[Cases] Custom fields in case actions#177033
Merged
adcoelho merged 10 commits intoelastic:case_actionfrom Feb 21, 2024
Merged
Conversation
Contributor
|
Pinging @elastic/response-ops (Team:ResponseOps) |
Contributor
|
Pinging @elastic/response-ops-cases (Feature:Cases) |
adcoelho
commented
Feb 15, 2024
adcoelho
commented
Feb 15, 2024
0e74d2d to
78202b9
Compare
adcoelho
commented
Feb 15, 2024
x-pack/plugins/cases/server/connectors/cases/cases_connector_executor.ts
Outdated
Show resolved
Hide resolved
Contributor
|
I’m not very familiar with this feature, can you provide steps to verify this PR pls |
jloleysens
approved these changes
Feb 16, 2024
adcoelho
commented
Feb 19, 2024
Contributor
Author
|
@doakalexi Since this is part of ongoing work on a feature branch, there isn't much that can be tested here for now besides making sure the unit tests cover the changes. 😞 If you want I can elaborate a bit offline. |
Contributor
Author
|
/ci |
cnasikas
reviewed
Feb 20, 2024
Member
cnasikas
left a comment
There was a problem hiding this comment.
Great work! I left some comments. Could you please add some this.logger.debug messages about the custom fields?
x-pack/plugins/cases/server/connectors/cases/cases_connector_executor.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cases/server/connectors/cases/cases_connector_executor.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cases/server/connectors/cases/cases_connector_executor.test.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cases/server/connectors/cases/cases_connector_executor.test.ts
Show resolved
Hide resolved
cnasikas
approved these changes
Feb 20, 2024
💔 Build FailedFailed CI StepsTest Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @adcoelho |
cnasikas
added a commit
that referenced
this pull request
Apr 12, 2024
## Summary Depends on: #166267, #170326, #169484, #173740, #173763, #178068, #178307, #178600, #180437 PRs: - #168370 - #169229 - #171754 - #172709 - #173012 - #175107 - #175452 - #175505 - #177033 - #178277 - #177139 - #179796 Fixes: #153837 ## Testing Run Kibana with `--run-examples` if you want to use the "Always firing" rule. Create a rule with a case action in observability and the stack. The security solution is not supported. You should not be able to assign a case action in a security solution rule. 1. Test the "Reopen closed cases" configuration. 2. Test the "Grouping by" configuration. Only one field is allowed. Not all fields are persisted in alerts. If you select a field not part of the alert the case action will create a case where the grouping value is set to `unknow`. 3. Test the "Time window" feature. You can comment out the validation to test for shorter times. 4. Verify that the case action is experimental. 5. Verify that based on the rule type the case is created in the correct solution. 6. Verify that you cannot create a rule with the case action on the basic license. 7. Verify that the execution of the case action fails if you do not have permission for cases. Pending work on the system actions framework level to not allow users to create rules with system actions where they do not have permission. 8. Stress test the case action by creating multiple rules. ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ## Release notes Automatically create cases when an alert is triggered. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: adcoelho <antonio.coelho@elastic.co> Co-authored-by: Janki Salvi <117571355+js-jankisalvi@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #177032
Summary
A case may have required custom fields.
If a required custom field is missing when trying to create a case the API will throw an error.
To avoid case action failures we have to populate the custom fields with default values when creating cases.
If a default value is configured we use it, otherwise, we use the following values:
N/AfalseRelated: #168369