* Changed actions API endpoints urls to follow Kibana STYLEGUIDE
* Fixed tests
* fixed test
* fixed test
* resolved conflicts
* Fixed siem tests
* Fixed failing test
* fixed readme and test
* Changed actions api urls to follow the template 'api/{plugin}/{type}/{id}
* Fixed type checks
* Fixed tests and API
* fixed tests
* Fixed type checks
* fixed type check
As part of the work towards adding RBAC & Feature Controls support in Alerting (https://github.com/elastic/kibana/issues/43994), we've decided that the ActionsClient will handle authorisation against Actions instead of relying on the SavedObjectsClient on its own.
To prevent (or at least, minimise the chances of) bypassing this auth model by using the SavedObjects client this PR makes the `action` and `action_task_params` SavedObject types _hidden_ types and given the ActionsClient permission to interact with it.
As part of the work needed for RBAC & Feature Controls support in Alerting (https://github.com/elastic/kibana/issues/43994) we've identified a need to make the Alert Saved Object type a _hidden_ type.
As we still need support for Security and Spaces, we wish to use the standard SavedObjectsClient and its middleware, but currently this isn't possible with _hidden_ types.
To address that, this PR adds support for creating a client which includes hidden types.
resolves https://github.com/elastic/kibana/issues/63171
Previously, preconfigured actions were specified as an array of action
properties. This ended up being problematic when using the kibana keystore
for secrets, as you'd have to reference specific actions via index.
This changes preconfigured actions to be specified as an object, where the
property key is the id, and the body is the remainder of the action properties.
As access to preconfigured actions has leaked across the code base, it's
probably time to consider changing the internal representation from an array
to a Map, to provide easier access by action id. For a future PR.
This PR migrates the vast majority of Alerting legacy code to the Kibana Platform.
This includes:
1. Removed legacy Task Manager
2. Migrates Fixture plugins in Alerting, Triggers UI and Task Manager Perf
This does not includes:
1. The PagerDuty simulator due to a lack of support for custom responses in the platform. issue opened. https://github.com/elastic/kibana/issues/65045
2. The Webhooks simulator due to a lack of support for custom authorisation. Requires investigation.
resolves https://github.com/elastic/kibana/issues/62668
Adds a property named `rel` to the nested saved objects in the event
documents, whose value should not be set, or set to `primary`.
The query by saved object function changes to only match event documents
with that saved objects if it has the `rel: primary` value.
This is used to limit searching alerting's executeAction event document
with only the alert saved object, and not the action saved object (this
document has an alert and action saved object). The alert saved object
has the `rel: primary` field set, and the action does not. Previously,
those documents were returned with a query of the action saved object.
Completes the migration of all Alerting Services plugins onto the Kibana Platform
It includes:
1. Actions plugin
2. Alerting plugin
3. Task Manager plugin
4. Triggers UI plugin
And touches the Uptime and Siem plugins as their use of the Task Manager relied on some of the legacy lifecycle to work (registering AlertTypes and Telemetry tasks after the Start stage has already began). The fix was simply to moves these registrations to the Setup stage.
resolves https://github.com/elastic/kibana/issues/61891
Adds a relatively new ECS field `event.outcome`. Value of `success`, `failure`,
or `unknown`. This is nice, as the only way we have currently of determining an
error for an alert or action execution in the log is the existence of an
`error.message` field. It is added to to the documents for those events.
see: https://www.elastic.co/guide/en/ecs/current/ecs-event.html
* Extended existing alerting functionality to support preconfigured only action types
* fixed functional test
* Adding documentation
* Fixed UI part due to comments
* added missing tests
* fixed action type execution
* Fixed documentation
* Fixed due to comments
* fixed type checks
* extended isActionExecutable to check exact action id if it is in the preconfigured list
This removes unneeded use of `any` throughout:
1. alerting
2. alerting_builtin
3. actions
4. task manager
5. event log
It also adds a linting rule that will prevent us from adding more `any` in the future unless an explicit exemption is made.
Major cleanup of the no_restricted_paths rule for imports of core.
For relative imports, we use eslint-module-utils/resolve which resolves
to the full filesystem path. So, to support relative and absolute
imports from the src alias we need to define both the directory and the
index including file extension.
This rule was handling both core imports, as well as imports from other
plugins. Imports from other plugins are being used much more liberally
allowed through the exceptions in tests. I choose to break these up,
removing this exception for tests for core imports.
Fixes:
Absolute imports of src/core/server/mocks were not allowed in src. This
was not an issue in x-pack due to the target excluding
!x-pack/**/*.test.* and !x-pack/test/**/*.
Non-top-level public and server imports were allowed from X-Pack tests
to the previously mentioned exclusion.
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
Improves the messaging when the Pager Duty action has trouble parsing the timestamp field and adds trimming on the timestamp's field to make us more flexible in handling the parsing and hence more likely to be forgiving of the input by the user.
As the timestamp relies on context variables provided via mustcahe templates, we can't reliably validate this field at alert creation time.
We address by:
1. Trimming the edges, which is required when parsing a date, should help prevent accidental spaces from breaking the parsing.
2. Checking for a mustache template on the client side and if there are none - we validate for a valid timestamp when the action is created.
* x-pack/watcher: use Elasticsearch from CoreStart
* x-pack/upgrade_assistant: use Elasticsearch from CoreStart
* x-pack/actions: use Elasticsearch from CoreStart
* x-pack/alerting: use Elasticsearch from CoreStart
* x-pack/lens: use Elasticsearch from CoreStart
* expressions: use Elasticsearch from CoreStart
* x-pack/remote_clusters: remove unused Elasticsearch dependency on CoreSetup
* x-pack/oss_telemetry: use Elasticsearch from CoreStart
* Cleanup after #59886
* x-pack/watcher: create custom client only once
* Revert "x-pack/watcher: create custom client only once"
This reverts commit 78fc4d2e93.
* Revert "x-pack/watcher: use Elasticsearch from CoreStart"
This reverts commit b621af9388.
* x-pack/task_manager: use Elasticsearch from CoreStart
* x-pack/event_log: use Elasticsearch from CoreStart
* x-pack/alerting: use Elasticsearch from CoreStart
* x-pack/apm: use Elasticsearch from CoreStart
* x-pack/actions: use Elasticsearch from CoreStart
* PR Feedback
* APM review nits
* Remove unused variable
* Remove unused variable
* x-pack/apm: better typesafety
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
resolves https://github.com/elastic/kibana/issues/63162
Most of the support for pre-configured actions has already been added
to Kibana, except for one small piece. The ability for them to be
executed. This PR adds that support.
Adds a namespace attribute to the saved object object within the Event Log so that each Saved Object can have its own. This change also removes the existing kibana.namespace field.
As Event Log is not yet in use, this does not include a migration.
* Implemented actions server API for supporting preconfigured connectors defined in kibana.yaml
* Fixed type check
* Fixed due to comments and extended functional tests
* Fixed tests and renamed connectors
* fixed jest tests
* Fixed type checks
* Fixed failing alert save
* Fixed alert client tests
* fixed type checks
* Fixed language check error
* Fixed jest tests
* Added missing comments and docs
* fixed due to comments
* Fixed json config for preconfigured
* fixed type check, reverted config
* config experiment with json stringify
* revert experiment
* Removed the spaces from connector names in config
resolves https://github.com/elastic/kibana/issues/62372
See the referenced issue for background. Eventually we will probably have to
have a separate setting for `tls.rejectUnauthorized`, not base it on the
value of the `secure` config property. But this will likely be useful for
a number of smtp servers used by customers.
* fix alert and action telemetry reporting to stop sending data that starts or ends with a '.'
* Fixed due to comments
* fixed test
* revert testing data
* add plugin own contract as third element of getStartServices result
* adapt plugins code
* update tests
* revert unknown to use void again
* update generated doc
* fix UT
* update mock to allow non-object `pluginStartContract`
* add @typeParam documentation
resolves https://github.com/elastic/kibana/issues/61056
When the index action params moved into config, the `schema.maybe()` on the
`executionTimeField` should have been changed to `schema.nullable()`, otherwise
you can never "unset" the field, once it's set.
Changes rippled down to the UI as well.
To be extra safe, we also check that the `executionTimeField` isn't an empty
string when trimmed, as ES will not accept a document with a property that is
the empty string.
resolves https://github.com/elastic/kibana/issues/57143
Currently, the built-in email action requires user/password properties to be
set in it's secrets parameters. This PR changes that requirement, so they
are no longer required.
* Define minimum license required for each action type (#58668)
* Add minimum required license
* Require at least gold license as a minimum license required on third party action types
* Use strings for license references
* Ensure license type is valid
* Fix some tests
* Add servicenow to gold
* Add tests
* Set license requirements on other built in action types
* Use jest.Mocked<ActionType> instead
* Change servicenow to platinum
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Make actions config mock and license state mock use factory pattern and jest mocks (#59370)
* Add license checks to action HTTP APIs (#59153)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Add license checks within alerting / actions framework (#59699)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Verify action type before scheduling action task
* Make actions plugin.execute throw error if action type is disabled
* Bug fixes
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Stop action task from re-running when license check fails
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Fix confusing assertion
* Add comment explaining double mock
* Log warning when alert action isn't scheduled
* Disable action types in UI when license doesn't support it (#59819)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Verify action type before scheduling action task
* Make actions plugin.execute throw error if action type is disabled
* Bug fixes
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Stop action task from re-running when license check fails
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Return enabledInConfig and enabledInLicense from actions get types API
* Disable cards that have invalid license in create connector flyout
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Disable when creating alert action
* Return minimumLicenseRequired in /types API
* Disable row in connectors when action type is disabled
* Fix failing jest test
* Some refactoring
* Card in edit alert flyout
* Sort action types by name
* Add tooltips to create connector action type selector
* Add tooltips to alert flyout action type selector
* Add get more actions link in alert flyout
* Add callout when creating a connector
* Typos
* remove float right and use flexgroup
* replace pixels with eui variables
* turn on sass lint for triggers_actions_ui dir
* trying to add padding around cards
* Add callout in edit alert screen when some actions are disabled
* improve card selection for Add Connector flyout
* Fix cards for create connector
* Add tests
* ESLint issue
* Cleanup
* Cleanup pt2
* Fix type check errors
* moving to 3-columns cards for connector selection
* Change re-enable to enable terminology
* Revert "Change re-enable to enable terminology"
This reverts commit b497dfd6b6.
* Add re-enable comment
* Remove unecessary fragment
* Add type to actionTypeNodes
* Fix EuiLink to not have opacity of 0.7 when not hovered
* design cleanup in progress
* updating classNames
* using EuiIconTip
* Remove label on icon tip
* Fix failing jest test
Co-authored-by: Andrea Del Rio <delrio.andre@gmail.com>
* Add index to .index action type test
* PR feedback
* Add isErrorThatHandlesItsOwnResponse
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Andrea Del Rio <delrio.andre@gmail.com>
Adds Navigation APIs to Alerting.
Parts to this PR:
Adds a client side (Public) plugin to Alerting, including two APIs: registerNavigation & registerDefaultNavigation. These allow a plugin to register navigation handlers for any alerts which it is the consumer of- one for specific AlertTypes and one for a default handler for all AlertTypes created by the plugin.
The Alert Details page now uses these navigation handlers for the View In App button. If there's an AlertType specific handler it uses that, otherwise it uses a default one and if the consumer has not registered a handler - it remains disabled.
A generic Alerting Example plugin that demonstrates usage of these APIs including two AlertTypes - one that always fires, and another that checks how many people are in Outer Space and allows you to trigger based on that. 😉 To enable the plugin run yarn start --ssl --run-examples
* Apply action types to fields
* Add information to each field
* Do not create or update comments when actionType is set to nothing
* Improve helpers tests
* Improve tests
* Refactor: Use transformers and pipes
* Better types
* Refactor tests to new changes
* Better error messages
* Improve field formatting and display
* Improve integration tests
* Make username mandatory field
* Translate transformers
* Refactor schema
* Translate appendInformationToField helper
* Improve intergration tests
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Moved index params fields to connector config
* Fixed type check issue
* Fixing functional tests
* Fixed due to comments
* Fixed functional tests
* Fixed tests and type check
* use inline snapshots instead of snapshots
* hide input value from error messages
* update core snapshots
* update xpack snapshots
* fix ftr assertions
* fix new snapshots
* hide values for byte_size and duration
* update new snapshots
* remove another byte_size value reference
* fix yet another value references in error messages
* update xpack snapshots
* update xpack ftr assertions
* Makes alerting and actions optional properties for interface RequestHandlerContext
* Added an error response result if context for actions and alerting is not registered
Previously, when using the slack action with a url which was not whitelisted, the entire URL was reported in the error. With this change, only the hostname is reported in the error.
* Disable actions client when ESO using generated key
* Add test for getActionsClientWithRequest
* Add other part to plugin.test.ts
* Cleanup tests a bit
* Cleanup tests
* plugin.test.ts cleanup
* Add warning logs on setup
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* allow parsing from string for object-ish and array types
* update snapshots
* fix FTR assertion
* add documentation note about using a json string as input
* License expiration
* Flip off
* Only require alerting and actions if enabled
* Support date formating and timezones in the alert UI messages, support ccs better
* Fix status tests
* Fix up front end tests
* Fix linting, and switch this back
* Add this back in so legacy alerts continue to work
* Fix type issues
* Handle CCS better
* Code cleanup
* Fix type issues
* Flip this off, and fix test
* Moved the email address config to advanced settings, but need help with test failures and typescript
* Fix issue with task manager
* Deprecate email_address
* Use any until we can figure out this TS issue
* Fix type issue
* More tests
* Fix mocha tests
* Use mock instead of any
* I'm not sure why these changed...
* Provide timezone in moment usage in tests for consistency
* Fix type issue
* Change how we get dateFormat and timezone
* Change where we calculate the dates to show in the alerts UI
* Show deprecation warning based on the feature toggle
* Ensure we are using UTC
* PR feedback
* Only add this if the feature flag is enabled
* Fix tests
* Ensure we only attempt to look this up if the feature flag is enabled
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Cleanup action task params saved objects after use
* Fix jest tests
* Add integration test to ensure object gets cleaned up
* Add unit tests
* Fix comment
* Re-use updated_at instead of creating createdAt
* Consider null/undefined returned from executor as success as well
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This addresses two issues that have come up:
Alerting and Actions have TypeScript types that are needed across server and public plugins, and need to be extracted to a common path (thanks @chrisronline for bringing this to our attention)
Due to the above, types have been duplicated between the alerting and actions when needed in the Alerting UI, which has led to them diverging. This forces the UI to type check against the API, which will help reduce these errors in the future.