Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Actions] System actions MVP #166267

Merged
merged 147 commits into from
Apr 2, 2024
Merged

[Actions] System actions MVP #166267

merged 147 commits into from
Apr 2, 2024

Conversation

cnasikas
Copy link
Member

@cnasikas cnasikas commented Sep 12, 2023
edited
Loading

Summary

A system action is an action that triggers Kibana workflows—for example, creating a case, running an OsQuery, running an ML job, or logging. In this PR:

  • Enable rule routes to accept system actions. The schema of the action is not changed. The framework deducts which action is a system action automatically. System actions do not accept properties like the notifyWhen or group.
  • Enable rule client methods to accept system actions. The methods accept a new property called systemActions. The methods merge the actions with the system actions before persisting the rule to ES. The methods split the actions from the system actions and return two arrays, actions and systemActions.
  • Introduce connector adapters: a way to transform the action params to the corresponding connector params.
  • Allow the execution of system actions. Only alert summaries are supported. Users cannot control the execution of system actions.
  • Register an example system action.
  • Change the UI to handle system action. All configuration regarding execution like "Run when" is hidden for system actions. Users cannot select the same system action twice.

Closes #160367

This PR merges the system actions framework, a culmination of several issues merged to the system_actions_mvp feature branch over the past several months.

Testing

A system action with ID system-connector-.system-log-example will be available to be used by the APIs and the UI if you start Kibana with --run-examples. Please ensure the following:

  • You can create and update rules with actions and system actions.
  • A rule with actions and system actions is executed as expected.
  • Entries about the system action execution are added to the event log as expected.
  • Existing rules with actions work without issues (BWC).
  • You can perform bulk actions in the rules table to rules with actions and system actions.
  • License restrictions are respected.
  • Permission restrictions are respected.
  • Disabled system actions cannot be used.
  • Users cannot specify how the system action will run in the UI and the API.

Checklist

@cnasikas cnasikas added release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Feature:Actions/Framework Issues related to the Actions Framework v8.11.0 labels Sep 12, 2023
@cnasikas cnasikas self-assigned this Sep 12, 2023
@cnasikas cnasikas mentioned this pull request Sep 12, 2023
Closed
15 tasks
cnasikas and others added 15 commits September 13, 2023 19:28
@cnasikas
Merge branch 'main' into system_actions_mvp
10e2a56
@cnasikas
Merge branch 'main' into system_actions_mvp
1bb0eb5
@cnasikas
Merge branch 'main' into system_actions_mvp
dac21c2
@cnasikas @kibanamachine
[Actions] Expose getAllSystemActions from the actions client (#167783)
d5f1791 
Co-authored-by: Kibana Machine <[email protected]>
@cnasikas
Merge branch 'main' into system_actions_mvp
d465407
@cnasikas
Merge branch 'system_actions_mvp' of github.com:elastic/kibana into s…
a6d9da4 
…ystem_actions_mvp
@cnasikas
Merge branch 'main' into system_actions_mvp
b064eba
@cnasikas
[Alerting] System action types and helpers (#167871)
6923ae2 
In this PR:

- Creation of types for the system actions
- Creation of a helper function to detect if it is a system action or
not
- Use the `isSystemAction` in the executor to determine if an action is
a system action
- Pass the `isSystemConnector` utility function from the actions plugin
to the rules factory
- Create test utils to help test system actions and connector adapters


### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
@cnasikas
Merge branch 'main' into system_actions_mvp
a291f7a
@cnasikas @kibanamachine @guskovaue
[Alerting] Enable creating system actions through the Create Rule API (
8dedac8 
…#167884)

## Summary

This PR enables system actions only to the Create Rule API. Other PRs
will follow on a subsequent PR.

Depends on: #167871

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Julia <[email protected]>
@guskovaue
Merge branch 'main' into system_actions_mvp
861697c
@guskovaue
Merge branch 'system_actions_mvp' of github.com:elastic/kibana into s…
645e45c 
…ystem_actions_mvp
@cnasikas @kibanamachine @guskovaue
[Alerting] Enable updating system actions through the Bulk Edit Rule …
a271f50 
…API (#168226)

Summarize your PR. If it involves visual changes include a screenshot or
gif.

Depends on: #167871,
#167884

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Julia Guskova <[email protected]>
@guskovaue
Merge branch 'main' into system_actions_mvp
bb0ad08
@guskovaue
Merge branch 'system_actions_mvp' of github.com:elastic/kibana into s…
f7ecb3b 
…ystem_actions_mvp
@cnasikas cnasikas mentioned this pull request Nov 1, 2023
Merged
3 tasks
guskovaue and others added 5 commits November 6, 2023 09:56
@guskovaue
[RAM] System action in bulk disable api (#170229)
62ba292 
Fix: #170097
Meta: #160367


## Summary

This PR enables system actions for the Bulk Disable Rule API.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
@guskovaue
Merge branch 'main' into system_actions_mvp
c0b2feb
@guskovaue @kibanamachine
[RAM] System action in bulk enable api (#170476)
aadd675 
Fix: #170097
Meta: #160367


## Summary

This PR enables system actions for the Bulk Enable Rule API.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <[email protected]>
@guskovaue
Merge branch 'main' into system_actions_mvp
825bcc6
@guskovaue
Merge branch 'system_actions_mvp' of github.com:elastic/kibana into s…
6105ee6 
…ystem_actions_mvp
@cnasikas cnasikas mentioned this pull request Nov 14, 2023
Merged
2 tasks
@cnasikas cnasikas mentioned this pull request Mar 29, 2024
Merged
3 tasks
@cnasikas cnasikas added v8.14.0 and removed v8.13.0 labels Mar 29, 2024
@cnasikas
Copy link
Member Author

cnasikas commented Apr 1, 2024

@elasticmachine merge upstream

ymao1
ymao1 approved these changes Apr 1, 2024
View reviewed changes
Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Great job! Left some minor comments in the functional tests.

x-pack/test/alerting_api_integration/common/lib/alert_utils.ts Outdated Show resolved Hide resolved
x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/find.ts Outdated Show resolved Hide resolved
x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/get.ts Outdated Show resolved Hide resolved
x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/get_all_system.ts Show resolved Hide resolved
x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/bulk_delete.ts Outdated Show resolved Hide resolved
x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/bulk_disable.ts Outdated Show resolved Hide resolved
x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/bulk_enable.ts Outdated Show resolved Hide resolved
x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/clone.ts Outdated Show resolved Hide resolved
x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/resolve.ts Outdated Show resolved Hide resolved
x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group1/create.ts Outdated Show resolved Hide resolved
XavierM
XavierM approved these changes Apr 1, 2024
View reviewed changes
Copy link
Contributor

@XavierM XavierM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! it looks like you did it!!!

IMG

@cnasikas cnasikas enabled auto-merge (squash) April 2, 2024 07:07
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
triggersActionsUi 690 691 +1

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
actions 283 285 +2
alerting 807 822 +15
triggersActionsUi 572 566 -6
total +11

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
triggersActionsUi 1.6MB 1.6MB +6.8KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
alerting 53 54 +1
triggersActionsUi 58 59 +1
total +2

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
triggersActionsUi 108.7KB 109.2KB +444.0B
Unknown metric groups

API count

id before after diff
actions 289 291 +2
alerting 838 854 +16
triggersActionsUi 598 592 -6
total +12

ESLint disabled line counts

id before after diff
actions 22 24 +2
alerting 90 92 +2
triggersActionsUi 127 128 +1
total +5

References to deprecated APIs

id before after diff
triggersActionsUi 54 53 -1

Total ESLint disabled count

id before after diff
actions 24 26 +2
alerting 92 94 +2
triggersActionsUi 133 134 +1
total +5

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @cnasikas

@cnasikas cnasikas merged commit 26d8222 into main Apr 2, 2024
37 checks passed
@cnasikas cnasikas deleted the system_actions_mvp branch April 2, 2024 08:14
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Apr 2, 2024
@cnasikas cnasikas mentioned this pull request Apr 2, 2024
Merged
2 tasks
cnasikas added a commit that referenced this pull request Apr 4, 2024
@cnasikas
[Cases] Register connector adapter (#179796)
aec669d 
## Summary

Now that the system actions PR is merged
(#166267) we can use the connector
adapters to transform the case action params. This PR:

- Registers a connector adapter for the case action.
- Uses flattened objects in the description and the tags.
- Change the integration tests to use an internal router to execute
system actions. PR #166267
disabled execution of system actions through the public execute API.
- Skip execution of the case action if the grouping did not produce any
alerts.
- Add references to the cases oracle saved objects.
- Remove the owner from the UI and deduct the owner from the rule's
consumer in the connector adapter.

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
cnasikas added a commit that referenced this pull request Apr 12, 2024
@cnasikas @kibanamachine
@adcoelho @js-jankisalvi
[Cases] Case action (#168369)
b735d8c 
## Summary

Depends on: #166267,
#170326,
#169484,
#173740,
#173763,
#178068,
#178307,
#178600,
#180437

PRs:
- #168370
- #169229
- #171754
- #172709
- #173012
- #175107
- #175452
- #175505
- #177033
- #178277
- #177139
- #179796

Fixes: #153837

## Testing

Run Kibana with `--run-examples` if you want to use the "Always firing"
rule.

Create a rule with a case action in observability and the stack. The
security solution is not supported. You should not be able to assign a
case action in a security solution rule.

1. Test the "Reopen closed cases" configuration.
2. Test the "Grouping by" configuration. Only one field is allowed. Not
all fields are persisted in alerts. If you select a field not part of
the alert the case action will create a case where the grouping value is
set to `unknow`.
3. Test the "Time window" feature. You can comment out the validation to
test for shorter times.
4. Verify that the case action is experimental.
5. Verify that based on the rule type the case is created in the correct
solution.
6. Verify that you cannot create a rule with the case action on the
basic license.
7. Verify that the execution of the case action fails if you do not have
permission for cases. Pending work on the system actions framework level
to not allow users to create rules with system actions where they do not
have permission.
8. Stress test the case action by creating multiple rules.

### Checklist

Delete any items that are not applicable to this PR.

- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

## Release notes

Automatically create cases when an alert is triggered.

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: adcoelho <[email protected]>
Co-authored-by: Janki Salvi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cauemarcondes cauemarcondes cauemarcondes approved these changes

@ymao1 ymao1 ymao1 approved these changes

@maryam-saeidi maryam-saeidi maryam-saeidi approved these changes

@XavierM XavierM XavierM approved these changes

@pmuellr pmuellr Awaiting requested review from pmuellr

Assignees

@cnasikas cnasikas

Labels
backport:skip This commit does not require backporting Feature:Actions/Framework Issues related to the Actions Framework Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework release_note:skip Skip the PR/issue when compiling release notes Team:obs-ux-infra_services Observability Infrastructure & Services User Experience Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.14.0
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Actions] System actions