Skip to content

Commit

Permalink
[Response Ops][Alerting] Do not copy latest rule configuration into r…
Browse files Browse the repository at this point in the history 
…ecovered alerts. (#195946)
  • Loading branch information
@ymao1
ymao1 authored Oct 24, 2024
1 parent 7ceaf32 commit df270ca
Show file tree
Hide file tree
Showing 5 changed files with 61 additions and 26 deletions.
15 changes: 4 additions & 11 deletions x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ import {
LogAlertsOpts,
} from './types';
import { legacyAlertsClientMock } from './legacy_alerts_client.mock';
import { keys, range } from 'lodash';
import { keys, omit, range } from 'lodash';
import { alertingEventLoggerMock } from '../lib/alerting_event_logger/alerting_event_logger.mock';
import { ruleRunMetricsStoreMock } from '../lib/rule_run_metrics_store.mock';
import { expandFlattenedAlert } from './lib';
Expand All @@ -79,6 +79,7 @@ import { MaintenanceWindow } from '../application/maintenance_window/types';
import { maintenanceWindowsServiceMock } from '../task_runner/maintenance_windows/maintenance_windows_service.mock';
import { getMockMaintenanceWindow } from '../data/maintenance_window/test_helpers';
import { KibanaRequest } from '@kbn/core/server';
import { rule } from './lib/test_fixtures';

const date = '2023-03-28T22:27:28.159Z';
const startedAtDate = '2023-03-28T13:00:00.000Z';
Expand Down Expand Up @@ -1107,11 +1108,13 @@ describe('Alerts Client', () => {
kibana: {
alert: {
instance: { id: '1' },
rule: omit(rule, 'execution'),
uuid: 'abc',
},
},
[TIMESTAMP]: date,
[ALERT_RULE_EXECUTION_TIMESTAMP]: date,
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[EVENT_ACTION]: 'close',
[ALERT_ACTION_GROUP]: 'recovered',
[ALERT_CONSECUTIVE_MATCHES]: 0,
Expand All @@ -1120,16 +1123,6 @@ describe('Alerts Client', () => {
[ALERT_FLAPPING_HISTORY]: [true, true],
[ALERT_MAINTENANCE_WINDOW_IDS]: [],
[ALERT_PREVIOUS_ACTION_GROUP]: 'default',
[ALERT_RULE_CATEGORY]: 'My test rule',
[ALERT_RULE_CONSUMER]: 'bar',
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[ALERT_RULE_NAME]: 'rule-name',
[ALERT_RULE_PARAMETERS]: { bar: true },
[ALERT_RULE_PRODUCER]: 'alerts',
[ALERT_RULE_REVISION]: 0,
[ALERT_RULE_TYPE_ID]: 'test.rule-type',
[ALERT_RULE_TAGS]: ['rule-', '-tags'],
[ALERT_RULE_UUID]: '1',
[ALERT_SEVERITY_IMPROVING]: true,
[ALERT_START]: '2023-03-28T12:27:28.159Z',
[ALERT_END]: date,
Expand Down
47 changes: 39 additions & 8 deletions x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,15 @@ import {
ALERT_RULE_EXECUTION_TIMESTAMP,
ALERT_PREVIOUS_ACTION_GROUP,
ALERT_SEVERITY_IMPROVING,
ALERT_RULE_EXECUTION_UUID,
} from '@kbn/rule-data-utils';
import {
alertRule,
existingFlattenedActiveAlert,
existingExpandedActiveAlert,
rule,
} from './test_fixtures';
import { omit } from 'lodash';

for (const flattened of [true, false]) {
const existingAlert = flattened ? existingFlattenedActiveAlert : existingExpandedActiveAlert;
Expand All @@ -63,9 +66,10 @@ for (const flattened of [true, false]) {
kibanaVersion: '8.9.0',
})
).toEqual({
...alertRule,
[TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
// @ts-ignore
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[EVENT_ACTION]: 'close',
[ALERT_ACTION_GROUP]: 'recovered',
[ALERT_CONSECUTIVE_MATCHES]: 0,
Expand All @@ -80,11 +84,13 @@ for (const flattened of [true, false]) {
[ALERT_START]: '2023-03-28T12:27:28.159Z',
[ALERT_END]: '2023-03-30T12:27:28.159Z',
[ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
// @ts-ignore
[SPACE_IDS]: ['default'],
[VERSION]: '8.9.0',
[TAGS]: ['rule-', '-tags'],
...(flattened
? {
...alertRule,
[EVENT_KIND]: 'signal',
[ALERT_INSTANCE_ID]: 'alert-A',
[ALERT_UUID]: 'abcdefg',
Expand All @@ -96,14 +102,15 @@ for (const flattened of [true, false]) {
kibana: {
alert: {
instance: { id: 'alert-A' },
rule: omit(rule, 'execution'),
uuid: 'abcdefg',
},
},
}),
});
});

test('should return alert document with recovery status and updated rule data if rule definition has changed', () => {
test('should return alert document with recovery status and but not update rule data if rule definition has changed', () => {
const legacyAlert = new LegacyAlert<{}, {}, 'default'>('alert-A', {
meta: { uuid: 'abcdefg' },
});
Expand Down Expand Up @@ -131,9 +138,10 @@ for (const flattened of [true, false]) {
kibanaVersion: '8.9.0',
})
).toEqual({
...updatedRule,
[TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
// @ts-ignore
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[EVENT_ACTION]: 'close',
[ALERT_ACTION_GROUP]: 'NoLongerActive',
[ALERT_CONSECUTIVE_MATCHES]: 0,
Expand All @@ -148,11 +156,13 @@ for (const flattened of [true, false]) {
[ALERT_START]: '2023-03-28T12:27:28.159Z',
[ALERT_END]: '2023-03-30T12:27:28.159Z',
[ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
// @ts-ignore
[SPACE_IDS]: ['default'],
[VERSION]: '8.9.0',
[TAGS]: ['rule-', '-tags'],
...(flattened
? {
...alertRule,
[EVENT_KIND]: 'signal',
[ALERT_INSTANCE_ID]: 'alert-A',
[ALERT_UUID]: 'abcdefg',
Expand All @@ -164,6 +174,7 @@ for (const flattened of [true, false]) {
kibana: {
alert: {
instance: { id: 'alert-A' },
rule: omit(rule, 'execution'),
uuid: 'abcdefg',
},
},
Expand Down Expand Up @@ -226,12 +237,13 @@ for (const flattened of [true, false]) {
kibanaVersion: '8.9.0',
})
).toEqual({
...alertRule,
count: 2,
url: `https://url2`,
'kibana.alert.nested_field': 2,
[TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
// @ts-ignore
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[EVENT_ACTION]: 'close',
[ALERT_ACTION_GROUP]: 'NoLongerActive',
[ALERT_CONSECUTIVE_MATCHES]: 0,
Expand All @@ -246,11 +258,13 @@ for (const flattened of [true, false]) {
[ALERT_START]: '2023-03-28T12:27:28.159Z',
[ALERT_END]: '2023-03-30T12:27:28.159Z',
[ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
// @ts-ignore
[SPACE_IDS]: ['default'],
[VERSION]: '8.9.0',
[TAGS]: ['rule-', '-tags'],
...(flattened
? {
...alertRule,
[EVENT_KIND]: 'signal',
[ALERT_INSTANCE_ID]: 'alert-A',
[ALERT_UUID]: 'abcdefg',
Expand All @@ -262,6 +276,7 @@ for (const flattened of [true, false]) {
kibana: {
alert: {
instance: { id: 'alert-A' },
rule: omit(rule, 'execution'),
uuid: 'abcdefg',
},
},
Expand Down Expand Up @@ -291,9 +306,10 @@ for (const flattened of [true, false]) {
kibanaVersion: '8.9.0',
})
).toEqual({
...alertRule,
[TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_TIMESTAMP]: '2030-12-15T02:44:13.124Z',
// @ts-ignore
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[EVENT_ACTION]: 'close',
[ALERT_ACTION_GROUP]: 'recovered',
[ALERT_CONSECUTIVE_MATCHES]: 0,
Expand All @@ -308,11 +324,13 @@ for (const flattened of [true, false]) {
[ALERT_START]: '2023-03-28T12:27:28.159Z',
[ALERT_END]: '2023-03-30T12:27:28.159Z',
[ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
// @ts-ignore
[SPACE_IDS]: ['default'],
[VERSION]: '8.9.0',
[TAGS]: ['rule-', '-tags'],
...(flattened
? {
...alertRule,
[EVENT_KIND]: 'signal',
[ALERT_INSTANCE_ID]: 'alert-A',
[ALERT_UUID]: 'abcdefg',
Expand All @@ -324,6 +342,7 @@ for (const flattened of [true, false]) {
kibana: {
alert: {
instance: { id: 'alert-A' },
rule: omit(rule, 'execution'),
uuid: 'abcdefg',
},
},
Expand Down Expand Up @@ -394,12 +413,13 @@ for (const flattened of [true, false]) {
kibanaVersion: '8.9.0',
})
).toEqual({
...alertRule,
count: 2,
url: `https://url2`,
'kibana.alert.nested_field': 2,
[TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
// @ts-ignore
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[EVENT_ACTION]: 'close',
[ALERT_ACTION_GROUP]: 'NoLongerActive',
[ALERT_CONSECUTIVE_MATCHES]: 0,
Expand All @@ -414,11 +434,13 @@ for (const flattened of [true, false]) {
[ALERT_START]: '2023-03-28T12:27:28.159Z',
[ALERT_END]: '2023-03-30T12:27:28.159Z',
[ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
// @ts-ignore
[SPACE_IDS]: ['default'],
[VERSION]: '8.9.0',
[TAGS]: ['-tags', 'reported-recovery-tag', 'active-alert-tag', 'rule-'],
...(flattened
? {
...alertRule,
[EVENT_KIND]: 'signal',
[ALERT_INSTANCE_ID]: 'alert-A',
[ALERT_UUID]: 'abcdefg',
Expand All @@ -430,6 +452,7 @@ for (const flattened of [true, false]) {
kibana: {
alert: {
instance: { id: 'alert-A' },
rule: omit(rule, 'execution'),
uuid: 'abcdefg',
},
},
Expand Down Expand Up @@ -498,12 +521,13 @@ for (const flattened of [true, false]) {
kibanaVersion: '8.9.0',
})
).toEqual({
...alertRule,
count: 2,
url: `https://url2`,
'kibana.alert.nested_field': 2,
[TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
// @ts-ignore
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[EVENT_ACTION]: 'close',
[ALERT_ACTION_GROUP]: 'NoLongerActive',
[ALERT_CONSECUTIVE_MATCHES]: 0,
Expand All @@ -518,11 +542,13 @@ for (const flattened of [true, false]) {
[ALERT_START]: '2023-03-28T12:27:28.159Z',
[ALERT_END]: '2023-03-30T12:27:28.159Z',
[ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
// @ts-ignore
[SPACE_IDS]: ['default'],
[VERSION]: '8.9.0',
[TAGS]: ['rule-', '-tags'],
...(flattened
? {
...alertRule,
[EVENT_KIND]: 'signal',
[ALERT_INSTANCE_ID]: 'alert-A',
[ALERT_UUID]: 'abcdefg',
Expand All @@ -534,6 +560,7 @@ for (const flattened of [true, false]) {
kibana: {
alert: {
instance: { id: 'alert-A' },
rule: omit(rule, 'execution'),
uuid: 'abcdefg',
},
},
Expand Down Expand Up @@ -601,12 +628,13 @@ for (const flattened of [true, false]) {
},
})
).toEqual({
...alertRule,
count: 2,
url: `https://url2`,
'kibana.alert.deeply.nested_field': 2,
[TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
// @ts-ignore
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[EVENT_ACTION]: 'close',
[ALERT_ACTION_GROUP]: 'NoLongerActive',
[ALERT_CONSECUTIVE_MATCHES]: 0,
Expand All @@ -621,11 +649,13 @@ for (const flattened of [true, false]) {
[ALERT_START]: '2023-03-28T12:27:28.159Z',
[ALERT_END]: '2023-03-30T12:27:28.159Z',
[ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' },
// @ts-ignore
[SPACE_IDS]: ['default'],
[VERSION]: '8.9.0',
[TAGS]: ['rule-', '-tags'],
...(flattened
? {
...alertRule,
[EVENT_KIND]: 'signal',
[ALERT_INSTANCE_ID]: 'alert-A',
[ALERT_UUID]: 'abcdefg',
Expand All @@ -637,6 +667,7 @@ for (const flattened of [true, false]) {
kibana: {
alert: {
instance: { id: 'alert-A' },
rule: omit(rule, 'execution'),
uuid: 'abcdefg',
},
},
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import {
ALERT_RULE_EXECUTION_TIMESTAMP,
ALERT_PREVIOUS_ACTION_GROUP,
ALERT_SEVERITY_IMPROVING,
ALERT_RULE_EXECUTION_UUID,
} from '@kbn/rule-data-utils';
import { DeepPartial } from '@kbn/utility-types';
import { get } from 'lodash';
Expand Down Expand Up @@ -86,12 +87,11 @@ export const buildRecoveredAlert = <
const refreshableAlertFields = replaceRefreshableAlertFields(alert);

const alertUpdates = {
// Set latest rule configuration
...rule,
// Update the timestamp to reflect latest update time
[TIMESTAMP]: timestamp,
[EVENT_ACTION]: 'close',
[ALERT_RULE_EXECUTION_TIMESTAMP]: runTimestamp ?? timestamp,
[ALERT_RULE_EXECUTION_UUID]: rule[ALERT_RULE_EXECUTION_UUID],
// Set the recovery action group
[ALERT_ACTION_GROUP]: recoveryActionGroup,
// Set latest flapping state
Expand Down
18 changes: 16 additions & 2 deletions x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import {
ALERT_RULE_EXECUTION_TIMESTAMP,
ALERT_CONSECUTIVE_MATCHES,
ALERT_PREVIOUS_ACTION_GROUP,
ALERT_RULE_EXECUTION_UUID,
} from '@kbn/rule-data-utils';
import {
alertRule,
Expand Down Expand Up @@ -161,7 +162,6 @@ describe('buildUpdatedRecoveredAlert', () => {
timestamp: '2023-03-29T12:27:28.159Z',
})
).toEqual({
...alertRule,
event: {
action: 'close',
kind: 'signal',
Expand All @@ -177,6 +177,19 @@ describe('buildUpdatedRecoveredAlert', () => {
id: 'alert-A',
},
maintenance_window_ids: ['maint-x'],
rule: {
category: 'My test rule',
consumer: 'bar',
name: 'rule-name',
parameters: {
bar: true,
},
producer: 'alerts',
revision: 0,
rule_type_id: 'test.rule-type',
tags: ['rule-', '-tags'],
uuid: '1',
},
start: '2023-03-28T12:27:28.159Z',
time_range: {
gte: '2023-03-27T12:27:28.159Z',
Expand All @@ -185,16 +198,17 @@ describe('buildUpdatedRecoveredAlert', () => {
uuid: 'abcdefg',
consecutive_matches: 0,
},
space_ids: ['default'],
version: '8.8.1',
},
[TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z',
[ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28',
[ALERT_FLAPPING]: true,
[ALERT_FLAPPING_HISTORY]: [false, false, true, true],
[ALERT_PREVIOUS_ACTION_GROUP]: 'recovered',
[ALERT_STATUS]: 'recovered',
[ALERT_WORKFLOW_STATUS]: 'open',
[SPACE_IDS]: ['default'],
[TAGS]: ['rule-', '-tags'],
});
});
Expand Down
Loading

0 comments on commit df270ca

Please sign in to comment.