Add support for custom alert ids

[mikecote]

Resolves #50210

In this PR, I'm adding support for custom uuid v1/v4 ids to the AlertsClient as well as the create HTTP API.

Example of new route option:
POST /api/alerts/alert/5031f8f0-629a-11eb-b500-d1931a8e5df7 will now use 5031f8f0-629a-11eb-b500-d1931a8e5df7 as the alert id and return 409 if a document with this id already exists.

Notes for doc

Document the limitation of ids that can be accepted including the new optional /{id?} addition to the API.

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[mikecote]

@elastic/kibana-security, I thought of making the error message more generic when it is returned by an HTTP call (ex: when creating an alert). Let me know your thoughts?

[legrego]

I'm fine with the text change. Is this something you expect end users to organically encounter in the UI?

[mikecote]

@legrego

Is this something you expect end users to organically encounter in the UI?

I don't think UI but I can see 3rd party developers/users encountering this when calling our HTTP API. I wasn't sure if mentioning SavedObjectsUtils.generateId in the error message would make sense to them or if it was better to say any UUID? I'm good either way.

[legrego]

I think your text change makes sense, and I have no problems with API consumers seeing this updated message. I just wanted to make sure the "normal" UI-based experience wouldn't encounter this 🙂

[mikecote]

Awesome, good to know 🙂 I can't guarantee what solutions will build on top, but I agree this shouldn't be encountered in the UIs.

[legrego]

Rather than directly coupling to Boom, can we instead throw a Saved Objects Error? If you pull this function up into the class, then you'll have access to errors, so you can do something like:

throw this.errors.createBadRequestError('Predefined IDs are not allowed...')

[mikecote]

Good idea, I went ahead and fixed that within c79ff9b.

[legrego]

I'm fine with the text change. Is this something you expect end users to organically encounter in the UI?

[pmuellr]

I didn't see any explicit uuid validation in our code, so I assume the SO client enforces that the id is a suitable UUID? For some reason, I didn't think those were restricted to be UUIDs - I can see that if I create an index pattern, it allows you to provide an id, and then uses whatever you give it. Eg, I just created an index pattern with id custom-index-pattern-id-here and I can see the doc's _id is index-pattern:custom-index-pattern-id-here. So I'm curious how this works, and if we actually need to conform to the uuid format.

[mikecote]

@pmuellr

I didn't see any explicit uuid validation in our code, so I assume the SO client enforces that the id is a suitable UUID?

The enforcement comes from the ESO plugin to ensure the ids are long enough for AAD and not as easy to guess.

See (+ fn comment above): https://github.com/mikecote/kibana/blob/alerting/custom-ids/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts#L325

[pmuellr]

The enforcement comes from the ESO plugin to ensure the ids are long enough for AAD and not as easy to guess.

Ah, makes sense. I guess we should doc that, which makes me realize we need a doc update anyway for the new id param.

[pmuellr]

LGTM, but noted in a non-review comment that we need to update the docs, and should mention the UUID-conformance validation on that field.

[mikecote]

@pmuellr agreed, I left a needs_docs label and updated the description 👍 Thank you for the review!

[YulNaumenko]

LGTM

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: c79ff9b

Metrics [docs]

✅ unchanged

History

• 💚 Build #102567 succeeded 7588e57
• 💚 Build #102414 succeeded 2339b1f

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream