[RAC] Update alert documents in lifecycle rule type helper (elastic#1…

…01598)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

x-pack/plugins/apm/server/lib/services/get_service_alerts.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { ALERT_UUID } from '@kbn/rule-data-utils/target/technical_field_names';
+import { EVENT_KIND } from '@kbn/rule-data-utils/target/technical_field_names';
 import { RuleDataClient } from '../../../../rule_registry/server';
 import {
   SERVICE_NAME,
@@ -36,6 +36,7 @@ export async function getServiceAlerts({
             ...rangeQuery(start, end),
             ...environmentQuery(environment),
             { term: { [SERVICE_NAME]: serviceName } },
+            { term: { [EVENT_KIND]: 'signal' } },
           ],
           should: [
             {
@@ -64,9 +65,6 @@ export async function getServiceAlerts({
       },
       size: 100,
       fields: ['*'],
-      collapse: {
-        field: ALERT_UUID,
-      },
       sort: {
         '@timestamp': 'desc',
       },

x-pack/plugins/observability/server/lib/rules/get_top_alerts.ts

@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { ALERT_UUID, TIMESTAMP } from '@kbn/rule-data-utils/target/technical_field_names';
+import { EVENT_KIND, TIMESTAMP } from '@kbn/rule-data-utils/target/technical_field_names';
 import { RuleDataClient } from '../../../../rule_registry/server';
 import type { AlertStatus } from '../../../common/typings';
 import { kqlQuery, rangeQuery, alertStatusQuery } from '../../utils/queries';
@@ -28,13 +28,15 @@ export async function getTopAlerts({
     body: {
       query: {
         bool: {
-          filter: [...rangeQuery(start, end), ...kqlQuery(kuery), ...alertStatusQuery(status)],
+          filter: [
+            ...rangeQuery(start, end),
+            ...kqlQuery(kuery),
+            ...alertStatusQuery(status),
+            { term: { [EVENT_KIND]: 'signal' } },
+          ],
         },
       },
       fields: ['*'],
-      collapse: {
-        field: ALERT_UUID,
-      },
       size,
       sort: {
         [TIMESTAMP]: 'desc',

x-pack/plugins/rule_registry/README.md

@@ -111,9 +111,6 @@ const response = await ruleDataClient.getReader().search({
     },
     size: 100,
     fields: ['*'],
-    collapse: {
-      field: ALERT_UUID,
-    },
     sort: {
       '@timestamp': 'desc',
     },

x-pack/plugins/rule_registry/server/rule_data_client/create_rule_data_client_mock.ts

@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { Assign } from '@kbn/utility-types';
+import type { RuleDataClient } from '.';
+import { RuleDataReader, RuleDataWriter } from './types';
+
+type MockInstances<T extends Record<string, any>> = {
+  [K in keyof T]: T[K] extends (...args: infer TArgs) => infer TReturn
+    ? jest.MockInstance<TReturn, TArgs>
+    : never;
+};
+
+export function createRuleDataClientMock() {
+  const bulk = jest.fn();
+  const search = jest.fn();
+  const getDynamicIndexPattern = jest.fn();
+
+  return ({
+    createOrUpdateWriteTarget: jest.fn(({ namespace }) => Promise.resolve()),
+    getReader: jest.fn(() => ({
+      getDynamicIndexPattern,
+      search,
+    })),
+    getWriter: jest.fn(() => ({
+      bulk,
+    })),
+  } as unknown) as Assign<
+    RuleDataClient & Omit<MockInstances<RuleDataClient>, 'options' | 'getClusterClient'>,
+    {
+      getWriter: (
+        ...args: Parameters<RuleDataClient['getWriter']>
+      ) => MockInstances<RuleDataWriter>;
+      getReader: (
+        ...args: Parameters<RuleDataClient['getReader']>
+      ) => MockInstances<RuleDataReader>;
+    }
+  >;
+}

x-pack/plugins/rule_registry/server/rule_data_client/index.ts

@@ -4,6 +4,8 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+
+import { isEmpty } from 'lodash';
 import type { estypes } from '@elastic/elasticsearch';
 import { ResponseError } from '@elastic/elasticsearch/lib/errors';
 import { IndexPatternsFetcher } from '../../../../../src/plugins/data/server';
@@ -44,15 +46,26 @@ export class RuleDataClient implements IRuleDataClient {
         const clusterClient = await this.getClusterClient();
         const indexPatternsFetcher = new IndexPatternsFetcher(clusterClient);
 
-        const fields = await indexPatternsFetcher.getFieldsForWildcard({
-          pattern: index,
-        });
-
-        return {
-          fields,
-          timeFieldName: '@timestamp',
-          title: index,
-        };
+        try {
+          const fields = await indexPatternsFetcher.getFieldsForWildcard({
+            pattern: index,
+          });
+
+          return {
+            fields,
+            timeFieldName: '@timestamp',
+            title: index,
+          };
+        } catch (err) {
+          if (err.output?.payload?.code === 'no_matching_indices') {
+            return {
+              fields: [],
+              timeFieldName: '@timestamp',
+              title: index,
+            };
+          }
+          throw err;
+        }
       },
     };
   }
@@ -127,6 +140,12 @@ export class RuleDataClient implements IRuleDataClient {
 
     const mappings: estypes.MappingTypeMapping = simulateResponse.template.mappings;
 
+    if (isEmpty(mappings)) {
+      throw new Error(
+        'No mappings would be generated for this index, possibly due to failed/misconfigured bootstrapping'
+      );
+    }
+
     await clusterClient.indices.putMapping({ index: `${alias}*`, body: mappings });
   }
 }