[8.x] [Synthetics] Add service name/labels to alerts and contexts (#1…

…95621) (#196002)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Synthetics] Add service name/labels to alerts and contexts
(#195621)](#195621)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"Shahzad","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-11T22:40:57Z","message":"[Synthetics]
Add service name/labels to alerts and contexts (#195621)\n\n##
Summary\r\n\r\nAdd service name to alerts
!!\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<[email protected]>","sha":"f9417fbdc2e95492f958d84c6d87787420d0fc7f","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-management"],"title":"[Synthetics]
Add service name/labels to alerts and
contexts","number":195621,"url":"https://github.com/elastic/kibana/pull/195621","mergeCommit":{"message":"[Synthetics]
Add service name/labels to alerts and contexts (#195621)\n\n##
Summary\r\n\r\nAdd service name to alerts
!!\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<[email protected]>","sha":"f9417fbdc2e95492f958d84c6d87787420d0fc7f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195621","number":195621,"mergeCommit":{"message":"[Synthetics]
Add service name/labels to alerts and contexts (#195621)\n\n##
Summary\r\n\r\nAdd service name to alerts
!!\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<[email protected]>","sha":"f9417fbdc2e95492f958d84c6d87787420d0fc7f"}}]}]
BACKPORT-->

Co-authored-by: Shahzad <[email protected]>

packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_uptime_schema.ts

@@ -88,6 +88,7 @@ const ObservabilityUptimeAlertOptional = rt.partial({
       value: schemaStringArray,
     })
   ),
+  labels: schemaUnknown,
   'location.id': schemaStringArray,
   'location.name': schemaStringArray,
   'monitor.id': schemaString,
@@ -97,6 +98,7 @@ const ObservabilityUptimeAlertOptional = rt.partial({
   'monitor.type': schemaString,
   'observer.geo.name': schemaStringArray,
   'observer.name': schemaStringArray,
+  'service.name': schemaString,
   'tls.server.hash.sha256': schemaString,
   'tls.server.x509.issuer.common_name': schemaString,
   'tls.server.x509.not_after': schemaDate,

x-pack/plugins/observability_solution/synthetics/common/field_names.ts

@@ -12,6 +12,7 @@ export const MONITOR_TYPE = 'monitor.type';
 export const URL_FULL = 'url.full';
 export const URL_PORT = 'url.port';
 export const OBSERVER_NAME = 'observer.name';
+export const SERVICE_NAME = 'service.name';
 export const OBSERVER_GEO_NAME = 'observer.geo.name';
 export const ERROR_MESSAGE = 'error.message';
 export const STATE_ID = 'monitor.state.id';

x-pack/plugins/observability_solution/synthetics/common/requests/get_certs_request_body.ts

@@ -147,6 +147,10 @@ export const getCertsRequestBody = ({
         'tls.server.hash.sha256',
         'tls.server.x509.not_after',
         'tls.server.x509.not_before',
+        'service',
+        'labels',
+        'tags',
+        'error.message',
       ],
       collapse: {
         field: 'tls.server.hash.sha256',
@@ -207,11 +211,17 @@ export const processCertsResult = (result: CertificatesResults): CertResult => {
       not_before: notBefore,
       common_name: commonName,
       monitorName: ping?.monitor?.name,
+      monitorId: ping?.monitor?.id,
+      serviceName: ping?.service?.name,
       configId: ping.config_id!,
       monitorUrl: ping?.url?.full,
+      labels: ping?.labels,
+      tags: ping?.tags,
       '@timestamp': ping['@timestamp'],
       monitorType: ping?.monitor?.type,
+      locationId: ping?.observer?.name,
       locationName: ping?.observer?.geo?.name,
+      errorMessage: ping?.error?.message,
     };
   });
   const total = result.aggregations?.total?.value ?? 0;

x-pack/plugins/observability_solution/synthetics/common/rules/synthetics_rule_field_map.ts

@@ -101,4 +101,12 @@ export const syntheticsRuleFieldMap: FieldMap = {
     type: 'keyword',
     required: false,
   },
+  'service.name': {
+    type: 'keyword',
+    required: false,
+  },
+  labels: {
+    type: 'object',
+    required: false,
+  },
 } as const;

x-pack/plugins/observability_solution/synthetics/common/runtime_types/certs.ts

@@ -43,10 +43,16 @@ export const CertType = t.intersection([
     issuer: t.string,
     sha1: t.string,
     monitorName: t.string,
+    monitorId: t.string,
     monitorType: t.string,
     monitorUrl: t.string,
+    locationId: t.string,
     locationName: t.string,
     '@timestamp': t.string,
+    serviceName: t.string,
+    errorMessage: t.string,
+    labels: t.record(t.string, t.string),
+    tags: t.array(t.string),
   }),
 ]);
 

x-pack/plugins/observability_solution/synthetics/common/runtime_types/monitor_management/synthetics_overview_status.ts

@@ -27,6 +27,10 @@ export const OverviewPingCodec = t.intersection([
   t.partial({
     error: PingErrorType,
     tags: t.array(t.string),
+    service: t.type({
+      name: t.string,
+    }),
+    labels: t.record(t.string, t.string),
   }),
 ]);
 

x-pack/plugins/observability_solution/synthetics/common/runtime_types/ping/ping.ts

@@ -242,6 +242,7 @@ export const PingType = t.intersection([
       type: t.string,
       dataset: t.string,
     }),
+    labels: t.record(t.string, t.string),
   }),
 ]);
 

x-pack/plugins/observability_solution/synthetics/server/alert_rules/common.ts

@@ -334,6 +334,10 @@ export const getDefaultRecoveredSummary = ({
         name: hit['monitor.name'],
         type: hit['monitor.type'],
       },
+      service: {
+        name: hit['service.name'],
+      },
+      labels: hit.labels,
       config_id: configId,
       observer: {
         geo: {

x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/message_utils.ts

@@ -23,6 +23,7 @@ import {
   ERROR_MESSAGE,
   AGENT_NAME,
   STATE_ID,
+  SERVICE_NAME,
 } from '../../../common/field_names';
 import { OverviewPing } from '../../../common/runtime_types';
 import { UNNAMED_LOCATION } from '../../../common/constants';
@@ -36,6 +37,7 @@ export const getMonitorAlertDocument = (
   [MONITOR_ID]: monitorSummary.monitorId,
   [MONITOR_TYPE]: monitorSummary.monitorType,
   [MONITOR_NAME]: monitorSummary.monitorName,
+  [SERVICE_NAME]: monitorSummary.serviceName,
   [URL_FULL]: monitorSummary.monitorUrl,
   [OBSERVER_GEO_NAME]: locationNames,
   [OBSERVER_NAME]: locationIds,
@@ -45,6 +47,7 @@ export const getMonitorAlertDocument = (
   [STATE_ID]: monitorSummary.stateId,
   'location.id': locationIds,
   'location.name': locationNames,
+  labels: monitorSummary.labels,
   configId: monitorSummary.configId,
   'kibana.alert.evaluation.threshold': monitorSummary.downThreshold,
   'kibana.alert.evaluation.value':
@@ -112,6 +115,8 @@ export const getMonitorSummary = ({
     monitorName,
     monitorType: typeToLabelMap[monitorInfo.monitor?.type] || monitorInfo.monitor?.type,
     lastErrorMessage: monitorInfo.error?.message!,
+    serviceName: monitorInfo.service?.name,
+    labels: monitorInfo.labels,
     locationName: formattedLocationName,
     locationNames: formattedLocationName,
     hostName: monitorInfo.agent?.name!,

x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/queries/query_monitor_status_alert.ts

@@ -31,6 +31,8 @@ const fields = [
   'url',
   'state',
   'tags',
+  'service',
+  'labels',
 ];
 type StatusConfigs = Record<string, AlertStatusMetaData>;
 

x-pack/plugins/observability_solution/synthetics/server/alert_rules/status_rule/types.ts

@@ -57,6 +57,7 @@ export interface MonitorSummaryStatusRule {
   locationId: string;
   monitorType: string;
   monitorName: string;
+  serviceName?: string;
   locationName: string;
   locationNames: string;
   monitorUrlLabel: string;
@@ -69,4 +70,5 @@ export interface MonitorSummaryStatusRule {
   stateId?: string;
   lastErrorMessage?: string;
   timestamp: string;
+  labels?: Record<string, string>;
 }

x-pack/plugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.ts

@@ -16,11 +16,29 @@ import {
 import { i18n } from '@kbn/i18n';
 import { PublicAlertsClient } from '@kbn/alerting-plugin/server/alerts_client/types';
 import { ObservabilityUptimeAlert } from '@kbn/alerts-as-data-utils';
+import { ALERT_REASON, ALERT_UUID } from '@kbn/rule-data-utils';
 import { TLSLatestPing } from './tls_rule_executor';
 import { ALERT_DETAILS_URL } from '../action_variables';
 import { Cert } from '../../../common/runtime_types';
 import { tlsTranslations } from '../translations';
 import { MonitorStatusActionGroup } from '../../../common/constants/synthetics_alerts';
+import {
+  CERT_COMMON_NAME,
+  CERT_HASH_SHA256,
+  CERT_ISSUER_NAME,
+  CERT_VALID_NOT_AFTER,
+  CERT_VALID_NOT_BEFORE,
+  ERROR_MESSAGE,
+  MONITOR_ID,
+  MONITOR_NAME,
+  MONITOR_TYPE,
+  OBSERVER_GEO_NAME,
+  OBSERVER_NAME,
+  SERVICE_NAME,
+  URL_FULL,
+} from '../../../common/field_names';
+import { generateAlertMessage } from '../common';
+import { TlsTranslations } from '../../../common/rules/synthetics/translations';
 interface TLSContent {
   summary: string;
   status?: string;
@@ -55,6 +73,8 @@ const getValidAfter = (notAfter?: string): TLSContent => {
       };
 };
 
+export type CertSummary = ReturnType<typeof getCertSummary>;
+
 export const getCertSummary = (cert: Cert, expirationThreshold: number, ageThreshold: number) => {
   const isExpiring = new Date(cert.not_after ?? '').valueOf() < expirationThreshold;
   const isAging = new Date(cert.not_before ?? '').valueOf() < ageThreshold;
@@ -74,13 +94,42 @@ export const getCertSummary = (cert: Cert, expirationThreshold: number, ageThres
     commonName: cert.common_name ?? '',
     issuer: cert.issuer ?? '',
     monitorName: cert.monitorName,
+    monitorId: cert.configId,
+    serviceName: cert.serviceName,
     monitorType: cert.monitorType,
+    locationId: cert.locationId,
     locationName: cert.locationName,
     monitorUrl: cert.monitorUrl,
     configId: cert.configId,
+    monitorTags: cert.tags,
+    errorMessage: cert.errorMessage,
+    labels: cert.labels,
   };
 };
 
+export const getTLSAlertDocument = (cert: Cert, monitorSummary: CertSummary, uuid: string) => ({
+  [CERT_COMMON_NAME]: cert.common_name,
+  [CERT_ISSUER_NAME]: cert.issuer,
+  [CERT_VALID_NOT_AFTER]: cert.not_after,
+  [CERT_VALID_NOT_BEFORE]: cert.not_before,
+  [CERT_HASH_SHA256]: cert.sha256,
+  [ALERT_UUID]: uuid,
+  [ALERT_REASON]: generateAlertMessage(TlsTranslations.defaultActionMessage, monitorSummary),
+  [MONITOR_ID]: monitorSummary.monitorId,
+  [MONITOR_TYPE]: monitorSummary.monitorType,
+  [MONITOR_NAME]: monitorSummary.monitorName,
+  [SERVICE_NAME]: monitorSummary.serviceName,
+  [URL_FULL]: monitorSummary.monitorUrl,
+  [OBSERVER_GEO_NAME]: monitorSummary.locationName ? [monitorSummary.locationName] : [],
+  [OBSERVER_NAME]: monitorSummary.locationId ? [monitorSummary.locationId] : [],
+  [ERROR_MESSAGE]: monitorSummary.errorMessage,
+  'location.id': monitorSummary.locationId ? [monitorSummary.locationId] : [],
+  'location.name': monitorSummary.locationName ? [monitorSummary.locationName] : [],
+  labels: cert.labels,
+  configId: monitorSummary.configId,
+  'monitor.tags': monitorSummary.monitorTags ?? [],
+});
+
 export const setTLSRecoveredAlertsContext = async ({
   alertsClient,
   basePath,