Skip to content

[RAM] System action in bulk disable api#170229

Merged
guskovaue merged 3 commits intoelastic:system_actions_mvpfrom
guskovaue:sa_bulk_disable_api
Nov 6, 2023
Merged

[RAM] System action in bulk disable api#170229
guskovaue merged 3 commits intoelastic:system_actions_mvpfrom
guskovaue:sa_bulk_disable_api

Conversation

@guskovaue
Copy link
Copy Markdown
Contributor

@guskovaue guskovaue commented Oct 31, 2023
edited
Loading

Fix: #170097
Meta: #160367

Summary

This PR enables system actions for the Bulk Disable Rule API.

Checklist

@guskovaue guskovaue added the Team:ResponseOps Platform ResponseOps team (formerly the Cases and Alerting teams) t// label Oct 31, 2023
@guskovaue guskovaue self-assigned this Oct 31, 2023
@guskovaue guskovaue added release_note:skip Skip the PR/issue when compiling release notes Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework labels Nov 2, 2023
@guskovaue guskovaue marked this pull request as ready for review November 2, 2023 12:21
@guskovaue guskovaue requested a review from a team as a code owner November 2, 2023 12:21
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Nov 2, 2023

Pinging @elastic/response-ops (Team:ResponseOps)

@kibana-ci
Copy link
Copy Markdown

kibana-ci commented Nov 3, 2023
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts / alerting api integration security and spaces enabled - Group 2 Alerts legacy alerts alerts superuser at space1 should schedule actions on legacy alerts
  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts / alerting api integration security and spaces enabled - Group 2 Alerts legacy alerts alerts superuser at space1 should schedule actions on legacy alerts
  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts / alerting api integration security and spaces enabled - Group 2 Alerts legacy alerts alerts superuser at space1 should schedule actions on legacy alerts
  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts / alerting api integration security and spaces enabled - Group 2 Alerts legacy alerts alerts superuser at space1 should schedule actions on legacy alerts
  • [job] [logs] FTR Configs #6 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #58 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #72 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #58 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #72 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #6 / Alerting APIs Alerting rules should pass updated rule params to executor
  • [job] [logs] FTR Configs #8 / Alerting create legacy should handle create alert request appropriately
  • [job] [logs] FTR Configs #8 / Alerting create legacy should handle create alert request appropriately
  • [job] [logs] Osquery Cypress Tests #2 / ALL - Live Query Packs should run live pack should run live pack
  • [job] [logs] Osquery Cypress Tests #2 / ALL - Live Query Packs should run live pack should run live pack
  • [job] [logs] FTR Configs #63 / detection engine api security and spaces enabled - Group 1 add_actions adding actions should be able to create a new webhook action and attach it to a rule
  • [job] [logs] FTR Configs #63 / detection engine api security and spaces enabled - Group 1 add_actions adding actions should be able to create a new webhook action and attach it to a rule
  • [job] [logs] FTR Configs #28 / detection engine api security and spaces enabled - Group 10 import_rules importing rules with an index should migrate legacy actions in existing rule if overwrite is set to true
  • [job] [logs] FTR Configs #28 / detection engine api security and spaces enabled - Group 10 import_rules importing rules with an index should migrate legacy actions in existing rule if overwrite is set to true
  • [job] [logs] FTR Configs #57 / detection engine api security and spaces enabled - Group 4 Detection rule type telemetry Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
  • [job] [logs] FTR Configs #57 / detection engine api security and spaces enabled - Group 4 Detection rule type telemetry Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
  • [job] [logs] FTR Configs #42 / detection engine api security and spaces enabled - rule execution logic Query type rules with suppression enabled with a suppression time window should update an alert using real rule executions
  • [job] [logs] FTR Configs #42 / detection engine api security and spaces enabled - rule execution logic Query type rules with suppression enabled with a suppression time window should update an alert using real rule executions
  • [job] [logs] x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/serverless.config.ts / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type date "is" operator should filter 1 single date if it is set as an exception
  • [job] [logs] FTR Configs #44 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type date "is" operator should filter 1 single date if it is set as an exception
  • [job] [logs] x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/serverless.config.ts / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type date "is" operator should filter 1 single date if it is set as an exception
  • [job] [logs] FTR Configs #44 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type date "is" operator should filter 1 single date if it is set as an exception
  • [job] [logs] x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword_text_long/configs/serverless.config.ts / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type keyword "is" operator should filter 1 single keyword if it is set as an exception
  • [job] [logs] FTR Configs #17 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type keyword "is" operator should filter 1 single keyword if it is set as an exception
  • [job] [logs] x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword_text_long/configs/serverless.config.ts / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type keyword "is" operator should filter 1 single keyword if it is set as an exception
  • [job] [logs] FTR Configs #17 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type keyword "is" operator should filter 1 single keyword if it is set as an exception
  • [job] [logs] FTR Configs #10 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type text "is" operator should filter 1 single text if it is set as an exception
  • [job] [logs] FTR Configs #22 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type text "is" operator should filter 1 single text if it is set as an exception
  • [job] [logs] FTR Configs #22 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type text "is" operator should filter 1 single text if it is set as an exception
  • [job] [logs] FTR Configs #10 / Detection exceptions data types and operators @serverless @ess Rule exception operators for data type text "is" operator should filter 1 single text if it is set as an exception
  • [job] [logs] Serverless Security Cypress Tests #4 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Security Solution Cypress Tests #2 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Serverless Security Cypress Tests #4 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Security Solution Cypress Tests #2 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Security Solution Cypress Tests #2 / Detection rules, bulk edit of rule actions Restricted action privileges User with no privileges can't add rule actions User with no privileges can't add rule actions
  • [job] [logs] Security Solution Cypress Tests #2 / Detection rules, bulk edit of rule actions Restricted action privileges User with no privileges can't add rule actions User with no privileges can't add rule actions
  • [job] [logs] FTR Configs #67 / Exceptions API @serverless @ess role_based_rule_exceptions_workflows creating rules with exceptions tests with auditbeat data should be able to execute against an exception list that does include valid entries and get back 0 alerts
  • [job] [logs] FTR Configs #77 / Exceptions API @serverless @ess role_based_rule_exceptions_workflows creating rules with exceptions tests with auditbeat data should be able to execute against an exception list that does include valid entries and get back 0 alerts
  • [job] [logs] FTR Configs #77 / Exceptions API @serverless @ess role_based_rule_exceptions_workflows creating rules with exceptions tests with auditbeat data should be able to execute against an exception list that does include valid entries and get back 0 alerts
  • [job] [logs] FTR Configs #67 / Exceptions API @serverless @ess role_based_rule_exceptions_workflows creating rules with exceptions tests with auditbeat data should be able to execute against an exception list that does include valid entries and get back 0 alerts
  • [job] [logs] Security Solution Cypress Tests #9 / Exceptions match_any Creates exception item Creates exception item
  • [job] [logs] Security Solution Cypress Tests #9 / Exceptions match_any Creates exception item Creates exception item
  • [job] [logs] FTR Configs #71 / Monitoring app Cluster listing Alerts should show a toast when alerts are created successfully
  • [job] [logs] FTR Configs #71 / Monitoring app Cluster listing Alerts should show a toast when alerts are created successfully
  • [job] [logs] FTR Configs #44 / Observability Rules Synthetics SyntheticsRules creates rule when settings are configured
  • [job] [logs] FTR Configs #44 / Observability Rules Synthetics SyntheticsRules creates rule when settings are configured
  • [job] [logs] Security Solution Cypress Tests #4 / Rule actions during detection rule creation Indexes a new document after the index action is triggered Indexes a new document after the index action is triggered
  • [job] [logs] Security Solution Cypress Tests #4 / Rule actions during detection rule creation Indexes a new document after the index action is triggered Indexes a new document after the index action is triggered
  • [job] [logs] FTR Configs #25 / Rule creation API @serverless @ess create_rules @brokenInServerless per-action frequencies actions without frequencies it sets each action's frequency attribute to default value when 'throttle' is undefined
  • [job] [logs] FTR Configs #25 / Rule creation API @serverless @ess create_rules @brokenInServerless per-action frequencies actions without frequencies it sets each action's frequency attribute to default value when 'throttle' is undefined
  • [job] [logs] Security Solution Cypress Tests #7 / rule snoozing Rule editing page / actions tab adds an action to a snoozed rule adds an action to a snoozed rule
  • [job] [logs] Security Solution Cypress Tests #7 / rule snoozing Rule editing page / actions tab adds an action to a snoozed rule adds an action to a snoozed rule
  • [job] [logs] Security Solution Cypress Tests #7 / rule snoozing Rules management table snoozes a rule with actions for 2 days snoozes a rule with actions for 2 days
  • [job] [logs] Security Solution Cypress Tests #7 / rule snoozing Rules management table snoozes a rule with actions for 2 days snoozes a rule with actions for 2 days
  • [job] [logs] Jest Tests #1 / update() calls the authentication API key function if the user is authenticated using an api key
  • [job] [logs] Jest Tests #1 / update() calls the createApiKey function
  • [job] [logs] Jest Tests #1 / update() doesn't call the createAPIKey function when alert is disabled
  • [job] [logs] Jest Tests #1 / update() should call useSavedObjectReferences.extractReferences and useSavedObjectReferences.injectReferences if defined for rule type
  • [job] [logs] Jest Tests #1 / update() should update a rule even if action is missing secret when allowMissingConnectorSecrets is true
  • [job] [logs] Jest Tests #1 / update() should update a rule with some preconfigured actions
  • [job] [logs] Jest Tests #1 / update() should update a rule with some system actions
  • [job] [logs] Jest Tests #1 / update() updates an action with uuid and adds uuid to an action without it
  • [job] [logs] Jest Tests #1 / update() updates given parameters

Metrics [docs]

‼️ ERROR: no builds found for mergeBase sha [f7ecb3b]

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @guskovaue

XavierM
XavierM reviewed Nov 6, 2023
View reviewed changes
x-pack/plugins/alerting/server/rules_client/lib/siem_legacy_actions/migrate_legacy_actions.ts
throttle: undefined,
notifyWhen: undefined,
actions: injectReferencesIntoActions(ruleId, legacyActions, legacyActionsReferences),
actions: transformRawActionsToDomainActions({
Copy link
Copy Markdown
Contributor

@XavierM XavierM Nov 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All good since I can see we do injectReferencesIntoActions in transformRawActionsToDomainActions

XavierM
XavierM approved these changes Nov 6, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@XavierM XavierM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@guskovaue guskovaue merged commit 62ba292 into elastic:system_actions_mvp Nov 6, 2023
@cnasikas cnasikas mentioned this pull request Nov 8, 2023
Closed
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@XavierM XavierM XavierM approved these changes

Assignees

@guskovaue guskovaue

Labels

Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Platform ResponseOps team (formerly the Cases and Alerting teams) t//

Projects

No open projects
AppEx: ResponseOps - Rules & Alerts Management
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@guskovaue @elasticmachine @kibana-ci @XavierM