Save ES Query Rule type alerts in alert-as-data index (#161685)

Resolves: #159493 This PR replaces `AlertFactory` in ES Query rule type with `AlertsClient` so the alerts are persistent in an alert-as-data index. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
elastic · Aug 14, 2023 · 458c67e · 458c67e
1 parent 4b8e928
commit 458c67e
Show file tree

Hide file tree

Showing 20 changed files with 643 additions and 178 deletions.
diff --git a/packages/kbn-alerts-as-data-utils/src/schemas/generated/stack_schema.ts b/packages/kbn-alerts-as-data-utils/src/schemas/generated/stack_schema.ts
@@ -0,0 +1,86 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+// ---------------------------------- WARNING ----------------------------------
+// this file was generated, and should not be edited by hand
+// ---------------------------------- WARNING ----------------------------------
+import * as rt from 'io-ts';
+import { Either } from 'fp-ts/lib/Either';
+import { AlertSchema } from './alert_schema';
+const ISO_DATE_PATTERN = /^d{4}-d{2}-d{2}Td{2}:d{2}:d{2}.d{3}Z$/;
+export const IsoDateString = new rt.Type<string, string, unknown>(
+  'IsoDateString',
+  rt.string.is,
+  (input, context): Either<rt.Errors, string> => {
+    if (typeof input === 'string' && ISO_DATE_PATTERN.test(input)) {
+      return rt.success(input);
+    } else {
+      return rt.failure(input, context);
+    }
+  },
+  rt.identity
+);
+export type IsoDateStringC = typeof IsoDateString;
+export const schemaDate = IsoDateString;
+export const schemaDateArray = rt.array(IsoDateString);
+export const schemaDateRange = rt.partial({
+  gte: schemaDate,
+  lte: schemaDate,
+});
+export const schemaDateRangeArray = rt.array(schemaDateRange);
+export const schemaUnknown = rt.unknown;
+export const schemaUnknownArray = rt.array(rt.unknown);
+export const schemaString = rt.string;
+export const schemaStringArray = rt.array(schemaString);
+export const schemaNumber = rt.number;
+export const schemaNumberArray = rt.array(schemaNumber);
+export const schemaStringOrNumber = rt.union([schemaString, schemaNumber]);
+export const schemaStringOrNumberArray = rt.array(schemaStringOrNumber);
+export const schemaBoolean = rt.boolean;
+export const schemaBooleanArray = rt.array(schemaBoolean);
+const schemaGeoPointCoords = rt.type({
+  type: schemaString,
+  coordinates: schemaNumberArray,
+});
+const schemaGeoPointString = schemaString;
+const schemaGeoPointLatLon = rt.type({
+  lat: schemaNumber,
+  lon: schemaNumber,
+});
+const schemaGeoPointLocation = rt.type({
+  location: schemaNumberArray,
+});
+const schemaGeoPointLocationString = rt.type({
+  location: schemaString,
+});
+export const schemaGeoPoint = rt.union([
+  schemaGeoPointCoords,
+  schemaGeoPointString,
+  schemaGeoPointLatLon,
+  schemaGeoPointLocation,
+  schemaGeoPointLocationString,
+]);
+export const schemaGeoPointArray = rt.array(schemaGeoPoint);
+// prettier-ignore
+const StackAlertRequired = rt.type({
+});
+const StackAlertOptional = rt.partial({
+  kibana: rt.partial({
+    alert: rt.partial({
+      evaluation: rt.partial({
+        conditions: schemaString,
+        value: schemaString,
+      }),
+      title: schemaString,
+    }),
+  }),
+});
+
+// prettier-ignore
+export const StackAlertSchema = rt.intersection([StackAlertRequired, StackAlertOptional, AlertSchema]);
+// prettier-ignore
+export type StackAlert = rt.TypeOf<typeof StackAlertSchema>;
diff --git a/packages/kbn-alerts-as-data-utils/src/schemas/index.ts b/packages/kbn-alerts-as-data-utils/src/schemas/index.ts
@@ -23,6 +23,7 @@ export type { ObservabilityMetricsAlert } from './generated/observability_metric
 export type { ObservabilitySloAlert } from './generated/observability_slo_schema';
 export type { ObservabilityUptimeAlert } from './generated/observability_uptime_schema';
 export type { SecurityAlert } from './generated/security_schema';
+export type { StackAlert } from './generated/stack_schema';
 
 export type AADAlert =
   | Alert

diff --git a/x-pack/plugins/alerting/server/alerts_client/alerts_client.mock.ts b/x-pack/plugins/alerting/server/alerts_client/alerts_client.mock.ts
@@ -30,9 +30,11 @@ const createPublicAlertsClientMock = () => {
   return jest.fn().mockImplementation(() => {
     return {
       create: jest.fn(),
-      getAlertLimitValue: jest.fn(),
+      report: jest.fn(),
+      getAlertLimitValue: jest.fn().mockReturnValue(1000),
       setAlertLimitReached: jest.fn(),
-      getRecoveredAlerts: jest.fn(),
+      getRecoveredAlerts: jest.fn().mockReturnValue([]),
+      setAlertData: jest.fn(),
     };
   });
 };

diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/index.ts b/x-pack/plugins/alerting/server/alerts_client/lib/index.ts
@@ -14,4 +14,5 @@ export {
   getHitsWithCount,
   getLifecycleAlertsQueries,
   getContinualAlertsQuery,
+  expandFlattenedAlert,
 } from './get_summarized_alerts_query';
diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/strip_framework_fields.ts b/x-pack/plugins/alerting/server/alerts_client/lib/strip_framework_fields.ts
@@ -6,11 +6,16 @@
  */
 
 import { omit } from 'lodash';
-import { ALERT_REASON, ALERT_WORKFLOW_STATUS, TAGS } from '@kbn/rule-data-utils';
+import { ALERT_REASON, ALERT_WORKFLOW_STATUS, TAGS, ALERT_URL } from '@kbn/rule-data-utils';
 import { alertFieldMap } from '@kbn/alerts-as-data-utils';
 import { RuleAlertData } from '../../types';
 
-const allowedFrameworkFields = new Set<string>([ALERT_REASON, ALERT_WORKFLOW_STATUS, TAGS]);
+const allowedFrameworkFields = new Set<string>([
+  ALERT_REASON,
+  ALERT_WORKFLOW_STATUS,
+  TAGS,
+  ALERT_URL,
+]);
 
 /**
  * Remove framework fields from the alert payload reported by

diff --git a/x-pack/plugins/alerting/server/task_runner/execution_handler.ts b/x-pack/plugins/alerting/server/task_runner/execution_handler.ts
@@ -292,7 +292,7 @@ export class ExecutionHandler<
                 alertActionGroupName: this.ruleTypeActionGroups!.get(actionGroup)!,
                 context: alert.getContext(),
                 actionId: action.id,
-                state: alert.getScheduledActionOptions()?.state || {},
+                state: alert.getState(),
                 kibanaBaseUrl: this.taskRunnerContext.kibanaBaseUrl,
                 alertParams: this.rule.params,
                 actionParams: action.params,

diff --git a/x-pack/plugins/stack_alerts/server/rule_types/constants.ts b/x-pack/plugins/stack_alerts/server/rule_types/constants.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const STACK_AAD_INDEX_NAME = 'stack';