From df270ca6cdefde229ea32f1e9668710b03457a57 Mon Sep 17 00:00:00 2001 From: Ying Mao Date: Thu, 24 Oct 2024 18:12:51 -0400 Subject: [PATCH] [Response Ops][Alerting] Do not copy latest rule configuration into recovered alerts. (#195946) --- .../alerts_client/alerts_client.test.ts | 15 ++---- .../lib/build_recovered_alert.test.ts | 47 +++++++++++++++---- .../lib/build_recovered_alert.ts | 4 +- .../lib/build_updated_recovered_alert.test.ts | 18 ++++++- .../lib/build_updated_recovered_alert.ts | 3 -- 5 files changed, 61 insertions(+), 26 deletions(-) diff --git a/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts b/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts index 17de8063884fa..36bf830e47f74 100644 --- a/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts +++ b/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts @@ -60,7 +60,7 @@ import { LogAlertsOpts, } from './types'; import { legacyAlertsClientMock } from './legacy_alerts_client.mock'; -import { keys, range } from 'lodash'; +import { keys, omit, range } from 'lodash'; import { alertingEventLoggerMock } from '../lib/alerting_event_logger/alerting_event_logger.mock'; import { ruleRunMetricsStoreMock } from '../lib/rule_run_metrics_store.mock'; import { expandFlattenedAlert } from './lib'; @@ -79,6 +79,7 @@ import { MaintenanceWindow } from '../application/maintenance_window/types'; import { maintenanceWindowsServiceMock } from '../task_runner/maintenance_windows/maintenance_windows_service.mock'; import { getMockMaintenanceWindow } from '../data/maintenance_window/test_helpers'; import { KibanaRequest } from '@kbn/core/server'; +import { rule } from './lib/test_fixtures'; const date = '2023-03-28T22:27:28.159Z'; const startedAtDate = '2023-03-28T13:00:00.000Z'; @@ -1107,11 +1108,13 @@ describe('Alerts Client', () => { kibana: { alert: { instance: { id: '1' }, + rule: omit(rule, 'execution'), uuid: 'abc', }, }, [TIMESTAMP]: date, [ALERT_RULE_EXECUTION_TIMESTAMP]: date, + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [EVENT_ACTION]: 'close', [ALERT_ACTION_GROUP]: 'recovered', [ALERT_CONSECUTIVE_MATCHES]: 0, @@ -1120,16 +1123,6 @@ describe('Alerts Client', () => { [ALERT_FLAPPING_HISTORY]: [true, true], [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_PREVIOUS_ACTION_GROUP]: 'default', - [ALERT_RULE_CATEGORY]: 'My test rule', - [ALERT_RULE_CONSUMER]: 'bar', - [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', - [ALERT_RULE_NAME]: 'rule-name', - [ALERT_RULE_PARAMETERS]: { bar: true }, - [ALERT_RULE_PRODUCER]: 'alerts', - [ALERT_RULE_REVISION]: 0, - [ALERT_RULE_TYPE_ID]: 'test.rule-type', - [ALERT_RULE_TAGS]: ['rule-', '-tags'], - [ALERT_RULE_UUID]: '1', [ALERT_SEVERITY_IMPROVING]: true, [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: date, diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts index c63543b99232d..d380b74660faa 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts @@ -31,12 +31,15 @@ import { ALERT_RULE_EXECUTION_TIMESTAMP, ALERT_PREVIOUS_ACTION_GROUP, ALERT_SEVERITY_IMPROVING, + ALERT_RULE_EXECUTION_UUID, } from '@kbn/rule-data-utils'; import { alertRule, existingFlattenedActiveAlert, existingExpandedActiveAlert, + rule, } from './test_fixtures'; +import { omit } from 'lodash'; for (const flattened of [true, false]) { const existingAlert = flattened ? existingFlattenedActiveAlert : existingExpandedActiveAlert; @@ -63,9 +66,10 @@ for (const flattened of [true, false]) { kibanaVersion: '8.9.0', }) ).toEqual({ - ...alertRule, [TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', + // @ts-ignore + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [EVENT_ACTION]: 'close', [ALERT_ACTION_GROUP]: 'recovered', [ALERT_CONSECUTIVE_MATCHES]: 0, @@ -80,11 +84,13 @@ for (const flattened of [true, false]) { [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: '2023-03-30T12:27:28.159Z', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, + // @ts-ignore [SPACE_IDS]: ['default'], [VERSION]: '8.9.0', [TAGS]: ['rule-', '-tags'], ...(flattened ? { + ...alertRule, [EVENT_KIND]: 'signal', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_UUID]: 'abcdefg', @@ -96,6 +102,7 @@ for (const flattened of [true, false]) { kibana: { alert: { instance: { id: 'alert-A' }, + rule: omit(rule, 'execution'), uuid: 'abcdefg', }, }, @@ -103,7 +110,7 @@ for (const flattened of [true, false]) { }); }); - test('should return alert document with recovery status and updated rule data if rule definition has changed', () => { + test('should return alert document with recovery status and but not update rule data if rule definition has changed', () => { const legacyAlert = new LegacyAlert<{}, {}, 'default'>('alert-A', { meta: { uuid: 'abcdefg' }, }); @@ -131,9 +138,10 @@ for (const flattened of [true, false]) { kibanaVersion: '8.9.0', }) ).toEqual({ - ...updatedRule, [TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', + // @ts-ignore + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [EVENT_ACTION]: 'close', [ALERT_ACTION_GROUP]: 'NoLongerActive', [ALERT_CONSECUTIVE_MATCHES]: 0, @@ -148,11 +156,13 @@ for (const flattened of [true, false]) { [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: '2023-03-30T12:27:28.159Z', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, + // @ts-ignore [SPACE_IDS]: ['default'], [VERSION]: '8.9.0', [TAGS]: ['rule-', '-tags'], ...(flattened ? { + ...alertRule, [EVENT_KIND]: 'signal', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_UUID]: 'abcdefg', @@ -164,6 +174,7 @@ for (const flattened of [true, false]) { kibana: { alert: { instance: { id: 'alert-A' }, + rule: omit(rule, 'execution'), uuid: 'abcdefg', }, }, @@ -226,12 +237,13 @@ for (const flattened of [true, false]) { kibanaVersion: '8.9.0', }) ).toEqual({ - ...alertRule, count: 2, url: `https://url2`, 'kibana.alert.nested_field': 2, [TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', + // @ts-ignore + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [EVENT_ACTION]: 'close', [ALERT_ACTION_GROUP]: 'NoLongerActive', [ALERT_CONSECUTIVE_MATCHES]: 0, @@ -246,11 +258,13 @@ for (const flattened of [true, false]) { [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: '2023-03-30T12:27:28.159Z', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, + // @ts-ignore [SPACE_IDS]: ['default'], [VERSION]: '8.9.0', [TAGS]: ['rule-', '-tags'], ...(flattened ? { + ...alertRule, [EVENT_KIND]: 'signal', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_UUID]: 'abcdefg', @@ -262,6 +276,7 @@ for (const flattened of [true, false]) { kibana: { alert: { instance: { id: 'alert-A' }, + rule: omit(rule, 'execution'), uuid: 'abcdefg', }, }, @@ -291,9 +306,10 @@ for (const flattened of [true, false]) { kibanaVersion: '8.9.0', }) ).toEqual({ - ...alertRule, [TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_RULE_EXECUTION_TIMESTAMP]: '2030-12-15T02:44:13.124Z', + // @ts-ignore + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [EVENT_ACTION]: 'close', [ALERT_ACTION_GROUP]: 'recovered', [ALERT_CONSECUTIVE_MATCHES]: 0, @@ -308,11 +324,13 @@ for (const flattened of [true, false]) { [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: '2023-03-30T12:27:28.159Z', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, + // @ts-ignore [SPACE_IDS]: ['default'], [VERSION]: '8.9.0', [TAGS]: ['rule-', '-tags'], ...(flattened ? { + ...alertRule, [EVENT_KIND]: 'signal', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_UUID]: 'abcdefg', @@ -324,6 +342,7 @@ for (const flattened of [true, false]) { kibana: { alert: { instance: { id: 'alert-A' }, + rule: omit(rule, 'execution'), uuid: 'abcdefg', }, }, @@ -394,12 +413,13 @@ for (const flattened of [true, false]) { kibanaVersion: '8.9.0', }) ).toEqual({ - ...alertRule, count: 2, url: `https://url2`, 'kibana.alert.nested_field': 2, [TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', + // @ts-ignore + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [EVENT_ACTION]: 'close', [ALERT_ACTION_GROUP]: 'NoLongerActive', [ALERT_CONSECUTIVE_MATCHES]: 0, @@ -414,11 +434,13 @@ for (const flattened of [true, false]) { [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: '2023-03-30T12:27:28.159Z', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, + // @ts-ignore [SPACE_IDS]: ['default'], [VERSION]: '8.9.0', [TAGS]: ['-tags', 'reported-recovery-tag', 'active-alert-tag', 'rule-'], ...(flattened ? { + ...alertRule, [EVENT_KIND]: 'signal', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_UUID]: 'abcdefg', @@ -430,6 +452,7 @@ for (const flattened of [true, false]) { kibana: { alert: { instance: { id: 'alert-A' }, + rule: omit(rule, 'execution'), uuid: 'abcdefg', }, }, @@ -498,12 +521,13 @@ for (const flattened of [true, false]) { kibanaVersion: '8.9.0', }) ).toEqual({ - ...alertRule, count: 2, url: `https://url2`, 'kibana.alert.nested_field': 2, [TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', + // @ts-ignore + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [EVENT_ACTION]: 'close', [ALERT_ACTION_GROUP]: 'NoLongerActive', [ALERT_CONSECUTIVE_MATCHES]: 0, @@ -518,11 +542,13 @@ for (const flattened of [true, false]) { [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: '2023-03-30T12:27:28.159Z', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, + // @ts-ignore [SPACE_IDS]: ['default'], [VERSION]: '8.9.0', [TAGS]: ['rule-', '-tags'], ...(flattened ? { + ...alertRule, [EVENT_KIND]: 'signal', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_UUID]: 'abcdefg', @@ -534,6 +560,7 @@ for (const flattened of [true, false]) { kibana: { alert: { instance: { id: 'alert-A' }, + rule: omit(rule, 'execution'), uuid: 'abcdefg', }, }, @@ -601,12 +628,13 @@ for (const flattened of [true, false]) { }, }) ).toEqual({ - ...alertRule, count: 2, url: `https://url2`, 'kibana.alert.deeply.nested_field': 2, [TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', + // @ts-ignore + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [EVENT_ACTION]: 'close', [ALERT_ACTION_GROUP]: 'NoLongerActive', [ALERT_CONSECUTIVE_MATCHES]: 0, @@ -621,11 +649,13 @@ for (const flattened of [true, false]) { [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: '2023-03-30T12:27:28.159Z', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, + // @ts-ignore [SPACE_IDS]: ['default'], [VERSION]: '8.9.0', [TAGS]: ['rule-', '-tags'], ...(flattened ? { + ...alertRule, [EVENT_KIND]: 'signal', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_UUID]: 'abcdefg', @@ -637,6 +667,7 @@ for (const flattened of [true, false]) { kibana: { alert: { instance: { id: 'alert-A' }, + rule: omit(rule, 'execution'), uuid: 'abcdefg', }, }, diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts index bfcea9e29edf6..92328f7fb94f5 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts @@ -26,6 +26,7 @@ import { ALERT_RULE_EXECUTION_TIMESTAMP, ALERT_PREVIOUS_ACTION_GROUP, ALERT_SEVERITY_IMPROVING, + ALERT_RULE_EXECUTION_UUID, } from '@kbn/rule-data-utils'; import { DeepPartial } from '@kbn/utility-types'; import { get } from 'lodash'; @@ -86,12 +87,11 @@ export const buildRecoveredAlert = < const refreshableAlertFields = replaceRefreshableAlertFields(alert); const alertUpdates = { - // Set latest rule configuration - ...rule, // Update the timestamp to reflect latest update time [TIMESTAMP]: timestamp, [EVENT_ACTION]: 'close', [ALERT_RULE_EXECUTION_TIMESTAMP]: runTimestamp ?? timestamp, + [ALERT_RULE_EXECUTION_UUID]: rule[ALERT_RULE_EXECUTION_UUID], // Set the recovery action group [ALERT_ACTION_GROUP]: recoveryActionGroup, // Set latest flapping state diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts index eda0b2c4a97e6..3a4151268c8d3 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts @@ -28,6 +28,7 @@ import { ALERT_RULE_EXECUTION_TIMESTAMP, ALERT_CONSECUTIVE_MATCHES, ALERT_PREVIOUS_ACTION_GROUP, + ALERT_RULE_EXECUTION_UUID, } from '@kbn/rule-data-utils'; import { alertRule, @@ -161,7 +162,6 @@ describe('buildUpdatedRecoveredAlert', () => { timestamp: '2023-03-29T12:27:28.159Z', }) ).toEqual({ - ...alertRule, event: { action: 'close', kind: 'signal', @@ -177,6 +177,19 @@ describe('buildUpdatedRecoveredAlert', () => { id: 'alert-A', }, maintenance_window_ids: ['maint-x'], + rule: { + category: 'My test rule', + consumer: 'bar', + name: 'rule-name', + parameters: { + bar: true, + }, + producer: 'alerts', + revision: 0, + rule_type_id: 'test.rule-type', + tags: ['rule-', '-tags'], + uuid: '1', + }, start: '2023-03-28T12:27:28.159Z', time_range: { gte: '2023-03-27T12:27:28.159Z', @@ -185,16 +198,17 @@ describe('buildUpdatedRecoveredAlert', () => { uuid: 'abcdefg', consecutive_matches: 0, }, + space_ids: ['default'], version: '8.8.1', }, [TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', + [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', [ALERT_FLAPPING]: true, [ALERT_FLAPPING_HISTORY]: [false, false, true, true], [ALERT_PREVIOUS_ACTION_GROUP]: 'recovered', [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'open', - [SPACE_IDS]: ['default'], [TAGS]: ['rule-', '-tags'], }); }); diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts index 06972c81e496d..ba1e0c4b5f56a 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts @@ -39,7 +39,6 @@ interface BuildUpdatedRecoveredAlertOpts { export const buildUpdatedRecoveredAlert = ({ alert, legacyRawAlert, - rule, runTimestamp, timestamp, }: BuildUpdatedRecoveredAlertOpts): Alert & AlertData => { @@ -50,8 +49,6 @@ export const buildUpdatedRecoveredAlert = ({ const cleanedAlert = omit(alert, ALERT_SEVERITY_IMPROVING); const alertUpdates = { - // Set latest rule configuration - ...rule, // Update the timestamp to reflect latest update time [TIMESTAMP]: timestamp, [ALERT_RULE_EXECUTION_TIMESTAMP]: runTimestamp ?? timestamp,