Renames "Built-In Alerts" feature to "Stack Alerts" and "Actions" feature to "Actions and Connectors" as we've decided these names make more appropriate and better communicate what these features are.
* Grouped features for space management
* Apply suggestions from code review
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
* Address PR Feedback
* docs changes
* updating types/docs
* update APM feature name
* Reintroduce extraAction following EUI update
* change ordering of infra features, and render callout for management category
Co-authored-by: Joe Portner <5295965+jportner@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Initial work
* Expand generic support to alert instances
* Convert index threshold to use generics
* Make fixture alert types use generics
* Make alert instance related types use unknown
* Fix typecheck failures
* Cleanup + add instance generic support to registry.get API
* Shallow clone
* Rename some TS variables
* Fix failing api integration tests
* Change code for easier review and keep more history
* Fix
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This PR removes the alerting and actions ui privileges (alerting:show, actions:show, etc...) and instead relies on the standard Kibana feature control model to decide whether management displays the Alerts Management section under management.
* Added more {{context}} fields for Index Threshold alert type (including requested 'threshold' field). Extended action variables UX with tooltip containing variable description.
* Fixed type checks and failing tests
* fixed type check
* Splited params variables
* Fixed tests and type checks
* Fixed styles
* Fixed type check
* fixed styles
* fixed missing type
* Fixed due to comments
* fixed variables description
* fixed type check
* Fixed due to comments
* fixed typecheck
* Merge remote-tracking branch upstream/master into alerting-additional-context-fields
* fixed type checks and tests
* fixed tests
This PR adds _Role Based Access-Control_ to the Alerting framework & Actions feature using Kibana Feature Controls, addressing most of the Meta issue: https://github.com/elastic/kibana/issues/43994
This also closes https://github.com/elastic/kibana/issues/62438
This PR includes the following:
1. Adds `alerting` specific Security Actions (not to be confused with Alerting Actions) to the `security` plugin which allows us to assign alerting specific privileges to users of other plugins using the `features` plugin.
2. Removes the security wrapper from the savedObjectsClient in AlertsClient and instead plugs in the new AlertsAuthorization which performs the privilege checks on each api call made to the AlertsClient.
3. Adds privileges in each plugin that is already using the Alerting Framework which mirror (as closely as possible) the existing api-level tag-based privileges and plugs them into the AlertsClient.
4. Adds feature granted privileges arounds Actions (by relying on Saved Object privileges under the hood) and plugs them into the ActionsClient
5. Removes the legacy api-level tag-based privilege system from both the Alerts and Action HTTP APIs
* move last snapshot to inline
* move legacy files to legacy subfolder
* move request types out of legacy
* export Headers from http instead of elasticsearch
* renaming - first pass
* renaming - second pass
* fix core mocks
* adapt new calls
* update generated doc
* fix IT test mocks
* fix new usages
* Allow registered alert types to be non-editable
* Fixed isUiEditEnabled values
* Fixed due to comments
* fixed failing tests
* Enable alert type selection per alert consumer, only 'alerting' consumer can display other consumers alert types, but in case if it isEditable
* fixed tests
* Removed consumer property from the client side alert type registry and added server side property producer which purpose is to manage a feature logic
* fixed type check
* Fixed tests and type checks
* Removed error message for non registered plugins
* Fixed failing tests
* Fixed due to comments
* fixed test
* -
* revert logic for requiresAppContext
* Added close toast after saving alert
This removes unneeded use of `any` throughout:
1. alerting
2. alerting_builtin
3. actions
4. task manager
5. event log
It also adds a linting rule that will prevent us from adding more `any` in the future unless an explicit exemption is made.
* Rename some alert types
* Use sentence case for remaining changes + fix jest test
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
resolves https://github.com/elastic/kibana/issues/59889
The index threshold APIs - used by both the index threshold UI and the
alert executor - were returning errors (500's from http endpoints) when
getting errors from ES.
These have been changed so that the error is logged as a warning, and the
relevant API returns an "empty" result.
Another 500 response was found while experimenting with this. Apparently
the date_range agg requires a date format to be passed in if the date format
in ES is not an ISO date. The repro on this was to select the `.security`
alias (or it's index) within the index threshold alert UI, and then select
one of it's date fields.
The current index threshold alert uses a `size` limit on term aggregation, when used, but does not sort the buckets, so it's just using descending count on the grouped buckets as the sort to determine what to return.
The watcher API for the index threshold notes this as "top N of", implying a sort.
This PR applies sorting when the using `groupBy: top`, and the `aggType != count`. For count, ES is already sorting the way we want.
The sort is calculated as a separate agg beside the date_range aggregation, which is the same metrics agg specified in the query - `aggType(aggField)`. This field is then referenced in a new `order` property in the terms agg, using 'asc' sorting for `min`, and `desc` sorting for `avg`, `max`, and `sum`.
This doesn't change the shape of the output at all, just changes which term buckets will be returned, if there are more term buckets than requested with the `termSize` parameter.
resolves https://github.com/elastic/kibana/issues/58529
This PR extends alertType with an `actionVariables` property, which
describes the properties of the context object passed when scheduling
actions, and the current state. These property descriptions are used
by the web ui for the alert create and edit forms, to allow the properties
to be added to action parameters as mustache template variables.
This is a pre-cursor to https://github.com/elastic/kibana/issues/58529
I realized a bit ago that we weren't making quite enough info available
in the action parameter templating that happens when alerts schedule
actions to execute. Missing were alert name, tags, and spaceId.
For the index threshold alert, I had added them to it's context, but
then every other action would have to do the same if they also
wanted those values.
So I added these as additional top-level variables that can be
used in templates, along with the alert id, alert instance id,
context, and state. The other bits in RawAlert didn't seem
that interesting, to be used as an action parameter.
Prior to this PR, the alerting UI used two HTTP endpoints provided by the
Kibana watcher plugin, to list index and field names. There are now two HTTP
endpoints in the alerting_builtins plugin which will be used instead.
The code for the new endpoints was largely copied from the existing watcher
endpoints, and the HTTP request/response bodies kept pretty much the same.
resolves https://github.com/elastic/kibana/issues/53041
* use inline snapshots instead of snapshots
* hide input value from error messages
* update core snapshots
* update xpack snapshots
* fix ftr assertions
* fix new snapshots
* hide values for byte_size and duration
* update new snapshots
* remove another byte_size value reference
* fix yet another value references in error messages
* update xpack snapshots
* update xpack ftr assertions
Changes the alerting UI to use the new time series query HTTP endpoint provided by the builtin index threshold alertType; previously it used a watcher HTTP endpoint.
This is part of the ongoing index threshold work tracked in https://github.com/elastic/kibana/issues/53041
This is a follow-on to https://github.com/elastic/kibana/pull/57030 ,
"[alerting] initial index threshold alertType and supporting APIs",
to get it working with the existing alerting UI. The parameter shape
was different between the two, so the alertType was changed to fix
the existing UI shapes expected.
Adds the first built-in alertType for Kibana alerting, an index threshold alert, and associated HTTP endpoint to generate preview data for it.
addresses the server-side requirements for issue https://github.com/elastic/kibana/issues/53041
