Pass IEventLogClient as a dependency to RuleExecutionLogClient

x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_adapter.ts

@@ -37,7 +37,7 @@ export class EventLogAdapter implements IRuleExecutionLogClient {
 
   constructor(
     eventLogService: IEventLogService,
-    eventLogClient: IEventLogClient,
+    eventLogClient: IEventLogClient | undefined,
     savedObjectsClient: SavedObjectsClientContract
   ) {
     this.eventLogClient = new EventLogClient(eventLogService, eventLogClient);

x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_client.ts

@@ -58,11 +58,11 @@ interface IExecLogEventLogClient {
 }
 
 export class EventLogClient implements IExecLogEventLogClient {
-  private readonly eventLogClient: IEventLogClient;
+  private readonly eventLogClient: IEventLogClient | undefined;
   private readonly eventLogger: IEventLogger;
   private sequence = 0;
 
-  constructor(eventLogService: IEventLogService, eventLogClient: IEventLogClient) {
+  constructor(eventLogService: IEventLogService, eventLogClient: IEventLogClient | undefined) {
     this.eventLogClient = eventLogClient;
     this.eventLogger = eventLogService.getLogger({
       event: { provider: RULE_EXECUTION_LOG_PROVIDER },
@@ -72,6 +72,10 @@ export class EventLogClient implements IExecLogEventLogClient {
   public async getLastStatusChanges(
     args: GetLastStatusChangesArgs
   ): Promise<IRuleStatusSOAttributes[]> {
+    if (!this.eventLogClient) {
+      throw new Error('Querying Event Log from a rule executor is not supported at this moment');
+    }
+
     const soType = ALERT_SAVED_OBJECT_TYPE;
     const soIds = [args.ruleId];
     const count = args.count;

x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_execution_log_client.ts

@@ -26,9 +26,9 @@ import { truncateMessage } from './utils/normalization';
 
 interface ConstructorParams {
   underlyingClient: UnderlyingLogClient;
-  eventLogService: IEventLogService;
-  eventLogClient: IEventLogClient;
   savedObjectsClient: SavedObjectsClientContract;
+  eventLogService: IEventLogService;
+  eventLogClient?: IEventLogClient;
 }
 
 export class RuleExecutionLogClient implements IRuleExecutionLogClient {

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts

@@ -67,9 +67,9 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
         const esClient = scopedClusterClient.asCurrentUser;
 
         const ruleStatusClient = new RuleExecutionLogClient({
+          underlyingClient: config.ruleExecutionLog.underlyingClient,
           savedObjectsClient,
           eventLogService,
-          underlyingClient: config.ruleExecutionLog.underlyingClient,
         });
 
         const completeRule = {

x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_log_client.ts

@@ -7,40 +7,67 @@
 
 import { SavedObjectsFindResult } from 'kibana/server';
 import {
-  LogExecutionMetricsArgs,
   IRuleExecutionLogClient,
+  LogStatusChangeArgs,
+  LogExecutionMetricsArgs,
   FindBulkExecutionLogArgs,
   FindBulkExecutionLogResponse,
   FindExecutionLogArgs,
-  LogStatusChangeArgs,
-  UpdateExecutionLogArgs,
+  GetLastFailuresArgs,
+  GetCurrentStatusArgs,
+  GetCurrentStatusBulkArgs,
+  GetCurrentStatusBulkResult,
 } from '../../rule_execution_log';
 import { IRuleStatusSOAttributes } from '../../rules/types';
 
 export const createWarningsAndErrors = () => {
   const warningsAndErrorsStore: LogStatusChangeArgs[] = [];
 
   const previewRuleExecutionLogClient: IRuleExecutionLogClient = {
-    async delete(id: string): Promise<void> {
-      return Promise.resolve(undefined);
-    },
-    async find(
+    find(
       args: FindExecutionLogArgs
     ): Promise<Array<SavedObjectsFindResult<IRuleStatusSOAttributes>>> {
       return Promise.resolve([]);
     },
-    async findBulk(args: FindBulkExecutionLogArgs): Promise<FindBulkExecutionLogResponse> {
+
+    findBulk(args: FindBulkExecutionLogArgs): Promise<FindBulkExecutionLogResponse> {
       return Promise.resolve({});
     },
-    async logStatusChange(args: LogStatusChangeArgs): Promise<void> {
-      warningsAndErrorsStore.push(args);
-      return Promise.resolve(undefined);
+
+    getLastFailures(args: GetLastFailuresArgs): Promise<IRuleStatusSOAttributes[]> {
+      return Promise.resolve([]);
     },
-    async update(args: UpdateExecutionLogArgs): Promise<void> {
-      return Promise.resolve(undefined);
+
+    getCurrentStatus(args: GetCurrentStatusArgs): Promise<IRuleStatusSOAttributes> {
+      return Promise.resolve({
+        statusDate: new Date().toISOString(),
+        status: null,
+        lastFailureAt: null,
+        lastFailureMessage: null,
+        lastSuccessAt: null,
+        lastSuccessMessage: null,
+        lastLookBackDate: null,
+        gap: null,
+        bulkCreateTimeDurations: null,
+        searchAfterTimeDurations: null,
+      });
     },
-    async logExecutionMetrics(args: LogExecutionMetricsArgs): Promise<void> {
-      return Promise.resolve(undefined);
+
+    getCurrentStatusBulk(args: GetCurrentStatusBulkArgs): Promise<GetCurrentStatusBulkResult> {
+      return Promise.resolve({});
+    },
+
+    deleteCurrentStatus(ruleId: string): Promise<void> {
+      return Promise.resolve();
+    },
+
+    logStatusChange(args: LogStatusChangeArgs): Promise<void> {
+      warningsAndErrorsStore.push(args);
+      return Promise.resolve();
+    },
+
+    logExecutionMetrics(args: LogExecutionMetricsArgs): Promise<void> {
+      return Promise.resolve();
     },
   };
 

x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts

@@ -142,12 +142,13 @@ export const signalRulesAlertType = ({
       const searchAfterSize = Math.min(maxSignals, DEFAULT_SEARCH_AFTER_PAGE_SIZE);
       let hasError: boolean = false;
       let result = createSearchAfterReturnType();
+
       const ruleStatusClient = ruleExecutionLogClientOverride
         ? ruleExecutionLogClientOverride
         : new RuleExecutionLogClient({
-            eventLogService,
-            savedObjectsClient: services.savedObjectsClient,
             underlyingClient: config.ruleExecutionLog.underlyingClient,
+            savedObjectsClient: services.savedObjectsClient,
+            eventLogService,
           });
 
       const completeRule: CompleteRule<RuleParams> = {

x-pack/plugins/security_solution/server/request_context_factory.ts

@@ -36,22 +36,24 @@ export class RequestContextFactory implements IRequestContextFactory {
   private readonly appClientFactory: AppClientFactory;
 
   constructor(private readonly options: ConstructorOptions) {
+    const { config, plugins } = options;
+
     this.appClientFactory = new AppClientFactory();
+    this.appClientFactory.setup({
+      getSpaceId: plugins.spaces?.spacesService?.getSpaceId,
+      config,
+    });
   }
 
   public async create(
     context: RequestHandlerContext,
     request: KibanaRequest
   ): Promise<SecuritySolutionApiRequestHandlerContext> {
     const { options, appClientFactory } = this;
-    const { config, plugins } = options;
+    const { config, core, plugins } = options;
     const { lists, ruleRegistry, security, spaces } = plugins;
 
-    appClientFactory.setup({
-      getSpaceId: plugins.spaces?.spacesService?.getSpaceId,
-      config,
-    });
-
+    const [, startPlugins] = await core.getStartServices();
     const frameworkRequest = await buildFrameworkRequest(context, security, request);
 
     return {
@@ -69,9 +71,10 @@ export class RequestContextFactory implements IRequestContextFactory {
 
       getExecutionLogClient: () =>
         new RuleExecutionLogClient({
+          underlyingClient: config.ruleExecutionLog.underlyingClient,
           savedObjectsClient: context.core.savedObjects.client,
           eventLogService: plugins.eventLog,
-          underlyingClient: config.ruleExecutionLog.underlyingClient,
+          eventLogClient: startPlugins.eventLog.getClient(request),
         }),
 
       getExceptionListClient: () => {