diff --git a/x-pack/plugins/actions/server/lib/action_executor.ts b/x-pack/plugins/actions/server/lib/action_executor.ts index 2661db6940a5..0737e0ce3f07 100644 --- a/x-pack/plugins/actions/server/lib/action_executor.ts +++ b/x-pack/plugins/actions/server/lib/action_executor.ts @@ -147,6 +147,7 @@ export class ActionExecutor { rel: SAVED_OBJECT_REL_PRIMARY, type: 'action', id: actionId, + type_id: actionTypeId, ...namespace, }, ], diff --git a/x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts b/x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts index 78d74b78c99b..5ab25fbfa39e 100644 --- a/x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts +++ b/x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts @@ -166,10 +166,12 @@ test('enqueues execution per selected action', async () => { "id": "1", "rel": "primary", "type": "alert", + "type_id": "test", }, Object { "id": "1", "type": "action", + "type_id": "test", }, ], }, diff --git a/x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts b/x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts index 93cced2043d5..ef93179bdaba 100644 --- a/x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts +++ b/x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts @@ -182,8 +182,14 @@ export function createExecutionHandler< action_subgroup: actionSubgroup, }, saved_objects: [ - { rel: SAVED_OBJECT_REL_PRIMARY, type: 'alert', id: alertId, ...namespace }, - { type: 'action', id: action.id, ...namespace }, + { + rel: SAVED_OBJECT_REL_PRIMARY, + type: 'alert', + id: alertId, + type_id: alertType.id, + ...namespace, + }, + { type: 'action', id: action.id, type_id: action.actionTypeId, ...namespace }, ], }, }; diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts index 9c5ef25e5dfa..c157765afb35 100644 --- a/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts +++ b/x-pack/plugins/alerting/server/task_runner/task_runner.test.ts @@ -278,6 +278,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -385,6 +386,7 @@ describe('Task Runner', () => { namespace: undefined, rel: 'primary', type: 'alert', + type_id: 'test', }, ], }, @@ -406,6 +408,7 @@ describe('Task Runner', () => { namespace: undefined, rel: 'primary', type: 'alert', + type_id: 'test', }, ], }, @@ -428,11 +431,13 @@ describe('Task Runner', () => { namespace: undefined, rel: 'primary', type: 'alert', + type_id: 'test', }, { id: '1', namespace: undefined, type: 'action', + type_id: 'action', }, ], }, @@ -455,6 +460,7 @@ describe('Task Runner', () => { namespace: undefined, rel: 'primary', type: 'alert', + type_id: 'test', }, ], }, @@ -531,6 +537,7 @@ describe('Task Runner', () => { namespace: undefined, rel: 'primary', type: 'alert', + type_id: 'test', }, ], }, @@ -551,6 +558,7 @@ describe('Task Runner', () => { namespace: undefined, rel: 'primary', type: 'alert', + type_id: 'test', }, ], }, @@ -572,6 +580,7 @@ describe('Task Runner', () => { namespace: undefined, rel: 'primary', type: 'alert', + type_id: 'test', }, ], }, @@ -702,6 +711,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -725,6 +735,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -931,6 +942,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -953,6 +965,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -976,11 +989,13 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, Object { "id": "1", "namespace": undefined, "type": "action", + "type_id": "action", }, ], }, @@ -1004,6 +1019,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -1386,6 +1402,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -1408,6 +1425,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -1431,6 +1449,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -1641,6 +1660,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -1700,6 +1720,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -1767,6 +1788,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -1834,6 +1856,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, @@ -1900,6 +1923,7 @@ describe('Task Runner', () => { "namespace": undefined, "rel": "primary", "type": "alert", + "type_id": "test", }, ], }, diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner.ts b/x-pack/plugins/alerting/server/task_runner/task_runner.ts index 043f30ddca37..fd82b38b493d 100644 --- a/x-pack/plugins/alerting/server/task_runner/task_runner.ts +++ b/x-pack/plugins/alerting/server/task_runner/task_runner.ts @@ -331,6 +331,7 @@ export class TaskRunner< alertId, alertLabel, namespace, + ruleTypeId: alert.alertTypeId, }); if (!muteAll) { @@ -493,6 +494,7 @@ export class TaskRunner< rel: SAVED_OBJECT_REL_PRIMARY, type: 'alert', id: alertId, + type_id: this.alertType.id, namespace, }, ], @@ -598,6 +600,7 @@ interface GenerateNewAndRecoveredInstanceEventsParams< alertId: string; alertLabel: string; namespace: string | undefined; + ruleTypeId: string; } function generateNewAndRecoveredInstanceEvents< @@ -611,6 +614,7 @@ function generateNewAndRecoveredInstanceEvents< currentAlertInstances, originalAlertInstances, recoveredAlertInstances, + ruleTypeId, } = params; const originalAlertInstanceIds = Object.keys(originalAlertInstances); const currentAlertInstanceIds = Object.keys(currentAlertInstances); @@ -664,6 +668,7 @@ function generateNewAndRecoveredInstanceEvents< rel: SAVED_OBJECT_REL_PRIMARY, type: 'alert', id: alertId, + type_id: ruleTypeId, namespace, }, ], diff --git a/x-pack/plugins/event_log/generated/mappings.json b/x-pack/plugins/event_log/generated/mappings.json index f2515d0a6a8f..da04db1086aa 100644 --- a/x-pack/plugins/event_log/generated/mappings.json +++ b/x-pack/plugins/event_log/generated/mappings.json @@ -275,6 +275,10 @@ "type": { "type": "keyword", "ignore_above": 1024 + }, + "type_id": { + "type": "keyword", + "ignore_above": 1024 } } } diff --git a/x-pack/plugins/event_log/generated/schemas.ts b/x-pack/plugins/event_log/generated/schemas.ts index 31d8b7201cfc..a13b304e8ada 100644 --- a/x-pack/plugins/event_log/generated/schemas.ts +++ b/x-pack/plugins/event_log/generated/schemas.ts @@ -116,6 +116,7 @@ export const EventSchema = schema.maybe( namespace: ecsString(), id: ecsString(), type: ecsString(), + type_id: ecsString(), }) ) ), diff --git a/x-pack/plugins/event_log/scripts/mappings.js b/x-pack/plugins/event_log/scripts/mappings.js index a7e5f4ae6cb1..f2020e76b46b 100644 --- a/x-pack/plugins/event_log/scripts/mappings.js +++ b/x-pack/plugins/event_log/scripts/mappings.js @@ -60,6 +60,10 @@ exports.EcsCustomPropertyMappings = { type: 'keyword', ignore_above: 1024, }, + type_id: { + type: 'keyword', + ignore_above: 1024, + }, }, }, }, diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/execute.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/execute.ts index 03ae0e6daf93..f7d7c1df8fd4 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/execute.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/execute.ts @@ -119,6 +119,7 @@ export default function ({ getService }: FtrProviderContext) { spaceId: space.id, connectorId: createdAction.id, outcome: 'success', + actionTypeId: 'test.index-record', message: `action executed: test.index-record:${createdAction.id}: My action`, }); break; @@ -502,13 +503,14 @@ export default function ({ getService }: FtrProviderContext) { interface ValidateEventLogParams { spaceId: string; connectorId: string; + actionTypeId: string; outcome: string; message: string; errorMessage?: string; } async function validateEventLog(params: ValidateEventLogParams): Promise { - const { spaceId, connectorId, outcome, message, errorMessage } = params; + const { spaceId, connectorId, actionTypeId, outcome, message, errorMessage } = params; const events: IValidatedEvent[] = await retry.try(async () => { return await getEventLog({ @@ -549,6 +551,7 @@ export default function ({ getService }: FtrProviderContext) { rel: 'primary', type: 'action', id: connectorId, + type_id: actionTypeId, namespace: spaceId, }, ]); diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts index 24799888ac5b..4aa6ed830059 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts @@ -214,6 +214,7 @@ instanceStateValue: true await validateEventLog({ spaceId: space.id, alertId, + ruleTypeId: 'test.always-firing', outcome: 'success', message: `alert executed: test.always-firing:${alertId}: 'abc'`, }); @@ -1244,13 +1245,14 @@ instanceStateValue: true interface ValidateEventLogParams { spaceId: string; alertId: string; + ruleTypeId: string; outcome: string; message: string; errorMessage?: string; } async function validateEventLog(params: ValidateEventLogParams): Promise { - const { spaceId, alertId, outcome, message, errorMessage } = params; + const { spaceId, alertId, ruleTypeId, outcome, message, errorMessage } = params; const events: IValidatedEvent[] = await retry.try(async () => { return await getEventLog({ @@ -1291,6 +1293,7 @@ instanceStateValue: true type: 'alert', id: alertId, namespace: spaceId, + type_id: ruleTypeId, }, ]); diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts index 825ade55cb4b..d5e55a66ecf0 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts @@ -75,7 +75,7 @@ export default function eventLogTests({ getService }: FtrProviderContext) { validateEvent(event, { spaceId, - savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], + savedObjects: [{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.noop' }], outcome: 'failure', message: `test.noop:${alertId}: execution failed`, errorMessage: 'Unable to decrypt attribute "apiKey"', diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts index fbdde2104dd6..147b6abfb88d 100644 --- a/x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts @@ -97,6 +97,7 @@ export default function ({ getService }: FtrProviderContext) { await validateEventLog({ spaceId: Spaces.space1.id, actionId: createdAction.id, + actionTypeId: 'test.index-record', outcome: 'success', message: `action executed: test.index-record:${createdAction.id}: My action`, }); @@ -138,6 +139,7 @@ export default function ({ getService }: FtrProviderContext) { await validateEventLog({ spaceId: Spaces.space1.id, actionId: createdAction.id, + actionTypeId: 'test.failing', outcome: 'failure', message: `action execution failure: test.failing:${createdAction.id}: failing action`, errorMessage: `an error occurred while running the action executor: expected failure for .kibana-alerting-test-data actions-failure-1:space1`, @@ -330,13 +332,14 @@ export default function ({ getService }: FtrProviderContext) { interface ValidateEventLogParams { spaceId: string; actionId: string; + actionTypeId: string; outcome: string; message: string; errorMessage?: string; } async function validateEventLog(params: ValidateEventLogParams): Promise { - const { spaceId, actionId, outcome, message, errorMessage } = params; + const { spaceId, actionId, actionTypeId, outcome, message, errorMessage } = params; const events: IValidatedEvent[] = await retry.try(async () => { return await getEventLog({ @@ -377,6 +380,7 @@ export default function ({ getService }: FtrProviderContext) { type: 'action', id: actionId, namespace: 'space1', + type_id: actionTypeId, }, ]); diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts index 5d54fe3d2b1f..40c0fe398bc5 100644 --- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts @@ -128,7 +128,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) { case 'execute': validateEvent(event, { spaceId: Spaces.space1.id, - savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], + savedObjects: [ + { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' }, + ], outcome: 'success', message: `alert executed: test.patternFiring:${alertId}: 'abc'`, status: executeStatuses[executeCount++], @@ -138,8 +140,8 @@ export default function eventLogTests({ getService }: FtrProviderContext) { validateEvent(event, { spaceId: Spaces.space1.id, savedObjects: [ - { type: 'alert', id: alertId, rel: 'primary' }, - { type: 'action', id: createdAction.id }, + { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' }, + { type: 'action', id: createdAction.id, type_id: 'test.noop' }, ], message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup: 'default' action: test.noop:${createdAction.id}`, instanceId: 'instance', @@ -164,7 +166,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) { function validateInstanceEvent(event: IValidatedEvent, subMessage: string) { validateEvent(event, { spaceId: Spaces.space1.id, - savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], + savedObjects: [ + { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' }, + ], message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`, instanceId: 'instance', actionGroupId: 'default', @@ -260,7 +264,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) { case 'execute': validateEvent(event, { spaceId: Spaces.space1.id, - savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], + savedObjects: [ + { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' }, + ], outcome: 'success', message: `alert executed: test.patternFiring:${alertId}: 'abc'`, status: executeStatuses[executeCount++], @@ -273,8 +279,8 @@ export default function eventLogTests({ getService }: FtrProviderContext) { validateEvent(event, { spaceId: Spaces.space1.id, savedObjects: [ - { type: 'alert', id: alertId, rel: 'primary' }, - { type: 'action', id: createdAction.id }, + { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' }, + { type: 'action', id: createdAction.id, type_id: 'test.noop' }, ], message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup(subgroup): 'default(${event?.kibana?.alerting?.action_subgroup})' action: test.noop:${createdAction.id}`, instanceId: 'instance', @@ -305,7 +311,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) { function validateInstanceEvent(event: IValidatedEvent, subMessage: string) { validateEvent(event, { spaceId: Spaces.space1.id, - savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], + savedObjects: [ + { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' }, + ], message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`, instanceId: 'instance', actionGroupId: 'default', @@ -345,7 +353,7 @@ export default function eventLogTests({ getService }: FtrProviderContext) { validateEvent(event, { spaceId: Spaces.space1.id, - savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], + savedObjects: [{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.throw' }], outcome: 'failure', message: `alert execution failure: test.throw:${alertId}: 'abc'`, errorMessage: 'this alert is intended to fail', @@ -360,6 +368,7 @@ interface SavedObject { type: string; id: string; rel?: string; + type_id: string; } interface ValidateEventLogParams {