": undefined,
+ "muted": false,
+ "status": "OK",
+ },
+ },
+ "lastRun": "2020-06-18T00:00:10.000Z",
+ "status": "OK",
+ }
+ `);
+ });
+
+ test('legacy alert with currently inactive instance', async () => {
+ const alert = createAlert({});
+ const eventsFactory = new EventsFactory();
+ const events = eventsFactory
+ .addExecute()
+ .addNewInstance('instance-1')
+ .addActiveInstance('instance-1', 'action group A')
+ .advanceTime(10000)
+ .addExecute()
+ .addLegacyResolvedInstance('instance-1')
  .getEvents();
 
  const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -224,7 +260,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
  .addActiveInstance('instance-1', 'action group A')
  .advanceTime(10000)
  .addExecute()
- .addResolvedInstance('instance-1')
+ .addRecoveredInstance('instance-1')
  .getEvents();
 
  const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -406,7 +442,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
  .advanceTime(10000)
  .addExecute()
  .addActiveInstance('instance-1', 'action group A')
- .addResolvedInstance('instance-2')
+ .addRecoveredInstance('instance-2')
  .getEvents();
 
  const summary: AlertInstanceSummary = alertInstanceSummaryFromEventLog({
@@ -451,7 +487,7 @@ describe('alertInstanceSummaryFromEventLog', () => {
  .advanceTime(10000)
  .addExecute()
  .addActiveInstance('instance-1', 'action group A')
- .addResolvedInstance('instance-2')
+ .addRecoveredInstance('instance-2')
  .advanceTime(10000)
  .addExecute()
  .addActiveInstance('instance-1', 'action group B')
@@ -561,7 +597,7 @@ export class EventsFactory {
  return this;
  }
 
- addResolvedInstance(instanceId: string): EventsFactory {
+ addRecoveredInstance(instanceId: string): EventsFactory {
  this.events.push({
  '@timestamp': this.date,
  event: {
@@ -572,6 +608,18 @@ export class EventsFactory {
  });
  return this;
  }
+
+ addLegacyResolvedInstance(instanceId: string): EventsFactory {
+ this.events.push({
+ '@timestamp': this.date,
+ event: {
+ provider: EVENT_LOG_PROVIDER,
+ action: LEGACY_EVENT_LOG_ACTIONS.resolvedInstance,
+ },
+ kibana: { alerting: { instance_id: instanceId } },
+ });
+ return this;
+ }
 }
 
 function createAlert(overrides: Partial<SanitizedAlert>): SanitizedAlert {

x-pack/plugins/alerts/server/lib/alert_instance_summary_from_event_log.ts

@@ -6,7 +6,7 @@
 
 import { SanitizedAlert, AlertInstanceSummary, AlertInstanceStatus } from '../types';
 import { IEvent } from '../../../event_log/server';
-import { EVENT_LOG_ACTIONS, EVENT_LOG_PROVIDER } from '../plugin';
+import { EVENT_LOG_ACTIONS, EVENT_LOG_PROVIDER, LEGACY_EVENT_LOG_ACTIONS } from '../plugin';
 
 export interface AlertInstanceSummaryFromEventLogParams {
  alert: SanitizedAlert;
@@ -80,6 +80,7 @@ export function alertInstanceSummaryFromEventLog(
  status.status = 'Active';
  status.actionGroupId = event?.kibana?.alerting?.action_group_id;
  break;
+ case LEGACY_EVENT_LOG_ACTIONS.resolvedInstance:
  case EVENT_LOG_ACTIONS.recoveredInstance:
  status.status = 'OK';
  status.activeStartDate = undefined;

x-pack/plugins/alerts/server/plugin.ts

@@ -85,6 +85,9 @@ export const EVENT_LOG_ACTIONS = {
  recoveredInstance: 'recovered-instance',
  activeInstance: 'active-instance',
 };
+export const LEGACY_EVENT_LOG_ACTIONS = {
+ resolvedInstance: 'resolved-instance',
+};
 
 export interface PluginSetupContract {
  registerType: AlertTypeRegistry['register'];

x-pack/plugins/alerts/server/task_runner/task_runner.test.ts

@@ -666,7 +666,7 @@ describe('Task Runner', () => {
  },
  ],
  },
- "message": "test:1: 'alert-name' recovered instance: '2'",
+ "message": "test:1: 'alert-name' instance '2' has recovered",
  },
  ],
  Array [

x-pack/plugins/alerts/server/task_runner/task_runner.ts

@@ -457,7 +457,7 @@ function generateNewAndRecoveredInstanceEvents(
 
  for (const id of recoveredIds) {
  const actionGroup = originalAlertInstances[id].getLastScheduledActions()?.group;
- const message = `${params.alertLabel} recovered instance: '${id}'`;
+ const message = `${params.alertLabel} instance '${id}' has recovered`;
  logInstanceEvent(id, EVENT_LOG_ACTIONS.recoveredInstance, message, actionGroup);
  }
 

x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts

@@ -87,25 +87,25 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
  const executeEvents = getEventsByAction(events, 'execute');
  const executeActionEvents = getEventsByAction(events, 'execute-action');
  const newInstanceEvents = getEventsByAction(events, 'new-instance');
- const resolvedInstanceEvents = getEventsByAction(events, 'recovered-instance');
+ const recoveredInstanceEvents = getEventsByAction(events, 'recovered-instance');
 
  expect(executeEvents.length >= 4).to.be(true);
  expect(executeActionEvents.length).to.be(2);
  expect(newInstanceEvents.length).to.be(1);
- expect(resolvedInstanceEvents.length).to.be(1);
+ expect(recoveredInstanceEvents.length).to.be(1);
 
  // make sure the events are in the right temporal order
  const executeTimes = getTimestamps(executeEvents);
  const executeActionTimes = getTimestamps(executeActionEvents);
  const newInstanceTimes = getTimestamps(newInstanceEvents);
- const resolvedInstanceTimes = getTimestamps(resolvedInstanceEvents);
+ const recoveredInstanceTimes = getTimestamps(recoveredInstanceEvents);
 
  expect(executeTimes[0] < newInstanceTimes[0]).to.be(true);
  expect(executeTimes[1] <= newInstanceTimes[0]).to.be(true);
  expect(executeTimes[2] > newInstanceTimes[0]).to.be(true);
  expect(executeTimes[1] <= executeActionTimes[0]).to.be(true);
  expect(executeTimes[2] > executeActionTimes[0]).to.be(true);
- expect(resolvedInstanceTimes[0] > newInstanceTimes[0]).to.be(true);
+ expect(recoveredInstanceTimes[0] > newInstanceTimes[0]).to.be(true);
 
  // validate each event
  let executeCount = 0;