-
Notifications
You must be signed in to change notification settings - Fork 8.3k
/
create_execution_handler.ts
108 lines (99 loc) · 3.15 KB
/
create_execution_handler.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import { pluck } from 'lodash';
import { AlertAction, State, Context, AlertType } from '../types';
import { Logger } from '../../../../../src/core/server';
import { transformActionParams } from './transform_action_params';
import { PluginStartContract as ActionsPluginStartContract } from '../../../../plugins/actions/server';
import { IEventLogger, IEvent } from '../../../event_log/server';
import { EVENT_LOG_ACTIONS } from '../plugin';
interface CreateExecutionHandlerOptions {
alertId: string;
alertName: string;
tags?: string[];
actionsPlugin: ActionsPluginStartContract;
actions: AlertAction[];
spaceId: string;
apiKey: string | null;
alertType: AlertType;
logger: Logger;
eventLogger: IEventLogger;
}
interface ExecutionHandlerOptions {
actionGroup: string;
alertInstanceId: string;
context: Context;
state: State;
}
export function createExecutionHandler({
logger,
alertId,
alertName,
tags,
actionsPlugin,
actions: alertActions,
spaceId,
apiKey,
alertType,
eventLogger,
}: CreateExecutionHandlerOptions) {
const alertTypeActionGroups = new Set(pluck(alertType.actionGroups, 'id'));
return async ({ actionGroup, context, state, alertInstanceId }: ExecutionHandlerOptions) => {
if (!alertTypeActionGroups.has(actionGroup)) {
logger.error(`Invalid action group "${actionGroup}" for alert "${alertType.id}".`);
return;
}
const actions = alertActions
.filter(({ group }) => group === actionGroup)
.map(action => {
return {
...action,
params: transformActionParams({
alertId,
alertName,
spaceId,
tags,
alertInstanceId,
context,
actionParams: action.params,
state,
}),
};
});
const alertLabel = `${alertType.id}:${alertId}: '${alertName}'`;
for (const action of actions) {
if (!actionsPlugin.isActionTypeEnabled(action.actionTypeId)) {
logger.warn(
`Alert "${alertId}" skipped scheduling action "${action.id}" because it is disabled`
);
continue;
}
// TODO would be nice to add the action name here, but it's not available
const actionLabel = `${action.actionTypeId}:${action.id}`;
await actionsPlugin.execute({
id: action.id,
params: action.params,
spaceId,
apiKey,
});
const event: IEvent = {
event: { action: EVENT_LOG_ACTIONS.executeAction },
kibana: {
alerting: {
instance_id: alertInstanceId,
},
namespace: spaceId,
saved_objects: [
{ type: 'alert', id: alertId },
{ type: 'action', id: action.id },
],
},
};
event.message = `alert: ${alertLabel} instanceId: '${alertInstanceId}' scheduled actionGroup: '${actionGroup}' action: ${actionLabel}`;
eventLogger.logEvent(event);
}
};
}