Ability to delete alerts even when AAD is out of sync #56543
Conversation
mikecote
added
Feature:Alerting
v8.0.0
release_note:skip
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
* Ability to delete alerts even when AAD is bad * Small code fixes Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Ability to delete alerts even when AAD is bad * Small code fixes Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
|
I validated this in SIEM:
|
|
Also as a side effect, the API keys view is full of dangling API keys. You can search for them by alert ID though (which appears in the name), so it is at least possible to clean them up either in the UI or programmatically. |
| RawAlert | ||
| >('alert', id, { namespace: this.namespace }); | ||
| const [taskIdToRemove, apiKeyToInvalidate] = await Promise.all([ | ||
| this.savedObjectsClient |
There was a problem hiding this comment.
It seems like we should - in a future PR - try to fix this code so we only make one SO get call instead of two. I think, but am not positive, that getDecryptedAsInternalUser() returns the un-encrypted properties also returned from SOC.get(). Not worth figuring out for 7.6 tho.
There was a problem hiding this comment.
Good point, so instead of doing two calls in parallel, you only do SOC.get() if ever getDecryptedAsInternalUser() throws an error (in series)?
There was a problem hiding this comment.
I'd have to look closer at the impact, but it just doesn't seem right that we're doing two SO lookups, back-to-back. Used to be serially, I think, now it's in parallel, which is better perf-wise for this API, but still hits ES twice, which seems unfortunate, and hopefully, not actually required. If that seems possible, let's open another issue to investigate later. It would be a performance improvement ...
There was a problem hiding this comment.
I have created #56777 to fix this.
* master: (42 commits) Move kuery_autocomplete ⇒ NP (elastic#56607) [ML] Functional tests - stabilize job row and analytics result view assertions (elastic#56595) [Discover] Inline angular directives only used in this plugin (elastic#56119) [Discover] Migrate get_sort.js test from mocha to TypeScript (elastic#56011) [SIEM] Enable flow_target_select_connected unit tests (elastic#55618) Start consuming np logging config (elastic#56480) [SIEM] Add eslint-plugin-react-perf (elastic#55960) Mention changed SAML ACS endpoint URL in breaking changes doc. (elastic#56613) Add `getServerInfo` API to http setup contract (elastic#56636) Updates Monitoring alert Jest snapshots Kibana property config migrations (elastic#55937) Vislib replacement toggle (elastic#56439) [Uptime] Add unit tests for QueryContext time calculation (elastic#56671) [SIEM][Detection Engine] Critical blocker, fixes pre-packaged rule miscounts Upgrade EUI to v18.3.0 (elastic#56228) [Maps] Fix server log (elastic#56679) [SIEM] Fixes FTUE when APM node is present (elastic#56574) [Reporting/FieldFormats] expose `setFieldFormats` and call from ReportingPlugin.start (elastic#56563) Update EMS API urls for production (elastic#56657) Ability to delete alerts even when AAD is out of sync (elastic#56543) ...
* Ability to delete alerts even when AAD is bad * Small code fixes Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Ability to delete alerts even when AAD is bad * Small code fixes Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
mikecote
added
release_note:fix
and removed
release_note:skip
Solves the delete API for #56619.
In this PR, I'm allowing alerts to be deleted even when the AAD is out of sync. I'm also refactoring the delete unit tests of the alerts client.