[Cases] Implementing the alerts count metric (elastic#120265)

* Implementing the alert count metrics * Fixing type errors * Fixing tests * Removing count api from attachment client * Fixing test * removing unused snapshots Co-authored-by: Kibana Machine <[email protected]>
TinLe · Dec 22, 2021 · 7c2f500 · 7c2f500
1 parent f717abe
commit 7c2f500
Show file tree

Hide file tree

Showing 11 changed files with 448 additions and 165 deletions.
diff --git a/x-pack/plugins/cases/common/api/cases/alerts.ts b/x-pack/plugins/cases/common/api/cases/alerts.ts
@@ -14,5 +14,4 @@ const AlertRt = rt.type({
 });
 
 export const AlertResponseRt = rt.array(AlertRt);
-
 export type AlertResponse = rt.TypeOf<typeof AlertResponseRt>;
diff --git a/x-pack/plugins/cases/server/authorization/__snapshots__/audit_logger.test.ts.snap b/x-pack/plugins/cases/server/authorization/__snapshots__/audit_logger.test.ts.snap
diff --git a/x-pack/plugins/cases/server/authorization/index.ts b/x-pack/plugins/cases/server/authorization/index.ts
@@ -83,11 +83,47 @@ export function isWriteOperation(operation: OperationDetails): boolean {
   return Object.values(WriteOperations).includes(operation.name as WriteOperations);
 }
 
-/**
- * Definition of all APIs within the cases backend.
- */
-export const Operations: Record<ReadOperations | WriteOperations, OperationDetails> = {
-  // case operations
+const CaseOperations = {
+  [ReadOperations.GetCase]: {
+    ecsType: EVENT_TYPES.access,
+    name: ACCESS_CASE_OPERATION,
+    action: 'case_get',
+    verbs: accessVerbs,
+    docType: 'case',
+    savedObjectType: CASE_SAVED_OBJECT,
+  },
+  [ReadOperations.ResolveCase]: {
+    ecsType: EVENT_TYPES.access,
+    name: ACCESS_CASE_OPERATION,
+    action: 'case_resolve',
+    verbs: accessVerbs,
+    docType: 'case',
+    savedObjectType: CASE_SAVED_OBJECT,
+  },
+  [ReadOperations.FindCases]: {
+    ecsType: EVENT_TYPES.access,
+    name: ACCESS_CASE_OPERATION,
+    action: 'case_find',
+    verbs: accessVerbs,
+    docType: 'cases',
+    savedObjectType: CASE_SAVED_OBJECT,
+  },
+  [ReadOperations.GetCaseIDsByAlertID]: {
+    ecsType: EVENT_TYPES.access,
+    name: ACCESS_CASE_OPERATION,
+    action: 'case_ids_by_alert_id_get',
+    verbs: accessVerbs,
+    docType: 'cases',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+  },
+  [ReadOperations.GetCaseMetrics]: {
+    ecsType: EVENT_TYPES.access,
+    name: ACCESS_CASE_OPERATION,
+    action: 'case_get_metrics',
+    verbs: accessVerbs,
+    docType: 'case',
+    savedObjectType: CASE_SAVED_OBJECT,
+  },
   [WriteOperations.CreateCase]: {
     ecsType: EVENT_TYPES.creation,
     name: WriteOperations.CreateCase,
@@ -120,6 +156,17 @@ export const Operations: Record<ReadOperations | WriteOperations, OperationDetai
     docType: 'case',
     savedObjectType: CASE_SAVED_OBJECT,
   },
+};
+
+const ConfigurationOperations = {
+  [ReadOperations.FindConfigurations]: {
+    ecsType: EVENT_TYPES.access,
+    name: ReadOperations.FindConfigurations,
+    action: 'case_configuration_find',
+    verbs: accessVerbs,
+    docType: 'case configurations',
+    savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
+  },
   [WriteOperations.CreateConfiguration]: {
     ecsType: EVENT_TYPES.creation,
     name: WriteOperations.CreateConfiguration,
@@ -136,79 +183,49 @@ export const Operations: Record<ReadOperations | WriteOperations, OperationDetai
     docType: 'case configuration',
     savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
   },
-  [ReadOperations.FindConfigurations]: {
-    ecsType: EVENT_TYPES.access,
-    name: ReadOperations.FindConfigurations,
-    action: 'case_configuration_find',
-    verbs: accessVerbs,
-    docType: 'case configurations',
-    savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
-  },
-  [ReadOperations.GetCase]: {
-    ecsType: EVENT_TYPES.access,
-    name: ACCESS_CASE_OPERATION,
-    action: 'case_get',
-    verbs: accessVerbs,
-    docType: 'case',
-    savedObjectType: CASE_SAVED_OBJECT,
-  },
-  [ReadOperations.GetCaseMetrics]: {
-    ecsType: EVENT_TYPES.access,
-    name: ACCESS_CASE_OPERATION,
-    action: 'case_get_metrics',
-    verbs: accessVerbs,
-    docType: 'case',
-    savedObjectType: CASE_SAVED_OBJECT,
-  },
-  [ReadOperations.ResolveCase]: {
-    ecsType: EVENT_TYPES.access,
-    name: ACCESS_CASE_OPERATION,
-    action: 'case_resolve',
-    verbs: accessVerbs,
-    docType: 'case',
-    savedObjectType: CASE_SAVED_OBJECT,
-  },
-  [ReadOperations.FindCases]: {
+};
+
+const AttachmentOperations = {
+  [ReadOperations.GetAttachmentMetrics]: {
     ecsType: EVENT_TYPES.access,
-    name: ACCESS_CASE_OPERATION,
-    action: 'case_find',
+    name: ACCESS_COMMENT_OPERATION,
+    action: 'case_comment_get_metrics',
     verbs: accessVerbs,
-    docType: 'cases',
-    savedObjectType: CASE_SAVED_OBJECT,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
   },
-  [ReadOperations.GetCaseIDsByAlertID]: {
+  [ReadOperations.GetAlertsAttachedToCase]: {
     ecsType: EVENT_TYPES.access,
-    name: ACCESS_CASE_OPERATION,
-    action: 'case_ids_by_alert_id_get',
+    name: ACCESS_COMMENT_OPERATION,
+    action: 'case_comment_alerts_attach_to_case',
     verbs: accessVerbs,
-    docType: 'cases',
+    docType: 'comments',
     savedObjectType: CASE_COMMENT_SAVED_OBJECT,
   },
-  [ReadOperations.GetTags]: {
+  [ReadOperations.GetComment]: {
     ecsType: EVENT_TYPES.access,
-    name: ReadOperations.GetCase,
-    action: 'case_tags_get',
+    name: ACCESS_COMMENT_OPERATION,
+    action: 'case_comment_get',
     verbs: accessVerbs,
-    docType: 'case',
-    savedObjectType: CASE_SAVED_OBJECT,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
   },
-  [ReadOperations.GetReporters]: {
+  [ReadOperations.GetAllComments]: {
     ecsType: EVENT_TYPES.access,
-    name: ReadOperations.GetReporters,
-    action: 'case_reporters_get',
+    name: ACCESS_COMMENT_OPERATION,
+    action: 'case_comment_get_all',
     verbs: accessVerbs,
-    docType: 'case',
-    savedObjectType: CASE_SAVED_OBJECT,
+    docType: 'comments',
+    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
   },
-  [ReadOperations.GetAlertsAttachedToCase]: {
+  [ReadOperations.FindComments]: {
     ecsType: EVENT_TYPES.access,
     name: ACCESS_COMMENT_OPERATION,
-    action: 'case_comment_alerts_attach_to_case',
+    action: 'case_comment_find',
     verbs: accessVerbs,
     docType: 'comments',
     savedObjectType: CASE_COMMENT_SAVED_OBJECT,
   },
-  // comments operations
   [WriteOperations.CreateComment]: {
     ecsType: EVENT_TYPES.creation,
     name: WriteOperations.CreateComment,
@@ -241,31 +258,31 @@ export const Operations: Record<ReadOperations | WriteOperations, OperationDetai
     docType: 'comments',
     savedObjectType: CASE_COMMENT_SAVED_OBJECT,
   },
-  [ReadOperations.GetComment]: {
-    ecsType: EVENT_TYPES.access,
-    name: ACCESS_COMMENT_OPERATION,
-    action: 'case_comment_get',
-    verbs: accessVerbs,
-    docType: 'comments',
-    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
-  },
-  [ReadOperations.GetAllComments]: {
+};
+
+/**
+ * Definition of all APIs within the cases backend.
+ */
+export const Operations: Record<ReadOperations | WriteOperations, OperationDetails> = {
+  ...CaseOperations,
+  ...ConfigurationOperations,
+  ...AttachmentOperations,
+  [ReadOperations.GetTags]: {
     ecsType: EVENT_TYPES.access,
-    name: ACCESS_COMMENT_OPERATION,
-    action: 'case_comment_get_all',
+    name: ReadOperations.GetTags,
+    action: 'case_tags_get',
     verbs: accessVerbs,
-    docType: 'comments',
-    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+    docType: 'case',
+    savedObjectType: CASE_SAVED_OBJECT,
   },
-  [ReadOperations.FindComments]: {
+  [ReadOperations.GetReporters]: {
     ecsType: EVENT_TYPES.access,
-    name: ACCESS_COMMENT_OPERATION,
-    action: 'case_comment_find',
+    name: ReadOperations.GetReporters,
+    action: 'case_reporters_get',
     verbs: accessVerbs,
-    docType: 'comments',
-    savedObjectType: CASE_COMMENT_SAVED_OBJECT,
+    docType: 'case',
+    savedObjectType: CASE_SAVED_OBJECT,
   },
-  // stats operations
   [ReadOperations.GetCaseStatuses]: {
     ecsType: EVENT_TYPES.access,
     name: ACCESS_CASE_OPERATION,
@@ -274,7 +291,6 @@ export const Operations: Record<ReadOperations | WriteOperations, OperationDetai
     docType: 'cases',
     savedObjectType: CASE_SAVED_OBJECT,
   },
-  // user actions operations
   [ReadOperations.GetUserActions]: {
     ecsType: EVENT_TYPES.access,
     name: ReadOperations.GetUserActions,

diff --git a/x-pack/plugins/cases/server/authorization/types.ts b/x-pack/plugins/cases/server/authorization/types.ts
@@ -40,6 +40,7 @@ export enum ReadOperations {
   FindConfigurations = 'findConfigurations',
   GetUserActions = 'getUserActions',
   GetAlertsAttachedToCase = 'getAlertsAttachedToCase',
+  GetAttachmentMetrics = 'getAttachmentMetrics',
   GetCaseMetrics = 'getCaseMetrics',
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -14,5 +14,4 @@ const AlertRt = rt.type({
		});

		export const AlertResponseRt = rt.array(AlertRt);

		export type AlertResponse = rt.TypeOf<typeof AlertResponseRt>;