Logs audit event and updates tests

x-pack/plugins/alerting/server/rules_client/rules_client.ts

@@ -709,7 +709,28 @@ export class RulesClient {
       },
     });
 
-    const alertExecutionStatus = resp.aggregations!.status.buckets.map(
+    if (!resp.aggregations) {
+      // Return a placeholder with all zeroes
+      const placeholder: AggregateResult = {
+        alertExecutionStatus: {},
+        ruleEnabledStatus: {
+          enabled: 0,
+          disabled: 0,
+        },
+        ruleMutedStatus: {
+          muted: 0,
+          unmuted: 0,
+        },
+      };
+
+      for (const key of AlertExecutionStatusValues) {
+        placeholder.alertExecutionStatus[key] = 0;
+      }
+
+      return placeholder;
+    }
+
+    const alertExecutionStatus = resp.aggregations.status.buckets.map(
       ({ key, doc_count: docCount }) => ({
         [key]: docCount,
       })
@@ -722,20 +743,20 @@ export class RulesClient {
       ),
     };
 
-    // Fill missing keys
+    // Fill missing keys with zeroes
     for (const key of AlertExecutionStatusValues) {
       if (!ret.alertExecutionStatus.hasOwnProperty(key)) {
         ret.alertExecutionStatus[key] = 0;
       }
     }
 
-    const enabledBuckets = resp.aggregations!.enabled.buckets;
+    const enabledBuckets = resp.aggregations.enabled.buckets;
     ret.ruleEnabledStatus = {
       enabled: enabledBuckets.find((bucket) => bucket.key === 1)?.doc_count ?? 0,
       disabled: enabledBuckets.find((bucket) => bucket.key === 0)?.doc_count ?? 0,
     };
 
-    const mutedBuckets = resp.aggregations!.muted.buckets;
+    const mutedBuckets = resp.aggregations.muted.buckets;
     ret.ruleMutedStatus = {
       muted: mutedBuckets.find((bucket) => bucket.key === 1)?.doc_count ?? 0,
       unmuted: mutedBuckets.find((bucket) => bucket.key === 0)?.doc_count ?? 0,

x-pack/plugins/alerting/server/rules_client/tests/aggregate.test.ts

@@ -14,6 +14,8 @@ import { encryptedSavedObjectsMock } from '../../../../encrypted_saved_objects/s
 import { actionsAuthorizationMock } from '../../../../actions/server/mocks';
 import { AlertingAuthorization } from '../../authorization/alerting_authorization';
 import { ActionsAuthorization } from '../../../../actions/server';
+import { httpServerMock } from '../../../../../../src/core/server/mocks';
+import { auditServiceMock } from '../../../../security/server/audit/index.mock';
 import { getBeforeSetup, setGlobalDate } from './lib';
 import { RecoveredActionGroup } from '../../../common';
 import { RegistryRuleType } from '../../rule_type_registry';
@@ -25,6 +27,7 @@ const unsecuredSavedObjectsClient = savedObjectsClientMock.create();
 const encryptedSavedObjects = encryptedSavedObjectsMock.createClient();
 const authorization = alertingAuthorizationMock.create();
 const actionsAuthorization = actionsAuthorizationMock.create();
+const auditLogger = auditServiceMock.create().asScoped(httpServerMock.createKibanaRequest());
 
 const kibanaVersion = 'v7.10.0';
 const rulesClientParams: jest.Mocked<ConstructorOptions> = {
@@ -46,6 +49,7 @@ const rulesClientParams: jest.Mocked<ConstructorOptions> = {
 
 beforeEach(() => {
   getBeforeSetup(rulesClientParams, taskManager, ruleTypeRegistry);
+  (auditLogger.log as jest.Mock).mockClear();
 });
 
 setGlobalDate();
@@ -191,4 +195,23 @@ describe('aggregate()', () => {
       },
     ]);
   });
+
+  test('logs audit event when not authorized to aggregate rules', async () => {
+    const rulesClient = new RulesClient({ ...rulesClientParams, auditLogger });
+    authorization.getFindAuthorizationFilter.mockRejectedValue(new Error('Unauthorized'));
+
+    await expect(rulesClient.aggregate()).rejects.toThrow();
+    expect(auditLogger.log).toHaveBeenCalledWith(
+      expect.objectContaining({
+        event: expect.objectContaining({
+          action: 'rule_aggregate',
+          outcome: 'failure',
+        }),
+        error: {
+          code: 'Error',
+          message: 'Unauthorized',
+        },
+      })
+    );
+  });
 });