[Actions][ServiceNow] Allow to close serviceNow incident when alert resolves

[js-jankisalvi]

Summary

Fixes: #170522

This PR allows to close service now incident when alert is recovered

SN connector form shows only correlation_id field as it is mandatory field to close an incident.

How to test:

• Create a rule and select serviceNow ITSM action with Run when option as Recovered
• Verify that it closes an incident in SN when Alert is recovered

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

For maintainers

• This was checked for breaking API changes and was labeled appropriately

Release notes

Auto close ServiceNow incidents when alerts are resolved

[js-jankisalvi]

To allow Recovered option in Run when dropdown

[cnasikas]

@elastic/response-ops-execution FYI, it seems that some connectors are missing from this list like the .servicenow-secops connector.

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)

[cnasikas]

I tested and everything is working as expected 🚀. I managed to create an incident and close it when the alert recovers. I left some comments.

[cnasikas]

@elastic/response-ops-execution FYI, it seems that some connectors are missing from this list like the .servicenow-secops connector.

[cnasikas]

What do you think about testing that there are no errors at all? This will make the test fail if someone adds a new required field and forgets the recovered feature.

[js-jankisalvi]

I added test in d627b86, is this what you meant?

[cnasikas]

Thanks for addressing my feedback! Some comments 🙂.

[cnasikas]

LGMT! I tested by creating a rule with a SN action that creates and incident and a SN action that close the incident when the alert recovers. Everything is working as expected :rocket. I found two small bugs:

1. if you try to close the incident through the actions API by using the externalId you get an error. It seems that we need to also provide the close_notes: 'Closed by Caller'. In the ServiceNow UI it is a required field when you try to close an incident.
2. If the incident is already closed the warning message is not logged.

[cnasikas]

Ok, I found out about the second bug, we are doing incidentToBeClosed.state === 7 { // log warn } but the state is a string not an integer. It should be incidentToBeClosed.state === "7" 🙂.

[js-jankisalvi]

1. if you try to close the incident through the actions API by using the externalId you get an error. It seems that we need to also provide the close_notes: 'Closed by Caller'. In the ServiceNow UI it is a required field when you try to close an incident.
2. If the incident is already closed the warning message is not logged.

Fixed both bugs and added tests in e3b43c7

[cnasikas]

Thanks for your patience with the review 🚀 . I tested and everything is working as expected.

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: c2ce8fb

Failed CI Steps

• FTR Configs #44

Test Failures

• [job] [logs] FTR Configs #44 / security APIs - Session Concurrent Limit Session Concurrent Limit cleanup should properly clean up sessions that exceeded concurrent session limit even for multiple providers

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
triggersActionsUi	557	558	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
stackConnectors	542.2KB	543.6KB	+1.5KB
triggersActionsUi	1.4MB	1.4MB	+44.0B
total			+1.5KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
alerting	23.3KB	23.3KB	-14.0B
stackConnectors	39.9KB	40.5KB	+595.0B
total			+581.0B

Unknown metric groups

API count

id	before	after	diff
triggersActionsUi	583	584	+1

ESLint disabled line counts

id	before	after	diff
stackConnectors	103	102	-1

Total ESLint disabled count

id	before	after	diff
stackConnectors	108	107	-1

History

• 💚 Build #180790 succeeded 7fc2b4e
• 💛 Build #180575 was flaky c6b81fa
• 💔 Build #180435 failed e890e55
• 💛 Build #180128 was flaky 6cdc701
• 💚 Build #179479 succeeded d627b86
• 💚 Build #179129 succeeded a46435b

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @js-jankisalvi