Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Alerting] Enable creating system actions through the Create Rule API #167884

Merged
merged 29 commits into from
Oct 26, 2023

Conversation

cnasikas
Copy link
Member

@cnasikas cnasikas commented Oct 3, 2023

Summary

This PR enables system actions only to the Create Rule API. Other PRs will follow on a subsequent PR.

Depends on: #167871

Related: #160367

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@cnasikas cnasikas added release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework labels Oct 3, 2023
@cnasikas cnasikas self-assigned this Oct 3, 2023
@cnasikas cnasikas marked this pull request as ready for review October 19, 2023 12:51
@cnasikas cnasikas requested a review from a team as a code owner October 19, 2023 12:51
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@@ -181,9 +180,48 @@ export const monitoringSchema = schema.object({
}),
});

export const rRuleSchema = schema.object({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you decide to copy this schema instead of importing it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a mistake when I resolved some conflicts with main. Fixed in 71898c9 (#167884)


const data = { ...initialData, actions: addGeneratedActionValues(initialData.actions) };
const systemActions = initialData.actions.filter(
(action): action is RuleSystemAction => action.type === RuleActionTypes.SYSTEM
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use special function for this check, we can import from here?
x-pack/plugins/alerting/common/system_actions/is_system_action.ts

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably some type issue.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is correct. The types of the createRule are not compatible with this function. I tried but I could not make it work.

@@ -13,7 +13,7 @@ import {
} from '../../../lib';
import { BASE_ALERTING_API_PATH } from '../../../../types';
import { RouteOptions } from '../../..';
import type {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you delete type?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a mistake. Fixed in 71898c9 (#167884)

@@ -47,8 +45,6 @@ export interface RulesClientFactoryOpts {
minimumScheduleInterval: AlertingRulesConfig['minimumScheduleInterval'];
maxScheduledPerMinute: AlertingRulesConfig['maxScheduledPerMinute'];
connectorAdapterRegistry: ConnectorAdapterRegistry;
getAlertIndicesAlias: GetAlertIndicesAlias;
alertsService: AlertsService | null;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lost why did we delete these 2 methods from here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again a mistake when fixing conflicts 🙂. Thanks! Fixed in 71898c9 (#167884)

@kibana-ci
Copy link
Collaborator

kibana-ci commented Oct 25, 2023

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #14 / Actions and Triggers app Rules list rules list should allow rules to be snoozed
  • [job] [logs] FTR Configs #14 / Actions and Triggers app Rules list rules list should allow rules to be snoozed
  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts / alerting api integration security and spaces enabled - Group 2 Alerts legacy alerts alerts superuser at space1 should schedule actions on legacy alerts
  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts / alerting api integration security and spaces enabled - Group 2 Alerts legacy alerts alerts superuser at space1 should schedule actions on legacy alerts
  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts / alerting api integration security and spaces enabled - Group 2 Alerts legacy alerts alerts superuser at space1 should schedule actions on legacy alerts
  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts / alerting api integration security and spaces enabled - Group 2 Alerts legacy alerts alerts superuser at space1 should schedule actions on legacy alerts
  • [job] [logs] FTR Configs #23 / alerting api integration security and spaces enabled - Group 3 Alerts - Group 3 alerts bulkEdit superuser at space1 should handle bulk edit of rules appropriately
  • [job] [logs] FTR Configs #23 / alerting api integration security and spaces enabled - Group 3 Alerts - Group 3 alerts bulkEdit superuser at space1 should handle bulk edit of rules appropriately
  • [job] [logs] FTR Configs #34 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #60 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #71 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #60 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #71 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #34 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #60 / Alerting bulkEdit should bulk edit rule with tags operation
  • [job] [logs] FTR Configs #60 / Alerting bulkEdit should bulk edit rule with tags operation
  • [job] [logs] FTR Configs #8 / Alerting create legacy should handle create alert request appropriately
  • [job] [logs] FTR Configs #8 / Alerting create legacy should handle create alert request appropriately
  • [job] [logs] FTR Configs #33 / Alerts - Group 3 - schedule circuit breaker alerts Bulk edit with circuit breaker should prevent rules from being bulk edited if max schedules have been reached
  • [job] [logs] FTR Configs #33 / Alerts - Group 3 - schedule circuit breaker alerts Bulk edit with circuit breaker should prevent rules from being bulk edited if max schedules have been reached
  • [job] [logs] Serverless Security Cypress Tests #2 / Bulk editing index patterns of rules with a data view only Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated
  • [job] [logs] Security Solution Cypress Tests #3 / Bulk editing index patterns of rules with a data view only Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated
  • [job] [logs] Security Solution Cypress Tests #3 / Bulk editing index patterns of rules with a data view only Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated
  • [job] [logs] Serverless Security Cypress Tests #2 / Bulk editing index patterns of rules with a data view only Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated
  • [job] [logs] Security Solution Cypress Tests #3 / Bulk editing index patterns of rules with a data view only Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated
  • [job] [logs] Security Solution Cypress Tests #3 / Bulk editing index patterns of rules with a data view only Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated
  • [job] [logs] Serverless Security Cypress Tests #2 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated
  • [job] [logs] Security Solution Cypress Tests #3 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated
  • [job] [logs] Security Solution Cypress Tests #3 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated
  • [job] [logs] Serverless Security Cypress Tests #2 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules: one rule is updated, one rule is skipped Add index patterns to custom rules: one rule is updated, one rule is skipped
  • [job] [logs] Security Solution Cypress Tests #3 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules: one rule is updated, one rule is skipped Add index patterns to custom rules: one rule is updated, one rule is skipped
  • [job] [logs] Security Solution Cypress Tests #3 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules: one rule is updated, one rule is skipped Add index patterns to custom rules: one rule is updated, one rule is skipped
  • [job] [logs] Jest Tests #11 / bulkEdit() actions operations should add uuid to new actions
  • [job] [logs] Jest Tests #11 / bulkEdit() actions operations should only increment revision once for multiple operations
  • [job] [logs] Jest Tests #11 / bulkEdit() actions operations should set timeframe in alertsFilter null if doesn't exist
  • [job] [logs] Jest Tests #11 / bulkEdit() index pattern operations should add index patterns
  • [job] [logs] Jest Tests #11 / bulkEdit() index pattern operations should delete index patterns
  • [job] [logs] Jest Tests #11 / bulkEdit() snoozeSchedule operations should add snooze schedule
  • [job] [logs] Jest Tests #11 / bulkEdit() snoozeSchedule operations should not unsnooze a snoozed rule when bulk adding snooze schedules
  • [job] [logs] Jest Tests #11 / bulkEdit() snoozeSchedule operations should snooze
  • [job] [logs] Jest Tests #11 / bulkEdit() tags operations should add new tag
  • [job] [logs] Jest Tests #11 / bulkEdit() tags operations should delete tag
  • [job] [logs] Jest Tests #11 / bulkEdit() tags operations should set tags
  • [job] [logs] FTR Configs #74 / detection engine api security and spaces enabled - Group 1 add_actions adding actions should be able to create a new webhook action and attach it to a rule
  • [job] [logs] FTR Configs #74 / detection engine api security and spaces enabled - Group 1 add_actions adding actions should be able to create a new webhook action and attach it to a rule
  • [job] [logs] FTR Configs #21 / detection engine api security and spaces enabled - Group 10 import_rules importing rules with an index should migrate legacy actions in existing rule if overwrite is set to true
  • [job] [logs] FTR Configs #21 / detection engine api security and spaces enabled - Group 10 import_rules importing rules with an index should migrate legacy actions in existing rule if overwrite is set to true
  • [job] [logs] FTR Configs #60 / detection engine api security and spaces enabled - Group 4 Detection rule type telemetry Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
  • [job] [logs] FTR Configs #60 / detection engine api security and spaces enabled - Group 4 Detection rule type telemetry Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
  • [job] [logs] FTR Configs #21 / detection engine api security and spaces enabled - rule execution logic Query type rules with suppression enabled with a suppression time window should update an alert using real rule executions
  • [job] [logs] FTR Configs #21 / detection engine api security and spaces enabled - rule execution logic Query type rules with suppression enabled with a suppression time window should update an alert using real rule executions
  • [job] [logs] x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/serverless.config.ts / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type date "is" operator should filter 1 single date if it is set as an exception
  • [job] [logs] FTR Configs #68 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type date "is" operator should filter 1 single date if it is set as an exception
  • [job] [logs] x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/serverless.config.ts / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type date "is" operator should filter 1 single date if it is set as an exception
  • [job] [logs] FTR Configs #68 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type date "is" operator should filter 1 single date if it is set as an exception
  • [job] [logs] x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword_text_long/configs/serverless.config.ts / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type keyword "is" operator should filter 1 single keyword if it is set as an exception
  • [job] [logs] FTR Configs #11 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type keyword "is" operator should filter 1 single keyword if it is set as an exception
  • [job] [logs] x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword_text_long/configs/serverless.config.ts / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type keyword "is" operator should filter 1 single keyword if it is set as an exception
  • [job] [logs] FTR Configs #11 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type keyword "is" operator should filter 1 single keyword if it is set as an exception
  • [job] [logs] FTR Configs #4 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type text "is" operator should filter 1 single text if it is set as an exception
  • [job] [logs] FTR Configs #17 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type text "is" operator should filter 1 single text if it is set as an exception
  • [job] [logs] FTR Configs #17 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type text "is" operator should filter 1 single text if it is set as an exception
  • [job] [logs] FTR Configs #4 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type text "is" operator should filter 1 single text if it is set as an exception
  • [job] [logs] Serverless Security Cypress Tests #1 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Security Solution Cypress Tests #2 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Security Solution Cypress Tests #2 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Serverless Security Cypress Tests #1 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Security Solution Cypress Tests #2 / Detection rules, bulk edit of rule actions Restricted action privileges User with no privileges can't add rule actions User with no privileges can't add rule actions
  • [job] [logs] Security Solution Cypress Tests #2 / Detection rules, bulk edit of rule actions Restricted action privileges User with no privileges can't add rule actions User with no privileges can't add rule actions
  • [job] [logs] Serverless Security Cypress Tests #1 / Detection rules, Prebuilt Rules Installation and Update workflow Installation of prebuilt rules package via Fleet should install rules from the Fleet package when user clicks on CTA should install rules from the Fleet package when user clicks on CTA
  • [job] [logs] Serverless Security Cypress Tests #1 / Detection rules, Prebuilt Rules Installation and Update workflow Installation of prebuilt rules package via Fleet should install rules from the Fleet package when user clicks on CTA should install rules from the Fleet package when user clicks on CTA
  • [job] [logs] FTR Configs #44 / Exceptions API @serverless @ess role_based_rule_exceptions_workflows creating rules with exceptions tests with auditbeat data should be able to execute against an exception list that does include valid entries and get back 0 alerts
  • [job] [logs] FTR Configs #44 / Exceptions API @serverless @ess role_based_rule_exceptions_workflows creating rules with exceptions tests with auditbeat data should be able to execute against an exception list that does include valid entries and get back 0 alerts
  • [job] [logs] FTR Configs #20 / Exceptions API @serverless @ess role_based_rule_exceptions_workflows creating rules with exceptions tests with auditbeat data should be able to execute against an exception list that does include valid entries and get back 0 alerts
  • [job] [logs] FTR Configs #20 / Exceptions API @serverless @ess role_based_rule_exceptions_workflows creating rules with exceptions tests with auditbeat data should be able to execute against an exception list that does include valid entries and get back 0 alerts
  • [job] [logs] Serverless Security Cypress Tests #2 / Exceptions match_any Creates exception item Creates exception item
  • [job] [logs] Security Solution Cypress Tests #9 / Exceptions match_any Creates exception item Creates exception item
  • [job] [logs] Security Solution Cypress Tests #9 / Exceptions match_any Creates exception item Creates exception item
  • [job] [logs] FTR Configs #64 / Monitoring app Cluster listing Alerts should show a toast when alerts are created successfully
  • [job] [logs] FTR Configs #64 / Monitoring app Cluster listing Alerts should show a toast when alerts are created successfully
  • [job] [logs] FTR Configs #28 / Observability Rules Synthetics SyntheticsRules creates rule when settings are configured
  • [job] [logs] FTR Configs #28 / Observability Rules Synthetics SyntheticsRules creates rule when settings are configured
  • [job] [logs] Security Solution Cypress Tests #4 / Rule actions during detection rule creation Indexes a new document after the index action is triggered Indexes a new document after the index action is triggered
  • [job] [logs] Security Solution Cypress Tests #4 / Rule actions during detection rule creation Indexes a new document after the index action is triggered Indexes a new document after the index action is triggered
  • [job] [logs] FTR Configs #56 / Rule creation API @serverless @ess create_rules @brokenInServerless per-action frequencies actions without frequencies it sets each action's frequency attribute to default value when 'throttle' is undefined
  • [job] [logs] FTR Configs #56 / Rule creation API @serverless @ess create_rules @brokenInServerless per-action frequencies actions without frequencies it sets each action's frequency attribute to default value when 'throttle' is undefined
  • [job] [logs] Security Solution Cypress Tests #7 / rule snoozing Rule editing page / actions tab adds an action to a snoozed rule adds an action to a snoozed rule
  • [job] [logs] Security Solution Cypress Tests #7 / rule snoozing Rule editing page / actions tab adds an action to a snoozed rule adds an action to a snoozed rule
  • [job] [logs] Security Solution Cypress Tests #7 / rule snoozing Rules management table snoozes a rule with actions for 2 days snoozes a rule with actions for 2 days
  • [job] [logs] Security Solution Cypress Tests #7 / rule snoozing Rules management table snoozes a rule with actions for 2 days snoozes a rule with actions for 2 days
  • [job] [logs] Jest Tests #11 / update() calls the authentication API key function if the user is authenticated using an api key
  • [job] [logs] Jest Tests #11 / update() calls the createApiKey function
  • [job] [logs] Jest Tests #11 / update() doesn't call the createAPIKey function when alert is disabled
  • [job] [logs] Jest Tests #11 / update() should call useSavedObjectReferences.extractReferences and useSavedObjectReferences.injectReferences if defined for rule type
  • [job] [logs] Jest Tests #11 / update() should update a rule even if action is missing secret when allowMissingConnectorSecrets is true
  • [job] [logs] Jest Tests #11 / update() should update a rule with some preconfigured actions
  • [job] [logs] Jest Tests #11 / update() should update a rule with some system actions
  • [job] [logs] Jest Tests #11 / update() updates an action with uuid and adds uuid to an action without it
  • [job] [logs] Jest Tests #11 / update() updates given parameters

Metrics [docs]

‼️ ERROR: no builds found for mergeBase sha [a291f7a]

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @cnasikas

@guskovaue guskovaue merged commit 8dedac8 into elastic:system_actions_mvp Oct 26, 2023
20 of 59 checks passed
guskovaue added a commit that referenced this pull request Oct 27, 2023
…API (#168226)

Summarize your PR. If it involves visual changes include a screenshot or
gif.

Depends on: #167871,
#167884

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Julia Guskova <iuliia.guskova@elastic.co>
@cnasikas cnasikas mentioned this pull request Nov 8, 2023
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants