[Actions] Add support for system actions in Rules APIs

[cnasikas]

Summary

In this PR we allow the usage of system actions through the Rules APIs. Major decisions:

• The actions will have the type property only inside the methods of the rule client.
• The APIs will not accept the type of the action. The framework will detect this automatically.
• All routes will add the type to the actions before passing the request to the rule client.
• The rule client methods will return actions with the type.
• All routes will remove the type from the actions before returning the response to the client.
• Users should not be able to set the frequency, the group, or the alerts filter for system actions.
• The group is now optional because system actions do not support it.
• The type of the action will not be persisted to ES.

To keep the size of the PR small, and because it will be merged into a feature branch, I decided to work in the Create Rule, Update Rule, and Bulk Edit Rules APIs. I also follow TS errors and failed tests and update some of the other routes/client methods. Another PR will follow to handle the rest of the APIs and the CI errors produced by these APIs and another PR will follow to handle the APIs of Security Solution.

Issue: #160367
Depends on: #165671

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[cnasikas]

System actions do not have a group. Changing this to optional to allow system actions to be created without a group.

[cnasikas]

This type is used internally by the rules client.

[cnasikas]

The responses from the alerting APIs do not contain the type of action.

[cnasikas]

Validation of the schema was missing from the method. The schema requires at least one operation to be set.

[cnasikas]

transformRuleAttributesToRuleDomain calls transformRawActionsToDomainActions which in turn injects the references into the actions. No need to do it twice.

[cnasikas]

Rule methods accept two types of actions.

[cnasikas]

System actions are not allowed to contain: group, alertsFilter, and frequency.

[cnasikas]

This function adds the id from the references and the type in all actions. The type is not persisted in ES.

[cnasikas]

Logic moved inside transformRawActionsToDomainActions.

[cnasikas]

This is the schema of the system action params persisted in the rule.

[cnasikas]

Adds the type to the actions.

[cnasikas]

Removes the type from the actions.

[cnasikas]

Adds the type to the actions.

[cnasikas]

Removes the type from the actions.

[kibana-ci]

💔 Build Failed

• Buildkite Build
• Commit: 47ca6e4
• Interpreting CI Failures

Failed CI Steps

• Build API Docs
• Jest Tests #10
• x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts
• x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts
• x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts
• x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts
• FTR Configs #9
• FTR Configs #9
• FTR Configs #23
• FTR Configs #23
• FTR Configs #34
• FTR Configs #34
• FTR Configs #57
• FTR Configs #57
• FTR Configs #62
• FTR Configs #62
• FTR Configs #65
• FTR Configs #65
• Check Types

Test Failures

• [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts / alerting api integration security and spaces enabled - Group 2 Alerts alerts alerts superuser at space1 should schedule task, run alert and schedule actions when appropriate
• [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts / alerting api integration security and spaces enabled - Group 2 Alerts alerts alerts superuser at space1 should schedule task, run alert and schedule actions when appropriate
• [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts / alerting api integration security and spaces enabled - Group 2 Alerts alerts alerts superuser at space1 should schedule task, run alert and schedule actions when appropriate
• [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts / alerting api integration security and spaces enabled - Group 2 Alerts alerts alerts superuser at space1 should schedule task, run alert and schedule actions when appropriate
• [job] [logs] FTR Configs #65 / Alerting create should store references correctly for actions
• [job] [logs] FTR Configs #65 / Alerting create should store references correctly for actions
• [job] [logs] FTR Configs #34 / Alerting update system actions should update a rule with a system action correctly
• [job] [logs] FTR Configs #34 / Alerting update system actions should update a rule with a system action correctly
• [job] [logs] Jest Tests #10 / bulkEdit() index pattern operations should skip operation when params modifiers does not modify index pattern array
• [job] [logs] Jest Tests #10 / bulkEditRulesRoute actions adds the type of the actions correctly before passing the request to the rules client
• [job] [logs] FTR Configs #9 / detection engine api security and spaces enabled - Group 1 add_actions adding actions should be able to create a new webhook action and attach it to a rule
• [job] [logs] FTR Configs #9 / detection engine api security and spaces enabled - Group 1 add_actions adding actions should be able to create a new webhook action and attach it to a rule
• [job] [logs] FTR Configs #23 / detection engine api security and spaces enabled - Group 10 import_rules importing rules with an index should migrate legacy actions in existing rule if overwrite is set to true
• [job] [logs] FTR Configs #23 / detection engine api security and spaces enabled - Group 10 import_rules importing rules with an index should migrate legacy actions in existing rule if overwrite is set to true
• [job] [logs] FTR Configs #23 / detection engine api security and spaces enabled - Group 4 Detection rule type telemetry Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
• [job] [logs] FTR Configs #23 / detection engine api security and spaces enabled - Group 4 Detection rule type telemetry Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
• [job] [logs] FTR Configs #62 / Monitoring app Cluster listing Alerts should show a toast when alerts are created successfully
• [job] [logs] FTR Configs #62 / Monitoring app Cluster listing Alerts should show a toast when alerts are created successfully
• [job] [logs] FTR Configs #57 / Observability Rules Synthetics SyntheticsRules creates rule when settings are configured
• [job] [logs] FTR Configs #57 / Observability Rules Synthetics SyntheticsRules creates rule when settings are configured

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
alerting	96	97	+1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
alerting	21.8KB	21.9KB	+112.0B

History

• 💔 Build #159389 failed 25fca6e
• 💔 Build #159379 failed f137579
• 💔 Build #158364 failed 8e0cdc7
• 💔 Build #157694 failed c1d0648

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @cnasikas

[ersin-erdal]

Thanks for fixing this.

[ersin-erdal]

Went through the code and left some comments.
I will run and test the PR locally then approve.

[ersin-erdal]

Nit: inMemoryConnectors.some could be better here.

[ersin-erdal]

I think these are connectors not actions (I know isSystemAction is misleading :) )
Even the return type is FindConnectorResult

[ersin-erdal]

I think indirectParams has been removed by mistake

[cnasikas]

Closing the PR in favor of smaller PRs to aid the review process