[RAC] Populate common rule fields in alert helpers

[weltenwort]

📝 Summary

This marks some technical alert-as-data fields as required and changes the alert status values from open/closed to active/recovered. It also updates the lifecycle and persistent rule type helpers to consistently populate several common alert fields with values from the alerting framework.

closes #108161

🕵️ Review notes

• Since the persistent rule type helper almost exclusively passes through very loosely typed documents I was unable to adapt any downstream-changes that might be required due to it. @elastic/security-threat-hunting would you be able to adapt to it in your code-base in a follow-up or should I remove that change from the PR?

[weltenwort]

@elastic/security-threat-hunting these changes might impact your persistent alert type code, but I was unable to determine the exact changes required. Please let me know what you think of this. 😇

[marshallmain]

We'll probably want to change this to ALERT_RULE_ID and remove ALERT_RULE_UUID entirely throughout the codebase to align with the schema

[weltenwort]

Ok, I'll check if it's used anywhere. (probably not)

[marshallmain]

Per slack conversation, let's stick with ALERT_RULE_UUID here and plan to remove ALERT_RULE_ID elsewhere.

[weltenwort]

awesome, thanks for following up

[mgiota]

Probably not part of this PR, but shouldn't we use constants for the alert fields here instead of hardcoding them?

[weltenwort]

This is a jest inline snapshot. Manually interpolating the constants here would render the auto-updating of the snapshot mute, wouldn't it?

[mgiota]

LGTM! I left a few comments.

Let me know if it makes sense to import the common alert fields from the get_common_alert_fields you created instead of '@kbn/rule-data-utils'. Isn't it the reason why this file was created? Do I miss something here? This would require quite a few changes though.

I tested it locally and it works fine. Notice in my screenshot the empty cells. They are empty because these entries still have the open value. This wouldn't happen to our users, but maybe we could fall back to an empty dash ?

[weltenwort]

Thanks for taking a look at this PR.

Notice in my screenshot the empty cells. They are empty because these entries still have the open value.

I think we don't need to be backwards-compatible to the previous unfinished schema.

[mgiota]

LGTM

[marshallmain]

Security solution and rule registry changes LGTM

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 6536ba8
• Storybooks Preview

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
apm	1622	1623	+1
infra	970	971	+1
observability	340	341	+1
securitySolution	2392	2393	+1
timelines	328	329	+1
uptime	668	669	+1
total			+6

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
ruleRegistry	118	109	-9

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
apm	4.4MB	4.4MB	+624.0B
infra	1.7MB	1.7MB	+10.0B
observability	553.4KB	554.2KB	+842.0B
securitySolution	6.5MB	6.5MB	+576.0B
timelines	424.3KB	426.6KB	+2.3KB
uptime	1.0MB	1.0MB	+3.0B
total			+4.3KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
infra	149.8KB	150.3KB	+574.0B
uptime	36.2KB	36.7KB	+574.0B
total			+1.1KB

Unknown metric groups

API count

id	before	after	diff
ruleRegistry	141	132	-9

History

• 💚 Build #148281 succeeded 4a18143
• 💚 Build #148243 succeeded 64405c1
• 💔 Build #147971 failed a8ccfae
• 💔 Build #147955 failed 8bf9f17
• 💔 Build #146780 failed 3e615cb

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @weltenwort

[kibanamachine]

💚 Backport successful

Status	Branch	Result
✅	7.15
✅	7.x

The backport PRs will be merged automatically after passing CI.