[Security Solution][Data Views] - Add custom DataView error (#136525)

Update rule error shown when data view not found during execution.

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts

@@ -37,7 +37,7 @@ import { scheduleThrottledNotificationActions } from '../notifications/schedule_
 import aadFieldConversion from '../routes/index/signal_aad_mapping.json';
 import { extractReferences, injectReferences } from '../signals/saved_object_references';
 import { withSecuritySpan } from '../../../utils/with_security_span';
-import { getInputIndex } from '../signals/get_input_output_index';
+import { getInputIndex, DataViewError } from '../signals/get_input_output_index';
 
 /* eslint-disable complexity */
 export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
@@ -179,7 +179,13 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
               inputIndex = index ?? [];
               runtimeMappings = dataViewRuntimeMappings;
             } catch (exc) {
-              const errorMessage = buildRuleMessage(`Check for indices to search failed ${exc}`);
+              let errorMessage;
+              if (exc instanceof DataViewError) {
+                errorMessage = buildRuleMessage(`Data View not found ${exc}`);
+              } else {
+                errorMessage = buildRuleMessage(`Check for indices to search failed ${exc}`);
+              }
+
               logger.error(errorMessage);
               await ruleExecutionLogger.logStatusChange({
                 newStatus: RuleExecutionStatus.failed,

x-pack/plugins/security_solution/server/lib/detection_engine/signals/get_input_output_index.test.ts

@@ -12,7 +12,7 @@ import { loggerMock } from '@kbn/logging-mocks';
 
 import { DEFAULT_INDEX_KEY, DEFAULT_INDEX_PATTERN } from '../../../../common/constants';
 import type { GetInputIndex } from './get_input_output_index';
-import { getInputIndex } from './get_input_output_index';
+import { getInputIndex, DataViewError } from './get_input_output_index';
 
 describe('get_input_output_index', () => {
   let servicesMock: RuleExecutorServicesMock;
@@ -196,5 +196,21 @@ describe('get_input_output_index', () => {
         `"Saved object [index-pattern/12345] not found"`
       );
     });
+
+    test('Returns error of DataViewErrorType', async () => {
+      servicesMock.savedObjectsClient.get.mockRejectedValue(
+        new Error('Saved object [index-pattern/12345] not found')
+      );
+      await expect(
+        getInputIndex({
+          services: servicesMock,
+          version: '8.0.0',
+          index: [],
+          dataViewId: '12345',
+          ruleId: 'rule_1',
+          logger,
+        })
+      ).rejects.toBeInstanceOf(DataViewError);
+    });
   });
 });

x-pack/plugins/security_solution/server/lib/detection_engine/signals/get_input_output_index.ts

@@ -34,6 +34,8 @@ export interface GetInputIndexReturn {
   warningToWrite?: string;
 }
 
+export class DataViewError extends Error {}
+
 export const getInputIndex = async ({
   index,
   services,
@@ -45,10 +47,15 @@ export const getInputIndex = async ({
   // If data views defined, use it
   if (dataViewId != null && dataViewId !== '') {
     // Check to see that the selected dataView exists
-    const dataView = await services.savedObjectsClient.get<DataViewAttributes>(
-      'index-pattern',
-      dataViewId
-    );
+    let dataView;
+    try {
+      dataView = await services.savedObjectsClient.get<DataViewAttributes>(
+        'index-pattern',
+        dataViewId
+      );
+    } catch (exc) {
+      throw new DataViewError(exc.message);
+    }
     const indices = dataView.attributes.title.split(',');
     const runtimeMappings =
       dataView.attributes.runtimeFieldMap != null